3 Advanced Methods That Cold Wallet Providers Use to Maximize Hardware Security

What separates a good cryptocurrency cold wallet from a great one usually boils down to how well it keeps your private keys safe from external threats. Alongside basic hardware security, cold wallets mainly do this by keeping your keys offline, completely disconnected from the internet. But as attack methods get more sophisticated and holdings become more valuable, security models need to evolve and keep pace.

Today, the most advanced methods that cold wallet providers use to keep your funds safe focus on three distinct approaches: Secure Element hardware, airgapped transaction architecture, and biometric MPC-based access systems.

These approaches are, in turn, exemplified by market leading wallet providers Ledger, Ellipal Titan and Zengo. Ledger is particularly noteworthy for its multi-layered security approach, which extends well beyond Secure Element chips.

While the three methods discussed here may sound technical (because they are), the idea behind each one of them is relatively simple once you strip them back. So let’s break down all three of these cold wallet security approaches, showing you exactly how they work, what they’re designed to protect against, and whether they come with any tradeoffs that you need to know upfront.

Why hardware wallet security models matter

Private key isolation is the main purpose of cold wallets. The core idea is that if your device and its assets are never connected to the internet (or any internet-connected device), then attackers would have no real pathway to it. They can’t drain an account they can’t see or physically access.

Things get a little bit more risky when we move into the world of software wallets. These are the mobile apps, chrome extensions, and cloud-hosted web applications that millions of people use each and every day. And while they are convenient, this comes at a cost. If any one of these connected touch points is compromised, it jeopardizes your wallet and puts it into hostile territory.

Cold wallets are meant to remove that anxiety completely, but going offline should only be seen as the starting point. A good cold wallet needs to protect your private keys in other situations, such as preventing attackers from accessing the device remotely or through malicious firmware, when someone manages to get ahold of the device physically (potentially through theft), when you sign transactions, and if you ever need to recover your account.

But the reality is that no cold hardware wallet architecture is perfect, and none manages to cover all of these bases equally. Different providers prioritize different threats, and they all need to accept some level of tradeoffs elsewhere. That said, the most secure wallets have a clear focus on minimizing the attack surface and reducing the number of ways an attacker can access your funds, whether through the use of secure chips, airgaps, biometrics, or even trusted execution environments and MPC protocols.

Secure Element chips and hardware isolation

A Secure Element is a small, dedicated chip that is made to do one job very well, and that’s to securely store data and thwart any attempts that are made to remove it. You have likely used one without even realizing it. Your passports, SIM cards, contactless cards, and Apple Pay chip are all examples of Secure Elements. Organizations like banks and governments rely upon these chips since they undergo rigorous testing, auditing, and engineering to make sure they can withstand physical attacks that often get past ordinary hardware.

Ledger devices use Secure Element hardware that is specifically designed to isolate private keys and keep them away from any internet-connected environments. The key is generated inside of the chip, stored inside of the chip, and never leaves the chip. When you sign a transaction, the signing takes place inside of the Secure Element itself, and only the signed output comes back out. The device you use to execute trades, whether that's your phone, tablet, or laptop, never sees the key.

This setup completely changes what a hacker needs to do if they want to try and steal your funds. They can’t go after your private key that’s held inside your Secure Element chip. To date, no one has ever been able to extract private keys from a properly secured Ledger device.

Ledger also adds in another layer of security on top of this, as it requires all transactions to be confirmed with a physical button press before anything gets signed and sent. This is to protect against situations where a computer or device becomes fully compromised. This second layer is more important than it sounds, as most attacks are aimed at users, not at the hardware itself. Phishing pages, fake browser extensions and seed phrases typed into the wrong place are behind the majority of crypto losses.

Airgapped transaction systems

Airgapping is a term borrowed from the world of high-security computing. An airgapped device has no direct connection to any network, ever. There is no Wi-Fi, no Bluetooth, no USB, and no NFC. The idea behind airgapping a device is that if a device cannot connect to anything else, then nothing bad can possibly happen over the network.

The Ellipal Titan wallet is the most well-known example of this approach. It has no data ports and no wireless of any kind, so an attacker has nothing to reach for.

So how do you actually use a wallet that refuses to connect to anything? The Titan does it with QR codes. You show the wallet a transaction by scanning a code with its camera, and the wallet signs it without ever touching anything online. It then displays a second QR code for you to scan with your phone, which sends the signed transaction out to the network.

If you want the smallest possible target on your back, this is one of the best ways to drastically minimize your attack surface. There’s no possible way for any attacker to exploit a flaw in your network, bluetooth, or even tamper with a physical cable.

The obvious tradeoff here is that it’s much slower and clunkier as a user experience. Every time you want to send a transaction, you need to pick up the wallet, line up the camera, hit the QR code, and then scan another one back. You also still need to manually check the transaction and ensure all the details are correct.

Biometrics and MPC-based wallet security

Some of the biggest problems with self-custody don’t actually have anything to do with sophisticated hackers trying to make off with your private keys. Most of the time, it’s actually human error – losing your seedphrase being the main one.

Maybe you write it down somewhere, lose it, and then forget the phrase that you thought you had definitely memorised. It could even be something out of your control, like a fire that destroys the physical note. So while a hardware wallet can protect you from the whole of the internet, it can’t stop you from being parted from your precious twelve words that recover it.

That’s the gap that companies like Zengo intend to close. Zengo uses a technology called Multi-Party Computation, or MPC. Rather than creating a private key for the user to keep track of themselves, MPC breaks up that power into several different pieces. The pieces are stored separately. One piece is stored on the user’s phone, while the other piece is stored on Zengo’s servers. Since the private key is never fully present in either location, there is no seed phrase to lose.

Your face or fingerprint can unlock your share on the phone, and if you lose the phone, your crypto can be recovered using encrypted biometric checks instead of your recovery phrase. This takes the most common reason people lose their crypto and designs it out.

However, this technically is not the same job that a hardware wallet does. Zengo is mainly focused on providing a more resilient recovery process while maximizing usability. That’s not the same thing as outright security. A Secure Element protects you from a compromised computer. MPC protects you from a compromised memory. One or the other may be more important depending on what you are most worried about.

Which security approach offers the strongest protection?

None of the three approaches is the right answer for everyone. Each one has a clear focus on one job that it does well, and the right choice for you is going to depend on what your main priorities are and what risks you want to protect against.

For remote attacks, all three hold up well, as none of them store the private key on an internet-connected device. Instead, Secure Element wallets store the key within a hardened chip. Airgapped wallets don't have a network connection to the device at all. And with MPC wallets, the private key is divided up so that there is no single point to attack, though one of the shares does live on a server.

Usability and recovery are where they separate most. Airgapped wallets are the most demanding to use, requiring scanning and confirming for every single transaction. Secure Element wallets sit somewhere in the middle, fast enough for regular use but still relying on a seed phrase. MPC wallets are the easiest by a distance, with biometric unlock and seedless recovery.

Phishing is mostly a user problem rather than a hardware one. On-device verification on a hardware wallet still gives you a last line of defense that a software-only wallet cannot offer.

For users prioritizing long-term offline protection of private keys, Secure Element-based hardware wallets remain one of the strongest security models in crypto self-custody. Ledger sits at the front of that category, with the longest track record and the most mature balance of usability and hardened key protection.

Airgapped wallets push isolation further at the cost of friction. MPC wallets trade some hardware-grade protection for far easier recovery. The best choice comes down to which of those tradeoffs you can live with.

Featured Image generated by ChatGPT.