The Ledger HW.1 hardware wallet: An informal review

1
485

Bitcoin wallet security is a tricky thing. It is very possible for external sources, key loggers, or even internet monitoring to intercept a private key for a wallet. All that’s needed to move your coins (voluntarily or otherwise) is a private key paired with the correct wallet address. Trusting your coins with a centralized entity is convenient, but there are reasons to shy away from this method of coin storage. Solutions exist on the market currently that make it simpler for both consumers and companies to store coins securely and safely beyond a paper wallet.

I received a Ledger HW.1 wallet recently as part of the contest CoinCenter recently held. I entered on a whim, not expecting to win. A few weeks later a package arrived and I was surprised to be the owner of a Ledger HW.1 wallet. For those of you unaware, the Ledger wallet is a offline hardware wallet. It’s built on a smartcard and fits into a USB drive and is device for storing your coins offline and unplugged from the internet. The purpose of this is to have a dedicated offline wallet that is resistant to hacking or attempts to intercept your funds. The functions of the wallet are intentionally limited to prevent tampering or intrusion attempts.

I decided to give it a try and test the simplicity and usability of the device. I’ve been using the vault feature on Coinbase for my long term coin storage until the hardware wallet sector has had some time to mature. The idea of my coins being insured with Coinbase provides peace of mind to an extent. Coinbase has become similar to PayPal in that my funds can be frozen if I took up selling Methamphetamine on the darknet, gambling or any number of other violations of the laws Coinbase operates within. The saying is, “If you don’t control your keys, you don’t control your coins.” Cold storage wallets provide a sovereignty of financial operation for private or corporate use.

Claim Your $10 in FREE BITCOIN (Ad)

The question is begged, “Why do I need this? I use a bitcoin service that keeps my coins secure and I don’t want to have to worry about it.”

Reality check: Bitcoin companies get hacked. Even the most trusted online wallets have had their share of issues. Trusting your funds to a centralized company stands against the ethos shared in the bitcoin sphere of “being your own bank”. While most modern hacks results in customer funds being returned, it’s still a tragic loss for the companies themselves. It can also be some time before you receive your funds again, if ever. The hacks within the bitcoin ecosystem have drastically changed the way that companies store their coins. Cold storage is undoubtedly used by the major players of bitcoin to separate funds for daily use and long term storage. Coinbase, Bitstamp, and others use methods far more complex than a HW.1 but the base principal is still the same. Offline storage not connected to any internet enabled device is the safest way of protecting your coins to date.

The purpose of, “being your own bank” is a transfer of responsibility. If you lose your money, you lost it. Not some hacker in China, not an employee at a bitcoin company that didn’t secure their hot wallet keys correctly. The buck starts and ends with you. Meaning you can care to take as much security as you want with your wallet or as little as you want. But if something goes wrong there’s no one to be mad at other than yourself. Putting these types of tools in the hands of users allows a new age of financial control when it comes to their bitcoin wallets.

This article is being written from a point of view from ease of setup, use, and clarity of instructions. I wanted to illustrate some points that needed more clarification from Ledger and the things I enjoyed about it.

I opened the box and found the Ledger wallet in a punch out card. I eventually finagled it out but the process leaves pieces of the card along the edges and from an aesthetic point of view, I did not enjoy that. I was sincerely concerned I would break it in the process of removing it from the card. It would have been preferable if the card had come ready to go instead of with some minor assembly but the appearance matters little compared to the functionality. After peeling an adhesive tape off and folding the smart card together I had a fully assembled Ledger wallet. I will say that I trust Ledger to store my coins but the device itself feels thin flimsy and likely would break if mishandled slightly. To boot, Ledger did not include any kind of “carrying” container for the wallet to protect it from external elements.This point alone would encourage me to upgrade to one of their other models

I plugged the wallet into my computer and installed the Chrome app for working with it. It was plug and play once the extension was installed and I encountered no issues with interfacing with the wallet. I look forward to Ledger eventually creating a native Windows/OSX application for interfacing with the wallet. I’m not a Chrome user so I had to install it specifically for this wallet, but there is a Chrome, Android, and iOS application for the Ledger at this time.

After booting up the interface I wrote down my recovery seed, a twenty four word phrase that would allow me to recover my ledger funds in the event of loss or theft. The same way I could do that with any other cold storage method, but a little more streamlined and user friendly. I also set a pin number up for simple access. If you fail to enter the pin code correctly multiple times the device will reset to factory defaults and your coins will be gone unless you have that nifty recovery seed. I would prefer the Trezor method of PIN security where the amount of time between PIN attempts increases with each incorrect entry. That way my coins stay in place and it becomes incredibly unlikely that a malicious party would be able to move my coins.

I will note that I have had approximately two years of experience in the Bitcoin world but if I was a novice setting up this device I would have had much more intimidating. I would suggest to Ledger to explain the mechanics of how cold storage wallets work into the process. I had to poke around on their site to get the answers I needed during the setup of this device. For a less experienced user this might be a little more precarious. From the perspective of myself as a savvy bitcoin user it was not difficult, but for others I could see parts of this being confusing.

Once I had a wallet generated I decided to send $55 of Bitcoin to the wallet to test it out from my Android Mycelium wallet. I needed to unload some cold storage wallets so this provided a opportunity for testing the Ledger. The following issues may or may not be issues with the network, fee amounts, or the Ledger itself. After forty minutes I didn’t have any confirmations. This may or may not be the Ledger’s fault, but that of the networks. Once I started getting confirmations there was no indication of “unconfirmed transactions” on the Ledger app the way other wallets notify you like Mycelium. Further, once six confirmation were reached I did not see the coins on the wallet until two hours later, even after refreshing the wallet repeatedly. To say the least this was a little nerve-racking for a little while. Eventually the coins showed up and I was thrilled that the wallet had worked.

Included with the wallet is a, “security card”. The information on Ledger’s site tells you what it is, but doesn’t provide a great deal of explanation on how to use it or what it was specifically for. Once I tried to send a transaction the security card was required to broadcast my bits onto the network. Unless you pair your phone with your wallet the security card is required in order to make use of the wallet. Depending on how you intend to use the wallet this could be seen as an inconvenience or a security feature. For cold storage of large amounts of coins it’s better to lean for the latter. There’s an option to pair it with your phone to bypass the need for the security card in the future.

If you need a an economically sound cold storage option and don’t want to break the bank I’d look into this wallet. As stated there are some minor aesthetic changes I’d like to see on future models. We’re still early in the game with hardware storage wallets. I’m grateful to CoinCenter and Ledger for giving me a chance to play around with this wallet it was a fantastic chance to practice my coin storage knowledgebase. I’m going to continue using the wallet for my own purposes. I’m of the opinion that this isn’t the wallet that you give your parents to experiment with, but with time I could see Ledger and other similar wallets becoming more intuitive. My experience obviously will vary from other users but I would encourage those curious to play around with the HW.1 and Ledger’s other models for your own secure storage. I look forward to what the future holds for Ledger.

Crypto Paradyme is a bitcoin consultant and a writer for Coinivore.com. Follow on Twitter

1 COMMENT

  1. Thank you for your thorough analysis of our HW.1 product. Just a quick feedback on some of the issues you had:

    1. the form factor is indeed economic; the HW.1 is more intended for enterprise usage where cost is critical. However, you can be sure that the packaged chip is extremely strong; you can scratch it, wash it, it’ll resist almost anything
    2. the netork issues you ran into were related to the malleability attack on the network; it disrupted a lot the blockchain APIs and therefore it was necessary to wait for full confirmations before the transactions could be shown
    3. we take good note of your remarks regarding the onboarding and explantions of how hardware wallets / cold storage are working
    4. you can use Chromium if you do not trust Chrome; works the same

    Thanks

    Eric
    Ledger, CEO

Comments are closed.