Hardware Wallets And MetaMask: The Best Security Combo
With a self-custodial wallet, you’re the one in charge—learn how to use hardware wallets in tandem with your MetaMask wallet in this guide.
What is a hardware wallet?
A wallet, like MetaMask, is similar to a digital bank account. Here you can send, receive, and manage your cryptocurrency. A hardware wallet is a physical wallet. They come in all different shapes and sizes; the Ledger Nano S for example looks a lot like a USB stick.
A hardware wallet is one of the safest methods to store your cryptocurrency due to its offline nature. When using a hardware wallet, the access to your coins is encrypted by the device.
In addition, most hardware wallets are protected against unauthorized use with an extra PIN. If your hardware wallet gets stolen or lost, no one is able to access your coins without the PIN. With your backup secret phrase, you will regain access to your assets yourself.
Why would you want/need a hardware wallet?
Hardware wallets allow you to increase security and control your digital assets without trusting a centralized exchange to hold your assets because the private keys are stored on your hardware wallet separately and you’re the custodian in that case.
MetaMask allows you to do more in the Web3 space than what a centralized exchange would allow you to, like connecting to dapps. To do these things safely and securely you can use a hardware wallet. Some popular examples include Trezor and Ledger.
One important note is to always buy a hardware wallet directly from the manufacturer and never second-hand.
Why is self-custody necessary with hardware wallets?
Hardware wallets allow you to secure and control your digital assets without trusting a centralized exchange to hold your assets. This ensures that no third party is in possession of your private keys and you alone are responsible for it.
You can’t assume that centralized exchanges have perfect security because it’s possible they have poor security practices and/or can run away with your money.
In crypto there is a popular saying: “Not your keys, not your coins.” This is because without your keys you cannot control your assets on a blockchain. Those that control your keys could prevent you from accessing them. Centralized exchanges are a source of centralized risk and could have poor security practices. There have been some notable hacks like:
|Exchange Hack Info||Year||Value Lost|
|Bitfloor||2012||🔻 24,000 BTC|
|Mt Gox||2014||🔻 600,000 – 850,000 BTC|
|Bitfinex||2016||🔻 850,000 BTC|
|Coincheck||2018||🔻 $500 Million USD|
|Zaif||2018||🔻 $62.5 Million USD|
|Bithumb||2019||🔻 $30 Million USD|
|Coinrail||2019||🔻 $37.2 Million USD|
|Binance||2019||🔻 7000 BTC|
|KuCoin||2020||🔻 ~$275 Million USD|
Another scenario that could play out is the exchange operators “running away” with your money:
|BitGrail||2021||🔻 $146.55 Million USD|
|Thodex||2020||🔻 $2 Billion USD|
|Africrypt||2021||🔻 69,000 Bitcoin at ~$3.6 Billion|
You can see more examples in this list of hacks and exploits.
Combined with MetaMask, hardware wallets allow you to secure, control and use your assets as you please. This is especially necessary for Ethereum since it’s a platform with lots of utility and flexibility. Since MetaMask is a self-custodial wallet, it means you will need to implement your own security. Using a hardware wallet greatly improves your security with both your private keys and when interacting with smart contracts.
Some crypto wallets also offer 2FA security that makes sure any action happening through a wallet is indeed made by the wallet owner. MetaMask is natively more secure than the traditional 2FA methods, but it also allows using two-factor authentication with hardware wallets like the Grid+ Lattice1, Keystone, Ledger, and Trezor. Learn more about how 2FA works with wallets, here.
What are private keys?
A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data. It is typically a long, randomly, or pseudo-randomly generated sequence of bits that cannot be easily guessed. They are generated by wallets and not stored on the blockchain.
How do private keys relate to secret recovery phrases?
While a Secret Recovery Phrase (SRP) is used to back up your entire MetaMask Wallet, including all accounts created in that wallet, each account has its own private key. This key can be used to import that account, and that account only, into a different wallet. In a similar manner, single accounts from other crypto wallets can be imported to your MetaMask wallet.
So in effect, each account has 1 private key and each wallet has 1 secret phrase. A secret phrase can generate multiple accounts.
What are public addresses?
A public address or public key is a cryptographic code that allows a user to receive cryptocurrency into their account.
It is a long series of numbers and letters e.g.
You shouldn’t worry about giving your public address out. It is safe to give to anyone. It is like publishing your bank account number (IBAN), all you can expect is that someone sends you money. People can’t access your wallet at all if you publish your PUBLIC ADDRESS.
Why is it important to keep ownership of your private keys?
This is imperative because anyone with your private keys can access your account and transfer your assets even if you have a password. The private key gives you access to the account and funds. No matter what type of wallet you are using, you are responsible for keeping the keys safe and secure. Otherwise, you will lose access to all your funds. The private key is not maintained by any third party that you can call and ask for help if lost. It is your primary responsibility to keep it safe.
How can you secure your private keys and secret recovery phrase?
There are several ways to secure your private keys and recovery phrases. While each option presents its own set of advantages and disadvantages, the general rule of thumb is to not store it anywhere online. That means no storing it on your email, Google Drive, Dropbox, etc.
- Cryptotag: Crypto tag is getting in the limelight nowadays. It is a titanium plate in which the user engraves the hardware wallet’s secret phrase. The titanium plates are indestructible, thus helping in keeping the secret phrase safe.
The disadvantages are that it’s not reusable hence you have to buy new plates if you make a mistake whilst engraving.
Also, it is easily identifiable.
- Note it on paper: You can write your keys on a piece of paper and store it somewhere safe. Remember, it’s your responsibility to secure the paper
The disadvantages are that the paper can be damaged or lost.
To retain it for a longer period of time, you can laminate the paper and put it in your bank locker. But this method still cannot protect the paper forever. Also, keeping it in a bank locker is risky.
How can I set up a hardware wallet with MetaMask?
MetaMask allows you to connect a Trezor, Ledger, Lattice 1, Keystone (now available with MetaMask Mobile), or AirGap Vault. This allows you to:
- Check your account balance (ETH or other tokens).
- Sign transactions — eg: send ETH and ERC20 tokens and collectibles, deploy contracts, etc.
- Sign messages
Some sites may be integrated with MetaMask but not with the aforementioned hardware wallets yet. Connecting your wallet with MetaMask, allows you to interact with those sites now! In addition, this helps developers, as it gives their users more options with less development work on their end.
Follow these steps to connect:
- Unlock your MetaMask
- Select the icon on the top-right corner
- Select ‘Connect Hardware Wallet’
- Choose Ledger, Trezor, Lattice, or QR-based
- Click ‘Connect’
- Select an account you want to interact with (note: MetaMask can only have one account connected and accessible at any given time)
Once you have successfully connected your account, it will behave just like any other MetaMask account, with the difference being that you need to have your wallet plugged in for signing transactions or messages.
If you want to remove the connected account later, simply click the ‘X’ next to it on the accounts list menu (MetaMask will remember your account name and transaction history if you reimport that account in the future).
Client-side software wallets like MetaMask, are a foundational step towards the ownership economy––offering not just a solution to custody your assets, but also a gateway to access the decentralized web.
Hardware wallets like Trezor, Ledger, Lattice 1, Keystone, or AirGap Vault help make sure you’re in full control over your assets with an added layer of security. Using a hardware wallet improves your security with both your private keys and when interacting with smart contracts.