Can A Hardware Wallet Be Hacked?

The best way to protect your cryptocurrency assets is to secure them on a cold storage hardware wallet. Your private keys are generated and stored on the hardware wallet which is then protected by a PIN and an optional passphrase. Your keys are never exposed to the internet: that’s why it’s known as cold storage. 

But using a hardware wallet doesn’t make you immune to threats. Of course, everything can be hacked. If someone tells you otherwise, they either don’t understand that information security is a constant battle, or they’re simply lying. So it’s important to apply basic security principles to ensure your assets are protected.

Below we are sharing with you our top security tips so you can ensure you are keeping both your hardware wallet and assets safe. 


Once you have decided on a hardware wallet, ensure you purchase one from a trusted source, so you can be certain that the device is genuine. An authorised reseller is a retailer who is authorised to sell directly to the consumer after purchasing stock from the manufacturer. 

The easiest way to ensure you are buying from an authorised reseller is to check the manufacturer's retailers page. See below:

  1. Ledger -
  2. Trezor -
  3. BitBox - 
  4. Billfodl -
  5. Satochip -
  6. SecuX -

If the website you are visiting is NOT listed here then we recommend looking for a different place to purchase your wallet. What might be a small discount on purchase price could easily turn into a massive loss of funds. It’s just not worth the risk.


Anyone that knows your recovery phrase can access and move/steal your cryptocurrency, so it’s vital that you keep it private and secure. 

The best way to do this is to:

  • Never share your recovery phrase with anyone
  • Never store your recovery phrase on a computer or smartphone
  • Never store your recovery phrase online, where it can be easily hacked
  • Never rely on your memory alone to remember your recovery phrase
  • Store your recovery phrase on a device such as the Billfodl, that is virtually indestructible
  • If you ever have to restore your wallets/accounts, only enter the recovery phrase into the physical device


If you receive communication from your wallet manufacturer or us asking for information, please ensure you double check and verify the web URLs and email addresses. Look out for unusual spelling and accents within the names. For reference, our official addresses are:


A good practice to get in the habit of is bookmarking verified sites that you normally need to input sensitive information, and only access them via that bookmarked link.  


If you do happen to receive an email that looks like a scam, we recommend that you report it and mark it as spam to avoid receiving emails from the same address in the future. 


If you have any questions or concerns, please reach out to us at We also offer in-depth remote consultations.