What does a hardware wallet protect against?

What gets solved

• Malware on your computer. Even with a fully compromised OS, no transaction can be signed without physical confirmation on the device.
• Phishing sites. When you confirm the transaction on the device, you see the actual receive address on the Secure Display, not the one on your browser.
• Cold-boot attacks and RAM dumps. Private keys never leave the Secure Element chip in clear text.
• Loss of the device. With your seed you can restore access on a new device from any maker that uses BIP39.

What does not get solved

• Phishing that lures you into typing your seed. Never write your seed on a computer, and never let anyone talk you into doing so, not even someone claiming to be from the manufacturer's support.
• Loss of your seed. If your paper seed burns, your coins are gone. No manufacturer or exchange can help you.
• Social engineering on your family. If someone physically forces you to sign, you will sign. Use a duress PIN or passphrase wallet to keep a "visible" decoy balance and a "hidden" main balance.
• Smart-contract scams. You can sign a perfectly valid transaction that drains your wallet if you connect it to a malicious DeFi site. Always read what you sign.

The backup strategy

Your seed is the only thing that really matters. The rules are simple:

1. Write it down on paper once, never on a computer or phone.
2. Consider a steel plate (Cryptotag, Seedplate, Stamp Seed) if the holding is large.
3. Use Multi-share Backup (Trezor) or Seed XOR (Coldcard) if you want to split the backup across locations.
4. Test recovery on testnet or with a smaller amount before relying on the backup.

Passphrase: a hidden wallet

Every modern hardware wallet supports a BIP39 passphrase on top of your 12, 20 or 24-word seed. A passphrase creates a completely separate wallet. That means:

• A thief with your device and your seed still cannot see your real balance, if it requires a passphrase.
• Your "decoy" wallet without a passphrase can hold a small amount for plausible deniability.
• Forget the passphrase and you lose access. Memorize or write it down separately.

How secure is the chip really?

The Secure Element chips in hardware wallets are certified under Common Criteria, typically at level CC EAL5+ or EAL6+. That is the same class as chips in passports, payment cards and SIM cards. The level refers to how stringent the audit requirements were on the chip's design and production, not how many specific attacks the chip has been tested against.

In practice, EAL6+ means side-channel attacks (timing, power consumption, RF emissions) are actively designed against, and that physically decapping the chip to read memory is impractical with commercially available equipment.