I recently got a question regarding the use of hardware wallets and metamask on my tiktok account. I feel that this issue warrants a more in-depth explanation than what’s possible in the timespan that video replies would allow, so I decided to write an article, explaining the answer(s).
Is it safer to use a hardware device (such as a Trezor Wallet or a Nano Ledger) AND a Metamask?
The short answer is NO.
A hardware wallet encrypts your recover phrase (or secret key) for your wallet inside it, allowing you to access those assets via a simplified method (a pin or short password).
Metamask essentially does the same thing – allowing you access to your funds via browsers extension (or phone app) by entering a password.
I did a quick video replying to the comment, but felt it necessary to post it on here as well (for those that might have the same question but don’t follow me on Tiktok). Long story short, this gives TWO sources access to your wallet, which is technically LESS secure:
This response prompted another question (and another video response);
To the best of my knowledge, it works like this:
Two “connections” to your crypto wallet just means that there are two ways that a wallet can be accessed. In the video above, I explain that it works kind of like this:
Lets say that your wallet is your “bank account”. The hardware wallet (trezor/nano/etc.) in this example is your debit card. On t he other hand, your Metamask is similar to a PayPal account that’s also connected to your bank account. Each extra “connection” to your assets is an extra (albeit small) vulnerability. So with each connection to your wallet, your risk grows by that much more.
My Suggestion For Securing Your Crypto Assets
Call me overly careful (or paranoid), but I even though I like to think that I’m relatively cautious with my wallet(s), I prefer to keep my assets divided between multiple wallets. I have separate wallets for uniswap, opensea, long term hold projects, and riskier endeavors. And I encourage others to practice this as well.
When I first started in crypto, I used strictly paper wallets for long term hold projects. Now, I use a combination of paper, hardware, and software wallets.
However, before you buy any hardware wallet, make sure you watch this video:
ONLY buy hardware wallets directly from the manufacturer of the wallet(s)
There are many examples of second hand hardware wallets being used to steal funds from unsuspecting users. Even buying from websites like Amazon is no exception, here’s an example:
So keep your eyes open and ONLY order from the manufacturer(s) of these devices. Blockchain Technology is amazing, and DeFi (Decentralized Finance) means that YOU are responsible for your own funds.
So Which is Safer? Metamask or Ledger / Trezor for Long Term Storage?
The short answer is: Hardware Wallets are safer. The recovery phrase is encrypted and stored directly on there. However, you will still need to store your recovery phrase somewhere – and this is an issue.
If you store your recovery phrase on your computer, you open yourself up to a HUGE risk of a hacker/scammer gaining access to the phrase, and having full access to your funds – they will not need access to your hardware wallet to be able to access your funds.
If you need suggestions on where to store your recovery phrase, here are 3 quick ideas:
- Store it in your safe (or bank deposit box)
- Write the recovery phrase in a safe place that no one would think to look for it
- Grab a dictionary and number the words used in your recovery phrase (and hide that dictionary in your bookshelf)
The reason I only gave 3 ideas is because you can take any one of those ideas and branch off on them using your own imagination.
Now, I’m sure there are other aspects of hardware wallets that I have yet to cover, but I wanted to answer another (equally important question) that arose out of this chain of videos:
What Are The Metamask Vulnerabilities? How Can I Make My Wallet Safer?
While I personally haven’t had any issues with my Metamask wallets, I am fully aware that using Metamask is not 100% secure – you trade off a tiny bit of security for quality of life.
Metamask, if you’re not familiar with it, is a browser extension (and phone app) that allows you to create and access your crypto wallets. Additionally, there are several other options available, such as TrustWallet, but for the sake of keeping this article short, I’ll just cover Metamask (the others work the same way).
How Someone Can Gain Access To Your Metamask
Assuming that someone were to gain access to the location where your metamask is installed, they would have several options access to your wallet. If they managed to run a keylogger, they would have direct access to your funds (or export your secret key). If you saved the recovery phrase / secret key on your computer, they might be able to find it and log into the metamask from a different location.
The best advice I can give is to run a legitimate antivirus/anti malware software on your computer / phone. Even something as simple as the free version of Malwarebytes can help prevent this (to a degree). However, I would recommend researching what the best antivirus is for your situation.
If you’re not familiar with what a json/keystore file is, you can read more about it here. If the malicious party were to gain access to your keystore file, they can copy that to their computer and start a “brute force” attack, trying to guess your password. This is why it’s important to use a non-common password for your metamask (having a mixture of numbers, letters, capitalized letters, and special characters).
Call me crazy, but being the overly cautious person that I am, my wallets (and metamask accounts) are split between different computers and phones. And with a healthy dose of antivirus and security. To clarif, I say this because no matter HOW careful you are, if a hacker were to gain access to your computer (and have a keylogger installed), they could drain your wallets in a matter of seconds.
To summarize; install a decent anti-virus/anti malware software, and NEVER EVER EVER store your secret key, passphrase, password on your computer. Write it down on a piece of paper or encrypt it on a different device.
Moreover, even though I feel that this article is longer than I meant it to be, I similarly feel like it’s still too short to emphasize the importance of security. The Defi space is FULL of scammers because of how many newbies there are to it. Also, because it’s decentralized finance, it means that when you lose your funds, there is no-one you can turn to for help on recovering those funds…
Apologies if it came off as a doom-and-glood article, I’m not trying to scare you. I’m just trying to make sure that the point comes across loud-and-clear: Only you are responsible for the safety and security of your crypto wallet(s). It’s always best to err on the side of caution and not put all your eggs in one basket. And secure that basket with titanium grade security and a decent antivirus.
Anyways, I hope that this article helps more people than it scares.