Hardware wallet: keys that never touch the internet
A hardware wallet is a small dedicated device that stores the private keys to your Bitcoin offline and signs transactions inside the device, so the keys never touch an internet-connected computer. It is the standard way to hold your own coins without trusting an exchange or a software wallet on a machine that could be compromised.
At a glance
What it is
A dedicated device that keeps your private keys offline
Why it matters
Self-custody: no exchange can freeze, lose, or be ordered to hand over your coins
What it protects against
Malware on your computer, and the failure of a custodian
What it is not
A backup. Lose the recovery phrase and no support desk can help
Comparison
Who holds the keys
Exchange or hot wallet
Hardware wallet
Where the keys live
On a server, or on an online computer
Offline, inside the device
If they get hacked
Your coins can vanish
Your keys were never on their machine
Identity document to start
Usually required
Buying the device needs none
What is a hardware wallet?
Owning Bitcoin really means holding a private key, the secret that authorises
spending. If that key sits on an internet-connected computer, anything that
compromises the computer can take the coins. A hardware wallet moves the key onto
a small dedicated device that never exposes it. When you spend, the transaction
is sent to the device, signed inside it, and the signature comes back out. The
key itself never leaves. The device this stack uses is the BitBox02₿Affiliate link. You support sovgrid at no extra cost to you. See /support.↗, a Swiss-made wallet with open-source firmware.
Why hold your own keys?
The alternative is letting an exchange or an app hold the keys for you. That is
convenient until the company is hacked, freezes your account, goes under, or is
ordered to hand over your balance. Self-custody removes that party entirely: the
coins answer only to the key on your device. The trade is responsibility. There
is no password reset. The recovery phrase the device gives you at setup is the
one and only backup, and protecting it is now your job, not a support desk’s.
Self-custody gives you
Keys that live offline and sign inside the device
Coins no company can freeze, lose, or be subpoenaed for
A receiving address you can verify on the device's own screen
And asks of you
A recovery phrase only you hold; lose it and the coins are gone
To be the security model now, so a safe written backup matters
To verify every address yourself, because phishing targets you, not a company