What’s in your wallet?

Technology

Zach Herbert at Foundation Devices explains why the technology underpinning many digital wallets is insecure and argues that new techniques are needed to secure our digital assets

The way we secure our digital lives is changing. Cryptographic keys are no longer just for Bitcoin enthusiasts; they are fast becoming the foundation for everything from financial transactions to identity verification.

As our dependence on digital keys increases, so does the importance of securing them properly. And yet, many of the tools we trust for this purpose—namely, consumer hardware wallets—are built on outdated, opaque technology that poses a significant (and, with grim irony, a highly centralised) security risk.

The time has come to stop asking merely where the biggest security threats are coming, but to ask some robust questions of the consumer custody that industry provides: starting with, “What’s in your wallet?”

A false sense of security

For years, hardware wallets have been marketed as the safest way to store cryptographic keys. Devices like Ledger promise protection from online threats, offering an alternative to storing keys on easily compromised websites and online wallets.

At first glance, cold storage wallets seem like the perfect solution: they isolate our keys from hackers and remove the need to trust third parties like online exchanges, which have a less-than-stellar reputation for safeguarding their customers’ investment.

The reality is far more complicated, however. Most hardware wallets are built on closed-source, proprietary systems that users cannot fully inspect or verify (if at all). This lack of transparency forces consumers to trust manufacturers’ claims without the ability to independently assess their security. The fundamental principle of decentralisation—trust, but verify—is absent from many of the very tools designed to keep our digital assets safe.

Inside the black box

One of the core problems with many hardware wallets is their reliance on legacy security architecture. The majority use smart card technology originally designed for bank cards in the 20th century. While these chips are effective for traditional financial applications, they were never intended for today’s use cases. The outdated nature of this technology means these wallets inherit many of the same vulnerabilities found in older financial systems.

Even more concerning is the "black box" approach of certain wallet providers. Because their software and hardware are closed-source, users have no way of verifying whether security flaws exist or if backdoors have been intentionally or unintentionally introduced.

If a vulnerability is discovered, users must rely on the manufacturer to acknowledge and fix the issue—often with little transparency about the process. This creates a dangerous single point of failure, one that becomes increasingly risky as more of our personal and financial lives depend on cryptographic security.

The expanding role of cryptographic keys

Cryptographic keys are no longer just about protecting Bitcoin. In the near future, they will play a crucial role in securing everything from digital identities to access credentials. Governments and private companies alike are already exploring blockchain-based identity systems, where individuals control their own personal data using cryptographic keys rather than relying on centralised databases.

This shift represents a fundamental change in cyber-security. Instead of passwords, multi-factor authentication, or traditional identity verification methods, individuals will use cryptographic signatures to access bank accounts, sign contracts, and prove their identity online.

What’s most revolutionary about this new paradigm is that security (and everything that depends on it, like banking) becomes ‘trustless’; in other words, it is secured with mechanisms that do not require users to trust a central authority or intermediary, and which instead rely on cryptographic methods, decentralised protocols, and transparent verification processes.

Yet ‘trustlessness’ isn’t the same as blind faith: it requires the ability to verify the security of the underlying technologies – in particular, those we use to securely store and manage these cryptographic keys.

If the hardware wallets available today remain the standard, the future of digital security could be built on a foundation of outdated, unverifiable technology. A single security flaw in a widely-used proprietary wallet could expose not just cryptocurrency holdings, but entire digital identities, personal data, and our fiat savings via our bank accounts.

Transparency and open security

The solution to these risks is both simple and essential: transparency. Just as strong encryption relies on publicly tested, open-source algorithms to ensure security, the devices that store cryptographic keys must follow the same philosophy. Open-source hardware and software allow security researchers, developers, and even individual users to audit and verify security measures, reducing reliance on manufacturers’ claims and increasing overall trustworthiness.

Newer, more secure alternatives already exist. Hardware wallets based on open-source microkernel architectures provide a more robust security foundation, allowing independent verification of their safety. These systems ensure that no single company controls the security of users’ cryptographic keys, reducing the risk of hidden vulnerabilities and fostering innovation.

The future of digital security

As cryptographic keys become central to our financial and digital identities, we cannot afford to trust them to closed systems that prioritise corporate control over user security. The next generation of security devices must be open, transparent, and built for the evolving digital landscape.

For users, this means demanding better security practices from wallet manufacturers and seeking out alternatives that prioritise transparency. For developers and security professionals, it means contributing to open-source projects that create solutions that are truly ‘trustless’.

The shift to a cryptographic key-driven digital world is inevitable. Whether it represents a step forward in security depends entirely on knowing what’s in our wallets.

Zach Herbert is Cofounder and CEO of Foundation Devices

Main image courtesy of iStockPhoto.com and da-kuk