July 20, 2022 - 11 min read
Air-gapped wallets are crypto wallets that are completely disconnected from the internet and any form of wireless communication. This generally means that they are disconnected from both traditional internet connections as well as Bluetooth, WiFi, NFC (near-field communication), and even USB drives.
In general, air-gapped wallets provide the highest level of security of all cryptocurrency wallets. Still, there are trade-offs, as air-gapped wallets can be much less convenient than a traditional desktop, mobile, or non-air-gapped hardware wallet. Some wallets can be considered partially air-gapped, as they provide a USB connection but no Bluetooth, WiFi, or NFC connection ability.
For those who are unfamiliar, near-field communication is a type of communication that allows two or more electronic devices to communicate over a distance of 4 cm or less by using high-frequency radio waves. Some hardware wallets use NFC (in addition to Bluetooth and other technologies) to communicate with phones or computers.
In contrast to the types of communication mentioned above, most fully air-gapped wallets use scannable QR codes for transactions, though some may also use micro-SD cards.
It should be noted that air-gapped wallets are always hardware, “cold wallets,” but not all hardware wallets are cold wallets, and not all cold wallets are fully air-gapped.
Theoretically, a laptop or desktop computer can also be fully disconnected from Bluetooth or the internet, creating an improvised air-gapped computer wallet. However, this is considered much less secure than traditional air-gapped wallets because there are more opportunities for malware to enter the computer system and facilitate an attempt to hack into the wallet.
In general, if using a computer as an air-gapped wallet, it should be purchased out-of-the-box and never connected to the internet.
In theory, air-gapped wallets are significantly more secure than traditional wallets. In one case, Saleem Rashid, a fifteen-year-old hacker, broke into a Ledger Nano S, one of the best-respected wallets in the industry, by supplying malicious code to the wallet through a USB cable connected to his PC. Due to its lack of connectivity with all networks, a fully air-gapped wallet is, in theory, much less susceptible to hacking than its non-air-gapped brethren.
Despite the commonplace idea that air-gapped wallets are significantly more secure than other types of crypto wallets, some research has questioned this idea.
This is partially because, to transfer crypto, a wallet must still interact with a computer. An air-gapped wallet generally utilizes a software application installed on a computer that supports PSBTs (Partially Signed Bitcoin Transactions) for Bitcoin, or other types of partially signed transactions for other types of cryptocurrency.
The user will create an “unsigned transaction” in the companion application. This is generally encoded in a QR code that can be scanned with the hardware wallet. Alternatively, the transaction is recorded and stored as a file that can be read via a microSD card, though the latter type of transaction could be considered less secure than the former.
The hardware wallet will then sign the transaction with its private keys, and then displays the signed transaction to the computer via a QR code or microSD file storage and writing. The computer application can then broadcast the signed transaction to the network.
Even though there is no physical connection, the wallet and the computer still exchange information. Even with a hardware wallet, the data transmitted from the internet-connected computer could potentially be malicious. This means that the hardware wallet would need the ability to carefully examine transactions to fully avoid the chance of wallet malware infection.
Essentially, if the wallet gets malware files and does not detect them, the fact that it is air-gapped will not protect the users’ funds. Theoretically, a hacker could attempt to exploit a wallet via a malicious transaction file, QR code, or information sent through Bluetooth or by a USB port.
Using the exploit methods above, an attacker could swap out co-signers for a multi-sig wallet, or even change the receiving address for a transaction. The software on the air-gapped wallet may or may not be sophisticated enough to prevent this, but being air-gapped does not provide additional protection in these scenarios.
In the case of microSD cards, a program installed by a hacker could monitor or (in the case of Bitcoin transactions) write PSBT (Partially Signed Bitcoin Transaction) files. MicroSD cards themselves contain a miniature computer that can be hacked, and so can the USB drivers that interact with the MicroSD card on the computer itself.
In the case of QR codes, various attack vectors include backdoors related to the images on a phone’s camera, the camera’s firmware, the software that controls the rendering of QR codes, or other types of malware. In addition, while extremely unlikely, surveillance cameras or other cameras, especially those utilizing infrared vision, may be able to ascertain the QR codes of a transaction.
Other vulnerabilities that have been successfully tested by researchers include breaking into air-gapped wallets using radio signals from a computer’s video card, the electromagnetic emissions from USB devices, and even the sounds produced by hard drives.
Overall, it seems that, while air-gapped wallets are significantly more secure than their non-air-gapped counterparts, they are far from invulnerable. Therefore, the security and ease-of-use trade-off that air-gapped wallets present when compared to non-air-gapped wallets is a trade-off that individual users must consider– and there is no clear answer about which is the superior option.
Now that we’ve discussed both the benefits and the potential vulnerabilities of air-gapped wallets, let’s review some of the best air-gapped wallets on the market today.
The Ellipal Titan was one of the first air-gapped wallets to reach the broader crypto market. The wallet is a large, smartphone-sized “big-screen” hardware wallet that supports Android and iOS devices. It is built from a high-quality metal casing, which many say gives the wallet a sturdy and high-end feel.
Like the other wallets on this list, the Ellipal Titan wallet is fully air-gapped, and does not connect to Bluetooth or WiFi. Instead, it only uses QR codes. It uses a battery and does not have a USB port for charging to prevent potential hacking. Unlike most wallets (even air-gapped ones), the Ellipal Titan goes further to prevent physical hacking with its anti-tamper and self-destruct features. If a wallet self-destructs, the owner can use a seed recovery phrase to access their funds.
The Ellipal wallet currently supports 41 blockchains and over 10,000 tokens. Major blockchains it supports include Bitcoin, Ethereum, TRON, Binance Smart Chain (now BNB Smart Chain) BEP20 tokens, Binance Chain (now BNB Beacon Chain) BEP2 tokens, Polkadot, Ripple (XRP/XLM), Cosmos, Tezos, VeChain, and Cardano. The wallet also supports trading, staking, NFTs, and dApps. The Ellipal Titan starts at $119.00.
The SafePal S1 wallet is another air-gapped wallet that uses QR codes and does not allow access via radio frequencies (i.e RFID), Bluetooth, or WiFi. SafePal gained a significant amount of popularity after being endorsed by Binance, which is currently the world’s largest crypto exchange. While secure and versatile, the SafePal wallet is disliked by some due to its plastic casing, small screen, and lack of buttons. SafePal uses a USB for charging and updates, so some may actually say that it isn’t fully air-gapped at all.
SafePal currently supports 20 blockchains, somewhat less than Ellipal, and over 10,000 tokens. Major blockchains supported by the SafePal wallet include Ethereum, Bitcoin, TRON (TRC-10 and TRC-20 tokens), XLM, Binance Smart Chain (now BNB Smart Chain) BEP20 tokens, Binance Chain (now BNB Beacon Chain) BEP2 tokens, EOS, NEP5, and Polkadot. The SafePal S1 starts at $49.00
The Keystone wallet is yet another air-gapped wallet that has recently grown in popularity. It is partially made out of metal and has a large color touch screen, which many say gives it a high-end feeling, similar to the Ellipal wallet. Like the Ellipal wallet, it also does not utilize USB charging and instead has a detachable battery to avoid the risks of USB-based exploits. Like most other air-gapped and hardware wallets, it has a companion app for setup and transactions.
However, unlike many other air-gapped wallets, the Keystone wallet supports only 9 blockchains and around 400 tokens, which may be a drawback for some users. It is also mainly limited to storing and sending crypto, as it does not allow trading, staking, or dApps. It does, however, support NFTs. Keystone offers a wide scope of wallet options, including the Keystone Essential, which starts at $119.00, and the popular Keystone Pro, which starts at $149.00. Their luxury option, the Keystone Ultimate, starts at $479.00. They also offer metal tablets for users to physically and securely store their recovery phrases.
The AirGap Wallet is a specialized software wallet, which allows users to install the app on a cellphone that is completely offline to create a DIY air-gapped wallet that uses QR codes to sign transactions via the AirGap Vault App. Like most other air-gapped wallets, the AirGap Wallet has a companion app for mobile devices. Users can also install the AirGap Wallet on their internet-connected mobile device by using the AirGap Vault and the AirGap Wallet app on the same device. However, this will technically make the wallet non-air-gapped.
The AirGap Wallet allows users to directly stake Cosmos, Tezos, Polkadot, or Kusama for up to 7.2% APR. It also allows in-app swaps for Bitcoin, Cosmos, Tezos, and various other cryptocurrencies.
In addition to Cosmos, Tezos, Polkadot, and Kusama, the wallet also supports Bitcoin, Ethereum, Binance Coin, and the top 100 ERC-20 tokens. Unlike many air-gapped wallets, it does not support XRP, XLM, TRON, or Cardano. This lack of token support for major cryptos and lesser-known ERC-20 tokens could be a turn-off for some potential users. Notably, however, the wallet does support Tezos-based NFTs. The AirGap Wallet App is free and available on the Apple App Store and the Google Play Store.
The NGRAVE Wallet is the first crypto hardware wallet with the highest security certification in the world (CC EAL7). The CC (Common Criteria) is an international standard developed through a combined effort of six countries: the United States, the United Kingdom, France, Germany, Canada, and the Netherlands, which classifies security technologies based on a set of common standards. EAL7 is the highest grade, which states that the technology is suitable for “extremely high-risk situations.” The NGRAVE ZERO Wallet is also supported by well-known cryptographer Jean-Jacques Quisquater, who recently joined the project as an advisor.
The NGRAVE ZERO wallet has a large metal body, and a large, easy-to-use touchscreen. The NGRAVE Wallet also provides an encrypted backup system to allow users to recover their funds. NGRAVE’s companion app is called the Liquid App.
NGRAVE supports over 20 cryptos, including Bitcoin, Ethereum, Bitcoin Cash, Ripple (XRP), EOS, Litecoin, and ERC-20 tokens. The wallet also supports Ethereum ERC-721 NFTs. The NGRAVE ZERO starts at €398.00.
The COLDCARD Mk3 is a unique hardware wallet that some say is the world’s most advanced (and secure) Bitcoin wallet. However, unlike almost every other air-gapped wallet, the COLDCARD Mk3 only supports Bitcoin and not other cryptocurrencies. Despite its advanced technologies, most would say that the wallet is not very attractive. It looks similar to a 1980s-era calculator with large number buttons and a tiny black and white screen.
The COLDCARD Mk3 has a MicroSD slot for transaction verification, which some might say is less secure than QR code-based transaction verification. Users can make backups and move transactions on their MicroSD chip. Like many other air-gapped wallets, the wallet utilizes the Partially Signed Bitcoin Transaction (PBST) BIP174 standard, which allows users to partially sign transactions. Unlike most other wallets, however, the COLDCARD Mk3 provides open-source firmware which any user can edit and compile.
In the end, this wallet is best for hardcore Bitcoiners and those who are extremely security oriented and is not the best for beginners or those interested in DeFi, NFTs, staking, or other, more modern crypto activities. The COLDCARD Mk3 starts at $119.97. A newer model, the COLDCARD Mk4, which has more advanced security features, was recently released. The COLDCARD Mk4 model starts at $157.94.
It should be noted that most of the most popular hardware wallets on the market today are not air-gapped. These include the Ledger Nano S and Ledger Nano X, all models of Trezor wallets, and the Arculus wallet. The Arculus wallet, which many may believe is air-gapped, uses NFC (near field communication), which means that, while it may be highly secure, it is not a fully air-gapped wallet.
After doing a fair amount of research, it’s easy to come to a (nuanced) conclusion. Air-gapped wallets are more secure than their non-air-gapped counterparts. Avoiding direct internet, Bluetooth, WiFi, RFID, NFC, or other types of broadcast connection can prevent many common wallet hacking methods. However, the research also shows that even an air-gapped wallet isn’t always an obstacle for the most dedicated of hackers. However, it does make things much harder.
In the end, whether you want to store your crypto on a hot wallet, a cold, hardware wallet, or a fully-air-gapped wallet is up to you– each has its benefits and drawbacks, and some people, especially if they own a lot of crypto, might be served by using all three.
Related Articles
Learn More
RECENT POSTS
註冊Supra新聞通訊,獲取最新消息、更新、行業洞察等內容。
©2024 Supra | Entropy基金會(瑞士註冊號:CHE.383.364.961)。保留所有權利。