Quote:
Originally Posted by Two SHAE
The device itself can be hacked
This is why IMO it's best to use a device that has been around for years (like Trezor), where many developers and security researchers already looked at the code and potential security vulnerabilities are already fixed. At least at Trezor there has been some vulnerabilities indeed which has been fixed already (note: afaik none on the level of "remote attacker can steal all your coins", just relatively smaller ones.)
Quote:
Originally Posted by Two SHAE
The company that sells it periodically pushes out firmware updates
You will have to manually update and it's open-source. If there is something malicious in the code or if the firmware checksum doesn't match, I am sure you will hear about it. I realize 99.99% of people don't look at the code, but IMO just wait few weeks before updating (unless crucial update) and you can be pretty sure some people audited the code IMO.
Quote:
Originally Posted by Two SHAE
The recovery seed in the wrong hands is gg for your coins
Yes, you should really take "backing up the seed" serious, both for this reason and for example a fire that destroys both your backup seed and hardware device.
Quote:
Originally Posted by Two SHAE
Storing encrypted private keys on a machine that has never touched the internet is obviously superior.
In terms of security, that is indeed obviously superior.
But for example: there are plenty of gambling sites out there who hold thousands of coins on a Trezor. And obviously so many people by now too (also Ledger btw.) AFAIK so far the number of "lost coins incidents" are pretty much
0. The ease-of-use is so much superior against a encrypted always-offline computer, that I do think a hardware wallet is the best wallet choice for the average user.