Basics
What a hardware wallet is (and isn't)Start here if Ledger is new to you. We explain what a hardware wallet actually protects you from, where its limits are, and the myths that cause the most new-user mistakes — before moving on to setup, security and buying.
What Are Private Keys and Recovery Phrases | Core Concepts
The private key is the sole credential that controls your crypto assets; the recovery phrase is the human-readable form of that private key. Understanding both concepts is the foundation of using crypto safely.
What Is a Private Key
A private key is a random string made up of numbers and letters — mathematical proof of your control over assets on a blockchain. Every wallet address corresponds to a private key; only the holder of the private key can sign transactions and transfer assets. Once a private key is leaked, anyone can move your assets away, with no recourse.
What Is a Recovery Phrase
A recovery phrase (also called a seed phrase) is typically an ordered sequence of 12 or 24 English words — another representation of the private key. Because raw private keys are too complex to record by hand, recovery phrases were designed to make backup easy for users. From the recovery phrase, the private key can be derived, and thus full control of the wallet can be restored.
How They Relate
A recovery phrase and a private key are essentially the same key in different forms. When a Ledger device is initialized, it generates a recovery phrase; that set of words determines all your wallet addresses and private keys. No matter how many accounts you add or how many assets you manage, all of them are derived from this single recovery phrase.
Security Essentials
The recovery phrase is the ultimate control over your assets: it must be handwritten on paper and stored in a safe physical location; it must never be photographed, screenshotted or stored on any electronic device; any person, website or software asking you to enter your recovery phrase is a scam (restoring your own wallet is the only exception); if you lose the recovery phrase and the device is also damaged, access to your assets is permanently lost.
For more security knowledge, see the Ledger Security Guide.
What Is a Ledger Hardware Wallet | Beginner Primer & Core Principles
A Ledger hardware wallet is a purpose-built physical device for securely storing the private keys of crypto assets, protecting your digital assets through offline storage.
What Is a Hardware Wallet
A hardware wallet is a dedicated electronic device that stores the private key inside a Secure Element chip, physically isolated from the internet. Unlike a phone app or a web wallet, the private key in a hardware wallet is never exposed to a connected environment, effectively preventing remote theft by hackers.
Ledger's Core Value
Ledger uses a bank-grade certified Secure Element chip — the same class of security technology used in bank cards and passports. When you initiate a transaction, the transaction details are sent to the device; you confirm them on the device screen; and the private key signs the transaction inside the chip. The signed transaction is then sent out. Throughout the process, the private key never leaves the chip.
Why You Need a Ledger
Storing assets on exchanges or in hot wallets exposes you to risks such as platform failure and hacker attacks. With a Ledger hardware wallet you truly hold your own private keys and practice self-custody. Even if your computer is infected with a virus, an attacker cannot extract the private keys stored inside the Ledger.
Common Misconceptions
It's worth clarifying that a hardware wallet does not "hold" your crypto assets — the assets are always recorded on the blockchain. The hardware wallet custodies the private key, which is the sole credential for accessing and controlling those assets. So even if the hardware wallet is lost or damaged, as long as you have a backup of your recovery phrase you can restore access to your assets on a new device.
For more security knowledge, see the Ledger Security Guide.
Hardware Wallet vs. Hot Wallet | Security Comparison
The core difference between a hardware wallet (cold wallet) and a hot wallet is how the private key is stored: hardware wallets store the private key offline, while hot wallets store it on an internet-connected device.
Security Comparison
Hot wallets (such as phone apps and browser-extension wallets) keep the private key on an internet-connected device — convenient to use any time, but exposed to network threats such as hacking, malware and phishing sites. Once the device is compromised, the private key may be stolen.
Hardware wallets store the private key inside a dedicated Secure Element chip, fully isolated from the network. Even if the connected computer is already compromised, the attacker can only see the transaction request and cannot extract the private key. Signing is completed inside the device; the private key is never exposed.
Convenience Comparison
Hot wallets are more convenient: open the app and you're ready — ideal for small, day-to-day transactions. A hardware wallet requires connecting the device and physically confirming on every use, with more steps involved, but that is exactly the source of its security — every transaction requires your physical participation.
Use Cases
Hot wallets are suited to small balances, frequent trades and daily DApp interactions. Hardware wallets are suited to large-balance storage, long-term holding and scenarios with high security requirements. Many users combine both — a small balance in the hot wallet for daily use, and the main assets stored in a hardware wallet.
How to Choose
If your crypto holdings are substantial, or you plan to hold long-term, we strongly recommend a hardware wallet. The security gain far outweighs the added inconvenience. As the saying goes, "Not your keys, not your coins" — only by truly holding your own private keys do you truly own your assets.
