Hardware wallets (Ledger, Trezor, Coldcard) keep your private key in a secure chip that never touches the internet, making them more secure than software wallets (MetaMask, Trust Wallet, Exodus), which hold keys on an internet-connected device. For merchants, though, the bigger question is whether your payment processor is custodial or non-custodial - because a hardware wallet behind a custodial processor gives you less real control than a software wallet behind a non-custodial one. Here is the honest breakdown.
Start with the threat model
Security decisions only make sense relative to what you are protecting against. Before comparing wallet types, be honest about the threats you face:
- Remote attackers trying to steal keys via malware or phishing
- Physical theft of a device
- Your own mistakes - lost access, wrong addresses, lost backups
- Third parties you have given access to (processors, exchanges, staff)
Different wallet types address different points on this list. None address all of them. The right choice depends on your volume, your technical comfort, and how much you want to self-custody versus delegate.
What is a software wallet?
A software wallet is an application - on your phone, desktop, or browser - that stores your private keys on the device running it. Examples include MetaMask (browser extension), Trust Wallet (mobile), Exodus (desktop), and BlueWallet (Bitcoin-focused).
How they work
The private key is generated and stored in encrypted form on your device. When you authorise a transaction, the app decrypts the key in memory, signs, and broadcasts. The key is never transmitted, but it does briefly exist in the memory of an internet-connected device.
What they protect against
- Basic account takeover - compared to exchange custody, you own your keys
- Exchange insolvency - your funds are not on a platform that can freeze or lose them
What they do not protect against
- Malware that extracts keys from memory or storage
- Phishing sites that trick you into entering your seed phrase
- Malicious browser extensions that intercept transactions
- Physical access to an unlocked device
A software wallet is far better than leaving funds on an exchange, but the key lives on an internet-connected "hot" device, always potentially reachable by a motivated remote attacker. Avoid the common pitfalls in 7 wallet security mistakes that lead to lost funds.
What is a hardware wallet?
A hardware wallet is a purpose-built physical device - Ledger, Trezor, Coldcard, Keystone - that stores your private key in a secure element that never exposes it to the host computer.
How they work
When you connect a hardware wallet to sign, the transaction data is sent to the device. The device shows the details on its own screen (always verify there, not on the computer). You confirm physically by pressing a button. The key signs internally and returns only the signed output. The private key never leaves the hardware.
What they protect against
- Remote attackers - the key cannot be extracted over the wire
- Malware on the host computer - the computer never sees the key
What they do not protect against
- Physical theft of the device and your PIN
- Supply chain attacks (buy only from official manufacturers)
- Approving a malicious transaction on the screen without reading it
- Losing the device without a seed phrase backup
Hardware wallets give a much higher security ceiling. For large holdings they are the standard recommendation, but they add friction: you need the physical device to sign every transaction.
Hardware vs software wallets: quick comparison
| Factor | Software wallet | Hardware wallet |
|---|---|---|
| Key storage | Internet-connected device | Offline secure element |
| Remote-attack resistance | Moderate (hot wallet) | High (cold signing) |
| Cost | Free | ~$50-$200 device |
| Convenience | High - sign anywhere | Lower - needs the device |
| Best for | Small balances, getting started | Large holdings, serious volume |
| Receiving via xPub | Yes | Yes |
The merchant-specific problem: receiving at scale
Here is what neither wallet type fully solves for merchants: receiving payments at scale. To receive, you need to give your processor a way to generate addresses. Options:
- Give the processor your xPub key - it can derive receive addresses without ever being able to spend. Non-custodial, and works with both hardware and software wallets. Learn more in what is an xPub key.
- Generate addresses yourself and hand them out manually - impractical above a handful of transactions a day.
- Use a custodial processor - it generates addresses and holds funds until you withdraw. Convenient, but reintroduces custody risk.
The xPub approach means the wallet type matters mainly for withdrawals and spending, not receiving. The processor only needs the public key; your private key never touches the payment flow. See how one seed phrase controls thousands of addresses.
Which wallet should a merchant use?
Just getting started, low volume
A reputable software wallet (BlueWallet for Bitcoin, MetaMask for EVM chains) connected to a non-custodial processor via xPub is a reasonable start. Your main risk is device compromise: keep your machine clean, use a dedicated browser profile, and never enter your seed phrase online.
Processing meaningful volume
Use a hardware wallet. Export the xPub from it and give that to your processor. Receive funds into the hardware wallet's address space and sign withdrawals physically. This is the most common serious-merchant setup.
Maximum security for large holdings
Use a hardware wallet with a dedicated receiving account (a separate derivation path from spending). Give the processor only the receiving account xPub, and periodically sweep funds to cold storage on a different device.
What to avoid
- Custodial processors where you cannot export your keys or xPub
- Leaving large balances on exchanges longer than necessary
- Reusing one seed phrase for both a shared receiving account and your long-term savings
The bottom line
Hardware wallets are more secure than software wallets - full stop. But for merchants, the bigger decision is whether your processor is custodial or non-custodial. A hardware wallet behind a custodial processor gives you less actual control than a software wallet behind a non-custodial processor. Get the custody model right first, then upgrade your key storage. CryptoGate is non-custodial and works with any wallet via xPub - create a free account to connect yours.
Frequently Asked Questions
Do merchants need a hardware wallet to accept crypto?
No. With a non-custodial processor you share only your xPub (public key), so payments land in your wallet without the private key touching the payment flow. A hardware wallet improves how you store and spend funds, but is not required to receive.
Are hardware wallets safer than software wallets?
Yes. Hardware wallets keep the private key in an offline secure element that the host computer never sees, which defeats remote malware and key extraction. Software wallets store keys on an internet-connected device, making them a hot-wallet target.
What is an xPub and why does it matter for merchants?
An xPub is your extended public key. A processor can use it to derive unlimited receive addresses without ever being able to spend. It lets you accept payments non-custodially with either a hardware or software wallet.
Can a payment processor steal my funds if I use a hardware wallet?
Not with a non-custodial setup. You share only the xPub, so the processor can generate receiving addresses but never holds your keys or funds. With a custodial processor, it does hold your funds, which is the real risk.
Which wallet is best for a high-volume crypto merchant?
A hardware wallet with a dedicated receiving derivation path, connected to a non-custodial processor via that account's xPub. Sweep funds to separate cold storage periodically for large balances.