Beyond the physical form factor, what makes a hardware wallet distinct is where and how it signs transactions. The private key is generated and stored inside a tamper-resistant secure element chip, similar to the chips used in passports and payment cards, and it never leaves that chip. When a user wants to move funds, an online computer or phone builds the transaction, but the actual cryptographic signature is created inside the device itself and confirmed with a physical button press or touchscreen tap. Only the already-signed transaction is sent back out to be broadcast, so the key is never exposed to internet-connected software, malware, or a phishing page.
During setup, the device generates a seed phrase of 12 or 24 words, which is the only backup of the wallet. Anyone who obtains those words can recreate the private key and drain the associated Bitcoin, tokens, or other holdings on a different device, so it is written down on paper or steel and never stored digitally or photographed.
Ledger and Trezor remain the two dominant manufacturers, taking different approaches: Ledger favors closed, certified secure elements, while Trezor has pushed open-source firmware and, with its newest model, post-quantum signing. Both function as a form of cold wallet once unplugged. The main remaining risks are losing the seed phrase, buying a tampered unit from an unofficial reseller, and social-engineering scams that trick a user into approving a malicious transaction on the device itself.