Cold Storage: How Hardware Wallets Actually Protect Keys
What happens inside the device when you sign a transaction.
A hardware wallet contains a secure element — a chip designed to store secrets and sign data without ever exposing the underlying key. The seed phrase generated during setup lives inside that chip and, in a well-designed device, cannot be exported.
When you send a transaction from a companion app, the app builds the transaction and passes it to the device. The device displays the details on its own screen, waits for you to approve on its physical buttons, and returns a signature. The key never leaves the chip.
This is what makes cold storage strong: even a fully compromised computer cannot extract your key. It can trick you into signing the wrong transaction, though, which is why verifying the details on the device screen itself matters more than any confirmation in the app.