Skip to main content
HWR

Search...

Popular searches
Quick links
All wallet reviews
Compare wallets
Wallet Finder
Guides & tutorials

Evil Maid Attack

An evil maid attack is a physical security threat where an attacker gains temporary unsupervised access to a hardware wallet to tamper with it, install malicious firmware, or extract private keys.

Security
Updated: Mar 19, 2026
Also known as: physical access attack device tampering attack maid attack

What Is a Evil Maid Attack?

A Evil Maid Attack is a type of attack where an attacker gains physical access to a device, such as a hardware wallet, without the owner's knowledge, and tampers with or steals sensitive information stored on the device. The name comes from the idea of a maid, who might have temporary, unsupervised access to the device while the owner is absent. This type of attack typically exploits the fact that physical access to a device allows attackers to bypass some forms of security.

The attack typically works by allowing the attacker to either install malicious software or hardware, or replace the device entirely without detection. For example, an attacker might swap a hardware wallet with a compromised version while the owner is away. Alternatively, an attacker could modify the device's firmware or take advantage of vulnerabilities in the device's boot process. Since these actions are done during the period when the owner is not present, they are difficult to notice until it’s too late.

Evil Maid Attacks are particularly relevant in the cryptocurrency world because hardware wallets are commonly used to store private keys offline, which is considered a highly secure method of keeping assets safe. However, if an attacker gains physical access to a hardware wallet, they can tamper with it, potentially compromising the security of the stored funds. This underscores the importance of keeping hardware wallets in secure physical locations and using additional security measures like passphrases or multi-signature setups.

One key characteristic of an Evil Maid Attack is that it requires physical access to the device. This distinguishes it from remote attacks like phishing or malware-based attacks. To mitigate the risk of such attacks, users should be aware of the physical security of their devices and take precautions such as using tamper-evident seals, ensuring devices are stored in secure locations, or employing additional authentication measures like biometric access or passphrases.

DefiSwap

In cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.

Read full definition
GeneralCryptocurrency

Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.

Read full definition
TransactionMultisig

Multisig (multi-signature) is a security feature that requires multiple private keys to authorize a transaction, enhancing protection against unauthorized access in blockchain networks.

Read full definition

Real-World Examples

Example 1: When setting up a Ledger hardware wallet, it's crucial to store it in a secure location to prevent an Evil Maid Attack. If an attacker gains physical access to the device while the owner is away, they could swap it with a compromised version, potentially gaining access to the owner's cryptocurrency funds.

  • To prevent this, use a tamper-evident seal on the device, so any unauthorized access is immediately noticeable.
  • Consider storing the wallet in a safe or other secure, monitored location to minimize risk.

Example 2: In an office setting, a cryptocurrency investor leaves their hardware wallet on their desk while stepping out for lunch. During this time, a malicious individual gains access to the desk and performs an Evil Maid Attack by replacing the hardware wallet with a fake one designed to steal private keys once plugged in.

  • For added protection, consider using biometric authentication or a passphrase for an extra layer of security in case the device is physically tampered with.
  • Ensure the wallet is always monitored or locked up when not in use to mitigate this risk.

Example 3: An investor traveling abroad leaves their hardware wallet in a hotel room safe. An attacker, who has access to the room, executes an Evil Maid Attack by replacing the wallet with a compromised version that contains malware designed to harvest private keys when the wallet is later connected to a computer.

  • Travelers should consider using a hardware wallet with tamper-evident stickers or a highly secure travel lockbox to keep their devices safe from physical tampering during trips.
  • Regularly check the device's firmware and software for signs of tampering or changes that could indicate an Evil Maid Attack.

Example 4: A cryptocurrency enthusiast leaves their hardware wallet at home for a few days while traveling. During their absence, a friend who knows where the wallet is stored tampers with the device and installs malicious software. This constitutes an Evil Maid Attack, as the attacker has gained physical access to the device without the owner’s knowledge.

  • To prevent this, users should use passphrases or multi-signature wallets that require additional verification steps beyond physical access.
  • Another option is to store wallets in remote locations with restricted access to reduce the chance of this type of attack.
HardwareLedger

Ledger is a brand of hardware wallets that securely store cryptocurrency private keys offline, such as the Ledger Nano series.

Read full definition
DefiSwap

In cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.

Read full definition
GeneralCryptocurrency

Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.

Read full definition
SecurityPassphrase

A passphrase is an additional security layer for cryptocurrency wallets, acting as a 25th word in the BIP39 seed phrase, protecting access to hidden wallets.

Read full definition
TransactionMultisig

Multisig (multi-signature) is a security feature that requires multiple private keys to authorize a transaction, enhancing protection against unauthorized access in blockchain networks.

Read full definition

Hardware Wallets by Evil Maid Attack

Browse wallets grouped by this feature

OneKey Pro
OneKey Pro
91/100$278
Buy Now
Trezor Safe 7
Trezor Safe 7
90/100$249
Buy Now
Trezor Safe 5
Trezor Safe 5
88/100$129
Buy Now
Trezor Safe 3
Trezor Safe 3
81/100$59
Buy Now
Keystone Pro 3
Keystone Pro 3
81/100$149
Buy Now
Tangem Wallet (3 Cards)
Tangem Wallet (3 Cards)
79/100$69.9
Buy Now
Tangem Wallet (2 Cards)
Tangem Wallet (2 Cards)
78/100$54
Buy Now
Ledger Nano Gen5
Ledger Nano Gen5
77/100$179
Buy Now
Ledger Nano S Plus
Ledger Nano S Plus
76/100$69
Buy Now
BitBox02 Nova
BitBox02 Nova
75/100$149
Buy Now
Ledger Nano X
Ledger Nano X
75/100$149
Buy Now
Ledger Stax
Ledger Stax
73/100$399
Buy Now
OneKey Classic 1S
OneKey Classic 1S
71/100$99
Buy Now
OneKey Classic 1S Pure
OneKey Classic 1S Pure
71/100$79
Buy Now
Ledger Flex
Ledger Flex
71/100$249
Buy Now
Coinkite Coldcard Q
Coinkite Coldcard Q
70/100$259.99
Buy Now
Coinkite Coldcard Mk4
Coinkite Coldcard Mk4
70/100$177.94
Buy Now
BitBox02
BitBox02
69/100$173
Buy Now
Ellipal Titan 2
Ellipal Titan 2
68/100$169
Buy Now
SafePal S1
SafePal S1
67/100$49.99
Buy Now
SafePal S1 Pro
SafePal S1 Pro
65/100$89.99
Buy Now

Ready to Choose a Secure Wallet?

Use our tools to find the right hardware wallet for your needs.

Start Wallet FinderBrowse All Reviews
Back to Glossary Index