Hardware wallets (Ledger, Trezor, Keystone) keep your private keys offline, which protects against most remote attacks. But they don’t protect you from signing a bad transaction. If you confirm a malicious approval on your hardware wallet’s screen, the funds can still be drained.
The protection a hardware wallet gives you: someone hacking your computer can’t silently steal your keys. The protection it doesn’t give you: it can’t stop you from approving a smart contract that takes everything.
For high-value wallets, hardware wallets are worth using. For active farming wallets that connect to dozens of new DApps, a software wallet with limited funds is actually more pragmatic — you can move fast without a hardware confirmation step every time.
