Use a hardware wallet (Ledger / Trezor) with Botely
Connect a Ledger or Trezor through MetaMask to keep your main account key in a signing device. Signatures Botely's wizard requests are mediated by MetaMask — the device confirms the action physically.
Supported devices
MetaMask supports Ledger Nano S Plus, Nano X and Trezor One / Model T natively for EVM signing. Both vendors' setup guides walk you through firmware install and the Ledger Live / Trezor Suite app pairing.
Botely's wizard does not interact with the hardware directly: you connect the device to MetaMask once, and MetaMask routes every subsequent signature request (including Hyperliquid's `approveAgent`) to the device.
Pair the device with MetaMask
In MetaMask: Account menu → "Connect hardware wallet" → pick your device. MetaMask opens the device-vendor flow (browser USB permission, PIN on the device, etc.).
Once paired you can select which derivation-path account to expose. Most users use the default first account (m/44'/60'/0'/0/0); your account address is what shows up.
Caveat — the agent is still hot
Using a hardware wallet protects your **main** key: the recovery phrase never leaves the device. But the Botely **agent** wallet is a separate keypair stored on Botely's server (AES-256-GCM encrypted at rest). Hardware wallets cannot host the agent — the agent must sign autonomously on every tick, which would require physical confirmation otherwise.
The trade-off: a stolen agent key lets an attacker place trades on your account, but cannot withdraw funds (the Hyperliquid protocol forbids agents from withdrawing). See the agent-wallet security model for the full risk picture.