After the gigantic Bitfinex hack, Trezor and Ledger, both hardware wallet vendors, published medium posts about how their products could have prevented the $70M bitfinex hack.
Satoshilabs wrote an article called "TREZOR: Mitigating Risk For Bitcoin Exchanges" explaining how a $99 Trezor could have prevented the security breach.
With the recent Bitfinex hack, it came to light that all of the exchange’s bitcoins were stored in a 2-of-3 multisig hot wallet. With a full automation though, multisig loses its security advantage. It was sufficient to compromise one signature in order to empty the wallets. A good portfolio analysis would determine an appropriate percentage of the liquidity to be withdrawn to the safety of a Trezor (also capable of multisig). However, for the best security, Trezor allows no automation. Instead, it requires the responsible fund manager to verify each transfer between cold and hot wallet with their own eyes and a physical button press — something a hacker could never do.
How a Trezor Hardware Wallet Works?
In short, the fastest way to explain how a Trezor works is comparing it with a stamp, a $99 stamp. It has your private keys locked in the device and thus, only the Trezor can assign your bitcoin transactions, with the private keys and a visual confirmation on the screen of the device.
Even if your computer is compromised, there is no way a hacker could steal your private keys, since they are locked into the hardware wallet.
So next time, be smart and use a Trezor, Bitfinex :)