I’ve used the Trezor, Ledger, Coldcard, CoboVault, BitBox and evaluated their security.
Coldcard has the best security of all wallets, but takes longer to learn and use.
These are the only two wallets that have:
- Air-gaps so they don’t plug into a possibly infected computer.
- Dice roll seed generation so you don’t have to trust their random number generators.
- Good multisig support if you decide to go down that route.
- Tamper-proof checks in addition to secure elements.
I have no referral links and have no connection with the wallet companies. These are just my opinions. More detailed reviews follow:
|Verifiable Seed Generation||X||X||X||X|
|Air-gap (USB not required)||X||X||X||X|
|Device validation (evil MAID-proof)||X|
|Multisig co-signer storage||X||X||X||X||X|
|Multisig receive address display||X||X||X|
|Encrypted seed backup||X||X|
. . .
Coldcard - Best For Experienced Bitcoiners
If you want the most security features and you are tech-savvy then Coldcard is for you. The Coldcard has the best reputation among the Bitcoin community thanks to the Coinkite team pioneering advancements in hardware wallet security. Just be prepared for a steep learning curve and for a user interface that can be frustrating, at least until you master the numeric pad navigation.
- Extra security features such as a clear case, device validation, and a self-destruct PIN
- Smallest attack surface thanks to the SD card air-gap and simple design
- Reputable team that has pioneered Bitcoin hardware wallet security standards
- Supports dice rolls for verifiable seed generation
- Good multisig support
- Takes a long time to learn how to use and navigate the menu system
- Needs a computer with a SD card reader and third-party wallet software
- Numeric pad and small screen makes user input frustratingly slow sometimes
- Multisig doesn’t support viewing receive addresses (checks change addresses though)
. . .
Cobo Vault - Best For Beginners
CoboVault shares most of the important security features with Coldcard, but is more user-friendly. The large Android-based touch screen feels similar to a mobile phone while providing a secure QR-code air-gap. Despite being lesser-known, the team has taken a lot of user-feedback to make an excellent device I’d recommend to anyone new to Bitcoin self-custody.
- Best UX for entering seed words and passphrases thanks to the large touchscreen
- QR codes and battery pack make a great air-gapped device
- QR codes work with mobile wallets like BlueWallet which may be easier for novices
- Excellent multisig support, displays multisig receive addresses
- Has a self-destruct mechanism if it detects disassembly
- Supports dice rolls for verifiable seed generation with the Bitcoin-only firmware
- Relatively newer wallet released April 2020 has less in-the-wild testing
- QR codes can get too big to scan especially for multisig using a computer webcam
- The Android-based OS is an attack surface, though the air-gap makes it unlikely
. . .
BitBox02 - Best USB Connected Wallet
If you want to connect your hardware wallet directly to a computer via USB then BitBox02 is a good option, although possibly less secure than an air-gap. The multisig support makes it a nice addition to a multisig setup.
- Multisig stores and verifies co-signers, can check multisig receive addresses
- Deterministic firmware builds in case you want to verify the firmware image
- Small screen doesn’t display the entire address at once
- Requires BitBox App to set up
- No air-gap, no verifiable seed generation
. . .
Trezor Model T - Some Security Flaws
The Trezor Model T was a touchscreen upgrade to one of the oldest and most popular hardware wallets. However, the Trezor has some security flaws that make it hard to recommend, especially the lack of a secure element. Although the Trezor was one of the first wallets to introduce a touch screen, the Cobo Vault provides a bigger touch screen.
- Oldest, completely open-source wallet helped pioneer the hardware wallet industry
- Small touch screen provides good UX
- Lack of secure element means someone with physical access to your device can extract your seed (so you’ll need a strong passphrase)
- No air-gap, no verifiable seed generation, multisig doesn’t store co-signers pubkeys
- Have to connect to Trezor’s less secure web wallet software or use a command-line tool
. . .
Ledger Nano X - A Useability Challenge
The Ledger takes a USB form factor with a tiny screen and only a couple buttons. Inputting anything on the Ledger’s two buttons is painfully slow. For a much steeper price you could get a touchscreen with the Ledger Blue.
- Has been an industry leader for a long time
- Has a secure element like most other wallets
- Fits in your pocket easily?
- Tedious to enter any seed words, passphrase, or PIN on the device
- Closed source firmware
- No air-gap, no verifiable seed generation, poor multisig support
Upcoming 2021: Specter-DIY - A Promising Do-It-Yourself Wallet
The Specter team released one of the best multisig software wallets this year. They are now prototyping a do-it-yourself hardware wallet. It’s a QR-based touch-screen device like the Cobo Vault and will of course have multisig integration with Specter. It was just released at the end of this year, so consider it experimental as bugs get worked out next year.
- Large touch screen
- Can built by users with off-the-shelf parts to customize or avoid supply chain risk
- Has a QR-code air-gap with a dedicated QR reader (hopefully easier to scan with)
- Allows entropy generation with dice, picking seed words, and coin flipping
- Still very early, creators recommend only using with small amounts or in a multisig
. . .
Upcoming 2021: Foundation Passport - A ColdCard Competitor?
The Passport will be released in March 2021 and takes the design of the ColdCard and throws on more buttons and a bigger screen with a QR-code air-gap like the Cobo Vault. The ColdCard team has hinted they are working on a newer model in response.
- QR-code air-gap
- Will support many of the Coldcard features such as entropy generation
- Derivative of the Coldcard so might not add much code diversity in a multisig
- Has yet to be released, will take time to be tested in the wild
. . .
Future of Hardware Wallets (2021 and beyond)
Over the last couple years while most of us have been watching advancements in Bitcoin protocols such as Taproot and Lightning, hardware wallets have also been advancing at a fast pace.
The future of hardware wallets seems to be towards QR-code air-gaps. Standards are being developed for animated QR codes to make them viable for multisig. The upcoming Foundation Passport, Specter DIY, and new Coldcards are supporting QR-codes. As hardware wallets move to bigger screens I suspect many of them will add touchscreen controls as well.
New wallets are supporting verifiable user-generated seeds from dice rolls. Standards around user-generated seeds could allow users to verify their seed and address generation using multiple hardware wallets.
Multisig support has been improving. I expect future wallets to store co-signer pubkeys and display multisig receive addresses. Perhaps by the end of 2021 the best multisig practice will be using 3 different hardware devices paired with a mobile phone using QR codes, none of them ever plugged into a computer.