Comparison of Hardware Wallets
Quick comparison of hardware wallets.
The main objective of the comparison table is to highlight an important aspect: even if the firmware of a hardware wallet is 100% Open Source and Freedom Software, and supports reproducible builds, users may still be unable to verify if they are running the official firmware.
And open source doesn’t really solve this. It’s impossible to have guarantees that the electronic itself is not backdoored, nor that the firmware that runs inside the wallet is the one you audited.
Only the latest and best hardware wallets by vendors are considered. Older models are disregarded.
Any mention of a hardware wallet on this page, in any form, should not be interpreted as an endorsement. A strict non-endorsement policy is in effect. For further details, please refer to the comprehensive disclaimers section of this wiki page.
It is recommended to read this wiki page in conjunction with the Cryptocurrency Hardware Wallet Threat Model wiki page. The latter provides additional insights and information regarding the security aspects of hardware wallets.
|100 % Open Source and Freedom Software||No||Yes||Yes||Yes|
|reproducible builds||No||Yes ||Yes ||Yes|
|User-compiled and flashed firmware||No||Yes ||Deprecated? ||Yes|
|Easy (User) Trustless verification of firmware running on device||No||?||?||No |
|Trustless verification of firmware running on device by developers||No||?||?||? |
|Re-lock bootloader with user custom keys. / Verified Boot with user keys.||No||?||?||?|
|Security audited||The security audit of a hardware wallet depends on the scope and the organization conducting it. It is not a simple yes or no question. Please refer to the|
|Certification||Similar to above.
These are an indicator but should not be taken alone as a seal of quality, because, see next column.
|Vulnerabilities||List of Hardware Wallet Hacks|
|Warning if running custom firmware.||Users running the official firmware should get a warning if an attacker flashed a custom firmware from their device's bootloader.|
|Installation of custom firmware deletes storage.||This is a security feature to avoid a malicious custom firmware stealing the private keys.|
|Detach storage||Can storage be detached, duplicated and re-attached? If de-soldering of the storage chip is possible, this may or may not be a security issue because a custom firmware by an attacker might decrypt, steal the private keys.|
|Bitcoin only||Attack surface reduction, complexity reduction to ease security audits by only supporting 1 cryptocurrency, most likely Bitcoin.|
|Multiple cryptocurrency support||If the user wants to use other cryptocurrencies such as Ethereum.|
|Private Key never leaves Secure Element||Yes / No|
|Private Key never leaves Device||Yes / No|
|Country of Incorporation||Of the hardware wallet vendor.|
|Country of Production||Of the hardware wallet vendor.|
|Supply chain attacks|
|Track record||History of past security issues and their handling.|
|Quality of Entropy||Low entropy can result in private keys getting compromised through bruteforce attacks. See also entropy.|
|User supplied additional entropy.||For better entropy.|
|Multisig compatibility with other hardware and software wallets.||For diversification of multisig, not relying on one single vendor, one single point of failure only.|
|USB / SD / Micro-SD Card Backup Support||For diversification of multisig, not relying on one single vendor, one single point of failure only.|
|Native desktop app||Or only a (wrapped) web interface.|
|Big Display||For ease of readability of long cryptocurrency addresses.|
|Display can show QR Codes||To receive funds.|
|Camera can scan QR Codes||To send funds.|
|Can show account number (address) on Secure Display.|
|Can show balance on Secure Display.|
|Can show transaction history on Secure Display.|
List of Hardware Wallets
Most of the following hardware wallets are not included in the above comparison and are unlikely to be included in the future. For more information, please refer to the disclaimers chapter on this wiki page, which outlines the goals and non-goals of this page.
Goals and Non-Goals of this Wiki Page
- Goal: Providing readers with objective criteria to aid in their research.
- Non-goal: Providing a comprehensive and up-to-date comparison of all hardware wallets and their features.
- Rationale: This wiki page serves as a part of a larger wiki covering various topics. Its purpose is to document general knowledge that allows users to conduct further research and derive specific details when necessary. The author of this page aims to avoid delving into the constantly evolving details and contentious debates surrounding specific hardware wallets to minimize maintenance efforts.
Criteria for Inclusion
Only the most popular vendors with innovative security features relevant to the comparison will be included. Less popular vendors or those without innovative security features within the context of the existing comparison table will be excluded. It is not intended to create a complete comparison table.
Source of Information
Primary sources of information are the vendor's public statements on their website or source code repository. However, if the author becomes aware of conflicting expert opinions or other evidence, public statements from the vendor alone will be considered insufficient.
Initially this might have been possible and is still documented on the website.
You can install unofficial firmware on OneKey devices, but doing so will erase device storage and display a warning every time you boot.
This feature might be been deprecated.
No longer support installing firmware with unofficial signatures
Mk3 and earlier made a virtual serial port available over USB. As it was only useful to developers, it was disabled by default. Mk4 uses a real universal asynchronous receiver-transmitter (UART) leading to physical pins. It is not only disabled by default, but it also cannot be accessed without breaking the case. A developer wanting to interact with the pins must be willing to damage the COLDCARD's case to do so, but the option is there if needed.