This is the second article in a three-part series that examines five of the most popular Bitcoin hardware wallets. Read the first part here. By request, samples were provided by some of the companies for review purposes.
There are multiple reasons why the user interface recommended, developed or provided by hardware wallet manufacturers is important.
First of all, depending on the nature of this visual interaction, users get various degrees of privacy and security. For example, websites and browser plug-ins are convenient but very risky and vulnerable to malware and phishing attacks; proprietary software installed on the hard drive is excellent but may leak some data to the company server; and integrations with your full node via Bitcoin Core, the Electrum Personal Server or Wasabi are ideal because they enable complete sovereignty and maximum privacy.
For the purpose of promoting a particularly safe way of storing and sending bitcoin, this review will intentionally exclude internet browser plug-ins and webpages (unless they are the only official way to access the wallet). These features are nice to have, but they are susceptible to third-party attacks and, therefore, may pose a threat to users’ security and data privacy. Instead, the focus will be on software clients that operate on the users’ computers, with a focus on minimizing interactions with the company’s servers and maximizing sovereignty with full nodes.
Secondly, since visual interfaces determine the overall user friendliness and ease of use for hardware wallets, they also represent an important factor for mass adoption and retail success. To nontechnical users, the official UI/UX is the only way through which they will ever experience their hardware wallet. Therefore, it’s important to take into account the software’s simplicity of use and whether or not it’s available on multiple platforms.
Thirdly, visual interfaces may also include extra features and integrations that simplify other activities such as buying bitcoin and exchanging it for fiat or altcoins. While accessing these services is not recommended for HODLers who are concerned about their privacy, some of these options may come in handy for traders and everyday users.
Just as in the previous part of this analysis, the five hardware wallets under scrutiny for this review are Trezor’s Model T, Ledger’s Nano X, ShapeShift’s KeepKey, Shift Cryptosecurity’s BitBox02 and Coinkite’s Coldcard Wallet Mk3.
Given the criteria described above, the rest of the article will be split into five sections:
- Simplicity of use
- Multi-platform software
- Extra verification steps
- Unique features
- Privacy
Hopefully, the results of this review will help determine the best hardware wallet choice for each user type.
1. Simplicity of Use
Writing down the seed phrase, verifying some designated words on the hardware wallet’s screen (or all of them, depending on the product’s design) and setting up some kind of backup are all part of the exciting (yet slightly frightening) phase of getting immersed in financial sovereignty. The thought that, unlike in traditional finance, you cannot recover funds that you lose by mistake can sometimes be overwhelming.
In this regard, simplicity really matters and good interfaces can make a lot of difference in the process of attaining financial sovereignty. As you are about to discover, the test includes four newbie-friendly devices and one power-user product that benefits from massive community support — but still requires a good understanding of operation security fundamentals and Bitcoin essentials for use.
Simplicity of Use: Trezor Model T
The Trezor Model T uses the Trezor Bridge client software to facilitate communication between the hardware wallet and a computer. This application is a hybrid in that it requires installation but still runs in your browser.
The installation is straightforward and easy; it teaches new users how to validate each operation on the device and introduces the concept of a recovery seed in a comprehensive way. The software also encourages the creation of backups and makes use of a familiar account and password system. After the initial setup is complete, everything is straightforward and clean: Users can send or receive bitcoin but also receive suggestions for nearby ATMs and exchanges where they can buy bitcoin.
Trezor is the world’s first hardware wallet manufacturer and all units reviewed in this test are more or less inspired by its designs and specifications. Thanks to its first-mover advantage and long-time popularity, every Trezor product has a lot of community support. In this regard, users will find that they can connect their Model Ts to the Electrum Web Server, Wasabi Wallet, Exodus and even ShapeShift.
Some of these alternative options will grant more privacy and sovereignty, while others bring convenience through extra features. Overall, the experience is the industry standard for onboarding users to financial sovereignty and is worthy of a 10 out of 10 rating.
Simplicity of Use: Ledger Nano X
Conversely, the Ledger Nano X makes use of a local application called Ledger Live. What sets it apart from Trezor Bridge is the fact that the software installation takes place locally on your hard drive, so you can check your balance even when you’re not connected to the internet (assuming that the data had been updated) and benefit from slightly improved privacy. Also, the app serves the purpose of checking the authenticity of the hardware wallet by interacting with the internal secure element. It still doesn’t replace a full node or Wasabi synchronization, but it’s a superior experience as compared to a webpage.
Ledger Live is very intuitive and the installation process is basically a tutorial which teaches users about the device’s basic functionality. After it’s generated, the seed phrase needs to be validated word-by-word on the device for extra safety. At the end of the setup, each cryptocurrency application needs to be installed individually — so users can choose not to increase the attack surface with extra features by making the Nano X a BTC-only device.
The interface also features a “Buy Crypto” menu which allows users to quickly buy bitcoin locally or exchange them for other cryptocurrencies via ShapeShift or Changelly.
Correspondingly, the experience deserves a perfect-10 rating.
Simplicity of Use: KeepKey
As a product of the parent company, KeepKey is seamlessly integrated with the ShapeShift Platform. New users are greeted by a familiar, simple and feature-packed interface which includes options to buy, send, receive and trade your bitcoin.
Interestingly, this platform is designed to also support Trezor hardware wallets and plans to integrate functionality for Ledger products. In this regard, it seems like ShapeShift is trying to provide a software alternative to the dedicated user interfaces developed and provided by competing manufacturers.
KeepKey also has Client, a barebones desktop application which allows users to check, send and receive BTC, and to connect to the ShapeShift website. It’s basic and limited in functionality but may provide a more privacy-friendly experience for those who don’t want to sign up to the ShapeShift platform.
Speaking of alternative software, it should also be mentioned that, unlike the Ledger Nano X, the Trezor Model T and the Coldcard (all versions), there is no KeepKey compatibility with Wasabi Wallet. Luckily, ShapeShift’s device works just fine with the Electrum Personal Server and can connect to full nodes running Bitcoin Core 0.18 or newer.
KeepKey is excellent in its simplicity of use and deserves praise for also integrating rival manufacturers on the platform. However, it should be noted that the lack of compatibility with Wasabi Wallet is possibly the biggest current downside.
Simplicity of Use: BitBox02
Last but certainly not least, the BitBox02 offers a competitive alternative with the BitBoxApp. The installation experience is very similar to the one created by Ledger. However, there are two options which set the BitBox02 apart: It enables coin control (as opposed to merging UTXOs together, users get to choose from which amount they’re sending, so that financial privacy gets protected), and it allows a seamless pairing with a local full node.
Both of these features empower users with privacy and sovereignty in a comprehensive and straightforward interface. Basically, Shift Cryptosecurity’s product is the middle ground between the Trezor and the Coldcard: It offers some power-user features while also keeping it basic. Also, the in-app guide, positioned on the right sidebar of the BitBoxApp, makes it simple to run the setup, even for newbies.
Overall, the BitBox02 has a great, basic interface which somehow manages to integrate some advanced features that users who appreciate financial sovereignty will find useful. It doesn’t include all of the trading features found in the KeepKey, nor does it have in-app access to a series of third-party exchange services as the Ledger and Trezor do, but it gets privacy and sovereignty right without overcomplicating matters.
The BitBox02’s intuitive onboarding also receives a perfect-10 rating for making power-user features simple.
Simplicity of Use: Coldcard Wallet Mk3
Contrary to market trends, the Coldcard hardware wallet doesn’t have a dedicated software client which links to Coinkite’s servers. This is a design choice that’s meant to maximize privacy and financial sovereignty. This approach pleases power users, as it pushes everybody to operate via open-source, robust and local programs such as the Electrum Personal Server and Wasabi Wallet.
Ideally, the Coldcard should never be connected to a computer and should not be regarded merely as a secure buffer between the keys to your bitcoin and your potentially vulnerable computer. Thanks to BIP 174, Coinkite’s device can conduct partially signed bitcoin transactions, so that the connection to an internet device becomes unnecessary and completely optional. Most operations (such as initial setup, seed-phrase generation and transaction validation) are executed directly on the device’s small color screen, and the navigation and confirmation tasks are performed on rubbery physical buttons.
The setup process isn’t difficult but requires some understanding of how Bitcoin works and why you should care about your private keys and the privacy of your internet devices. A variety of YouTube videos explain every step of the initial setup phase, so anyone who can follow a visual guide gets empowered to pursue financial privacy.
In spite of these advantages, newcomers will definitely feel discouraged by the power-user experience and the personal responsibilities it entails. Therefore, it’s safe to say that the Coldcard finds itself in a league of its own. Yet unless you know what you’re doing, it’s better to start your journey with another product and possibly upgrade when you’re ready.
As such, it earns a “Cypherpunk-10” rating, crediting its superior appeal to privacy- and security-focused power users.
2. Multi-Platform Software
This section scrutinizes two essential aspects of hardware wallets: the existence of proprietary software and its availability on multiple operating systems. As previously established, browser plug-ins will not be taken into consideration for this review due to the fact that their convenience is outweighed by a lower degree of privacy and security. Correspondingly, reliance on a website platform will result in a lower score because of inherent privacy trade-offs. So, the metrics are biased toward innovation and development, but the analysis will also include a breakdown of privacy features which differentiates between the hardware wallets whose software is conceived for trading and the ones that maximize financial sovereignty.
But before moving on to the analysis, it should be noted that more private, third-party software exists for all of the hardware wallets presented in this test. Thanks to the work of dedicated developers, the Trezor Model T, Ledger Nano X, KeepKey, BitBox02 and Coldcard Wallet Mk3 can be accessed through the Electrum Personal Server and your Bitcoin Core 0.18 full node.
Furthermore, according to tests run by Wasabi, all products released by Ledger, Trezor and Coldcard are compatible with the private, coin-control-enabled wallet, CoinJoins and an anonymized connection through Tor. Thanks to its bech32 integration by default, the BitBox02 should also work, theoretically.
Multi-Platform Software: Trezor Bridge
Trezor Bridge is designed to work on every device that can run Chrome or Firefox internet browsers. The company is still working on the development of a local application called Suite that will increase privacy by storing more data on the device’s hard drive or SD card.
For availability of software, Trezor gets a 10: Even though browsers like Safari and Opera don’t support the native platform, there are plenty of third-party applications that seamlessly integrate the Model T. For making use of proprietary software, it gets a 5: With the exception of the main platform and some browser extensions, there isn’t any local client to handle the device’s operations. So, the average score is a 6.5 out of 10 (and should improve when Suite gets released).
Multi-Platform Software: Ledger Live
Ledger Live is available for download on MacOS, Windows, Linux, iOS and Android. In terms of privacy and security, it appears to have a better approach than the Trezor Bridge: It allows transaction data to be stored locally and offers better anti-phishing protection. However, the downside is that these downloadable apps tend to be more glitchy (especially during computer or mobile operating system updates) and require frequent maintenance for bug fixing.
For availability of software, Ledger Live gets a 9: Though some Linux distributions may not run the software, there are plenty of third-party solutions that bring useful additions (though they aren’t as many as in the case of the Trezor hardware wallets). For making use of proprietary software, Ledger’s product also gets a 9, thus generating an average score of 9 out of 10.
Multi-Platform Software: KeepKey
KeepKey natively runs a basic application that works on Windows and MacOS. It’s as elementary as can be and only allows users to check their balance, send, receive and potentially recover their seed phrase. For advanced features, ShapeShift recommends the Platform: an encrypted website that is very similar to Trezor’s but is friendlier to traders. The only criticism that can be addressed to this approach is that most trading functions require a sign-up with personal data, which may cause some privacy concerns.
The ShapeShift Platform is also designed for browsers like Chrome and Firefox but seems to work very well on Safari in spite of a warning which says that some features may not be supported. It’s the least privacy-friendly option between the five devices reviewed here, and it’s clearly aimed at traders who don’t mind that and would rather focus on security and convenience.
For availability of software, the KeepKey gets a score of 9 out of 10; for proprietary software, it gets a 5 (the local application isn’t so great and the Platform is still in beta). Also, the fact that Wasabi Wallet doesn’t work at this point with the KeepKey is another minus. Therefore, the final multi-platform software score for ShapeShift’s hardware wallet is 7 out of 10.
Multi-Platform Software: BitBox02
The BitBox02 was conceived as the secure element for the entire BitBox ecosystem (which also includes an application and an upcoming Bitcoin node product). Just as in the case of Ledger, the locally stored software is available on Windows, Mac and Linux. At this point, there is no mobile app.
Unlike the Ledger, Shift Cryptosecurity’s BitBox02 aims to create power users from the very first five minutes of interaction: A backup is automatically performed on an external SD card, it recommends connecting to a full node and UTXOs don’t get mixed in the interface, allowing users to better manage their privacy (for instance, if they own 10 BTC in chunks of 1 BTC, then they can send from a chunk of their choice without the risk of revealing all of their holdings).
For availability of software, BitBox gets an 8 out of 10 (since mobile operating systems are excluded); for proprietary development, it gets a perfect 10. Correspondingly, the final score for the BitBox is a 9 out of 10.
Multi-Platform Software: Coldcard
Last but not least, Coinkite’s Coldcard Wallet is the black sheep of this test — but in a good way. All the setup functions are performed on-device by reading the instructions on the color screen and pressing the physical buttons for navigation and confirmation. The Coldcard doesn’t even need to be connected to a computer for initial setup, just a micro-USB power adapter is enough to make the hardware wallet perform its intended functions.
The Coldcard can work with all systems compatible with Electrum and Wasabi (Windows, MacOS, Debian, ARM for Raspberry Pi and other Linux implementations). By design, it’s the most private and least convenient device in this test. It’s aimed at cypherpunks and people who want to minimize their exposure to third parties. Thanks to BIP 174, seed generation and transaction signing can be done without ever connecting the device to a computer. Also, generating the BIP 39 seed phrase with completely offline dice rolls is definitely something that the most privacy-conscious users would find interesting and useful.
In a sense, it can be said that the metrics from this section are unfair to the value proposition of the Coldcard — it’s definitely not a tool for traders or casual holders, but something for those who are serious about financial sovereignty. Thanks to Electrum, Coldcard is compatible with lots of Linux implementations. Also, the on-device firmware is robust and successfully fulfills all of the functions that one can find in the KeepKey Client.
Coldcard’s air-gapped design means that it can function without ever being connected to a computer and, therefore, the only fitting rating is Cypherpunk-10.
3. Extra Verification Steps
As devices that are designed to securely generate private keys, validate transactions and act as buffers between vulnerable computers and users, hardware wallets require plenty of verification steps.
First of all, there should be some sort of mechanism to verify the authenticity of the device. Secondly, the seed phrase should be checked during the initial setup, in order to eliminate faulty inputs that may lead to unwanted losses. Thirdly, each time the device is plugged in or left idling for a few minutes, there should be another PIN number verification. Last but not least, these features should be easily comprehensible, so that anyone who isn’t technical but has owned a bank account in the past can do them effortlessly.
Physical Packaging
The good news is that all wallets have these types of verification but in different forms and with some of their own proprietary specificities.
For instance, the Trezor Model T is physically sealed around the USB connector to guarantee that the device is new and hasn’t been tampered. The KeepKey also comes in a sealed box, while the Coldcard is packed in plastic bags with unique and on-device verifiable barcodes (so it becomes difficult to replicate the packaging once opened).
For the same considerations regarding physical security, the Ledger Nano X and the BitBox02 include the hardware-secure element which verifies the authenticity of a device. The Bitbox02 is also wrapped in a plastic bag whose design is distinctive (so, replacing it once it’s been tampered with requires extra effort). It can be argued that cryptographic verifications are better than physical ones, but it’s reassuring to see that your new device is sealed and in proper condition.
Seed-Phrase Verification
In terms of seed-phrase verification, all devices reviewed here are excellent and guarantee a thorough process that is simultaneously intuitive and useful for the ongoing education for financial sovereignty.
The KeepKey will make users input the seed-phrase words using a scrambled keyboard; the Ledger Nano X, the Coldcard and the BitBox02 require on-device confirmation in the order in which the seed-phrase words are found; and the Trezor Model T prompts for the input of two random words. All hardware wallets require a PIN number that is used to authenticate the user, and each important decision — from sending a transaction to updating the firmware — needs physical on-device validation.
Possibly the easiest and quickest interface is that of the BitBox02, as it asks for a mandatory SD card backup and offers the seed phrase as an extra option. Taking this extra step is strongly recommended because otherwise you won’t be able to recover your bitcoin if your hardware wallet breaks and you lose your backup card (but if you do keep your backup SD card, you can simply insert it into a brand new BitBox device and recover your private keys).
The Coldcard works in a similar way, except that it operates on the device screen and turns the seed-phrase generation into a process you can’t skip (as it’s an essential element for power users). Needless to say, the interface is more complex and not very friendly in visual terms — but there are 8-minute setup guides on YouTube that can serve as great educational resources.
The KeepKey had frequent connection issues when used with the provided cable but when connected, it offers a quick and seamless experience. Likewise, the Trezor and the Ledger have been onboarding new users with the utmost simplicity for years, and they are still the standard by which hardware wallets are judged.
4. Unique Features
From functionality to special integrations, there are plenty of unique features that help set each product apart from the rest. Even though these characteristics have been mentioned in the previous sections of the article, this section is dedicated to compressing and highlighting the best individual arguments to buy each product.
In hindsight, no hardware wallet is more privacy- and security-centered than the Coldcard. If you want to hold your bitcoin for a long time and never connect the device to your computer, it’s probably the best choice because it leaves the fewest traces. The fact that it generates two types of backups (SD card and seed phrase) and the carefulness with which it’s packaged make the Coldcard the premium, power-user hardware wallet and every cypherpunk’s dream.
But if you want to trade or make frequent transactions, there are options which facilitate such activities. For instance, the KeepKey has the best and easiest exchange integrations within its interface and also receives some bonuses on the ShapeShift platform (this is only for those who don’t mind sharing their email address and revealing their transaction data). What is also interesting about the KeepKey is the way it scrambles keyboard inputs — it’s great for security and one of the best ways to stay protected from tampering.
As the evolution of the world’s first hardware wallet, the Trezor Model T is a great mix between accessibility, security and open-source code. By using the online platform, users may reveal their transaction data and IP addresses, but the device is popular enough to allow for easy integrations with more cypherpunk-minded, third-party applications such as the Electrum Personal Server and Wasabi. The Trezor is also expected to receive significant improvements in the future, with the addition of SD card backup, data and file encryption and also the Suite platform.
The Ledger Nano X is great thanks to the embedded Secure Element chip which cryptographically checks the integrity of the hardware. It is slightly better than the Trezor in terms of data privacy thanks to multiple software clients, but a greater amount of trust has to be put into the company due to the opaque source code. The client can also prove to be buggy, but this is just a consequence of having software on all major operating systems. The feature that stands out the most in the Nano X is the Bluetooth connectivity for mobile phones, but its popularity among users is yet to be tested.
Shift Cryptosecurity’s BitBox02 is definitely a pleasant surprise, as it combines the best elements from the Trezor, Ledger and Coldcard: open-source software, a hardware secure element, the cautious anti-tampering packaging, the SD card backup and the complete verification of the seed phrase. However, the two elements that make it unique are the full node integration and the UTXO control in the BitBoxApp. This revision of the BitBox is the newest product in terms of release date and successfully manages to raise the bar. If connected to a full node and used with cautiousness, it’s the second-most private hardware wallet in this comparison, following the Coldcard.
5. Privacy
When we think about hardware wallets, we usually associate these devices with cryptographic security and the creation of an extra layer of protection against hackers. However, deterrence through cautiousness is the best weapon for an individual who seeks financial sovereignty: In order to keep your bitcoins safe, your interactions should not turn you into a hacking challenge or honeypot.
In this regard, there are two distinctive types of privacy that one should take into consideration while using a hardware wallet (or dealing with bitcoin in general): transaction privacy (who gets data when you send, receive or store bitcoin?) and network privacy (who collects information about your IP address?).
Ideally, hardware wallets should leak a minimal amount of data and never lead to any type of association between you and your transactions. However, there are many ways in which you can recklessly give away information about your wealth and activities. And there is no way to know who might find your bitcoin trades interesting.
The reason why Wasabi Wallet and the Electrum Personal Server have been recommended throughout this article is very simple: They are client-side applications which store the data locally and benefit from multiple, privacy advantages. For example, Wasabi uses Tor by default, thus obfuscating a user’s whereabouts and making it difficult to track them. The Electrum Personal Server makes it easy to connect to a full node, thus keeping data about transaction history and generated addresses on a user’s hard drive.
Coinkite’s Coldcard Wallet is natively designed to operate with clients such as Wasabi and Electrum, can work even without ever being connected to a computer, and is the best choice for anyone who cares about financial privacy. If used correctly, the device is a bona fide cold storage option and offers the most private way of holding your bitcoin. Therefore, thanks to its air-gapped design and implementation of BIP 174, the Coldcard Wallet receives the highest distinction in regards to privacy.
The BitBox02 also takes its “best of both worlds” philosophy into the privacy territory by offering UTXO control for your bitcoin (so you don’t reveal how many coins you own with each transaction) and the option to connect to your full node (so you generate your addresses and store transaction data locally, without giving away this information to a third party). Thanks to these two additions and their ease of use, Shift Cryptosecurity’s hardware wallet is excellent and the second-most private product in this test.
Long-time rivals Trezor and Ledger are pretty much on par for privacy and find themselves in a recurring state of competition. The Ledger Live software is technically superior to Trezor’s web-based interface, but they both connect to the servers of their respective companies anyway and reveal holdings and transaction data. Unlike the Coldcard, the Model T and the Nano X are not air gapped via BIP 174 and require connection to a computer in order to function.
Conversely, thanks to being the two oldest hardware wallet manufacturers, the Trezor and the Ledger are supported by a large number of third-party developers — Wasabi and the Electrum Personal Server being the two most important for privacy and financial sovereignty. Therefore, thanks to their versatility, the Model T and the Nano X both get the “great” rating for privacy.
The KeepKey doesn’t work with Wasabi Wallet and manufacturer ShapeShift encourages users to sign up to the official trading platform (which requires an email address and may ask for extra KYC information when buying bitcoin). Due to these criteria, it’s not the most privacy-friendly device in the field and is clearly aimed at traders who would rather get convenience via useful integrations. The fact that the hardware wallet can be bought for $10 with a ShapeShift sign-up reveals a type of approach which is the polar opposite of Coldcard’s. Under these considerations, the KeepKey gets an average rating for privacy.