Table of contents
1. Introduction
- Freedom & our digital shields
- The goal of this guide
- Who this is for
2. Bitcoin basics
- Bitcoin ownership: keys & signatures
- Hardware Wallets: storing keys, not bitcoin
- Hardware wallets vs signing devices
- From seed to address: the cryptographic chain
- Air gaps
3. Methodology
- Approach & focus
- Testing process
- Compatibility
4. Hardware wallets
- Standard models
- Jade
- Jade Plus
- Bitbox
- Trezor Safe 5
- Keystone 3 Pro
- OneKey Pro
- Coldcard Mk4
- Coldcard Q
- Foundation Passport
- Cardware
- DIY solutions
- Specter
- Krux
- Seedsigner
- Airgapped computer
5. Comparison table
6. Conclusion
1. Introduction
This guide is not about why.
Freedom.
That’s all I’ll say about why.
This guide is about how.
1.1 Freedom & our digital shields
With great power comes great responsibility
However, the downside to that powerful freedom is the ultimate responsibility that is inextricably linked to it.
Today we have numerous tools at our disposal to protect our digital property from bad actors or loss. These tools are our digital shields. But, security is not just about owning the right tools, it’s about using them correctly.
The goal of this guide is to provide an experience-based overview of hardware wallets that may help you decide which tools may be a good fit for you to help you protect your freedom.
1.2 The goal of this guide
The goal of this guide is to provide actionable experience-based insights into the shields that protect our freedom & wealth.
1.3 Who this is for
This is for those who are looking for the best bitcoin hardware wallet without having to try them all out.
2. Bitcoin basics
2.1 Bitcoin ownership: keys & signatures
Bitcoin ownership boils down to keys, which come in pairs: public and private. A public key is like a bank account. All anyone can do with that information is send money to that bank account. The corresponding private key is like the password to that bank account, which allows you to actually move the money.
A private key enables you to move bitcoin by signing a transaction, which is only valid if it includes a signature. Everyone can create a transaction to move any bitcoin. You could create a transaction that moves all of satoshi’s bitcoin to your bitcoin address, but without a signature, that transaction is incomplete. You need the corresponding private key to provide a fitting signature.
Bitcoin transactions are usually created on another device (like a mobile or laptop) which is connected to the internet (aka hot). We then pass along that transaction to our hardware wallet which is able to view and verify the transaction details and confirm the transaction by providing a signature for it. Once the transaction has a signature it can then be broadcast to a bitcoin node so the miners may include it in a block and append it to the blockchain.
Hot device creates transaction => send to cold device => cold device provides signature => hot device broadcasts signed TX
2.2 Hardware wallets: storing keys, not bitcoin
There are never actually any bitcoin on any of the devices we’ll be discussing. All bitcoin are stored publicly on the blockchain, on every full node on the planet (a full node is a computer that keeps a full copy of the blockchain, which is just a long list linked together of every bitcoin transaction that has ever taken place). The hardware wallets we will be talking about only exist to hold the private key to sign transactions so that we may move our bitcoin.
2.3 Hardware wallets vs signing devices
Another distinction to make before continuing is the difference between a hardware wallet and a signing device. As we just discussed, a hardware wallet stores the private key to sign bitcoin transactions. So, every hardware wallet is a signing device. But, there are also stateless devices that do not store a bitcoin private key permanently and are still able to sign bitcoin transactions. A device like the popular Seedsigner requires the user to first load a private key onto the device before it can create signatures. As we will see, some devices can work both ways.
2.4 From seed to address
The final insight on basics is the relation between a seed phrase, private key, public key and addresses. Your seed phrase is your starting point, human-readable words (usually 12 or 24). It’s not a key itself but a master blueprint to derive the rest deterministically (aka reproducible).
- Your seed phrase produces a private key.
- The private key generates a public key, the public counterpart which is mathematically linked, but irreversible.
- A public key spawns addresses, which are practically unlimited.
seed phrase => private key => public key => addresses
By consequence, the seed phrase is the most important part of your setup. You may lose your hardware wallet that contains your private key, as long as you have your seed phrase backup. Backups will have their own deep dive.
2.5 Air gaps
Air gaps are security measures where a secure device like a hardware wallet is never connected to another hot device. This significantly reduces exposure to any sort of compromise. Instead of transferring transactions over USB or Bluetooth air-gapped signing devices work with QR codes or SD cards to sign transactions. QR codes have become a very popular workflow for signing bitcoin transactions. Air gaps are mostly praised for their added security, but that might be overrated since connecting over USB is not a security issue in the sense that it doesn’t cause any real-life hacks leading to stolen user funds. However, air gaps might be overrated for their security but underrated for their usability. The ability to simply scan QR codes is a much preferred workflow for many and rightfully so.
3. Methodology
3.1 Approach & focus
When evaluating hardware wallets, several aspects matter: security, usability, durability, compatibility, and value. Security is king, if a hardware wallet is insecure its ease of use or price tag is irrelevant. But here’s the reality: none of the devices we’ll be discussing are insecure in any real sense. There appear to be zero documented instances where the inherent security of a device was breached, resulting in stolen funds. Granted, there are several documented instances of white hat hackers getting into devices, but these cases never resulted in stolen user funds. Please note this is not just due to the merit of device manufacturers. They are standing of the shoulders of cryptographic giants, Satoshi being just one of them.
There are many instances where bitcoin are stolen but they seem to always arise from user error, phishing, loss, physical theft or extortion. Given this strong security baseline of the devices themselves, I’m assessing these hardware wallets mainly through a very practical lens and a usability perspective. These devices are secure in any practical sense, it’s the users which are always the weakest link in the chain. Therefore, in my opinion, overal usability and smoothly guiding users to proper usage is actually one of the best differentiating security features any device can have. Usability is security! I repeat: security is not about owning the right tools, it’s about using them correctly.
3.2 Process & approach
Who in their right mind would buy 15+ hardware wallets? You only need one. If you’re looking at multi-sig where you need to manage multiple keys, maybe 2 or 3 but even then, there’s several signing devices who can do multi-sig all by themselves (Seedsigner, Passport, Jade (& plus), Coldcard, Specter).
Well I do have them actually lying all around but the most critical differentiator of this guide isn’t simply reviewing all bitcoin hardware wallets and listing up pictures of the unboxing experience and how to do the setup; throwing it all together. You can find extensive unboxings and reviews elsewhere. I will link to to the best ones where applicable such that this guide may serve as an anchor point where you can start further explorations from.
An AI agent could quite simply scrape and summarise the reviews of all these devices into a single massive article.
The approach here is going to be an experience-based wider holistic view of where a specific model fits within the broader ecosystem. Not simply discussing and comparing features, but reporting on real usage with real bitcoin. When you first buy a hardware wallet, you’re excited and proud. And you should be. Embarking on the journey of self-custody is a huge step in reclaiming self-sovereignty.
Picking holes
However, when the umpteenth device hits your hands and a core feature doesn’t work properly you get critical. There’s simply no other way, not for me. You can’t un-know what you know. If you know for a fact there’s another device at a similar or even lower price point which does that one thing instantly, you can’t help but wonder why that other device can’t do it smoothly. To be honest such experiences have been the source of several frustrations, which you will read about.
As an official reseller for most of the brands discussed in this guide and connecting directly to many customer experiences I believe I am uniquely positioned to review these cold storage tools as part of a whole. Many will undoubtedly find me overly critical or simply lacking brain activity, incapable of working with these tools. Know my harshness is very deliberate, it’s by relentless attacking we forge resilience.
I’ll be scouting out the weak points so that we may raise the bar as an industry in order to onboard the next billion.
That which does not kill us makes us stronger.
3.3 Compatibility
An often overlooked feature is compatibility, or how well a hardware wallet plays with other tools in the bitcoin ecosystem. See, bitcoin is a protocol, a way of doing things, a set of rules. Hardware and software have to abide by these rules in order for different components to be able to work smoothly together. Bad things happen when companies don’t follow the rules, creating compatibility issues. Anyone remember Internet Explorer?
it’s about ensuring your wallet speaks the same language as your software, backups, and recovery methods. Here’s why it matters: hardware wallets use standards like BIP-39 (seed phrases) and BIP-44 (derivation paths) to generate your keys and addresses. But not all wallets implement these the same way. Get this wrong, and you might not “find” your Bitcoin again. Imagine you set up a wallet with device A in its default settings, lose it, then try to recover with another device. If some “settings” (like derivation path) differ your funds could seem to vanish, they are still there, but invisible to the new device. The Bitcoin’s not lost; it’s just hiding behind a compatibility gap.
4. Hardware wallets
4.1 Standard models
4.1.1 Blockstream Jade
It makes sense to start with the cheapest device. A lot of newcoiners will be very budget conscious and the Jade’s low price point is appealing to that broad target audience. When writing this part I wanted to first have a look at what others are saying, out of curiosity. There’s a ton of content on the Jade out there:
- Privacy Pros list it as a 9.3/10 device
- Athena Alpha rates it a 4.3/5
- BlockDYOR gives it 92/100 with a massive unboxing + setup + usage with a truckload of screenshots
- MaterialBitcoin is the first one mentioning real downsides like battery life concerns and build quality
- HardwareWallets.net rate it 90% and beginner-friendly
- HeyApollo rates it 4.5/5 based on 73 reviews
It doesn’t make a lot of sense to do yet another unboxing and setup article, discussing how its got a camera and is open source and has usb-c and supports liquid and yada yada…
I’m not going to join this circle jerk, on the contrary. I’m swimming against the tide here not to be contrarian but to share my honest opinion. And I hate to say what I’m about to say because as many of the above reviewers mentioned Blockstream really is an OG bitcoin company pushing the space forward, no doubt about it. I love bitcoin and every company doing its part.
But I honestly think the Blockstream Jade is horrible. It’s jank. It screams low build quality. The camera is a total potato. The jog wheel feels like it’s going to cry if I nudge it too hard. The overal user experience makes me feel weak in the grand scheme of things. We’re supposed to bring down the banks with this piece of plastic?
“This is the best cold wallet for beginners. Very user friendly”
It’s the people that love their Jade, like that review from the HeyApollo website, who are going to give me a lot of heat for this and it’s not that I don’t care. I do. This is bitcoin. This is about fixing the world. This is not about getting likes and reposts. This is about authenticity. In a world where everyone can create another 500-word positive review in 5 seconds with AI its the experience-based insights that become more valuable.
But it hits me I’m being unfair here. This is a budget device, it’s goal is to onboard as many new users onto bitcoin as possible and a low price point is absolutely crucial in doing so. I get that. But it honestly saddens me to know the Blockstream Jade has been the first experience so many have had when jumping into cold storage. The fact that people do like it is very interesting though and we’re going to unravel that as we continue along this list, because similar things are happening over at the other hardware wallets.
Two things seem to play there: confirmation bias and not knowing any better. All the experienced bitcoiners I know have similar thoughts.
2/10
Who should buy this in 2025? Absolutely no one, sorry.
I’d give it a 1 but it’s still somewhat usable over usb.
If you’re looking for a budget device, jump over to the Cardware.
4.1.2 Blockstream Jade Plus
The upgraded Jade Plus is a whole different story since pretty much everything has changed: build quality is totally fine now, screen quality is actually good, menu navigation is clear and smooth and the camera might actually be the best out of all devices tested. This device is super usable as a standard hardware wallet which doesn’t have a secure element (just like the base Jade). Several other reviewers list it as a con, whilst it’s actually a significant pro. Not having to trust the secure element inside, is a big win.
However, if you want to use it as a stateless signing device where you don’t keep a seed on the device but want to work with Seed QR codes, you’re going to have a bad time.
Here’s me trying to load a seed QR onto the device for several minutes straight, without success. Know that literally all the others who are capable of this: Foundation Passport, Seedsigner, Specter and Krux all do this instantly, sub-second. Honestly, I got so excited when I opened the box and took in the first experience, which was super solid. But trying to load a seed QR really pissed me off. This would be such a near-perfect device if they would have nailed that too, but I guess it was too good to be true.
7/10
Who should buy this in 2025? Those who want to avoid a secure element and are looking for a simple, solid airgapped device. This works as part of a multi-sig.
4.1.3 Bitbox
The BitBox02 has garnered significant attention for its security, usability and price point. The fact that its Swiss-made will definitely contribute to its popularity. Let’s dive into the nitty-gritty experience with this device and how it compares to all the others. In and off itself its a beautiful piece of tech. you can’t tell what it is just by looking at it since it has no physical buttons. There was this Reddit post on a picture of a Bitbox and someone asking what it was, the poster found it on a train and had no idea. That’s great security through obscurity at work right there.
They did compromise on buttons in a big way though by using capacitative touch. They simply aren’t working as smoothly as simple, physical clicking buttons with tactile feedback. I wish this worked since it results in such a clean aesthetic but it really doesn’t. Entering a 6 letter word for the first couple times can take a full minute. Compare that to entering a 6 digit pin on a touchscreen like the Keystone or just buttons like the Passport and the difference is night and day.
This has sadly become this devices greatest downside and its a pretty critical one at that. Now, the BitBox app software is trying to make up for that and it’s great, truly one of the best out there by a manufacturer. The Pocket Bitcoin integration to buy straight to your cold storage Bitbox is pretty much perfect. Personally I can’t get over the un-usability of having to plug it in and entering the password with dozens of careful touches compared to turning on a battery powered device and simply pushing 6 digits, which is going to be at least 10x faster.
4.1.4 Trezor Safe 5
The Trezor Safe 5 is SatoshiLabs’ latest hardware wallet release. A key security feature of the Safe 5 is its EAL6+ certified Secure Element which is NDA-free. This is very notable since most other secure element chips used in other hardware wallets exist under NDA and require a slight form of trust.
Now let’s dive in to the real-life workings of this wallet and the first-time use:
The packaging is straightforward—basic cardboard with minimal extras, including two small stickers and a short 50cm USB-C to USB-C cable. While functional, the presentation feels underwhelming for a premium security device. Upon setup, the wallet defaults to SLIP39, an unconventional choice that may surprise users expecting the more familiar BIP39 word list standard. Locating the “classic” BIP39 option requires additional effort, which could frustrate those accustomed to a simpler onboarding process and expect BIP39 as the standard.
The accompanying user interface for generating and verifying the seed phrase further complicates matters. Verification involves selecting the correct word from a three-word multiple-choice list, a step-by-step process that, while secure, feels cumbersome.
For new users, this can be time-consuming, and an accidental tap on the wrong word—a realistic scenario given the small, somewhat unresponsive screen—forces a complete reset to factory defaults, erasing all progress. This on itself can be a cumbersome. For new users, it’s also unfamiliar to first get presented with 24 words, to then select words from a list instead of swiping through it. Having to reset the whole device to factory defaults with every mistake can be a hassle cumbersome. The touch screen can be error prone and swiping / confirming might not work well enough for some users. Even tapping in the pin code at the unlock phase of the wallet sometimes fails as the numbers are easy to mis-tap.
4.1.5 Keystone 3 Pro
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
4.1.6 OneKey Pro
4.1.7 Coldcard Mk4
4.1.8 Coldcard Q
4.1.9 Foundation Passport
4.1.10 Cardware
Disclosure: sample alpha device was provided by Cardware for testing.
The Cardware wallet is a completely air-gapped budget hardware wallet. It has no internal battery, its powered via USB-C with only power connections active so no data transmission is physically possible.
This is visually verifiable through its transparent casing and circuit board. The Cardware combines an EAL6+ certified secure element chip with hardware-level read/write protection to guard against physical tampering. In an industry first it has the ability to use a video stream as entropy for key generation, besides supporting dice rolls.
This solid combo of a great feature set at a bargain price should have no issue dethroning the Blockstream Jade as preferred budget bitcoin hardware wallet option.
Cardware box
Box contents
Non-upgradeable firmware
Since this device also has no SD card slot this means its firmware is non-upgradeable!
This peculiar choice is presented as a security feature but this could be seen as a potential issue regarding future-proofing. In my own perspective, I’m afraid I have to categorise this as security theatre. This is an ultra-secure design choice but doesn’t solve a real security issue.
Hardware wallets like the Foundation Passport and Bitbox have had many great firmware updates over the years, they provide immense ongoing value to long-term hodlers.
Features:
- Air gap
- Power-only USB-C
- EAL6+ secure element
- Dice entropy
- Web wallet integration
Unique features:
- Transparent casing & circuit board
- Non-upgradeable firmware
- Hardware-level read/write protection
- High-entropy key generation via hashed video stream
Front side
Back side
Startup screen (2 sec)
Welcome screen
Build quality: given its low price tag the build quality feels surprisingly fine. Now, you can clearly feel its a budget device but because of the simplicity of the large buttons it works very well and clicks with a solid tactile feel. The quality of the camera feed is low but scanning QR codes works …
Missing: There is no support for loading a seed QR so you can’t use the device stateless, that’s a real bummer.