Hardware wallet: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Btchip (talk | contribs)
m http->https
Cypherock (talk | contribs)
m Updated the description for Cypherock X1 wallet
 
(117 intermediate revisions by 34 users not shown)
Line 1: Line 1:
A '''hardware wallet''' is a device that stores a part of a user's [[wallet]] securely in mostly-offline hardware. They have major advantages over other wallet types:
A '''hardware wallet''' is a special type of [[wallet|bitcoin wallet]] which stores the user's private keys in a secure hardware device.


* the key is often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
They have major advantages over standard software wallets:
 
* private keys are often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
* immune to computer viruses that steal from software wallets
* immune to computer viruses that steal from software wallets
* can be used securely and interactively, as opposed to a [[paper wallet]] which must be imported to software at some point
* can be used securely and interactively, private keys never need to touch potentially-vulnerable software
* much of the time, the software is open source, allowing a user to validate the entire operation of the device
* much of the time, the software is open source, allowing a user to validate the entire operation of the device


This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.
This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.


== Security risks ==
To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers.
However, it's important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy.
How a hardware wallet could fail to protect your Bitcoin:
# '''Malware swaps recipient Bitcoin addresses''': a hardware wallet won't protect you from being tricked into sending Bitcoin to the wrong address. For example, malware on a PC could monitor for high value transactions and then swap out the recipient's authentic Bitcoin address for an address controlled by the attacker. When the stakes are high, multi factor (e.g., over the phone) confirmation of a recipient's Bitcoin address is recommended.
# '''Insecure RNG ([https://en.wikipedia.org/wiki/Random_number_generation Random Number Generator])''': hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified.
# '''Imperfect implementation''': the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software.
# '''Compromised production process''': even a perfect software and hardware implementation of a hardware wallet would be vulnerable to a corrupt production process that introduces intentional or unintentional holes into the final product. The introduction of hardware backdoors is a [https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/ real concern] for high risk financial and military applications.
# '''Compromised shipping process''': a compromised fulfillment process may substitute or modify secure devices for superficially identical but insecure replacements. Government programs that intercept hardware and modify them in route to insert backdoors [https://arstechnica.com/.../photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ are known to exist].
In summary:
* While not a silver bullet hardware wallets can still be extremely useful, assuming you take care to use a good one: an authentic device manufactured by trustworthy, technically competent security experts with a good reputation (e.g., [[TREZOR]]).
* [[Cold storage]] solutions implemented with open source software and general purpose hardware (e.g., [[BitKey]], Pi Wallet), using a verifiable source of entropy such as physical dice may provide superior security for some use cases (e.g., long term savings).
== Connecting to a full node ==
By default, most hardware wallets instruct the user to connect to the manufacturer's own web interface. The web page cannot steal the user's private keys but can spy on them or trick them into accept fake payments.
Hardware wallets only keep the [[private keys]] safe and create spending transactions; they cannot tell you if you have actually received coins and in what quantity. Bitcoin's security model also requires that [[full node]] wallets are used. If not, somebody could pay you with a transaction of something other than bitcoin. If bitcoin is digital gold then a full node wallet is your own personal goldsmith who checks that the incoming payments are actually real. Also the third-party wallet will see all your [[Address|bitcoin addresses]] so this is very damaging to your privacy.
Most hardware wallets can be connected to [[Electrum]] bitcoin wallet. Electrum can be connected to your own [[Electrum#Electrum Personal Server|full node via a server]].
See also: [[Full node#Why should you use a full node wallet]]
== Commercial hardware wallets (ordered chronologically) ==
=== [[Trezor|Trezor One]] ===
[[File:Trezor-tx.jpg|300px|thumb|left|Confirming the transaction with Trezor]]
[[Trezor]] is a secure bitcoin storage and a transaction signing tool with open source hardware and software. The private keys are generated by the device and never leave it thus they cannot be accessed by a malware.
It uses a deterministic wallet structure which means it can hold an unlimited number of keys ([[BIP 0032]]/[[BIP 0044]]). A recovery seed is generated when the device is initialized. In case Trezor gets lost or stolen, all its contents can be recovered using this seed (private keys, bitcoin balance and transaction history) into a new device or another [[BIP 0039]]/[[BIP 0044]] compatible wallet.
Trezor also introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer. An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.
Trezor One offers everything needed to protect cryptocurrency funds together with advanced features like [https://wiki.trezor.io/User_manual:Password_Manager Password manager]  or [https://wiki.trezor.io/User_manual:Two-factor_Authentication_with_U2F U2F two-factor authorization].
''See also [[Hardware wallet#Trezor Model T|Trezor Model T - next-generation cryptocurrency hardware wallet]]''
[https://shop.trezor.io Trezor E-shop] | [https://wiki.trezor.io Trezor Wiki] | [https://trezor.io Trezor Homepage]
<br clear="all">
=== KeepKey: Your Private Bitcoin Vault ===
[[File:keepkey.jpg|300px|thumb|left|KeepKey showing a bitcoin transaction that needs to be manually approved.]]
KeepKey is a USB device that stores and secures your bitcoins. When you entrust KeepKey with your money, each and every bitcoin transaction you make must be reviewed and approved via it's OLED display and confirmation button.
KeepKey has a unique recovery feature utilizing a rotating cipher to restore private keys with a [[BIP 0039]] recovery seed.  This means it is not necessary to store your private keys on KeepKey: the recovery process is secure enough so that KeepKey can be used as a transaction device for paper backups.
[https://www.keepkey.com keepkey.com]
<br clear="all">
=== Opendime: Bitcoin Credit Stick ===
[[file:Opendime.jpeg|300px|thumb|left|Opendime Package]]
The 1st Bitcoin Bearer Bond or just call it a "Bitcoin Stick"
Opendime is a small USB stick that allows you to spend Bitcoin like a dollar bill. Pass it along multiple times.
Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.
It comes in the shape of a mini USB, and Opendime-ui.png|setting it up is astonishingly quick and simple. You plug OpenDime into a USB port, and it behaves just like a USB drive with a tiny amount of storage. In its folder, is a web page. You open the webpage in your browser, and there’s only one instruction to follow: “Drop a file onto the drive”. Once you do that, the OpenDime automagically generates a unique address for you to receive Bitcoin with.
[https://opendime.com Opendime.com]
* [https://opendime.com/#faq Opendime FAQ]
* You can watch a [https://www.youtube.com/watch?v=9UFF9d3Y1BY video here]
* Read this [https://medium.com/@beautyon_/exquisite-opendime-ad1195a2790e review]
* Multi-language user interface: 中文 • 日本語 • English • Portuguese • Français • Deutsch • Русский
* Works as USB drive with no need for software
* [https://github.com/opendime/electrum Opendime Electrum plugin]
* [https://github.com/opendime/ Opendime source files and key verification]
<br clear="all">
=== Coldcard: Ultra-secure Bitcoin Hardware Wallet ===
[[file:Coldcard.png|300px|thumb|left|Coldcard Front and Back]]
* Coldcard is an easy to use, ultra-secure, open-source and affordable hardware wallet that is easy to back up via an encrypted microSD card. Your private key is stored in a dedicated security chip. MicroPython software design allows you to make changes.
* BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses. Now with BIP39 passphrase support, unlocking up to 5.9e197 additional wallets from the same seed words! It knows how to understand transactions, so you can see what you are approving.
* The first "Partially Signed Bitcoin Transaction Format" - PSBT (BIP 174) native wallet which can be used completely offline for its entire lifecycle. See HWI for Bitcoin Core support!
* True air-gap cold operation via MicroSD sneakernet or standard via USB
[http://www.coldcardwallet.com Coldcardwallet.com]
* [https://coldcardwallet.com/faq Coldcard FAQ]
* [https://coldcardwallet.com/docs Coldcard Docs]
* [https://github.com/coldcard/firmware Coldcard Source Code]
<br clear="all">
=== CoolWallet: The Ultimate Bitcoin Safe ===
<!-- 2016-04-09: Consider removing this device until actually for sale? -->
[[File:CoolWallet in the box.jpeg|300px|thumb|left|CoolWallet showing Launch App, waiting for user to connect with smartphone via Bluetooth]]
CoolWallet is a credit card sized Bluetooth device that stores and secures your bitcoins and private keys. It fits in your wallet and works wirelessly.
Every Bitcoin transaction must be manually confirmed and approved through its e-paper display and button.
CoolWallet only acknowledges the paired smartphone. Whoever stole the CoolWallet are not able to steal any bitcoins. Using recovery Seed can restore all your bitcoins in case you lost the device.
[https://coolbitx.com coolbitx.com] | [https://github.com/CoolBitX-Technology/coolwallet-ios Source and specifications]
<br clear="all">
=== BlochsTech card: Your user friendly Bitcoin wallet ===
<!-- 2016-04-09: Possible vaporware / scam?  Website insecure & badly designed with no substantial info.  Consider finding technical docs, real reviews or removing this device. -->
[[file:BlochsTech Bitcoin card hardware wallet.jpg|300px|thumb|left|Graphic printed on front of BlochsTech cards.]]
The BlochsTech open Bitcoin card is an open protocol secure hardware Bitcoin wallet your grandmother could use.
For shops it's faster to accept than slow QR code based wallets and more reliable as it works offline.
Currently it's of course in a novelty phase like Casascius coins (of which thousands were sold),
however in the long run it is fully capable of functionally replacing the VISA system in all nations.
[http://www.BlochsTech.com BlochsTech.com]
<br clear="all">
=== BitLox Bitcoin Hardware Wallet ===
[[file:Bitlox.jpg|300px|thumb|left|BitLox Bitcoin Hardware Wallet]]
BitLox is a metal cased (aluminum or titanium) bitcoin hardware wallet that works with their own web based wallet by USB and apps for iPhone and Android using Bluetooth LE.
At present it is the only bitcoin hardware wallet you can buy that works with iPhone. The device weighs one ounce and is the size of a credit card 4 mm thick.
Bitlox allows you to set up hidden wallets. Unlike other hardware wallets your seed is never displayed on a connected computer or phone but only on the Bitlox. All your wallet, device and transaction PINs are only entered on the BitLox and never on any app.
BitLox has also implemented several advanced security features not available on any other bitcoin hardware wallet.
[http://www.bitlox.com bitlox.com]
<br clear="all">
=== Ledger Nano S ===
[[File:ledger_wallet_nanos_photo.png|300px|thumb|left|Ledger Wallet Nano S]]
Ledger Nano S is a secure Bitcoin hardware wallet. It connects to any computer through USB and embeds a built-in OLED display to double-check and confirm each transaction with a single tap on its buttons. It is architectured around a Secure Element (ST31 family) and built on top of the BOLOS platform, a powerful and flexible Operating System allowing the secure execution of multiple Open Source applications in full isolation.
Main features:
* cryptographic secrets protected by a secure chip
* open source embedded Bitcoin app
* Confirmation of transactions on the embedded screen
* Built-in 4 digits PIN security lock
* Built-in onboarding (seed generation and recovery)
* BIP39 seed (12/18/24 words), easy backup and restoration
* Multi-apps support: FIDO U2F, GPG, SSH…
* USB connectivity
* Foldable and compact casing
[https://www.ledgerwallet.com/products/12-ledger-nano-s Ledger Nano S product page]
<br clear="all">
=== Ledger Nano X  ===
[[File:Ledger Nano X.png|300px|thumb|left|Ledger Wallet Nano X]]
Ledger Nano X is a secure hardware wallet. It features Bluetooth Low Energy (BLE) connectivity enabling it to be used with Android or iOS devices without the need of a cable. <br/>
Main features:
* Multi-services: Hardware Wallet, Cryptographic Platform, Password Manager, Second Factor authenticator
(FIDO)
* Comply with several cryptocurrencies
* USB connectivity
* BLE v5.0 connectivity
* Open Source Device App: all Device Apps developed by Ledger can be reviewed and verified by End-Users
* Developer friendly: develop a Device App and then install it on the Ledger Nano X
* Comply with the main BIP standards: [BIP32], [BIP39] and [BIP44]
* Multi-platform: Windows (7+), Mac (10.9+), Linux or Chrome OS
* OLED screen: to verify the transaction data (amount, address)
* Buttons: used to get the End-User’s consent relative to sensitive operations like unlocking the device or processing a transaction
* PIN: to unlock the Ledger Nano X
* Plausible deniability: an additional PIN linked to a passphrase can be defined to create an hidden account
* Genuine PSD: cryptographic attestation mechanisms ensuring that the Ledger Nano X is a genuine one
* Post-issuance capability: all piece of software (MCU Firmware, SE Firmware, Device Apps) can be securely updated
[https://shop.ledger.com/products/ledger-nano-x Ledger Nano X product page]
<br clear="all">
=== [[Cypherock Wallet]] ===
[[File:Cypherock x1 wallet.png|500px|thumb|left|Cypherock X1 Wallet]]
[[Cypherock Wallet]] is a secure Bitcoin hardware wallet that does not require a manual seed phrase backup.
Cypherock X1 uses [[Shamir Secret Sharing]] to break the master seed into 5 Cryptographic parts further stored on 5 tamper-proof hardware components - namely the X1 vault and 4 X1 cards. Each of these 5 components can have an optional PIN set by the user as an additional layer of security. These hardware components interact with each other using NFC technology. Using a 2-of-5 threshold scheme, any 2 of the 5 parts can be used to reconstruct the private key and make transactions.
Additional Features:
* Audited by KeyLabs, a hardware security firm that has found vulnerabilities in Ledger and Trezor before.
* It is [https://www.github.com/cypherock open-source] and has been scrutinized, and certified ‘reproducible’ by [https://walletscrutiny.com/hardware/cypherockx1 WalletScrutiny].
* USB connectivity
* OLED screen: to verify the transaction data (amount, address)
* Comply with the main BIP standards: [BIP32], [BIP39] and [BIP44]
* Multi-platform: Windows (7+), Mac (10.9+), Linux or Chrome OS
* 5-way joystick: used to get the End-User’s consent for sensitive operations like processing a transaction
* You can also use the Cypherock X1 as a [https://www.cypherock.com/wallet-backup seed phrase backup manager] since it allows the user to secure multiple seed phrases inside the same product.
* It is soon going to come with an inheritance service that allows a user to setup an inheritance of the assets without compromising privacy and control of the assets
[https://www.cypherock.com Cypherock Website] | [https://www.cypherock.com/product/cypherock-x1 Cypherock Shop] | [https://www.cypherock.com/security Cypherock X1 docs] | [[Cypherock Wallet|Cypherock Wiki]]
<br clear="all">
=== [[Prokey|Prokey Optimum Trezor clone]] ===
[[File:Optimum-in-hand.jpg|300px|thumb|left|WebUSB-enabled hardware wallet, the Prokey Optimum]]
The Prokey Optimum is a [[Trezor|Trezor One clone]] that connects to any computer and android phones through USB and users required to always press OK button on device to confirm right addresses, amounts, and fees before making any transactions.
It focuses on the following features :
* Secure Firmware: Genuine firmware that implements mutual authentication between the device and the server to prevents supply-chain attacks.
* All-Inclusivity: No third-party wallets, manage everything on a single platform
* Supports Bitcoin, Ethereum, ERC20 Tokens, OMNI Layer and more cryptocurrencies, It's the first hardware wallet that fully support USDT as both Omni and ERC20 Tokens
* In-Browser Operation: WebUSB-based operations renders no need of additional download of bridges, applications, extensions, or executable files
Equipped with other features like passphrases and offline recovery seed checking, the Prokey Optimum offers maximum security and also is user-friendly to provide the best experience when dealing with cryptocurrency.
[https://prokey.io/ Homepage of Prokey Hardware Wallet]
<br clear="all">
=== Secalot ===
[[File:secalot_wallet.png|300px|thumb|left|Secalot]]
Main features:
* Software and hardware are fully open sourced.
* Utilizes a secure microcontroller with a high performance dedicated cryptographic co-processor.
* Integrates with the popular Electrum wallet.
* PIN-code protected.
* Confirm transactions with a touch button press on the device.
* Supports P2PKH, P2SH, and segWit transactions.
* Updatable firmware.
* Extra functionality: OpenPGP smart card, FIDO U2F authenticator, one-time password generator.
Website: [https://www.secalot.com www.secalot.com]
<br clear="all">
=== ELLIPAL - Airgapped hardware wallet with mobile support ===
[[File:Ellipal wallet.png|300px|thumb|left|ELLIPAL]]
ELLIPAL hardware wallet secures keys in cold storage without connections except for LCD screen. It works with companion mobile App via QR code.
Main features:
* Working with mobile phone via QR code
* Internet Isolated Cold Wallet
* Supporting multi-currencies and more than 7,000 tokens
* Supports P2PKH, P2SH, and segWit transactions
* 4" Screen with touch panel
* Support private key import
* PIN-code and gesture pattern protect
* Confirmation of transactions details on the screen
* BIP32/BIP39/BIP44
* iPhone and Android companion App: account management, market info and coin exchange.
[https://www.ellipal.com ELLIPAL Hardware Wallet Homepage] | [https://www.ellipal.com/pages/coin-list ELLIPAL Supported Coins]
<br clear="all">
=== ELLIPAL Titan Cold Wallet ===
[[File:Ellipaltitan.jpg|300px|thumb|left|ELLIPAL Titan]]
ELLIPAL Titan is the upgraded version of the ELLIPAL EC01 hardware wallet. Main upgrades are within the hardware which improves protection against physical attacks while keeping absolute protection against remote attacks. ELLIPAL Titan works with ELLIPAL mobile App to secure and manage your cryptocurrency. Information is transferred between the cold wallet and App via QR code only.
New additional features:
* IP65 metal sealed frame - Light water jet & dust protection
* Disassembly test: [https://www.youtube.com/watch?v=DuPcJudtd2o Video]
* Fully isolated components, can never be connected to another device
* USB port removed - no ports on the device
* Anti-Tamper feature - data automatically deleted upon detection of a breach
* Decentralized Finance: [https://www.ellipal.com/pages/buy-crypto buy cryptocurrency], exchange, and stake of coins.
* Verifiable and secure QR code [https://github.com/ELLIPAL?tab=repositories Github]
[https://www.ellipal.com/pages/coldwallet Buy Cold Wallet] | [https://www.reddit.com/r/ELLIPAL_Official/ ELLIPAL on Reddit] | [https://www.ellipal.com/pages/reviews ELLIPAL Reviews]


<br clear="all">


== Purchasable hardware wallets ==
=== [[Trezor|Trezor Model T]] ===
[[File:Trezor-model-t-photo-front.jpg|300px|thumb|left|Trezor Model T]]


=== Piper - Standalone bitcoin paper wallet printer ===
Trezor Model T is the premium version and next-generation cryptocurrency hardware wallet. In addition to the functionalities of Trezor One, it has a colored touchscreen for secure on-device input, modern design, an SD card slot, and some other more advanced features.
[http://www.piperwallet.com PiperWallet.com]
For more information see [https://wiki.trezor.io/Trezor_Model_T Trezor Model T] and this [https://trezor.io/#comparison comparison table]
[[File:piper.jpg|300px|thumb|left|Piper wallet from the front]]
Piper is the easiest way to store bitcoin and other cryptocurrencies securely.


* Easy: Simply press the button to print a new paper wallet. You can choose to have Piper store your keys. Backup is as easy as plugging in a USB drive.
[https://shop.trezor.io Trezor E-shop] | [https://wiki.trezor.io Trezor Wiki] | [https://trezor.io Trezor Homepage]
* Secure: Paper wallets are the most secure way to store your Bitcoin. Piper is the only offline wallet to pass all 26 Dieharder tests to ensure secure private key generation.
* Customizable: Plug in a display, mouse, and keyboard and customize Piper to do whatever you want. It's Linux-based, open source, and powered by the Raspberry Pi. You can even use your own printer!


<br clear="all">
<br clear="all">


=== [[TREZOR]] The Bitcoin Safe ===
=== D'CENT Biometric Wallet - BLE enabled Hardware Wallet  ===
[http://bitcointrezor.com BitcoinTrezor.com]
[[File:DCENT_Biometric_Wallet.png|300px|thumb|left|D'CENT Biometric Wallet]]
 
D'CENT Biometric Wallet is a secure multi-cryptocurrency hardware wallet. It connects by using Bluetooth or USB to any mobile devices. The wallet is based on multi-IC architecture built on Secure Element(EAL5+) embedded with the SecureOS to provide robust security for the secure execution of multiple wallet applications.
 
Main features:
* Cryptographic secrets protected by a secure chip
* Large OLED (128x128) display for confirmation of transactions and QR Code for P2P transactions
* Built-in biometric sensor for authentication and also supports the PIN
* Built-in onboarding (seed and key generation in Secure Element)
* BIP39 seed (24 words), easy backup and recovery
* Easy and convenient FW update (no recovery is required after update)
* Bluetooth and USB connectivity
 
[https://dcentwallet.com D'CENT Wallet Homepage] | [https://medium.com/dcentwallet D'CENT on Medium] | [https://www.youtube.com/channel/UCKnYqiM3g3iaaAKcRZf-kbA D'CENT Youtube]
 
<br clear="all">


[[File:Trezor-tx.jpg|300px|thumb|left|Confirming the transaction with TREZOR]]
=== Keystone Wallet - Air-gapped with QR code and Secure Element ===
[[File:Vault_pro.png|300px|thumb|left|Keystone Wallet Essential/Pro]]


[[TREZOR]] is a secure bitcoin storage and a transaction signing tool. The private keys are generated by the device and never leave it thus they cannot be accessed by a malware.
[[Keystone]] Wallet is a completely air-gapped hardware wallet that uses verifiable QR codes to transmit transaction information back and forth with a mobile app. It houses an FIPS 140-2 Secure Element that uses four superimposed physical sources for true random number generation (TRNG). Private keys never leave the Secure Element when transactions are signed. Keystone Wallet’s innovative Web Authentication process helps prevent supply chain attacks through double asymmetric encryption implementing our backend HSM server. Keystone Wallet’s Secure Element’s BIP 32, 39, and 44 compliant firmware is open source ([https://github.com/keystonejs/keystone Github]).


It uses a deterministic wallet structure which means it can hold an unlimited number of keys (BIP32/BIP44). A recovery seed is generated when the device is initialized. In case TREZOR gets lost or stolen, all its contents can be recovered using this seed (private keys, bitcoin balance and transaction history) into a new device or another BIP39/BIP44 compatible wallet.
Keystone Wallet Essential & Pro Features:
* Air-gapped through auditable QR code data transmissions
* Secure Element physical entropy private key generation and side-channel attack prevention
* Open source Secure Element firmware (industry first)  
* Detachable battery (industry first)  
* MicroSD firmware upgrading
* 4-inch touchscreen
* AAA battery support to prevent battery failure
* Bitcon-only firmware version compatibility
* Better camera for smoother QR code transactions


TREZOR also introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer. An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.
Keystone Wallet Pro Features:
* Fingerprint sensor for device unlock and transaction signing
* Upgraded self-destruct mechanism
* Rechargeable battery


[http://BuyTrezor.com E-shop BuyTrezor.com] | [http://doc.satoshilabs.com/ TREZOR Documentation]
[https://keyst.one/ Keystone Wallet Homepage] | [https://blog.keyst.one/ Keystone Wallet on Medium] | [https://shop.keyst.one/products/keystone-pro Keystone Wallet Shop]


<br clear="all">
<br clear="all">


=== Pi Wallet - cold storage ===
=== BitBox02: Swiss made open source ===
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]
[[File:BitBox02.png.jpg|300px|thumb|left|BitBox02]]
[http://www.pi-wallet.com/ Pi-Wallet Shop]


[http://www.pi-wallet.com/pages/what-is-pi-wallet Further informations about Pi-Wallet]
The BitBox02 hardware wallet equips individuals to easily store, protect and transact in Bitcoin. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your coins.


The Pi-Wallet is comparable to an offline Notebook.
Simple and secure, a good starting point for beginners:
* Create your wallet in minutes via the setup wizardInstant backup to the included microSD card
* In-app guide that answers common questions
* A bright OLED screen and intuitive touch sensors to securely verify and confirm transactions
* The USB-C connector works with your computer or Android smartphone (adapter and extension cable included)


However it combines all features of the Armory bitcoin client (e.g. offline transaction signing) with the advantages of a tiny computer.
Many advanced features for expert users:
* Easy connection to your own Bitcoin full node
* Secure multi-signature with account registration directly on the device
* Backup to microSD card with additional option to export the BIP39 recovery words
* Granular coin control for Bitcoin UTXO
* Reproducible builds of firmware to make sure binary releases actually run the open-source code
* Supported by Electrum and wallets using HWI


To sign offline-transaction you will need an (unused) USB stick.
Secure hardware made in Switzerland:
* Software and hardware are open-source and can be independently audited
* Secure dual-chip architecture allows usage of a secure chip for physical device hardening
* Bitcoin-only edition features focused firmware with less attack surface
* Very discreet due to its small form factor and no visible screen when powered off
* BitBox hardware wallets have been available since 2016
* Engineered and manufactured in Switzerland


[https://shiftcrypto.ch/bitbox02 BitBox02 product page] | [https://github.com/digitalbitbox Source code]


<br clear="all">
<br clear="all">


=== BTChip HW.1 - USB Smartcard Hardware Wallet  ===
== Not purchasable hardware wallets ==
[https://www.hardwarewallet.com HW.1 Home Page]


=== Ledger HW.1 - USB Smartcard Hardware Wallet  ===
[[File:Btchip_dongle.jpg|220px|thumb|left|HW.1 inserted in a laptop]]
[[File:Btchip_dongle.jpg|220px|thumb|left|HW.1 inserted in a laptop]]


HW.1 is an implementation of a deterministic (BIP 32) Hardware Wallet on a USB smartcard.
HW.1 is an implementation of a deterministic ([[BIP 0032]]) Hardware Wallet on a USB smartcard.


It is typically used as a blind secure device for multi signature transactions - holding a set of derived private keys and signing transactions without requiring user confirmation.
It is typically used as a blind secure device for multi signature transactions - holding a set of derived private keys and signing transactions without requiring user confirmation.
Line 64: Line 393:
Power users can rely on it to confirm all transactions with a second factor scheme turning the dongle into a keyboard typing what the user is supposed to have signed, as a protection against malware.
Power users can rely on it to confirm all transactions with a second factor scheme turning the dongle into a keyboard typing what the user is supposed to have signed, as a protection against malware.


It is also possible to customize HW.1 for more specfic needs, such as creating a prepaid card without revealing the deterministic seed before it is received by the user, or securing bitcoin transactions on a server.
It is also possible to customize HW.1 for more specific needs, such as creating a prepaid card without revealing the deterministic seed before it is received by the user, or securing bitcoin transactions on a server.
 
[https://www.ledgerwallet.com/products/3-ledger-hw-1 E-shop] | [https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html Technical Documentation]
 
<br clear="all">
 
=== Ledger Nano - USB Smartcard Hardware Wallet  ===
[[File:ledger_wallet_photo.jpg|300px|thumb|left|Ledger Wallet USB]]
 
Ledger Nano protects your Bitcoin data within a smartcard. Its micro-processor certified against all types of attacks (both physical and logical), and has been used in the banking industry for decades (think credit card chips). The device connects to your computer through the USB port and will do all the Bitcoin cryptographic heavy lifting such as signing transactions inside its secure environment. You can therefore use your Bitcoin account with maximum trust, even on an insecure or compromised computer.
 
The second factor verification of the transaction signature can be done either with a paired smartphone (Android, iOS) or a physical security card.
 
The Ledger Wallet Chrome application (available also on Chromium) provides an easy onboarding as well as a seamless user experience, and the Nano is compatible with numerous third party software: [[Electrum]], [[Mycelium]], [[GreenAddress]], Greenbits, [[Coinkite]] and Copay.
 
[https://www.ledgerwallet.com/products/1-ledger-nano Ledger Nano product page] | [https://github.com/LedgerHQ Source and specifications]
 
<br clear="all">
 
=== Ledger Unplugged - NFC Smartcard Hardware Wallet  ===
[[File:ledger_unplugged_photo.jpg|300px|thumb|left|Ledger Unplugged NFC]]
 
The Ledger Unplugged is a credit card sized NFC hardware wallet. It embeds an open source Java Card app and is compatible with all NFC enabled Android phones.
 
The device can be used with Mycelium or Greenbits. In case of loss, you can restore it on any Ledger Wallet (Nano or another one) or all other compatible solutions (BIP 39).
 
[https://www.ledgerwallet.com/products/6-ledger-unplugged Ledger Unplugged product page] | [https://github.com/LedgerHQ/ledger-javacard Source code]
 
<br clear="all">
 
=== BWALLET TREZOR clone ===


[https://buy.hardwarewallet.com E-shop] | [https://btchip.github.io/btchip-doc/bitcoin-technical.html Technical Documentation]
[[File:BWALLET_Trezor_Clone.jpeg|200px|thumb|left|Chinese clone of Trezor]]
 
BWALLET is a clone of Trezor by a Chinese company.
Trezor code is open source and this device operates like a Trezor.
However, this product has been [https://www.reddit.com/r/Bitcoin/comments/2tyier/bwallet_review_by_trezor_developer/ reviewed by Marek aka Slush(Trezor developer)] and he has found some problems which makes this device less than 100% compatible, for example it doesn't work with [http://mytrezor.com myTREZOR.com] website and it does not work with Trezor official firmware.
 
[http://mybwallet.com MyBWALLET.com] | [http://www.bidingxing.com/en/bwallet Buy BWALLET]


<br clear="all">
<br clear="all">


== Not purchasable hardware wallets ==
=== Pi Wallet - cold storage ===
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]
 
The Pi-Wallet is a small computer with the [[Armory]] bitcoin client.
 
Transactions are signed offline, then transferred on a USB stick via [https://en.wikipedia.org/wiki/Sneakernet Sneakernet] to an online system for broadcasting.
 
[https://www.pi-wallet.com/ pi-wallet.com]
 
<br clear="all">


=== BitcoinCard Megion Technologies-Card based wallet ===
=== BitcoinCard Megion Technologies-Card based wallet ===
Line 84: Line 458:
=== BitSafe - allten/someone42's hardware wallet ===
=== BitSafe - allten/someone42's hardware wallet ===
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]
[https://bitcointalk.org/index.php?topic=127587.0 BitSafe Hardware Wallet Development - BOM Ready - 50 kits being prepared]
[https://bitcointalk.org/index.php?topic=152517.0 Final BitSafe announcement]


Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
<br clear="all">
<br clear="all">
=== Swiss Bank in Your Pocket - Hardware wallet ===
[[File:SBIYP.png|300px|thumb|left|Swiss Bank In Your Pocket]]
The Swiss Bank in Your Pocket is a Windows Desktop Application providing functionality for 5 Bitcoin Wallets and a Bitcoin Vault.
The Bitcoin Vault can only send Bitcoins to the Bitcoin Wallets with in the application. Each Bitcoin wallet can have up to 5 Receive addresses. The intuitive user interface is designed for ease of use. USB security key is required to make any type of transaction. frontend software is installed on windows. Package includes secure USB key, and an additional recovery USB key. So in case of an accident, customer will have an additional backup to access their wallets.
[https://swissbankinyourpocket.com/ swissbankinyourpocket.com]
<br clear="all">
=== BitBox 01 (Digital Bitbox) ===
[[file:Digital-bitbox.png|thumb|left|Digital Bitbox Hardware Wallet]]
* Secure hardware RNG & key storage using [http://www.atmel.com/Images/Atmel-8914-CryptoAuth-ATAES132A-Datasheet.pdf crypto element] with 50 year lifespan and an epoxy-filled case.
* Offline backup and recovery of [[BIP_0032|BIP-32]] seed with a micro SD card rather than [[BIP_0039|BIP-39]] phrase written on paper as in Trezor.
* Native software wallet client and ability to use a mobile phone for 2FA and to verify transaction details.
* Multisig out-of-the-box including Copay support.
* [https://github.com/digitalbitbox Open Source] ([https://github.com/digitalbitbox/mcu#digital-bitbox-firmware firmware], [https://github.com/digitalbitbox/mcu/blob/bf48984fd4a47d9ebf6814f7d01b078964587c7c/src/bootloader.c bootloader], [https://github.com/digitalbitbox/dbb-app desktop client]).
* Full FIDO U2F support (https://en.wikipedia.org/wiki/Universal_2nd_Factor)
* Made in Switzerland (a country with strong privacy laws) by [[Bitcoin Core]] developer Jonas Schnelli.
[https://digitalbitbox.com digitalbitbox.com]
<br clear="all">
=== someone42's original prototype ===
=== someone42's original prototype ===
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]
Line 111: Line 512:


== Related Resources ==
== Related Resources ==
* slush's Hardware wallet wire protocol discussion: [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]
* [https://bitcoinnewsmagazine.com/best-bitcoin-hardware-wallet-2015/ Best Bitcoin Hardware Wallet 2015] - reviews of all bitcoin hardware wallets.
* kjj's Todo List discussion for client protocol requirements: [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 in topic Re: Split private keys]
* [http://99bitcoins.com/trezor-vs-ledger-hands-hardware-wallets-review/ TREZOR vs. Ledger] - User reviews and Reddit feedback
* paybitcoin's original post: [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]
* [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]: slush's Hardware wallet wire protocol discussion
* [https://bitcointalk.org/index.php?topic=135090.0 This thread] about editing this very wiki entry.
* [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 Re: Split private keys]: kjj's Todo List discussion for client protocol requirements
* Various Hardware Wallets and Reviews: [http://www.offlinewallets.com/hardware-wallets Offline Hardware Wallets]
* [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]
* [https://www.buybitcoinworldwide.com/wallets/ Bitcoin Hardware Wallet Comparison] - information about using Bitcoin hardware wallets for cold storage.
* [https://www.weusecoins.com/bitcoin-ledger-wallet-review/ Ledger Wallet Review]
 
== See Also ==
 
* [[Storing bitcoins]]
* [[How to set up a secure offline savings wallet]]
* [[Cold storage]]


[[Category:Security]]
[[Category:Security]]
[[Category:Wallets]]
[[Category:Wallets| ]]
[[Category:Hardware]]
[[Category:Hardware]]

Latest revision as of 08:43, 10 December 2023

A hardware wallet is a special type of bitcoin wallet which stores the user's private keys in a secure hardware device.

They have major advantages over standard software wallets:

  • private keys are often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
  • immune to computer viruses that steal from software wallets
  • can be used securely and interactively, private keys never need to touch potentially-vulnerable software
  • much of the time, the software is open source, allowing a user to validate the entire operation of the device

This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.

Security risks

To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers.

However, it's important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy.

How a hardware wallet could fail to protect your Bitcoin:

  1. Malware swaps recipient Bitcoin addresses: a hardware wallet won't protect you from being tricked into sending Bitcoin to the wrong address. For example, malware on a PC could monitor for high value transactions and then swap out the recipient's authentic Bitcoin address for an address controlled by the attacker. When the stakes are high, multi factor (e.g., over the phone) confirmation of a recipient's Bitcoin address is recommended.
  2. Insecure RNG (Random Number Generator): hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified.
  3. Imperfect implementation: the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software.
  4. Compromised production process: even a perfect software and hardware implementation of a hardware wallet would be vulnerable to a corrupt production process that introduces intentional or unintentional holes into the final product. The introduction of hardware backdoors is a real concern for high risk financial and military applications.
  5. Compromised shipping process: a compromised fulfillment process may substitute or modify secure devices for superficially identical but insecure replacements. Government programs that intercept hardware and modify them in route to insert backdoors are known to exist.

In summary:

  • While not a silver bullet hardware wallets can still be extremely useful, assuming you take care to use a good one: an authentic device manufactured by trustworthy, technically competent security experts with a good reputation (e.g., TREZOR).
  • Cold storage solutions implemented with open source software and general purpose hardware (e.g., BitKey, Pi Wallet), using a verifiable source of entropy such as physical dice may provide superior security for some use cases (e.g., long term savings).

Connecting to a full node

By default, most hardware wallets instruct the user to connect to the manufacturer's own web interface. The web page cannot steal the user's private keys but can spy on them or trick them into accept fake payments.

Hardware wallets only keep the private keys safe and create spending transactions; they cannot tell you if you have actually received coins and in what quantity. Bitcoin's security model also requires that full node wallets are used. If not, somebody could pay you with a transaction of something other than bitcoin. If bitcoin is digital gold then a full node wallet is your own personal goldsmith who checks that the incoming payments are actually real. Also the third-party wallet will see all your bitcoin addresses so this is very damaging to your privacy.

Most hardware wallets can be connected to Electrum bitcoin wallet. Electrum can be connected to your own full node via a server.

See also: Full node#Why should you use a full node wallet

Commercial hardware wallets (ordered chronologically)

Trezor One

Confirming the transaction with Trezor

Trezor is a secure bitcoin storage and a transaction signing tool with open source hardware and software. The private keys are generated by the device and never leave it thus they cannot be accessed by a malware.

It uses a deterministic wallet structure which means it can hold an unlimited number of keys (BIP 0032/BIP 0044). A recovery seed is generated when the device is initialized. In case Trezor gets lost or stolen, all its contents can be recovered using this seed (private keys, bitcoin balance and transaction history) into a new device or another BIP 0039/BIP 0044 compatible wallet.

Trezor also introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer. An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.

Trezor One offers everything needed to protect cryptocurrency funds together with advanced features like Password manager or U2F two-factor authorization.

See also Trezor Model T - next-generation cryptocurrency hardware wallet

Trezor E-shop | Trezor Wiki | Trezor Homepage


KeepKey: Your Private Bitcoin Vault

KeepKey showing a bitcoin transaction that needs to be manually approved.

KeepKey is a USB device that stores and secures your bitcoins. When you entrust KeepKey with your money, each and every bitcoin transaction you make must be reviewed and approved via it's OLED display and confirmation button.

KeepKey has a unique recovery feature utilizing a rotating cipher to restore private keys with a BIP 0039 recovery seed. This means it is not necessary to store your private keys on KeepKey: the recovery process is secure enough so that KeepKey can be used as a transaction device for paper backups.

keepkey.com


Opendime: Bitcoin Credit Stick

Opendime Package

The 1st Bitcoin Bearer Bond or just call it a "Bitcoin Stick"

Opendime is a small USB stick that allows you to spend Bitcoin like a dollar bill. Pass it along multiple times. Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.

It comes in the shape of a mini USB, and Opendime-ui.png|setting it up is astonishingly quick and simple. You plug OpenDime into a USB port, and it behaves just like a USB drive with a tiny amount of storage. In its folder, is a web page. You open the webpage in your browser, and there’s only one instruction to follow: “Drop a file onto the drive”. Once you do that, the OpenDime automagically generates a unique address for you to receive Bitcoin with.

Opendime.com


Coldcard: Ultra-secure Bitcoin Hardware Wallet

Coldcard Front and Back
  • Coldcard is an easy to use, ultra-secure, open-source and affordable hardware wallet that is easy to back up via an encrypted microSD card. Your private key is stored in a dedicated security chip. MicroPython software design allows you to make changes.
  • BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses. Now with BIP39 passphrase support, unlocking up to 5.9e197 additional wallets from the same seed words! It knows how to understand transactions, so you can see what you are approving.
  • The first "Partially Signed Bitcoin Transaction Format" - PSBT (BIP 174) native wallet which can be used completely offline for its entire lifecycle. See HWI for Bitcoin Core support!
  • True air-gap cold operation via MicroSD sneakernet or standard via USB

Coldcardwallet.com


CoolWallet: The Ultimate Bitcoin Safe

CoolWallet showing Launch App, waiting for user to connect with smartphone via Bluetooth

CoolWallet is a credit card sized Bluetooth device that stores and secures your bitcoins and private keys. It fits in your wallet and works wirelessly.

Every Bitcoin transaction must be manually confirmed and approved through its e-paper display and button.

CoolWallet only acknowledges the paired smartphone. Whoever stole the CoolWallet are not able to steal any bitcoins. Using recovery Seed can restore all your bitcoins in case you lost the device.

coolbitx.com | Source and specifications


BlochsTech card: Your user friendly Bitcoin wallet

Graphic printed on front of BlochsTech cards.

The BlochsTech open Bitcoin card is an open protocol secure hardware Bitcoin wallet your grandmother could use. For shops it's faster to accept than slow QR code based wallets and more reliable as it works offline.

Currently it's of course in a novelty phase like Casascius coins (of which thousands were sold), however in the long run it is fully capable of functionally replacing the VISA system in all nations.

BlochsTech.com



BitLox Bitcoin Hardware Wallet

BitLox Bitcoin Hardware Wallet

BitLox is a metal cased (aluminum or titanium) bitcoin hardware wallet that works with their own web based wallet by USB and apps for iPhone and Android using Bluetooth LE.

At present it is the only bitcoin hardware wallet you can buy that works with iPhone. The device weighs one ounce and is the size of a credit card 4 mm thick.

Bitlox allows you to set up hidden wallets. Unlike other hardware wallets your seed is never displayed on a connected computer or phone but only on the Bitlox. All your wallet, device and transaction PINs are only entered on the BitLox and never on any app.

BitLox has also implemented several advanced security features not available on any other bitcoin hardware wallet.

bitlox.com



Ledger Nano S

Ledger Wallet Nano S

Ledger Nano S is a secure Bitcoin hardware wallet. It connects to any computer through USB and embeds a built-in OLED display to double-check and confirm each transaction with a single tap on its buttons. It is architectured around a Secure Element (ST31 family) and built on top of the BOLOS platform, a powerful and flexible Operating System allowing the secure execution of multiple Open Source applications in full isolation.

Main features:

  • cryptographic secrets protected by a secure chip
  • open source embedded Bitcoin app
  • Confirmation of transactions on the embedded screen
  • Built-in 4 digits PIN security lock
  • Built-in onboarding (seed generation and recovery)
  • BIP39 seed (12/18/24 words), easy backup and restoration
  • Multi-apps support: FIDO U2F, GPG, SSH…
  • USB connectivity
  • Foldable and compact casing

Ledger Nano S product page


Ledger Nano X

Ledger Wallet Nano X

Ledger Nano X is a secure hardware wallet. It features Bluetooth Low Energy (BLE) connectivity enabling it to be used with Android or iOS devices without the need of a cable.
Main features:

  • Multi-services: Hardware Wallet, Cryptographic Platform, Password Manager, Second Factor authenticator

(FIDO)

  • Comply with several cryptocurrencies
  • USB connectivity
  • BLE v5.0 connectivity
  • Open Source Device App: all Device Apps developed by Ledger can be reviewed and verified by End-Users
  • Developer friendly: develop a Device App and then install it on the Ledger Nano X
  • Comply with the main BIP standards: [BIP32], [BIP39] and [BIP44]
  • Multi-platform: Windows (7+), Mac (10.9+), Linux or Chrome OS
  • OLED screen: to verify the transaction data (amount, address)
  • Buttons: used to get the End-User’s consent relative to sensitive operations like unlocking the device or processing a transaction
  • PIN: to unlock the Ledger Nano X
  • Plausible deniability: an additional PIN linked to a passphrase can be defined to create an hidden account
  • Genuine PSD: cryptographic attestation mechanisms ensuring that the Ledger Nano X is a genuine one
  • Post-issuance capability: all piece of software (MCU Firmware, SE Firmware, Device Apps) can be securely updated

Ledger Nano X product page


Cypherock Wallet

Cypherock X1 Wallet

Cypherock Wallet is a secure Bitcoin hardware wallet that does not require a manual seed phrase backup.

Cypherock X1 uses Shamir Secret Sharing to break the master seed into 5 Cryptographic parts further stored on 5 tamper-proof hardware components - namely the X1 vault and 4 X1 cards. Each of these 5 components can have an optional PIN set by the user as an additional layer of security. These hardware components interact with each other using NFC technology. Using a 2-of-5 threshold scheme, any 2 of the 5 parts can be used to reconstruct the private key and make transactions.

Additional Features:

  • Audited by KeyLabs, a hardware security firm that has found vulnerabilities in Ledger and Trezor before.
  • It is open-source and has been scrutinized, and certified ‘reproducible’ by WalletScrutiny.
  • USB connectivity
  • OLED screen: to verify the transaction data (amount, address)
  • Comply with the main BIP standards: [BIP32], [BIP39] and [BIP44]
  • Multi-platform: Windows (7+), Mac (10.9+), Linux or Chrome OS
  • 5-way joystick: used to get the End-User’s consent for sensitive operations like processing a transaction
  • You can also use the Cypherock X1 as a seed phrase backup manager since it allows the user to secure multiple seed phrases inside the same product.
  • It is soon going to come with an inheritance service that allows a user to setup an inheritance of the assets without compromising privacy and control of the assets

Cypherock Website | Cypherock Shop | Cypherock X1 docs | Cypherock Wiki


Prokey Optimum Trezor clone

WebUSB-enabled hardware wallet, the Prokey Optimum

The Prokey Optimum is a Trezor One clone that connects to any computer and android phones through USB and users required to always press OK button on device to confirm right addresses, amounts, and fees before making any transactions. It focuses on the following features :

  • Secure Firmware: Genuine firmware that implements mutual authentication between the device and the server to prevents supply-chain attacks.
  • All-Inclusivity: No third-party wallets, manage everything on a single platform
  • Supports Bitcoin, Ethereum, ERC20 Tokens, OMNI Layer and more cryptocurrencies, It's the first hardware wallet that fully support USDT as both Omni and ERC20 Tokens
  • In-Browser Operation: WebUSB-based operations renders no need of additional download of bridges, applications, extensions, or executable files

Equipped with other features like passphrases and offline recovery seed checking, the Prokey Optimum offers maximum security and also is user-friendly to provide the best experience when dealing with cryptocurrency.


Homepage of Prokey Hardware Wallet


Secalot

Secalot

Main features:

  • Software and hardware are fully open sourced.
  • Utilizes a secure microcontroller with a high performance dedicated cryptographic co-processor.
  • Integrates with the popular Electrum wallet.
  • PIN-code protected.
  • Confirm transactions with a touch button press on the device.
  • Supports P2PKH, P2SH, and segWit transactions.
  • Updatable firmware.
  • Extra functionality: OpenPGP smart card, FIDO U2F authenticator, one-time password generator.

Website: www.secalot.com


ELLIPAL - Airgapped hardware wallet with mobile support

ELLIPAL

ELLIPAL hardware wallet secures keys in cold storage without connections except for LCD screen. It works with companion mobile App via QR code.

Main features:

  • Working with mobile phone via QR code
  • Internet Isolated Cold Wallet
  • Supporting multi-currencies and more than 7,000 tokens
  • Supports P2PKH, P2SH, and segWit transactions
  • 4" Screen with touch panel
  • Support private key import
  • PIN-code and gesture pattern protect
  • Confirmation of transactions details on the screen
  • BIP32/BIP39/BIP44
  • iPhone and Android companion App: account management, market info and coin exchange.

ELLIPAL Hardware Wallet Homepage | ELLIPAL Supported Coins


ELLIPAL Titan Cold Wallet

ELLIPAL Titan

ELLIPAL Titan is the upgraded version of the ELLIPAL EC01 hardware wallet. Main upgrades are within the hardware which improves protection against physical attacks while keeping absolute protection against remote attacks. ELLIPAL Titan works with ELLIPAL mobile App to secure and manage your cryptocurrency. Information is transferred between the cold wallet and App via QR code only.

New additional features:

  • IP65 metal sealed frame - Light water jet & dust protection
  • Disassembly test: Video
  • Fully isolated components, can never be connected to another device
  • USB port removed - no ports on the device
  • Anti-Tamper feature - data automatically deleted upon detection of a breach
  • Decentralized Finance: buy cryptocurrency, exchange, and stake of coins.
  • Verifiable and secure QR code Github

Buy Cold Wallet | ELLIPAL on Reddit | ELLIPAL Reviews


Trezor Model T

Trezor Model T

Trezor Model T is the premium version and next-generation cryptocurrency hardware wallet. In addition to the functionalities of Trezor One, it has a colored touchscreen for secure on-device input, modern design, an SD card slot, and some other more advanced features. For more information see Trezor Model T and this comparison table

Trezor E-shop | Trezor Wiki | Trezor Homepage


D'CENT Biometric Wallet - BLE enabled Hardware Wallet

D'CENT Biometric Wallet

D'CENT Biometric Wallet is a secure multi-cryptocurrency hardware wallet. It connects by using Bluetooth or USB to any mobile devices. The wallet is based on multi-IC architecture built on Secure Element(EAL5+) embedded with the SecureOS to provide robust security for the secure execution of multiple wallet applications.

Main features:

  • Cryptographic secrets protected by a secure chip
  • Large OLED (128x128) display for confirmation of transactions and QR Code for P2P transactions
  • Built-in biometric sensor for authentication and also supports the PIN
  • Built-in onboarding (seed and key generation in Secure Element)
  • BIP39 seed (24 words), easy backup and recovery
  • Easy and convenient FW update (no recovery is required after update)
  • Bluetooth and USB connectivity

D'CENT Wallet Homepage | D'CENT on Medium | D'CENT Youtube


Keystone Wallet - Air-gapped with QR code and Secure Element

Keystone Wallet Essential/Pro

Keystone Wallet is a completely air-gapped hardware wallet that uses verifiable QR codes to transmit transaction information back and forth with a mobile app. It houses an FIPS 140-2 Secure Element that uses four superimposed physical sources for true random number generation (TRNG). Private keys never leave the Secure Element when transactions are signed. Keystone Wallet’s innovative Web Authentication process helps prevent supply chain attacks through double asymmetric encryption implementing our backend HSM server. Keystone Wallet’s Secure Element’s BIP 32, 39, and 44 compliant firmware is open source (Github).

Keystone Wallet Essential & Pro Features:

  • Air-gapped through auditable QR code data transmissions
  • Secure Element physical entropy private key generation and side-channel attack prevention
  • Open source Secure Element firmware (industry first)
  • Detachable battery (industry first)
  • MicroSD firmware upgrading
  • 4-inch touchscreen
  • AAA battery support to prevent battery failure
  • Bitcon-only firmware version compatibility
  • Better camera for smoother QR code transactions

Keystone Wallet Pro Features:

  • Fingerprint sensor for device unlock and transaction signing
  • Upgraded self-destruct mechanism
  • Rechargeable battery

Keystone Wallet Homepage | Keystone Wallet on Medium | Keystone Wallet Shop


BitBox02: Swiss made open source

BitBox02

The BitBox02 hardware wallet equips individuals to easily store, protect and transact in Bitcoin. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your coins.

Simple and secure, a good starting point for beginners:

  • Create your wallet in minutes via the setup wizardInstant backup to the included microSD card
  • In-app guide that answers common questions
  • A bright OLED screen and intuitive touch sensors to securely verify and confirm transactions
  • The USB-C connector works with your computer or Android smartphone (adapter and extension cable included)

Many advanced features for expert users:

  • Easy connection to your own Bitcoin full node
  • Secure multi-signature with account registration directly on the device
  • Backup to microSD card with additional option to export the BIP39 recovery words
  • Granular coin control for Bitcoin UTXO
  • Reproducible builds of firmware to make sure binary releases actually run the open-source code
  • Supported by Electrum and wallets using HWI

Secure hardware made in Switzerland:

  • Software and hardware are open-source and can be independently audited
  • Secure dual-chip architecture allows usage of a secure chip for physical device hardening
  • Bitcoin-only edition features focused firmware with less attack surface
  • Very discreet due to its small form factor and no visible screen when powered off
  • BitBox hardware wallets have been available since 2016
  • Engineered and manufactured in Switzerland

BitBox02 product page | Source code


Not purchasable hardware wallets

Ledger HW.1 - USB Smartcard Hardware Wallet

HW.1 inserted in a laptop

HW.1 is an implementation of a deterministic (BIP 0032) Hardware Wallet on a USB smartcard.

It is typically used as a blind secure device for multi signature transactions - holding a set of derived private keys and signing transactions without requiring user confirmation.

Power users can rely on it to confirm all transactions with a second factor scheme turning the dongle into a keyboard typing what the user is supposed to have signed, as a protection against malware.

It is also possible to customize HW.1 for more specific needs, such as creating a prepaid card without revealing the deterministic seed before it is received by the user, or securing bitcoin transactions on a server.

E-shop | Technical Documentation


Ledger Nano - USB Smartcard Hardware Wallet

Ledger Wallet USB

Ledger Nano protects your Bitcoin data within a smartcard. Its micro-processor certified against all types of attacks (both physical and logical), and has been used in the banking industry for decades (think credit card chips). The device connects to your computer through the USB port and will do all the Bitcoin cryptographic heavy lifting such as signing transactions inside its secure environment. You can therefore use your Bitcoin account with maximum trust, even on an insecure or compromised computer.

The second factor verification of the transaction signature can be done either with a paired smartphone (Android, iOS) or a physical security card.

The Ledger Wallet Chrome application (available also on Chromium) provides an easy onboarding as well as a seamless user experience, and the Nano is compatible with numerous third party software: Electrum, Mycelium, GreenAddress, Greenbits, Coinkite and Copay.

Ledger Nano product page | Source and specifications


Ledger Unplugged - NFC Smartcard Hardware Wallet

Ledger Unplugged NFC

The Ledger Unplugged is a credit card sized NFC hardware wallet. It embeds an open source Java Card app and is compatible with all NFC enabled Android phones.

The device can be used with Mycelium or Greenbits. In case of loss, you can restore it on any Ledger Wallet (Nano or another one) or all other compatible solutions (BIP 39).

Ledger Unplugged product page | Source code


BWALLET TREZOR clone

Chinese clone of Trezor

BWALLET is a clone of Trezor by a Chinese company. Trezor code is open source and this device operates like a Trezor. However, this product has been reviewed by Marek aka Slush(Trezor developer) and he has found some problems which makes this device less than 100% compatible, for example it doesn't work with myTREZOR.com website and it does not work with Trezor official firmware.

MyBWALLET.com | Buy BWALLET


Pi Wallet - cold storage

Pi-Wallet

The Pi-Wallet is a small computer with the Armory bitcoin client.

Transactions are signed offline, then transferred on a USB stick via Sneakernet to an online system for broadcasting.

pi-wallet.com


BitcoinCard Megion Technologies-Card based wallet

Bitcoin Card

Bitcoincard Home Page

Excellent review by evoorhees

Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.


BitSafe - allten/someone42's hardware wallet

Bitsafe wallet

Final BitSafe announcement

Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.

Swiss Bank in Your Pocket - Hardware wallet

Swiss Bank In Your Pocket

The Swiss Bank in Your Pocket is a Windows Desktop Application providing functionality for 5 Bitcoin Wallets and a Bitcoin Vault.

The Bitcoin Vault can only send Bitcoins to the Bitcoin Wallets with in the application. Each Bitcoin wallet can have up to 5 Receive addresses. The intuitive user interface is designed for ease of use. USB security key is required to make any type of transaction. frontend software is installed on windows. Package includes secure USB key, and an additional recovery USB key. So in case of an accident, customer will have an additional backup to access their wallets.

swissbankinyourpocket.com


BitBox 01 (Digital Bitbox)

Digital Bitbox Hardware Wallet

digitalbitbox.com


someone42's original prototype

someone42's original prototype

Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices

Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.

Other/Defunct but with good discussion:

Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.
Great discussion and good ideas from jim618. Also linked the following video:
Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.
The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.

Smart Card based wallets

This type of device requires complete trust in the host device, as there is no method for user input. See Smart card wallet

Related Resources

See Also