The best privacy practice is one that you can manage.
As we will reiterate throughout this website, privacy is a journey. You do not have to be a privacy expert on Day 1. With that being said, once you understand the importance of self-custody, a logical next step is to buy a hardware wallet to secure your private keys.
There are several hardware wallets on the market, some more popular than others. While any of these wallets are far superior to leaving your coins on an exchange, there are several important differences which we will highlight in this article. Some hardware wallets are tailored for beginners, however these wallets often come with some upfront privacy tradoffs.
Our goal with this article is to help you understand these tradeoffs while illuminating the privacy implications that are often not mentioned in review articles.
Though not required readings, our Self Custody Article, Bitcoin Nodes Article, and Non-KYC article may supplement the information in this article.
If you just want our recommendations and don’t want to read this whole article, our favorite wallets are: ColdCard and Passport , followed by BitBox02
Some Important Prerequisite information before buying a Bitcoin Hardware Wallet:
Hardware wallets have one purpose, and it’s to secure your bitcoin private keys.
This may sound simple, but this fact leads to a range of potential vulnerabilities and privacy leaks if done incorrectly. Most hardware wallets use a secure element, a microprocessor to secure your private keys.
For best practice, you should never buy any bitcoin wallet from a third-party reseller (such as Amazon, Ebay, etc.). All purchases should be done directly through the manufacturers.
The risk here is that a reseller may have tampered with the device, putting your bitcoin at risk.
Another risk, in general with buying hardware wallets, is that you are giving your name and address and associating that with someone who likely owns bitcoin. This opens up an attack vector if this data gets leaked (or given to unknown people such as a reseller). If possible, try to buy the device with a fake name, or through a PO box or different address from where this device may be stored.
A good hardware wallet should also provide an easy way to check if the packaging has been tampered with.
Popular and Beginner Bitcoin Hardware Wallets
The most popular hardware wallets are undoubtedly Ledger and Trezor. They have been marketed heavily to new cryptocurrency users and seem to be the easiest to use for noobs.
The first issue with marketing heavily to noobs is that many users have a knowledge gap in what hardware wallets do. It is important to note that they only store your private keys and you cannot use a hardware wallet by itself. You must connect a hardware wallet to some software, which is itself a bitcoin node or is then connected to a bitcoin node. By default, Ledger and Trezor connect to their own software: Ledger Live and Trezor Software. This means by default you are connected to their nodes and are giving up some information to their servers (IP address, meta-data, etc.)
If you are a new bitcoin holder just worried about getting your keys off exchanges, but are not yet ready to run your own node, this may be okay for your level of needs.
Ledger Live and Trezor Suite are extremely easy to use, however, it is important to know that this represents a privacy risk.
Your bitcoin wallet should allow you to connect to another software, which may allow for increased privacy even if you do not run your own node.
Both Trezor and Ledger allow you to use their wallets with an alternative software such as Sparrow, Electrum or Specter. However, Ledger does make this process a bit more difficult.
With that out of the way, here are our pros and cons of both Trezor and Ledger:
Trezor (Model T or Model One):
Pros:
Open-source, Simple Setup with in-app guide
Offers 25th word passphrase to your seedphrase
Cons:
Forces connection to Trezor Suite (User must trust Trezor’s node).
Supports altcoins so their focus is diluted
Does not offer coin control out of the box
Does not show change address on transactions (Many new users don't understand the concept of change addresses in bitcoin. If you spend a UTXO [an unspent transaction output - a bitcoin transaction] you may be sending part of this bitcoin to a merchant, and the rest back as change. In Trezor, the change address is not shown or confirmed. This may look like you sent part of your bitcoin to an unknown person or attacker.)
Does not use secure chip and physical Extraction of keys has been accomplished on some older versions after extensive tampering- leaving questions about newer version’s vulnerabilities (https://www.youtube.com/watch?v=dT9y-KQbqi4)
If you understand the trade-offs and want a beginner bitcoin wallet that will allow you to connect to other software down the line, Trezor is a cheap way to get your coins off exchanges
Ledger (Nano S or Nano X):
Pros:
Simple Set up, ease of use, In-app tutorial for complete noobs
Price
Ledger Live has an experimental feature to connect to your own node, but has issues with Tor Routing.
Ledger-Live allows for coin-control
Cons:
Closed-Source
Forces connection to Ledger Live (User must trust Ledger’s node)
Ledger-Live does not allow you to connect to your own node over Tor
Data breach from company.
Supports altcoins so their focus is diluted.
Not able to check xpubs of cosigners in msig
Again if you understand the trade-offs , and just want a simple hardware wallet to get your coins off a exchanges, the Ledger Nano S or X are a cheap way to do so
Note: If you choose either of these devices, a simple way to add a bit of privacy is to use a VPN or Tor when ordering and a VPN/Tor when downloading or using Ledger Live and Trezor Suite.
Bitbox 02 Review:
An alternative to Ledger and Trezor for a complete noob may be the Bitbox02. It has similar ease of use as the above mentioned wallets, but also includes a few extra features that help with security and privacy.
Bitbox02 also connects to their own software out of the box (which we noted is a privacy issue), but it does easily allow you to connect to other software or use their software through your own node when you are ready to make that jump.
The microSD used as a primary backup may be a negative for those used to seed words. It means you have to clearly mark the microSD to never insert it into a computer. A 24 word seedphrase export is also possible with this device, however.
Internally, the BitBox02 is very similar to the Coldcard Mk3 which we will discuss below.
Pros:
Open-Source Simple Set up
Seed backup and On-screen guide is noob friendly
Can create passphrases (25th word) without ever connecting to the Bitbox2 app
Has Coin-control out of the box
Has Bitcoin Only product
On order the external carton box is hermetically-sealed (can show tamper evidence from supply chain)
Secure Chip
Multi-sig capabilities out the box
BitBoxApp allows you to run a full Bitcoin node and also features Tor routing.
Cons:
Must connect to the Bitbox2 app to initialize the device with a seed, or restore with your own seed.
The Bitbox02 (Bitcoin Only Version) is the first hardware wallet in this article that we will explicitly recommend. It is a better wallet than the Ledger and Trezor for new bitcoin holders.
The trade-off of the Bitbox02 app should be noted and the VPN caveat applies to this product as well.
Privacy and Security Focused Bitcoin Hardware Wallets:
The two best privacy focused Bitcoin Hardware wallets on the market right now are the ColdCard and Foundations Devices Passport
The best thing these wallets have going for them is that they do not force you to connect to proprietary software as all the above mentioned hardware wallets do. This design choice maximizes privacy and self-sovereignty.
Both these devices allow you to connect to software that is well known, open-source and verifiable. Both these devices also allow you to verify that they are genuine and come with a host of advanced features.
The main drawback here is that this may be overwhelming for a complete noob (however we do feel that both these devices are not difficult to use, especially for someone who has the ability to follow guides and/or youtube videos)
Coldcard Review:
The Coldcard resembles a calculator and most operations are completed through the device’s display and navigation using the numbers. The setup process isn’t particularly difficult, but it does require some understanding of Bitcoin.
In terms of privacy and security features, the Coldcard is hard to beat. The Coldcard can work in a completely air-gapped way. Meaning, the device can work without ever being connected to a computer. This can be done as it can communicate through a microSD card. Further, the Coldcard can also conduct partially signed bitcoin transactions, meaning that connection to an internet device is unnecessary or optional.
The Coldcard has security features that all the previously mentioned wallets do not have, such as the ability to add a duress and brick pin. This means a user can enter a different pin that will open up a Bitcoin wallet which is completely separate from the main wallet. This may be useful in an adversarial situation where you have $30,000 on a main wallet and someone forces you to open your Coldcard. The duress wallet could have $1,000 on it without ever giving up the indication that you have $30,000 in a main wallet.
The brick pin is similar in concept, however it will render the device completely unusable and will destroy the device.
Pros:
Open-source , Bitcoin only
Never connected to proprietary software
Compatible with Bitcoin Core and popular software such as: Sparrow, Electrum, Specter, etc.
Several advanced privacy features (duress pin, brick pin, PSBT, etc.)
Can introduce entropy in seed phrase
Multi-sig capabilities
Built with a dedicated secure element.
Simple, compact, and lightweight design.
Can be operated without ever being connected to a computer.
Can add 25th word passphrase
Wallet (and settings) can be backed up to a microSD card.
Cons:
Trade-off convenience for extra security.
Note: If you are not using the ColdCard with your own node, when connecting to software such as Sparrow, Electrum, Etc. Be mindful of your IP address and the information you are passing to third-party nodes.
If the ColdCard fits your level of bitcoin knowledge, as well as, privacy and security needs you can get 5% off through this link: https://store.coinkite.com/promo/5711D4C29F4C38749A43
Passport Review
Foundation Devices Passport shares many of the same advanced privacy and security features that the ColdCard has, including being airgapped and never being used with proprietary software.
Passport has a few differences, most notably, its appearance. While ColdCard comes in a form representing a calculator, Passport resembles an old-school cellphone from the early 2000s. Passport also uses batteries, while all the above wallets do not.
Passport builds on the Trezor and Coldcard code to attempt to offer a product that balances use for both technical and non-technical users.
The Passport also comes with a unique camera. This means it can do QR code signing while keeping the device airgapped. This device like the ColdCard can do PSBT either over micro-usb or via this QR code signing method.
The Passport also made a conscious difference in backup method. By default the Passport backup method is microSD card plus 6 words. This is notably different from the usual 12-24 seed words. The device does allow you to use these words in the settings if desired.
Some users may find this device a bit more user friendly than the ColdCard, however it should be noted that this device and company is newer and does not always have orders being sent out. The upcoming batch for the Passport 2 only has 2500 units.
Pros:
Open-source , Bitcoin only
Never connected to proprietary software
Compatible with Bitcoin Core and popular software such as: Sparrow, Electrum, Specter, etc.
Several advanced privacy/ features (PSBT, etc.)
Multisig support out of the box
25th word Passphrase support
Built with a dedicated secure element.
Simple, compact, and lightweight design.
Can be operated without ever being connected to a computer.
Wallet (and settings) can be backed up to a microSD card
Cons:
Price
Availability
If the Passport piques your interest you can get $10 off by using code SureSats or by clicking this link here: https://foundationdevices.com/ambassador/SureSats
If you manage to get your hands on a passport here is a passport wallet guide: https://bitcoiner.guide/passport/
Conclusion:
Overall Hardware wallets are a great way to secure your bitcoin private keys, however, they all come with trade-offs. We recommend more secure and private wallets for most users. If you do not opt-for the ColdCard or Passport, understanding the privacy loss with connecting to proprietary software should be kept in mind.