Choosing a Hardware Wallet

Last updated: 2026-04-13

Your hardware wallet holds your private keys and signs transactions. Every other security decision builds on this one. Choose carefully — you are trusting this device with your money.

Non-Negotiable Traits

A good hardware wallet must have all seven:

  1. A screen to verify transaction details before you sign. Without one, you're trusting a potentially compromised computer.
  2. Air-gapped operation — no USB data connection, no Bluetooth, no WiFi. Communication only via MicroSD cards or QR codes. Any live connection is an attack surface.
  3. A secure element to protect the seed. A tamper-resistant chip designed to withstand physical extraction attacks.
  4. Open-source and reproducible firmware so anyone can verify the code matches what runs on the device. Closed-source means you're trusting the vendor blindly.
  5. Real secure boot to prevent unauthorized firmware from running. The device cryptographically verifies its own software on every startup.
  6. Open standards like BIP39, PSBT, and standard derivation paths. No proprietary formats locking you into one vendor.
  7. No remote validation or PIN servers. The device works entirely offline. If a company's server goes down, your wallet still functions.

Our Recommendation

COLDCARD meets all seven criteria, is Bitcoin-only, and has been battle-tested since 2018.

COLDCARD Q has a full QWERTY keyboard, large screen, QR code scanner, and dual MicroSD slots. Best choice for most people.

COLDCARD Mk5 uses a numeric keypad and single MicroSD slot. Smaller and more affordable, same security model.

Both are fully air-gapped. Your keys never touch a computer.

What About Other Wallets?

Other hardware wallets exist. Some are good, some have serious compromises. Use the seven-point list above as your checklist. If a device fails any point, think hard about whether the trade-off is worth it.

Common compromises to watch for:

  • USB-only operation — plugging into your computer means no air gap
  • Bluetooth connectivity — wireless is an attack surface
  • Closed-source firmware — you can't verify what the device actually runs
  • Reliance on vendor servers — company disappears, wallet stops working
  • Altcoin support — multi-coin wallets have a far larger attack surface than Bitcoin-only devices

See coldcard.com/compare for detailed side-by-side comparisons.