Hardware Wallets Comparison 2025: Complete Guide to Sovereignty
Table of Contents
- Introduction: Why a Hardware Wallet Is Essential
- Evaluation Criteria
- Detailed Product Reviews
- Complete Comparison Table
- Which Wallet for Which Profile?
- European Regulatory Considerations
- Multisig Configuration
- FAQ
- Conclusion
Summary: A hardware wallet is not just a security gadget — it is the cornerstone of your financial sovereignty. This guide compares the 10 main solutions with a critical angle: who really controls your keys? Technical, legal, and practical analysis to choose with full knowledge.
Introduction: Why a Hardware Wallet Is Essential
FTX, Celsius, Ledger Recover: why custody remains the number one risk.
"Not your keys, not your coins"
This phrase, repeated ad nauseam in the Bitcoin community, is not a marketing slogan. It is a technical and legal reality confirmed by every exchange bankruptcy.
- Mt. Gox (2014): 850,000 BTC disappeared
- QuadrigaCX (2019): Keys "lost" with the deceased founder
- FTX (2022): Billions vanished, clients in proceedings for years
- Celsius, BlockFi, Voyager...: The list keeps growing
In each case, users did not have their keys. They had a promise — an IOU (I Owe You) — that proved worthless.
Market Evolution 2020-2025
The hardware wallet market has evolved considerably:
| Period | Characteristic |
|---|---|
| 2015-2018 | Ledger/Trezor duopoly |
| 2019-2021 | Emergence of alternatives (Coldcard, BitBox) |
| 2022-2023 | Ledger Recover scandal, distrust of EU solutions |
| 2024-2025 | Explosion of options, focus on air-gapped and open source |
The market has shifted from "Ledger or Trezor?" to a diverse ecosystem where the manufacturer's jurisdiction and technical architecture become decisive criteria.
How to Use This Guide
This guide is structured to enable you to:
- Technically compare the different solutions
- Understand the legal implications (crucial for Europeans)
- Choose based on your profile of risk and competence
- Configure correctly to maximize security
Related reading: This guide complements our article Non-European Hardware Wallets: Legal Strategy which analyzes in depth the implications of Ledger Recover and alternatives.
Evaluation Criteria
Secure Element, open source and jurisdiction: the three pillars of your choice.
Security: What Really Matters
The Secure Element vs Open Source Debate
This debate has divided the community for years. Here are the real stakes:
Secure Element (Ledger, Satochip)
- Protection against sophisticated physical attacks
- Key extraction nearly impossible even with physical access
- Proprietary code not auditable by the community
- Dependence on the manufacturer for security guarantees
Full Open Source (Trezor, Seedsigner, Foundation)
- Code auditable by anyone
- No dependence on a single manufacturer
- Vulnerable to physical attacks with prolonged access
- Requires a strong passphrase to compensate
Our position: This debate is partly a false dilemma. The real question is: which attackers are you protecting yourself against?
- Remote attacker (hacker): Both architectures are equivalent
- Occasional physical attacker (thief): Both are secure with PIN
- Sophisticated physical attacker (state, organized crime): Secure Element advantage, but a strong passphrase equalizes
- Systemic attacker (regulator): Open source + non-EU jurisdiction advantage
Firmware Verification
How to ensure the code running on your device is what you expect?
| Wallet | Firmware Verification |
|---|---|
| Ledger | Verifiable hash, but proprietary firmware |
| Trezor | Reproducible, complete source code |
| Coldcard | Reproducible, complete source code |
| BitBox02 | Reproducible, complete source code |
| Foundation | Reproducible, complete source code |
| Seedsigner | DIY, you compile it yourself |
Supply Chain Integrity
The risk of a compromised wallet during manufacturing is real. How each manufacturer responds:
- Ledger: Authenticity verification via app, secure element attestation
- Trezor: Holographic seal, firmware verification at startup
- Coldcard: Anti-tamper bag, serial number on-chain verification
- Foundation: Premium anti-tamper packaging, verification app
Recommendation: Always buy directly from the manufacturer, never on Amazon or eBay.
Features: The Must-Haves
| Feature | Importance | Why |
|---|---|---|
| Bitcoin support | Essential | Core requirement |
| Passphrase (25th word) | Essential | Protection against physical extraction |
| Native multisig | Very important | Advanced security |
| PSBT (partial transactions) | Very important | Interoperability |
| Air-gapped mode | Very important | Maximum security |
| Altcoin support | Moderate | Depends on your needs |
| Touchscreen | Low | Comfort, not security |
UX: The Importance of Simplicity
A wallet that's too complex leads to two risks:
- Handling errors that can cost funds
- Abandonment and return to custodial solutions that are "simpler"
The ideal UX: simple enough to use regularly, comprehensive enough for advanced operations.
Detailed Product Reviews
Ten wallets analyzed in depth with strengths, weaknesses and sovereignty ratings.
Ledger (Nano S Plus, Nano X, Stax, Flex)
Overview and Philosophy
Ledger is the world leader in hardware wallets, founded in France in 2014. The company uses a proprietary Secure Element architecture (BOLOS OS) that offers exceptional protection against physical attacks.
Current Products:
- Nano S Plus (€79): Entry-level, USB only
- Nano X (€149): Bluetooth, battery
- Stax (€279): E-ink screen, touchscreen, premium
- Flex (€249): Touchscreen, modern design
The Ledger Recover Case
In May 2023, Ledger launched "Ledger Recover," a seed phrase recovery service via fragmentation and distribution to trusted third parties.
What Ledger Recover technically reveals:
- The architecture allows extraction of private keys from the Secure Element
- This extraction can be triggered by a firmware update
- Even if the service is "optional," the technical capability exists
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Mature ecosystem (Ledger Live) | Closed architecture |
| Broad altcoin support (5500+) | Ledger Recover: extraction capability |
| Robust Secure Element | French company (EU jurisdiction) |
| Large community | History of data leaks (2020) |
Sovereignty Rating: 2/5
Despite excellent technical security against conventional attackers, the combination of French jurisdiction + proven extraction capability raises questions for users concerned with maximum sovereignty.
Trezor (Model One, Safe 3, Safe 5)
Overview and Philosophy
Trezor, created by SatoshiLabs in the Czech Republic, invented the hardware wallet concept in 2014. Their philosophy: 100% open source, total transparency.
Current Products:
- Model One (€69): Classic, OLED screen, USB
- Safe 3 (€79): Secure Element + open source
- Safe 5 (€169): Color touchscreen, premium
The Safe 3/5 Novelty: Open Source Secure Element
Trezor long refused the Secure Element because it was proprietary. With the Safe 3 and 5, they use a Secure Element whose firmware is open source — the best of both worlds.
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| 100% open source | Model One vulnerable to physical extraction |
| Auditable firmware | EU jurisdiction (Czech Republic) |
| Native Shamir Backup | Less altcoin support than Ledger |
| Active community | Less polished UX than Ledger Live |
Sovereignty Rating: 3/5
Open source and transparent, but EU jurisdiction. The Safe 3/5 with open source Secure Element is an excellent compromise. Passphrase strongly recommended.
Coldcard (Mk4, Q1)
Overview and Philosophy
Coldcard, manufactured by Coinkite in Canada, is the favorite wallet of Bitcoin maximalists. Philosophy: Bitcoin-only, air-gapped, paranoid.
Current Products:
- Coldcard Mk4 ($157): Reference, OLED screen, microSD
- Coldcard Q1 ($219): Larger screen, QWERTY keyboard
Air-Gapped Mode
Coldcard can operate without ever being connected to a computer. Transactions are signed via microSD card:
- Software wallet (Sparrow) creates an unsigned transaction (PSBT)
- Transaction copied to microSD
- Coldcard signs offline
- Signed transaction returned via microSD
- Software wallet broadcasts
Zero USB attack surface — the device never connects.
Unique Advanced Features
- Duress PIN: Special PIN that erases keys
- Brick Me PIN: Physically destroys the device
- Countdown to Login: Forced delay between attempts
- Trick PINs: Decoy wallets with small amounts
- Seed XOR: Seed fragmentation without Shamir
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Bitcoin-only (no distraction) | Bitcoin only (no altcoins) |
| Full air-gapped mode | Less intuitive UX |
| Paranoid features | Higher price |
| Canadian jurisdiction | Learning curve |
| Open source |
Sovereignty Rating: 5/5
The maximalist's choice. Air-gapped, Bitcoin-only, non-EU jurisdiction, open source. The reference for sovereignty.
BitBox02 (Bitcoin-only and Multi)
Overview and Philosophy
BitBox02, created by Shift Crypto in Switzerland, combines Secure Element and open source. Two versions: Bitcoin-only and Multi (altcoins).
Products:
- BitBox02 Bitcoin-only (€149)
- BitBox02 Multi (€149)
The Swiss Advantage
Switzerland is not an EU member. Crypto regulation there is more favorable, and cooperation obligations with EU authorities are limited.
Unique Architecture
BitBox02 uses a Secure Element (ATECC608) in addition to a standard microcontroller. The Secure Element stores part of the seed, the microcontroller the other. Both are needed to sign.
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Verified open source | Smaller ecosystem |
| Swiss jurisdiction | Fewer advanced features |
| Minimalist design | No native air-gapped mode |
| MicroSD backup |
Sovereignty Rating: 4/5
Excellent compromise: open source, secure element, favorable jurisdiction. Recommended for Europeans seeking a Ledger alternative.
Jade (Blockstream)
Overview and Philosophy
Jade, created by Blockstream (Bitcoin development company), is 100% open source with an innovative approach: no Secure Element, but a security model based on a server PIN.
Price: ~€65
The Unique Security Model
Jade has no Secure Element. To compensate, it uses a "blind PIN" system:
- Your PIN is verified by Blockstream servers
- The server doesn't know your seed
- Your device doesn't know the complete PIN
- Both are needed to unlock
Air-gapped alternative: Jade can operate in "stateless" mode without a server, with the seed entered at each use (like Seedsigner).
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Very competitive price | Complex security model to understand |
| 100% open source | Server dependency (default mode) |
| QR air-gapped mode | No Secure Element |
| Blockstream = Bitcoin legitimacy |
Sovereignty Rating: 4/5
Excellent value for money. The air-gapped mode with QR codes makes it a solid option for tight budgets.
Keystone 3 Pro
Overview and Philosophy
Keystone (formerly Cobo Vault), based in Hong Kong, offers wallets with a large touchscreen and 100% air-gapped operation via QR codes.
Price: ~€169
The QR Code Approach
Keystone has no functional USB port for data. All communications go through QR codes:
- Reading transactions via camera
- Displaying signatures via screen
- Impossible to compromise via USB malware
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Large touchscreen | Hong Kong jurisdiction (China) |
| 100% air-gapped | Less well-known |
| Open source | Average price |
| DeFi support (WalletConnect) |
Sovereignty Rating: 3/5
Excellent features, but Hong Kong jurisdiction introduces uncertainty. Monitor depending on geopolitical evolution.
Foundation Passport
Overview and Philosophy
Foundation Devices, based in the USA, created Passport specifically in response to concerns about Ledger Recover. Philosophy: open source, repairable, sovereignty.
Price: ~€259
Design and Manufacturing
Passport stands out with:
- Premium "retro-modern" design
- Made in the USA
- Replaceable battery
- 100% open source code
- Air-gapped mode via microSD and QR
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Created post-Ledger Recover | High price |
| Complete open source | Bitcoin-only |
| Made in USA | Less mature (2021) |
| Premium design | International shipping |
| Repairable |
Sovereignty Rating: 5/5
Along with Coldcard, the top for sovereignty. Explicitly created to address Ledger Recover concerns.
Seedsigner (DIY)
Overview and Philosophy
Seedsigner is not a commercial product, but an open source project allowing you to build your own hardware wallet with a Raspberry Pi Zero.
Cost: ~€50-80 in components
The DIY Concept
You assemble it yourself:
- Raspberry Pi Zero (W or 2)
- Official camera
- LCD screen
- 3D printed case (optional)
Then flash the Seedsigner firmware (open source).
The "Stateless" Model
Seedsigner NEVER stores your seed. At each use:
- You scan your seed (metal QR code or manual entry)
- Sign your transactions
- Power off — memory is wiped
No seed on the device = zero extraction risk.
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Minimal cost | Assembly required |
| Zero trust (you build everything) | Not for beginners |
| Stateless (no stored seed) | Basic UX |
| Active community | No commercial support |
| Educational |
Sovereignty Rating: 5/5
The ultimate sovereignty: you control everything, from hardware to software. Recommended for technical users or as a secondary signing device in a multisig setup.
Satochip
Overview and Philosophy
Satochip is a credit card format hardware wallet with Secure Element, developed in Belgium. Open source.
Price: ~€25
The Card Format
Standard bank card format, usable with NFC or USB reader. Discreet, easy to hide.
Strengths / Weaknesses
| Strengths | Weaknesses |
|---|---|
| Very low price | Limited screen (external) |
| Discreet format | Requires external reader |
| Open source | Fewer features |
| Secure Element | Less well-known |
Sovereignty Rating: 3/5
Interesting for a secondary wallet or discreet backup. EU jurisdiction (Belgium) limits the sovereignty score.
Complete Comparison Table
Price, security, air-gapped and jurisdiction: all criteria in one summary table.
Multi-Criteria Comparison
| Wallet | Price | Secure Element | Open Source | Air-Gapped | Jurisdiction | Sovereignty |
|---|---|---|---|---|---|---|
| Coldcard Mk4 | $157 | Yes | Yes | microSD | Canada | 5/5 |
| Foundation Passport | $259 | No | Yes | microSD/QR | USA | 5/5 |
| Seedsigner | ~$60 | No | Yes | QR | DIY | 5/5 |
| BitBox02 | €149 | Yes | Yes | No | Switzerland | 4/5 |
| Jade | €65 | No | Yes | QR | USA | 4/5 |
| Trezor Safe 5 | €169 | Yes | Yes | No | Czech Rep. | 3/5 |
| Keystone 3 | €169 | Yes | Yes | QR | Hong Kong | 3/5 |
| Satochip | €25 | Yes | Yes | No | Belgium | 3/5 |
| Ledger Flex | €249 | Yes | No | No | France | 2/5 |
| Ledger Nano X | €149 | Yes | No | No | France | 2/5 |
Top 3 by Category
Best Value for Money
- Jade (€65) — Open source, air-gapped, excellent price
- Trezor Model One (€69) — Proven classic
- Seedsigner DIY (~€60) — If you enjoy tinkering
Best Maximum Security
- Coldcard Mk4 — Paranoid features, air-gapped
- Foundation Passport — Designed post-Ledger Recover
- Seedsigner — Stateless, zero attack surface
Best UX
- Ledger Flex/Stax — Touchscreen, intuitive app
- Trezor Safe 5 — Color screen, simple setup
- Keystone 3 Pro — Large screen, modern interface
Best for Bitcoin Only
- Coldcard Mk4/Q1 — The reference
- Foundation Passport — Premium alternative
- BitBox02 Bitcoin-only — Swiss and open source
Best for Sovereignty
- Coldcard — Canada, air-gapped, open source
- Foundation Passport — USA, created anti-Ledger Recover
- Seedsigner — You control everything
Which Wallet for Which Profile?
Personalized recommendations based on your budget, expertise and threat model.
Beginner (< €10K)
Recommendation: Trezor Safe 3 or BitBox02
Why:
- Simple and guided setup
- Open source (verifiable)
- Reasonable price
- Community for support
Minimum Configuration:
- Strong PIN (8+ characters)
- Seed phrase backup on metal
- Optional passphrase
Intermediate (€10-100K)
Recommendation: Coldcard Mk4 or BitBox02 Bitcoin-only
Why:
- Enhanced security
- Air-gapped mode available
- Favorable jurisdiction (Canada/Switzerland)
Recommended Configuration:
- Mandatory passphrase
- Air-gapped mode activated
- Seed backup on steel
- Consider 2-of-3 multisig
Expert / Whale (> €100K)
Recommendation: 2-of-3 Multisig with Coldcard + Seedsigner + Foundation
Why:
- No single point of failure
- Geographic diversification of devices
- Maximum resilience
Configuration:
- 2-of-3 multisig via Sparrow
- Devices stored in separate locations
- Documented recovery procedure
Active Trader
Recommendation: Ledger Nano X (practicality) + Coldcard (main storage)
Configuration:
- Ledger for hot wallet (trading)
- Coldcard for cold storage (holding)
- Limit amounts on hot wallet
Long-Term HODLer
Recommendation: Coldcard or Foundation Passport
Why:
- Bitcoin-only = no distraction
- Air-gapped = maximum security
- No connectivity needed
DeFi User
Recommendation: Ledger or Keystone
Why:
- Broad altcoin support needed
- WalletConnect for dApps
- Screen for transaction verification
Caution: DeFi involves risks (smart contracts, bridges) that the hardware wallet cannot eliminate.
Sovereign Bitcoin Maximalist
Recommendation: Coldcard + Seedsigner in multisig
Ultimate Configuration:
- Coldcard as primary device
- Seedsigner as secondary signing device
- Personal Bitcoin node (Umbrel, RaspiBlitz)
- Sparrow Wallet connected to your node
- Seed backup on separate steel plates
European Regulatory Considerations
Why Ledger Recover changes everything and makes non-EU wallets essential.
Impact of Ledger and French Regulation
Ledger is a French company, subject to French and European law. This implies:
- Judicial requisitions: French authorities can require information
- LPM 2024 regulation: Possibility of digital asset requisition
- DAC8 2026: Reporting obligations for service providers
Ledger Recover: What It Reveals About the Architecture
Ledger Recover demonstrates that the architecture technically allows extraction of private keys from the Secure Element. This capability exists, regardless of whether the service is "optional."
Implications:
- A firmware update could theoretically extract keys
- This update could be imposed by legal means
- User consent can be bypassed in certain legal scenarios
Non-European Wallet Advantages
| Jurisdiction | Advantages |
|---|---|
| Canada (Coldcard) | Common law, no EU obligation, geographic distance |
| USA (Foundation, Blockstream) | 4th Amendment, privacy culture, strong crypto industry |
| Switzerland (BitBox02) | Historical neutrality, not EU member, banking secrecy |
The Central Question
Who are you protecting yourself against?
- Hackers: All listed wallets are secure
- Thieves: PIN + passphrase suffice
- Regulators: Non-EU jurisdiction + air-gapped recommended
- State seizure: Geographically distributed multisig
Multisig Configuration
Recommended 2-of-3 combinations to eliminate any single point of failure.
Why Multisig?
Multisig (multi-signature) requires multiple signatures to spend funds. A 2-of-3 setup means:
- 3 keys exist
- 2 keys are needed to sign
- 1 key can be lost without losing funds
Recommended 2-of-3 Combinations
| Combination | Advantages |
|---|---|
| Coldcard + Seedsigner + Foundation | Three jurisdictions, all open source |
| Coldcard + BitBox02 + Jade | Mix of Secure Element and non-SE |
| 2x Coldcard + 1x Seedsigner | Coldcard redundancy, Seedsigner backup |
Inter-Manufacturer Compatibility
The PSBT (BIP-174) standard enables interoperability. Test compatibility before putting into production.
Coordinators (Sparrow, Specter)
- Sparrow Wallet: Recommended, excellent multisig support
- Specter Desktop: Alternative, different interface
- Caravan (Unchained): Web-based option
FAQ
Ledger or Trezor in 2025?
Short answer: Neither is the best choice for maximum sovereignty.
- Ledger: Excellent technical security, but closed architecture and problematic French jurisdiction
- Trezor: Open source, but EU jurisdiction (Czech Republic)
Better alternatives: Coldcard (Canada), Foundation (USA), BitBox02 (Switzerland)
Should I Fear a Security Breach?
Major hardware wallets have never had a breach allowing remote key extraction. Known vulnerabilities require:
- Prolonged physical access
- Specialized equipment
- Absence of passphrase
With a strong passphrase, even physical seed extraction is insufficient.
Can I Buy Second-Hand?
Not recommended. Risks:
- Modified device (malicious firmware)
- Supply chain compromise
- Seed generated by the previous owner
If you do it anyway:
- Reset completely
- Verify firmware
- Generate a new seed
- Never use a "pre-provided" seed
How to Verify Authenticity?
- Buy on the manufacturer's official website
- Check anti-tamper seals
- Use the official app for verification
- Compare the serial number if applicable
Is One Wallet Enough for All My Assets?
For significant amounts: NO.
Recommendations by threshold:
- < €10K: One wallet + passphrase is sufficient
- €10-100K: Consider a second wallet or multisig
-
€100K: 2-of-3 multisig strongly recommended
The cost of a second device (~€150) is negligible compared to the risk.
Conclusion
Recommendation Summary
| Criteria | Recommendation |
|---|---|
| Maximum sovereignty | Coldcard or Foundation Passport |
| Best value for money | Jade or Trezor Safe 3 |
| Secure multisig | Coldcard + Seedsigner + Foundation |
| Cautious beginner | BitBox02 or Trezor Safe 3 |
| Active trader | Ledger Nano X + Coldcard |
The Importance of Personal Choice
There is no universal "best" hardware wallet. The choice depends on:
- Your threat model (who are you protecting against?)
- Your technical skills
- Your budget
- Your convictions (jurisdiction, open source, etc.)
The Real Criterion: Who Controls Your Keys Ultimately?
Beyond technical specifications, ask yourself this question:
If tomorrow a government demanded access to my funds, could my wallet manufacturer technically comply?
- Coldcard/Foundation/Seedsigner: No — air-gapped, non-EU jurisdiction, no extraction capability
- BitBox02: Very difficult — Switzerland, open source
- Trezor: Difficult — Open source, but EU
- Ledger: Technically possible — Ledger Recover proves the capability
Sovereignty as the Main Criterion
In a world of increasing surveillance and ever more intrusive regulations, the choice of your hardware wallet is a political choice as much as a technical one.
Choosing a wallet that maximizes your sovereignty means:
- Refusing to depend on a third party for access to your funds
- Ensuring no update can compromise your keys
- Anticipating unfavorable regulatory changes
The Bitcoin you accumulate deserves protection commensurate with its value — and your convictions.
Article updated December 21, 2025 Prices and availability may vary. Check on the manufacturers' official websites.