Top 9 Cryptocurrency Hardware Wallets for 2025 | Security Researcher Review
We review 9 different blockchain hardware wallets (cold wallets) to find out which wallet should security researchers use, and which wallets should non-technical users use.
A big thanks to Wallet Scrutiny, pcaversaccio, Officer’s Notes, and Justin Leroux for help on this topic.
You can skip to the end of this article to find my full spreadsheet I used to judge wallets, as well as the final recommendations. You can also watch the video on this topic and see me interact with the wallets in my video here where we go even deeper into the analysis of each wallet.
Introduction
As a security researcher in the EVM ecosystem, I tested nine different hardware wallets to answer the question: which hardware wallets were the best for making signing verification easy, and keeping my private key safe?
As someone who is on blockchain security councils, multisigs, and DAOs, I am very particular about verifying every piece of data that I sign on my wallet. Additionally, we are currently in an epidemic where many people sign transactions that they haven’t confirmed are doing what they would want them to do!
For example, the Radiant Capital team was hacked for $50M, while the Bybit exchange was hacked for $1.4B and in both cases, they could have been saved if they verified the data they were signing on their wallets.
So I want to know which wallet is the best for:
- Security researchers: Who can verify calldata and prefer maximal transparency
- Less technical users: Like Bybit CEO Ben Zhou, who has to sign transactions on wallets with a lot of money but may have less technical expertise.
Let’s begin.
Criteria
Before diving into the reviews, let’s establish what we are looking for in a hardware wallet. The primary purpose is simple: keep your private key safe. If it can’t do that, it fails at its core function. We won’t be considering any hardware wallets that do not fulfill this fundamental requirement.
Beyond this, I evaluated these wallets on several key criteria:
- Visibility of transaction calldata: How clearly can you see what you’re signing on both transactions and message signing?
- Open source status: Is the wallet’s code open source and reproducible? We use Wallet Scrutiny to help verify if a wallet is truly open-sourced (the Wallet Scrutiny team is not a big EVM fan, but they still help us with their reviews!)
- Security features: Secure elements, offline key generation, and backup methods.
For us, being able to easily verify our signature data was top of mind, as the easier it is to verify this data, the better we can prevent hacks like Radiant Captial and Bybit. I made a video that goes over all the information a wallet should show us, and why. The summary of that video can be found in the image here.
There are some things a wallet must show us; otherwise, it is disqualified from being used for any serious reasons. Then, there are some pieces of criteria that it would be nice if a wallet had that feature, but not a deal-breaker.
Methodology
For each wallet, I connected it to the Safe Wallet UI through MetaMask (when possible) to standardize testing across devices. I attempted to both:
- Sign an EIP-712 message
- Execute a transaction
To evaluate how well each device displayed critical data. In doing so, I played with settings, checked how they handled sending and receiving ETH, and more.
I’m going to be quite blunt with my reviews, so I don’t expect these to make me very popular. I hope the wallet companies read this article and either tell me where I went wrong, or make changes!
Let’s dive into the reviews.
Tangem
The Tangem Card Wallet is unique as a credit card-sized hardware device. It contains a secure element for private key generation and offers convenient tap-to-phone functionality.
Pros:
- Very portable form factor
- Simple to use for tap-based payments
- Good for small amounts and casual use
Cons:
- Closed source
- Requires dedicated mobile app
- No testnet support
- Completely fails to show calldata for transactions
- Limited display of signature data
For developers and security professionals, this wallet is unacceptable due to its inability to show transaction call data. You’re essentially signing transactions blindly. It might work for storing small amounts, but it’s not suitable for serious DeFi work.
Cypherock
The Cypherock wallet earns points for being open-source and reproducible, which is excellent. It has a secure element (EAL6+ rated) and uses a unique card-tapping system for transaction authorization.
Pros:
- Open-source and reproducible
- Secure element (EAL6+ rated)
Cons:
- Poor joystick navigation interface
- Shows no calldata for transactions
- Challenging user experience leads to security fatigue
Would I recommend it to security researchers? No.
Although the Cypherock shows some signature data, it completely fails to display calldata for transactions, which is a deal-breaker for professional use. The joystick interface can cause security fatigue, making users more likely to approve transactions without proper verification.
Keystone 3 Pro
The Keystone 3 Pro features a touchscreen interface that makes it much easier to navigate. It’s reproducible open source according to the Wallet Scrutiny team and connects to MetaMask via an innovative QR code system.
Pros:
- Verified open source
- Touchscreen interface
- Shows EIP-712 signature data
- QR code connectivity solution
Cons:
- Inconsistent calldata decoding
- Missing or truncated decoded calldata
- No option to view raw calldata
Would I recommend it to security researchers? No, it’s too buggy.
The Keystone Pro started strong but fell short. While it displays EIP-712 signature data adequately, its call data decoding is unreliable and inconsistent. The wallet attempts to decode call data but often displays it incorrectly or incompletely, which can be worse than not decoding it at all. There’s no option to view the raw call data as a fallback.
Trezor Model T
The Trezor Model T represents a solid baseline wallet. It’s open source and verified by Wallet Scrutiny, but lacks a secure element (which the newer Safe 5 model includes).
Pros:
- Open source and verified
- Shows full calldata
- Testnet support
- Good default wallet
Cons:
- No secure element
- Small touchscreen
- One-at-a-time data display (security fatigue)
- Raw calldata in difficult-to-verify format
Would I recommend it to security researchers? No, just use the Trezor Safe 5 instead.
The Trezor Model T does show all necessary data, but the format is difficult to work with. The calldata is presented in a way that makes verification challenging. Additionally, the lack of a secure element is concerning for high-value storage. With the Trezor Safe 5 now available, there’s little reason to choose the Model T.
Trezor Safe 5
The Trezor Safe 5 improves on the Model T with a secure element and larger touchscreen with haptic feedback.
Pros:
- Open source and verified
- Secure element (EAL6+ rated)
- Larger touchscreen with haptic feedback
- Shows all calldata
Cons:
- Unintuitive navigation for viewing call data
- Difficult to extract calldata for verification
- No decoding of calldata
Would I recommend it to security researchers? Yes, for technical users.
The Trezor Safe 5 is a good choice for technical users who can verify raw calldata. The UI has some unintuitive elements, especially when reviewing transaction data, but it does show all necessary information for proper verification. Its open-source nature is a significant advantage for security-conscious users.
Ledger Nano X
The Ledger Nano X has been a popular wallet for years but has some significant limitations.
Pros:
- Shows domain hash and message hash for signatures (HUGE PRO)
- Solid track record of secure hardware
- Good firmware verification
Cons:
- Closed source
- Poor two-button interface
- Confusing “blind signing” terminology
- Bizarre format for displaying calldata
- Device closes too frequently
Would I recommend it to security researchers? Probably not.
While the Ledger Nano X does well with displaying signature hashes (one of the few wallets to do so through MetaMask), its presentation of calldata is nearly unusable. The “debug contracts” setting is confusingly named, and the call data is displayed in a proprietary format that’s difficult to verify. Given that the Ledger Flex exists, there’s little reason to choose the Nano X.
Ledger Flex
The Ledger Flex significantly improves on the Nano X with a secure screen and better usability.
Pros:
- Shows domain hash and message hash for signatures
- Secure screen
- Excellent button feel and usability
- Stays active longer than Nano X
Cons:
- Closed source
- Same confusing calldata display as Nano X
- “Debug contracts” setting for viewing calldata
Would I recommend it to security researchers? Yes, with the caveat of being closed-source.
The Ledger Flex excels at showing domain and message hashes for signatures, making verification much easier than most other wallets. However, it uses the same poor format for displaying call data as the Nano X. If you’re comfortable with a closed-source solution, the Flex is a solid choice, especially for signature verification.
Onekey Pro
The Onekey Pro claims to be open source but failed Wallet Scrutiny’s reproducibility tests.
Pros:
- Excellent haptic feedback
- Air gap mode
- EAL6+ secure element
- Shows all signature and calldata
Cons:
- Not truly reproducible open-source
- No display of domain/message hash
- Calldata not decoded
Would I recommend it to security researchers? Yes, if closed source isn’t a concern.
The Onekey Pro has excellent hardware and usability but falls short of being truly open-source. It shows all necessary data for signatures and transactions but doesn’t decode call data or display hashes for easier verification. With a few improvements and true open-source status, this could be an outstanding wallet.
Grid Lattice Plus
The Grid Lattice Plus is the highest-rated wallet in this review despite being closed-source.
Pros:
- Extensive screen real estate
- Fantastic calldata decoding, including nested transactions
- Smooth user interface
- EAL6+ secure element
Cons:
- Closed source (proprietary chip)
- Bulky form factor
- No option to view raw calldata
Would I recommend it to security researchers? Yes, if you’re comfortable with closed source.
The Grid Lattice Plus offers the best call data decoding of any wallet tested, even handling nested transactions. This feature is invaluable for non-technical users. However, it lacks an option to view raw calldata, which some technical users might prefer. The closed-source nature remains a concern for maximum security.
Summary and Conclusion
After reviewing nine hardware wallets, it’s clear there’s no perfect solution — each involves trade-offs.
If open source is a priority, the Trezor Safe 5 offers the best balance of security and usability, though verifying call data remains challenging.
For those comfortable with closed-source solutions:
- The Grid Lattice Plus provides unmatched transaction decoding
- The Ledger Flex excels at signature verification
- The Onekey Pro offers excellent overall usability
Remember that the primary goal of a hardware wallet is to keep your private keys safe while allowing you to verify what you’re signing. If you can’t understand what you’re signing, you shouldn’t proceed with the transaction, regardless of which wallet you use.
For developers and security researchers in the EVM ecosystem, I recommend selecting a wallet that aligns with your specific priorities — whether that’s open-source verification, ease of transaction decoding, or signature verification capabilities.
More Data
Here is a screenshot of my spreadsheet I used to help track each wallet, as well as what exact version I used for each. I have several more wallets I’ve ordered that I plan to test very soon! But you should be able to follow my methodology I laid out here to decide for yourself too!
For more amazing blockchain content, follow me on YouTube and X.
And be sure to follow the Cyfrin team!
