An in-depth look at several major hardware wallets and what they -claim- to do
2 min read
NOTE: Everything below is based on what the manufacturers are claiming to do. If anyone knows of specific security articles attacking various devices, please share them and I will update this post accordingly.
Also if anyone knows the data for any blank boxes, please share so I can update.
We don’t know if any of these devices do what the manufacturer’s claim. This is particularly a danger with closed source devices.
SECURITY ARTICLES:
TREZOR:
OLED Vulnerability (Trezor 1) https://blog.trezor.io/details-of-the-oled-vulnerability-and-its-mitigation-d331c4e2001a
ELLIPAL:
Ledger destroyed the security of the old version of the Ellipal and showed why USB ports can’t exist on “air-gapped” devices: https://www.ledger.com/blog/Ellipal-Security
In response, Ellipal released the Titan model and said this: https://www.ellipal.com/blogs/news/ledger-donjon-vulnerability-study-and-the-development-of-the-ellipal-titan
To Ellipal’s credit, they did remove the USB port.
I’m currently looking for more security articles. I will update this as I have time. Please share if you know.
SPECIFICATIONS AS CLAIMED ON THE VARIOUS MANUFACTURER’S WEBSITES:
WALLET ORIGIN COINS SUPPORTED SECURITY SECURE ELEMENT OPEN SOURCE CONTRACT DATA SHOWN? UNIQUE POTENTIAL ATTACK VECTORS NOTES MFG WEBSITE WITH COIN LIST Ledger French Almost all EAL 5+ Yes No Yes Seed Recover Program https://www.ledger.com/supported-crypto-assets Trezor Czech Republic Many but not all EAL 5+ No (except Trezor 3) Yes https://trezor.io/coins BitBox 02 Switzerland BTC, ETH & EVM, ADA Yes Yes Yes https://bitbox.swiss/coins/ NGRAVE Zero Belgium BTC, ETH, EGLD EAL 7 No Yes Fingerprint sensor; USB port Claims to be “true air-gapped” but has USB port https://www.ngrave.io/en/roadmap Keystone 3 BTC & ETH PCI (?) Yes Yes https://keyst.one/supported-wallets-and-assets?type=assets OneKey Touch BTC, ETH, few others Yes Yes https://onekey.so/tokens/ Tangem Switzerland Almost all EAL 6+ Yes Yes Seed only secure if generated by Tangem Unique “credit card” design https://tangem.com/en/help_center/supported-assets/#a5728040199453 Safepal China Almost all EAL 5+ USB Port; dubious claims on website; have own SFP token Claims to be “true air-gapped” but has USB port https://www.safepal.com/en/coin/lists Ellipal Almost all EAL 5+ Yes No Major security concerns demonstrated by Ledger; Ellipal claims to have fixed it Claims “true air-gapped”. They removed the USB in response to Ledger’s security attack. https://www.ellipal.com/pages/coin-list Blockstream Jade BTC Yes N/A ColdCard BTC N/A
submitted by /u/EvilLost
[link] [comments]
