Evidence reviewed 2026-07-14Model bctb-wallet-fit-review v1.0Hardware approaches 6Security score Deliberately omitted
Self-custody decision guide

Best Crypto Wallets 2026: Match the Wallet to Your Threat Model

The useful question is not which device wins a universal ranking. It is which combination of signer, software, backup, transaction display, and recovery process makes your most likely failure visible and recoverable.

Failure modes separatedLab findings scopedRecovery is a hard gateNo affiliate winner
Decision boundaryChoose by failure mode

No wallet is the safest for every person. Choose the device, backup design, signing flow, and software companion whose failures you can detect and recover from. A purchase stays blocked until authenticity, recovery, transaction inspection, wallet separation, and inheritance checks all pass.

Primary risk
Operational and product-dependent
Default split
Vault + active wallet
Recovery
Test before funding
Winner
None for every user
02 / Threat model

Start with the loss you need to prevent

This 2026 rebuild replaces the old universal ranking with a failure-mode fit model. It compares six current hardware approaches, keeps vendor claims separate from independent laboratory disclosures, and treats recovery rehearsal and transaction inspection as hard gates rather than optional setup tips.

Backup loss

ControlGeographically separate durable backups and a tested restore

LimitMore copies increase theft and coercion exposure.

Backup theft

ControlThreshold shares, a well-understood passphrase, or controlled physical separation

LimitA forgotten passphrase or unavailable share can be indistinguishable from theft loss.

Blind signing

ControlTrusted-display verification and clear signing for the exact supported action

LimitUnsupported contracts may still appear as hashes or opaque data.

Device or supply-chain compromise

ControlOfficial purchase path, authenticity checks, firmware verification, and a newly generated backup

LimitAuthenticity checks reduce risk; they do not prove every component or build is defect-free.

Physical extraction

ControlSecure-element design, PIN policy, passphrase or share separation, and realistic possession assumptions

LimitPublished attacks differ in cost, prerequisites, destructiveness, scope, and whether key material is actually reachable.

Inheritance failure

ControlPlain-language inventory, tested instructions, role separation, and periodic rehearsal

LimitA secret plan that heirs cannot locate or execute is not a recovery plan.

Wallet Fit Model v1.0No aggregate security score

Which loss is more plausible for you: backup loss, backup theft, blind signing, device compromise, physical extraction, software error, or an heir who cannot recover the funds?

01Asset and network fit

Does the exact device and companion support the intended network and transaction type?

02Trusted transaction inspection

Can the user verify the full address, amount, network, and decoded action on a trusted device?

03Software and hardware transparency

Which firmware, operating-system, secure-element, and build claims can independent reviewers inspect?

04Recovery and inheritance

Can the backup survive loss, theft, damage, coercion, and the original user's absence?

05Physical attack assumptions

What access, equipment, cost, and prerequisites are required by published physical attacks?

06Operational fit

Will the owner actually update, verify, separate wallets, and rehearse the chosen workflow?

03 / Current comparison

Six devices, six different operating boundaries

This table describes product fit as reviewed, not a one-to-six safety ranking. Any unsupported network, missing trusted display, unacceptable source boundary, or untested recovery path is a hard mismatch regardless of position.

DeviceBest fitScopeDisplaySource boundaryRecovery
Trezor Safe 7Open-source premium all-rounderA buyer who values open design, a large display, full iOS support, and broad asset coverage.Broad multichain support; verify the exact asset and companion before use2.5-inch color touchscreenOpen / reviewable12-, 20-, or 24-word and multi-share backup options
Ledger Nano Gen5Polished multichain ecosystemA buyer prioritizing broad network support, a polished companion ecosystem, and a larger display.Broad multichain support through Ledger's app ecosystem; verify exact transaction decoding2.8-inch E Ink touchscreenPartially reviewableRecovery words, included offline Recovery Key, and optional paid Ledger Recover service
BitBox02 NovaTransparent, focused self-custodyA Bitcoin or focused EVM user who prefers open firmware, reproducible builds, and a simple companion app.Native app focus on BTC, LTC, and ETH; selected EVM and Cardano flows use third-party companions; no native SOL or XRP supportCompact device display with touch controlsOpen / reviewablemicroSD backup plus optional BIP39 recovery words
COLDCARD Mk5Bitcoin-only advanced vaultAn experienced Bitcoin user who can operate PSBT, fee, UTXO, and multisig workflows deliberately.Bitcoin onlyDedicated screen and numeric keypadOpen / reviewableBitcoin recovery words and advanced backup or multisig workflows
Keystone 3 ProQR-first multichain signerA multichain user who prefers animated QR transfer and a large signing display.Vendor states 5,500+ assets and 45+ software-wallet integrations; exact support must be checked4-inch touchscreen with camera-based QR workflowOpen / reviewableBIP39 and Shamir options, passphrases, and up to three wallet profiles
Tangem Wallet 2.0Phone-and-card convenienceA convenience-first mobile user who understands that the phone, not the card, displays transaction details.Broad vendor-listed multichain support through the mobile app; verify exact networks and tokensNo independent display on the card; the phone is the transaction interfaceClosed firmwareSeedless backup cards or optional BIP39 recovery words

Model names, prices, stock, supported assets, companion-wallet compatibility, firmware versions, security advisories, and transaction-decoding coverage can change. Recheck the exact product and intended network on official pages immediately before purchase or signing. A supported asset count does not prove that every transaction will be decoded clearly on the trusted display.

04 / Product evidence

Manufacturer claims and laboratory findings stay separate

Physical attack research is easy to overstate. The entries below preserve who made each statement, what prerequisites were reported, and where editorial interpretation begins.

01
Open-source premium all-rounder

Trezor Safe 7

Strong fit for broad asset support, a large trusted display, and multi-share recovery, provided the buyer accepts the disclosed TROPIC01 physical-lab issue and Trezor's layered response.

Vendor claimTrezor describes Safe 7 as an open-source device with two secure elements plus an MCU, a large touchscreen, USB-C, Bluetooth, full iOS support, and multi-share backup support.

Independent lab findingLedger Donjon reported a laser fault-injection path against TROPIC01 firmware verification and later attack stages after invasive chip access and arbitrary-code prerequisites.

Vendor claimTrezor says Safe 7 uses three independent security layers, does not store keys or backups on TROPIC01, and that the disclosed path does not expose customer funds remotely.

Editorial interpretationThe disclosure is not a remote exploit and requires specialist physical work, but the hardware issue cannot be patched. It belongs in the purchase decision rather than being dismissed or generalized into total compromise.

Hard stopRead both the independent TROPIC01 disclosure and Trezor's response. Decide whether the required physical access, laboratory capability, layered key isolation, and unpatchable chip issue fit your threat model.

02
Polished multichain ecosystem

Ledger Nano Gen5

Strong fit for broad multichain use and a larger signing display; not a fit when fully reviewable firmware is a hard requirement or optional identity-based recovery is outside the user's trust boundary.

Vendor claimLedger lists a 2.8-inch E Ink touchscreen, USB-C, Bluetooth, NFC, Secure Element protection, broad asset support, and an included PIN-protected Recovery Key.

Vendor claimLedger states that Ledger apps, SDKs, and several components are open while parts of Ledger OS and low-level code cannot be fully open because of secure-element supplier agreements.

Vendor claimLedger Recover is an optional subscription that encrypts and divides recovery material into three fragments, with two required for identity-verified recovery.

Editorial interpretationThe optional service is not forced, but it creates a different trust model. Partial reviewability is a hard mismatch for users whose policy requires fully inspectable firmware.

Hard stopDocument whether Ledger Recover will remain disabled or be accepted. Review the service terms, identity process, fragment model, and jurisdictional trust before subscribing.

03
Transparent, focused self-custody

BitBox02 Nova

Strong fit for Bitcoin or a focused EVM portfolio when open firmware, reproducible builds, a compact workflow, and optional iOS connectivity matter more than broad native asset coverage.

Vendor claimBitBox describes open-source firmware and app code, reproducible builds, a dual-chip architecture, an EAL6+ secure chip, and microSD-based backup.

Vendor claimNova supports desktop, Android, and iOS through USB-C and optional Bluetooth Low Energy that can be disabled.

Editorial interpretationIts narrower first-party asset scope is a benefit only when it matches the portfolio. It is a hard mismatch for unsupported networks, not a reason to improvise with an unverified integration.

Hard stopVerify the exact network in the current support matrix. Do not infer Solana, XRP, token, NFT, or contract support from general EVM compatibility.

04
Bitcoin-only advanced vault

COLDCARD Mk5

Strong fit for experienced Bitcoin users who want PSBT, air-gapped options, multisig tooling, and a narrow Bitcoin-only threat surface; poor fit for multichain or convenience-first use.

Vendor claimCoinkite describes Mk5 as a Bitcoin-only signer with dual secure elements, open and reproducible firmware, microSD, NFC, USB-C, multisig, and advanced transaction controls.

Editorial interpretationThe narrow scope reduces unsupported-network ambiguity, but the advanced workflow transfers more responsibility to the owner. A mismanaged PSBT or backup remains an operational failure.

Hard stopComplete a full PSBT round trip and recovery rehearsal before funding. Bitcoin-only and air-gapped do not compensate for an owner who cannot verify files, addresses, fees, change, or backups.

05
QR-first multichain signer

Keystone 3 Pro

Strong fit for QR-first multichain users who want a large display and multiple firmware tracks, provided they verify the exact third-party wallet, firmware, and transaction-decoding path.

Vendor claimKeystone lists a 4-inch touchscreen, QR air-gapped signing, three secure elements, open-source firmware, Shamir recovery, fingerprint support, and three wallet profiles.

Vendor claimKeystone publishes separate multi-coin, Cypherpunk, and Bitcoin-only firmware and claims support for more than 5,500 assets through more than 45 software wallets.

Editorial interpretationBreadth is integration-dependent. Every companion and transaction type must be verified independently; asset-count marketing is not clear-signing evidence.

Hard stopConfirm the exact multi, Bitcoin-only, or Cypherpunk firmware, companion version, network, derivation path, QR format, and decoded display before moving funds.

06
Phone-and-card convenience

Tangem Wallet 2.0

A convenience fit only for users who explicitly accept a phone as the transaction display, closed immutable card firmware, and the disclosed invasive physical attack; not the default high-value vault choice in this model.

Vendor claimTangem describes an EAL6+ card, seedless multi-card backup or BIP39 mode, broad mobile asset support, audited firmware, and an immutable design.

Vendor claimTangem states that card firmware is closed, uses a security-through-obscurity approach, and cannot be updated after manufacture.

Independent lab findingLedger Donjon reported an invasive laser-fault method that can reset the access code on one card without the original code or backup card after specialist physical work.

Vendor claimTangem says the destructive attack is expensive, non-scalable, requires prolonged possession, and does not reveal who owns a card or what assets it controls.

Editorial interpretationThe finding is not remote and does not justify a broad panic claim. It is still material for a stolen-card physical threat model, and affected immutable cards cannot receive a firmware patch.

Hard stopRead the Donjon disclosure and Tangem response, then document acceptance of the no-display model, closed immutable firmware, destructive physical attack requirements, and inability to patch cards already in circulation.

05 / Fit finder and funding gate

Filter by workflow, then try to disqualify the result

The tool ranks compatibility with your stated policy. A device can appear first and still remain blocked by its product-specific disclosure, an unsupported transaction, or any failed funding gate.

Interactive decision tool

Find a workflow fit, not a security winner

Selections only filter product fit. They do not produce a safety score, endorsement, or substitute for the hard-stop checks.

Open-source premium all-rounder

Trezor Safe 7

Strong fit

Strong fit for broad asset support, a large trusted display, and multi-share recovery, provided the buyer accepts the disclosed TROPIC01 physical-lab issue and Trezor's layered response.

No fit conflict found

Matched: Asset scope, Use case, Platform, Connection, Transparency preference, Recovery style, Trusted display. Continue to the product disclosure and all six hard stops.

Assets
Broad multichain support; verify the exact asset and companion before use
Display
2.5-inch color touchscreen
Connection
USB-C and Bluetooth
Recovery
12-, 20-, or 24-word and multi-share backup options
Potential fit

A buyer who values open design, a large display, full iOS support, and broad asset coverage.

A household prepared to rehearse a multi-share recovery and document inheritance.

Not a fit

A buyer who will not accept a product carrying a new, hardware-level physical-lab disclosure.

A minimalist Bitcoin-only user who does not need wireless, battery, or broad ecosystem features.

Product-specific hard stop

Read both the independent TROPIC01 disclosure and Trezor's response. Decide whether the required physical access, laboratory capability, layered key isolation, and unpatchable chip issue fit your threat model.

Funding gate

Six checks before material funds

Not cleared0 of 6 answered
01

Buy only from the manufacturer or an authorized seller and complete every authenticity check before setup.

02

The device creates a new backup during setup; no prefilled words, PIN, or supplied recovery sheet is accepted.

03

A restore drill succeeds on a spare or compatible device with a tiny test amount before material funding.

04

The exact receive address, amount, network, fee, and human-readable transaction are verified on a trusted device display.

05

The vault address never connects to random dApps; active signing uses a separate, intentionally limited wallet.

06

A written inheritance and emergency plan exists, and backups are geographically separated without exposing one complete secret.

Passing these checks does not certify the wallet as safe. It only clears the minimum process for a tiny recovery and signing test.

06 / Recovery rehearsal

A restore drill is part of setup, not a future emergency

BIP39 recovery words are portable but operationally unforgiving. SLIP39 threshold shares can separate control but add coordination and compatibility risk. A passphrase creates another valid wallet, so a missing or mistyped passphrase can permanently hide the intended funds.

01

Initialize with no meaningful funds and record the exact model, firmware source, backup standard, derivation assumptions, and companion wallet.

02

Create the backup privately. Never photograph, upload, print through an online service, paste, or type recovery material into a website.

03

Receive a tiny amount, verify the address on the trusted display, and record the account or descriptor needed for later discovery.

04

Wipe or use a spare compatible device, restore from the documented backup path, and independently confirm the same addresses.

05

Send the tiny amount back out, checking destination, network, amount, change, fee, and any contract action on the trusted display.

06

Rehearse the process with the designated heir or recovery role without revealing more secret material than that role should hold.

Never digitize recovery material

Do not photograph, scan, upload, email, paste, cloud-sync, or enter words or shares into a website, support form, migration tool, or remote session.

07 / Transaction defense

Hardware protects keys, not bad decisions

Clear signing can reduce blind approvals only when the wallet supports and correctly decodes the exact action. Unknown data, unsupported contracts, compromised frontends, wrong networks, and unlimited allowances remain reasons to reject the transaction.

Match the asset, network, chain ID, token contract, account, and address format before funding.

Read the complete destination and amount on the signing device, not only on the phone or computer.

For contracts, require a decoded action and verify spender, allowance, token, amount, destination, and expiry where available.

Reject blind, opaque, unlimited, or unexplained approvals; clear signing helps only when the exact action is supported and decoded.

Keep the long-term vault separate from dApps, airdrops, bridges, experimental tokens, and routine mobile spending.

Vault wallet

Rare signing, no random dApps

Long-term assets, independently monitored addresses, deliberately slow withdrawals, and a rehearsed recovery path.

Active wallet

Limited balance, explicit risk budget

Routine dApps, bridges, experiments, and approvals stay isolated from the vault and are periodically revoked or abandoned.

08 / Software companions

Use software as an interface, not as proof of custody safety

Ethereum and EVM software companion

Rabby Wallet

Useful forUseful for transaction simulation, approval visibility, and connecting supported hardware wallets in EVM workflows.

BoundaryIt is software on a general-purpose device, not a replacement for a hardware signing device or an isolated vault address. Simulation and warnings can be incomplete.

Bitcoin desktop companion

Sparrow Wallet

Useful forUseful for PSBT, hardware-wallet coordination, multisig, UTXO control, fee control, watch-only monitoring, and Tor workflows.

BoundaryIt is a coordinator and interface, not the vault hardware itself. The computer, node connection, descriptors, change handling, and backup process still require verification.

Run scam checks Open buying checklist Cap total loss
09 / Audit trail

Source ledger, limitations, and corrections

Product pages establish current manufacturer specifications. Standards define recovery behavior. Independent laboratories establish scoped findings. Manufacturer responses provide architectural context. None of those source types may substitute for the others.

01
General security guidance / Bitcoin.org

Securing your wallet

SupportsOffline savings, backups, software updates, multisig, smaller active balances, and inheritance planning.

LimitGeneral guidance, not a product test or guarantee against every operational failure.

02

SupportsMnemonic lengths, entropy mapping, checksum, seed derivation, and optional passphrase behavior.

LimitA technical interoperability specification, not an endorsement of any backup storage or passphrase process.

04
Network security guidance / Ethereum.org

Ethereum security and scam prevention

SupportsWallet, phishing, approval, transaction, and seed-phrase risk guidance for Ethereum users.

LimitGeneral ecosystem guidance, not a hardware-wallet comparison.

05
Protocol and UX initiative / Ethereum Foundation

Ethereum Foundation announces clear signing initiative

SupportsThe need for human-readable transaction descriptions and open descriptor standards such as ERC-7730.

LimitAn initiative and standardization effort; clear signing depends on wallet and transaction support and cannot decode every action automatically.

06
Current product page / Trezor

Trezor Safe 7

SupportsManufacturer specifications for display, connectivity, architecture, recovery, platforms, and asset support.

LimitManufacturer claims; availability, compatibility, and firmware state can change.

07
Current product comparison / Trezor

Compare Trezor hardware wallets

SupportsRelative model features and supported workflows across the current Trezor lineup.

LimitManufacturer comparison, not an independent security ranking.

08
Manufacturer security response / Trezor

Trezor response to TROPIC01 chip disclosure

SupportsTrezor's description of Safe 7's layered architecture, key isolation, attack prerequisites, and customer-impact position.

LimitManufacturer interpretation of a disclosure affecting a component used in its product.

09
Independent laboratory disclosure / Ledger Donjon

TROPIC01 laser fault injection

SupportsPhysical laser-fault findings, firmware-verification bypass, prerequisites, and later attack stages against TROPIC01.

LimitComponent-level invasive laboratory work; it does not by itself establish remote compromise or extraction of Safe 7 user keys.

11
Current product comparison / Ledger

Ledger hardware wallet lineup

SupportsCurrent Ledger product positioning and lineup features.

LimitManufacturer shop page; price, stock, bundles, and specifications can change.

12
Current product announcement / Ledger

Introducing Ledger Nano Gen5

SupportsDisplay, connectivity, Secure Element, Ledger OS, Recovery Key, price-at-publication, and product positioning.

LimitManufacturer announcement, not an independent audit; price and availability are time-sensitive.

13
Transparency disclosure / Ledger

Is Ledger open source?

SupportsWhich Ledger components are open or reviewable and which low-level parts remain restricted.

LimitLedger's own description of its source-availability boundary.

14
Recovery product overview / Ledger

Ledger recovery solutions

SupportsDifferences among recovery words, the offline Recovery Key, and optional Ledger Recover.

LimitManufacturer overview; users must read current device and service terms.

15

SupportsIdentity-verified subscription, encrypted fragment, service-provider, eligibility, and recovery conditions.

LimitLegal terms can change and differ by jurisdiction; not a technical audit of service providers.

16
Current product overview / BitBox

BitBox hardware wallet

SupportsCurrent lineup, software, backup, and transparency positioning.

LimitManufacturer overview, not an independent security assessment.

17
Current product page / BitBox

BitBox02 Nova

SupportsNova connectivity, platform, backup, security, and user-interface specifications.

LimitManufacturer claims; exact compatibility and availability can change.

18
Architecture disclosure / BitBox Support

What makes a hardware wallet secure

SupportsBitBox's dual-chip, secure-chip, open-source, reproducible-build, and transaction-verification design claims.

LimitManufacturer explanation, not a complete independent evaluation of every component or build.

19
Current compatibility matrix / BitBox Support

Supported cryptocurrencies and networks

SupportsNative and third-party asset or network support plus explicit limitations such as SOL and XRP.

LimitCompatibility is version-dependent and does not guarantee every token or contract action is decoded.

20
Current product page / Coinkite

COLDCARD Mk5

SupportsBitcoin-only scope, keypad, display, dual secure elements, microSD, NFC, USB-C, PSBT, and advanced features.

LimitManufacturer claims; users must verify current firmware, companion compatibility, and workflow.

21
Product philosophy and transparency / Coinkite

About COLDCARD

SupportsBitcoin-only positioning, open-source and reproducible-firmware claims, and signing design.

LimitManufacturer description, not a complete independent product audit.

22
Technical documentation / Coinkite

COLDCARD technical specifications

SupportsCurrent model interfaces, components, and operating specifications.

LimitSpecifications may change by hardware revision and do not prove safe user operation.

23
Current availability reference / Coinkite

COLDCARD store

SupportsCurrent model availability and purchase channel.

LimitPrice, inventory, shipping, and bundles are time-sensitive.

24
Current product page / Keystone

Keystone 3 Pro

SupportsDisplay, secure elements, QR signing, recovery, profiles, and product specifications.

LimitManufacturer claims; price, stock, and compatibility can change.

25
Firmware registry / Keystone

Keystone firmware downloads

SupportsCurrent multi-coin, Cypherpunk, and Bitcoin-only firmware tracks and release paths.

LimitA release registry does not independently prove build reproducibility or transaction correctness.

26
Source and release history / KeystoneHQ GitHub

Keystone 3 firmware releases

SupportsPublic firmware release dates, notes, and downloadable artifacts.

LimitRepository visibility does not prove that a shipped device or binary exactly matches reviewed source.

27
Current compatibility matrix / Keystone

Supported wallets and assets

SupportsVendor-listed asset and companion-wallet breadth.

LimitVendor-listed support is integration-dependent and is not proof of clear signing for every action.

28
Architecture and audit overview / Tangem

Tangem security

SupportsSecure-element, certification, audit, backup, and firmware design claims.

LimitManufacturer claims and audit summaries; scope and current physical disclosures require separate review.

29
Current model comparison / Tangem Help Center

Tangem Wallet comparison

SupportsWallet-generation, seedless and seed modes, card backup, and model differences.

LimitManufacturer comparison, not an independent security ranking.

30
Firmware disclosure / Tangem Help Center

Tangem firmware authenticity and immutability

SupportsClosed-source, immutable firmware, authenticity checks, and the manufacturer's security-through-obscurity position.

LimitManufacturer explanation of a non-public firmware design; users cannot independently review the complete source.

31
Independent laboratory disclosure / Ledger Donjon

Bypassing Tangem card security with a laser attack

SupportsInvasive laser-fault method, password-reset result, affected card state, cost and physical prerequisites.

LimitSpecialist destructive physical attack; not a remote exploit, scalable theft method, or proof that every Tangem use case is compromised.

32
Manufacturer security response / Tangem

Tangem response to laser fault-injection research

SupportsTangem's assessment of possession time, equipment cost, destructiveness, scalability, anonymity, and practical risk.

LimitManufacturer interpretation of an independent finding affecting cards already in circulation.

33
Current software-wallet page / Rabby

Rabby Wallet

SupportsEVM wallet features, transaction simulation, risk prompts, and hardware-wallet connection positioning.

LimitProject claims; simulation and warnings can be incomplete and do not replace hardware signing or user verification.

34
Source repository / RabbyHub GitHub

Rabby open-source repository

SupportsPublic browser-extension source, releases, issue history, and license.

LimitRepository access does not prove that every installed build, dependency, or transaction simulation is safe.

35
Current software-wallet documentation / Sparrow Wallet

Sparrow Bitcoin Wallet

SupportsPSBT, hardware-wallet, multisig, UTXO, fee-control, watch-only, Tor, and licensing claims.

LimitA desktop coordinator and interface, not hardware key isolation or a guarantee against computer, node, or backup compromise.

Frequently asked questions

What is the best crypto hardware wallet in 2026?

There is no universal winner. Trezor Safe 7 fits open-source, broad multichain and large-display needs; Ledger Nano Gen5 fits a polished broad ecosystem; BitBox02 Nova fits a focused transparent workflow; COLDCARD Mk5 fits advanced Bitcoin-only vaults; Keystone 3 Pro fits QR-first multichain use; and Tangem fits a narrower phone-and-card convenience profile. The correct choice depends on the failure mode you can manage.

Does a hardware wallet protect me from scams and bad approvals?

Not automatically. It can isolate signing keys, but it cannot make a malicious contract safe, fix the wrong network or address, or guarantee that an opaque approval is understood. Use a separate active wallet and verify human-readable transaction details on a trusted display.

Are open-source wallets always safer?

Open code improves the possibility of review and reproducible builds, but it does not guarantee that a shipped device matches the code, that reviewers find every defect, or that the owner follows a safe process. Reviewability is one dimension, not a universal verdict.

Is air-gapped signing automatically safer?

No. QR or microSD separation can reduce direct connectivity, but malicious data, bad addresses, compromised coordinators, unsafe update files, and unread transaction details remain possible. The complete signing and recovery workflow matters.

What is the difference between BIP39 and SLIP39?

BIP39 converts entropy into portable recovery words and allows an optional passphrase. SLIP39 defines threshold Shamir mnemonic shares so a chosen number of shares can recover the secret. Compatibility and operational complexity differ, so test the exact recovery path before funding.

Should I use a passphrase?

Only if you can back it up and rehearse recovery without ambiguity. A passphrase can separate wallets even when recovery words are exposed, but a lost or mistyped passphrase creates a valid different wallet and can permanently hide the intended funds.

What do the Trezor and Tangem physical attack disclosures mean?

Both published findings require physical possession and specialist invasive laboratory work; neither is a remote internet exploit. Their scope and architecture differ. Read each lab disclosure and manufacturer response, then decide whether cost, prerequisites, key reachability, patchability, and your own theft risk make the issue material.

Where should I buy a hardware wallet?

Use the manufacturer's current site or an explicitly authorized seller, inspect the packaging and device, run authenticity checks, install firmware from the official source, and require the device to generate a fresh backup. Never use prefilled recovery words.

Version and correction log

2026-07-141.0

Replaced the 2022 legacy list with a failure-mode fit model, six current hardware approaches, two software companions, balanced physical-lab disclosures, six hard-stop gates, recovery rehearsal, source limitations, and machine-readable output.

Independent educational research, not financial, legal, tax, or personalized security advice. No device, recovery method, secure element, firmware, air gap, or signing workflow is guaranteed safe. Verify current products, firmware, sources, network support, advisories, transaction details, and recovery compatibility before use.