As Bitcoin prices rise, the importance of encouraging users to move their assets off exchanges and into secure, self-custodied storage has never been greater. For most individuals, hardware wallets remain the gold standard for safeguarding significant cryptocurrency holdings.
Yet with a crowded market of devices making bold claims, how can users truly evaluate the security, transparency, and trustworthiness of a hardware wallet?
Foundation Devices emphasizes that many new entrants in the space are misrepresenting the openness of their security modules and overall design integrity. The blockchain industry must hold itself accountable by adopting clear disclosure standards—ensuring buyers make informed decisions when purchasing these critical tools.
Below is a comprehensive framework for assessing hardware wallets, grounded in technical rigor and user empowerment. No rankings are implied; all brand references have been anonymized to maintain neutrality.
1. Is the Security Module Open Source?
Transparency begins with openness. A hardware wallet is either open source or it is not—there is no middle ground. If any part of the design is hidden (undisclosed circuitry, redacted component data, or closed firmware), the device is closed-source.
Alarmingly, some manufacturers use misleading language around "open source." For example:
- One company claimed to offer the “first open-source secure element firmware” in the industry—while keeping its operating system closed.
- Another advertised open schematics and bill of materials (BOM), but omitted critical details like secure chip specifications and full component documentation.
- A third openly shared application-layer code while concealing the fact that the underlying device firmware remains proprietary.
👉 Discover how truly transparent your wallet really is—check what’s under the hood.
Such practices mislead consumers who assume “open source” means full audibility by the cryptographic community. Real open-source hardware demands effort: complete documentation, build instructions, readable schematics, standardized file formats, and full BOMs with datasheets.
To ensure credibility, we recommend all hardware wallet developers adhere to the OSHWA Certification standard and license their designs under the CERN Open Hardware License (OHL)—a robust framework covering edge cases like NDAs on component datasheets.
To date, no known hardware wallet meets OSHWA standards or is fully licensed under CERN OHL.
2. Are Components Trustworthy?
No hardware can be fully trustless—we rely on third-party components and global supply chains. Instead, we aim for trustworthy components from reputable sources.
Key components to scrutinize:
Screen
Does it include a proprietary processor running closed firmware? Most high-resolution displays do. Is the supply chain transparent? AMOLED and E-Ink panels often come from specialized, opaque supply chains. Who manufactures it—Sharp or an obscure OEM?
Touch Panel
If used instead of physical buttons, does the touch controller contain a hidden CPU with closed firmware? Most multi-touch controllers do.
Microcontroller (MCU)
Is it made by a known vendor like NXP, STMicroelectronics (STM), or Microchip—or an unknown Chinese supplier?
Secure Element
Is it a “dumb” chip that stores keys without executing code, or does it run its own firmware and OS? Is that firmware open? Can users verify what’s running inside? Is the manufacturer reputable?
Camera
Many cameras include processors running closed firmware. Does the wallet sanitize input from such components? Can this be verified via open-source code?
Lithium-Ion Battery
Some batteries include embedded controllers. Could they be exploited to monitor power usage and leak information?
We’re inspired by the work of hardware expert bunnie, whose research highlights the challenges of building verifiable, trustworthy devices in a globalized world.
3. Is the Supply Chain Transparent?
Most hardware companies outsource manufacturing. Full transparency helps users assess risk.
Manufacturers should disclose:
- Suppliers of key components: Screen, touch panel, secure element, camera, battery.
- Third-party engineering firms: Especially those involved in design (e.g., U.S.-based company outsourcing to Chinese engineers).
- Contract manufacturer location: While specific names may be withheld for security, general production regions (e.g., Shenzhen, Dongguan) should be disclosed.
This information allows informed risk assessment—especially important given geopolitical and tampering concerns.
4. Are Features Real or Promised?
Hardware evolves—but buyers must evaluate based on current capabilities, not future promises.
We’ve observed startups claiming they’ll “open-source later” or “add PSBT support in v2.” Some even encourage users to run closed, unaudited mobile apps today while promising audits “down the line.”
One developer admitted:
"We feel comfortable asking users to run our app—we just believe auditing before open-sourcing is more responsible."
This logic fails: users are being asked to trust unaudited, closed-source software with their private keys—precisely what hardware wallets aim to prevent.
👉 See why real-time functionality matters more than future promises.
Honest vendors ship secure, functional products now. Roadmaps are fine—but marketing must reflect shipped reality.
5. Are Claims Honest?
Marketing hype undermines trust. Consider these real claims:
"Hackers can't even attempt to steal your crypto."
"The first Bitcoin wallet immune to physical attacks."
"Unbreakable protection through innovative key recovery."
"Built with the most secure chip on the market."
These statements range from misleading to outright false. No device is unhackable. No chip is universally “the most secure.” Security depends on implementation, not slogans.
Manufacturers must avoid conflating opinion with fact. These aren’t kitchen gadgets—they protect life-changing wealth.
6. Is Certification Being Used as a Shield?
Some brands highlight security certifications like EAL5+ or claim EAL7—the highest level. But certifications have limitations:
- Paid by vendors: Certification bodies are paid by manufacturers—creating potential bias.
- Limited scope: Tests cover predefined scenarios, not real-world attack vectors.
- Not a substitute for auditability: A certified closed system is still a black box.
One company claimed its firmware achieved EAL7 while remaining closed-source, stating:
"We’ll release much of our code on GitHub—but our secure firmware stays closed. It’s certified at EAL7."
For non-experts, this sounds reassuring. In reality, it replaces transparency with a marketing-approved stamp.
Certifications can complement openness—but never replace it.
7. Does It Support PSBT?
Partially Signed Bitcoin Transactions (PSBT) are a standard format enabling interoperability across wallets and signing devices.
A hardware wallet that doesn’t support PSBT:
- Locks users into closed ecosystems
- Hinders multisig adoption
- Increases integration difficulty for software developers
Support for PSBT is not optional for a modern Bitcoin tool—it’s essential for user freedom and ecosystem innovation.
Frequently Asked Questions (FAQ)
Q: Why does open source matter for hardware wallets?
A: Open source allows independent experts to audit code and design for vulnerabilities. Without it, users must blindly trust manufacturers—a dangerous proposition for high-value assets.
Q: Can a certified wallet still be unsafe?
A: Yes. Certifications test limited scenarios and don’t guarantee real-world security—especially if the system remains closed-source and unaudited by the community.
Q: What’s wrong with “we’ll open-source later”?
A: Delayed openness means current users are running unverified software. Security-critical tools should be transparent from day one.
Q: Why is PSBT support important?
A: PSBT enables seamless integration between different wallets and services, empowering users to build custom setups—especially for multisig and privacy-preserving workflows.
Q: How can I verify a wallet’s claims?
A: Check if schematics, firmware, and BOMs are publicly available and complete. Look for third-party teardowns, community audits, and developer documentation.
Q: Should I avoid all closed-source wallets?
A: Not necessarily—but you should understand the trade-offs. Closed-source devices require higher trust in the manufacturer and offer less long-term assurance.
Final Thoughts
The rise of Bitcoin demands higher accountability in hardware security. Consumers deserve clarity—not marketing spin—when choosing how to protect their assets.
By applying these seven criteria—open source status, component trustworthiness, supply chain transparency, feature honesty, truthful claims, responsible use of certification, and PSBT support—we empower users to make informed choices.
Let this framework spark broader discussion across the crypto community. Only through collective scrutiny can we raise the bar for security, transparency, and user sovereignty.
👉 Take control of your crypto future—explore tools that prioritize transparency and security.