Bitcoin Signing Devices (Hardware Wallets) Reference
Self-custody starts with the device that holds your keys. A Bitcoin signing device — often called a hardware wallet — keeps your private keys offline and signs transactions in isolation, so the keys never touch an internet-connected computer. The neutral reference below compares widely used signers (open-source DIY builds, air-gapped QR signers, and secure-element devices) across the traits that actually matter for sovereignty: firmware openness, secure-element storage, air-gap method, interface, PSBT and multisig support, BIP39 passphrase handling, and whether the device is stateless. It is a machine-readable map of the field, not a ranking — the right signer depends on your own threat model. Each device name links to the manufacturer’s own documentation, and the full dataset is downloadable as CSV and JSON under CC BY 4.0.
Quick answer
A Bitcoin signing device (hardware wallet) keeps your private keys offline and signs transactions in isolation, so the keys never touch an internet-connected computer. Designs differ along a few axes: whether the firmware is open source, whether a dedicated secure-element chip stores the key, and how the device talks to your wallet software — by USB, by air-gapped QR / microSD, or by NFC. This reference lists 16 widely used signers with those traits side by side so you can match a device to your own threat model. It does not rank them or name a "best."
There is no single best signer, only trade-offs. Air-gapped QR / microSD devices (SeedSigner, Krux, Passport, Keystone, Coldcard Q) shrink the attack surface of a live data link; secure-element designs (Trezor Safe, Ledger, BitBox02, Coldcard) harden against physical key extraction; stateless signers (SeedSigner, Krux) store nothing at all. Verify every spec against the manufacturer before trusting a device with savings.
Download CSV Download JSON REST API →
| Device | Maker | Open source | Secure element | Air-gap | Interface | PSBT | Multisig | Passphrase | Stateless | Notable |
|---|---|---|---|---|---|---|---|---|---|---|
| Coldcard Mk4 | Coinkite | Partial | Yes — dual (Microchip ATECC608B + Maxim DS28C36B) | microSD / NFC | USB-C, microSD, NFC-V, keypad, LCD | Yes | Yes | Yes | No | Bitcoin-only signer with two secure elements from different vendors; pioneered air-gapped PSBT over microSD. USB and NFC data can be physically and permanently disabled by cutting a PCB trace. Firmware source is published and reproducible under a custom (non-OSI) license. |
| Coldcard Q | Coinkite | Partial | Yes — dual (Microchip ATECC608B + Maxim DS28C36B) | QR / microSD / NFC | QR scanner, QWERTY keyboard, dual microSD, USB-C, NFC, 3.2-inch LCD | Yes | Yes | Yes | No | Larger Coldcard with a full QWERTY keyboard, built-in QR scanner and a 320x240 LCD; runs on AAA batteries for fully air-gapped operation. Shares the Mk4 dual-secure-element security model. |
| SeedSigner | SeedSigner (open-source project) | Yes | No | QR | QR camera, joystick/buttons, 1.3-inch LCD | Yes | Yes | Yes | Yes | DIY signer built from commodity Raspberry Pi Zero parts (typically under $50). No WiFi, Bluetooth, USB data or persistent storage — the seed is re-entered each session and never stored; all communication is by QR code. |
| Krux | Krux (open-source project) | Yes | No | QR / microSD | QR camera, touchscreen (some boards), microSD, optional thermal printer | Yes | Yes | Yes | Yes | Open-source firmware for off-the-shelf Kendryte K210 boards (M5StickV, Maix Amigo). Defaults to a stateless/amnesic mode that holds keys only for the session; signs by QR or microSD and supports Taproot and miniscript. |
| Trezor Safe 5 | SatoshiLabs (Trezor) | Yes | Yes — Infineon OPTIGA Trust M (V3), CC EAL6+ | none (USB) | USB-C, color touchscreen, haptic feedback | Yes | Yes | Yes | No | Touchscreen device pairing a general-purpose MCU with an EAL6+ secure element that gates PIN and passphrase entropy. Firmware is fully open source with verified boot. |
| Trezor Safe 3 | SatoshiLabs (Trezor) | Yes | Yes — Infineon OPTIGA Trust M (V3), CC EAL6+ | none (USB) | USB-C, two buttons, OLED | Yes | Yes | Yes | No | Button-based wallet that introduced a dedicated EAL6+ secure element to the Trezor line alongside the main MCU. Open-source firmware with verified boot. |
| Trezor Model T | SatoshiLabs (Trezor) | Yes | No | none (USB) | USB-C, color touchscreen, microSD (SD-protect) | Yes | Yes | Yes | No | Long-running open-source touchscreen wallet with no dedicated secure element (keys held encrypted in MCU flash). Discontinued in 2024 in favour of the Safe line. |
| Ledger Nano S Plus | Ledger | No | Yes — ST33 (CC EAL5+) | none (USB) | USB-C, two buttons | Yes | Yes | Yes | No | Wired-only signer built on a banking-grade ST33 secure element running Ledger's proprietary BOLOS OS (individual apps are open source, the OS is not). PSBT and multisig are handled through external coordinators such as Sparrow or Electrum. |
| Ledger Nano X | Ledger | No | Yes — ST33J2M0 (CC EAL5+) | none (USB / Bluetooth) | USB-C, Bluetooth 5.0, battery, two buttons | Yes | Yes | Yes | No | Adds Bluetooth and a battery to the ST33/BOLOS platform for mobile use; the secure element stores keys while BOLOS isolates apps. Operating system is proprietary. |
| Ledger Stax | Ledger | No | Yes — ST33K1M5 (CC EAL6+) | none (USB / Bluetooth / NFC) | USB-C, Bluetooth 5.2, NFC, E Ink touchscreen, Qi wireless charging | Yes | Yes | Yes | No | E Ink touchscreen device on an EAL6+ ST33 secure element with BOLOS; supports wireless Qi charging and NFC. OS proprietary, apps open source. |
| BitBox02 | BitBox (Shift Crypto) | Yes | Yes — Microchip ATECC608B (paired with an ATSAMD51 MCU) | none (USB; microSD = backup) | USB-C, capacitive touch sliders, OLED, microSD (backup) | Yes | Yes | Yes | No | Fully open-source (Apache-2.0) and reproducible firmware. The seed is encrypted and held in MCU flash rather than on the secure element; microSD makes instant offline backups. Ships in Multi and Bitcoin-only editions. |
| Foundation Passport | Foundation Devices | Yes | Yes — Microchip ATECC608B | QR / microSD | QR camera, microSD, keypad, color LCD (battery-powered) | Yes | Yes | Yes | No | Fully air-gapped, battery-powered signer that communicates only by QR and microSD — no USB data path and no wireless. Open-source firmware and hardware; firmware is verified by 2-of-4 Foundation signing keys, and expert users can add their own. |
| Blockstream Jade | Blockstream | Yes | No (Virtual Secure Element + blind-oracle PIN) | QR | USB-C, Bluetooth, QR camera, click-wheel | Yes | Yes | Yes | No | Low-cost open-source signer on an Espressif ESP32. In place of a hardware secure element it splits the secrets between the device PIN and a remote blind oracle, so a locked Jade alone holds nothing usable. Works air-gapped by QR, or over USB and Bluetooth. |
| Keystone 3 Pro | Keystone | Yes | Yes — three SEs (Microchip ATECC608B, Maxim DS28S60, Maxim MAX32520) | QR / microSD | QR camera, microSD, 4-inch touchscreen, fingerprint reader; USB-C (charge/firmware only) | Yes | Yes | Yes | No | Air-gapped touchscreen signer using three secure elements (two certified CC EAL5+) plus a fingerprint reader. No Bluetooth, WiFi or NFC and no USB data path — signs only by QR or microSD. Open-source firmware. |
| Coinkite Tapsigner | Coinkite | No | Yes | NFC | NFC tap (credit-card form factor) | Yes | Yes | No | No | Card-format single-key signer that holds a BIP32 extended private key (XPRV, not a BIP39 phrase) in a secure element and signs over an ECDH-encrypted NFC tap. Serves as a multisig cosigner with wallets like Nunchuk and Sparrow; the NFC protocol is open, the card firmware is closed. |
| Bitkey | Block, Inc. | Partial | No (secure MCU — Silicon Labs EFR32MG24, ARM TrustZone + PUF) | NFC | NFC, fingerprint sensor | Yes | Yes | No | No | Seedless 2-of-3 multisig system — keys live on the device, the phone app and Block's server, with no BIP39 recovery phrase. Fingerprint-authenticated NFC hardware key; firmware uses signed secure boot and is being progressively open-sourced. |
Source: each manufacturer's own product documentation, firmware repositories and security pages (linked on each device name). Capabilities can change with firmware revisions — verify before relying on them. Related glossary: self-custody, hardware wallet, air-gapped signing, secure element, PSBT, multisig, seed phrase. See the open data hub.
Related products, repair, and setup paths
- how D-Central diagnoses ASIC repairs
- ASIC troubleshooting library
- ASIC manuals and repair guides
- replacement hashboards
- ASIC control boards
- ASIC power supplies
- S19 family replacement hashboard
- C52 replacement control board
- APW12 S19 power supply
- immersion cooling hub
- home immersion cooling guide
- ASIC miners for immersion planning
- ASIC cooling parts
- airflow shroud before immersion
- compare miner specs in the database
- ASIC repair support
- compare ASIC miner specs
- ASIC miner database
- Antminer S19 specs and profitability
- buy a tested Antminer S19
- Antminer S19 maintenance guide
- Antminer S19 repair service
- Antminer S21 specs
- Bitmain Antminer S21
- Antminer S21 maintenance guide
- BM1370BC S21 Pro chip
Last reviewed June 26, 2026.