Hardware

Coinkite has established itself as a trusted name in Bitcoin security through its rigorous hardware architecture. COLDCARD wallets employ dual secure elements from different manufacturers (Microchip ATECC608 and Maxim DS28C36B) plus a main microcontroller, splitting secrets so an attacker would need to compromise all three chips simultaneously to access funds. The BIP39 seed is encrypted with AES-256-CTR derived from secrets across both secure elements and the MCU, protected by PIN-gated access with limited login attempts and anti-phishing words to prevent brute force attacks and device substitution.

The firmware is fully open-source and auditable, with secure boot ensuring only Coinkite-signed updates can run. Air-gapped operation means COLDCARD devices never need to connect to a networked computer—transactions are signed offline using microSD cards or QR codes (on the Q model). This Bitcoin-only focus deliberately avoids altcoin support, dramatically reducing the attack surface compared to multi-coin wallets. The company maintains a strong reputation within the cypherpunk and Bitcoin security community, with years of operation from Canada and widespread adoption among serious self-custody practitioners.

Bitkey is developed and operated by Block, Inc. (NYSE: SQ), a publicly traded financial technology company with a market cap in the tens of billions and regulatory compliance across multiple jurisdictions through its Square and Cash App products. This corporate backing means Bitkey benefits from institutional-grade security practices, ongoing development resources, and accountability to shareholders and regulators. The hardware and software are designed with transparency in mind, and Block has published details about the 2-of-3 multisig architecture where the company holds only one server key that cannot move funds without user participation.

The security model distributes trust across three keys: one on your phone, one on the hardware device, and one held by Block's servers. Any two keys are required to move funds, meaning Block alone cannot access your Bitcoin, while you retain ultimate control through your two keys. The hardware device stores its key offline with fingerprint authentication and NFC tap-to-sign, and the mobile key can be backed up to your cloud account. Privacy protections ensure Bitkey cannot see transaction details when you use your own keys, and the system is designed so that even if Block's servers went offline, users with both their phone and hardware device could still access funds.

Built by Blockstream. 100% open-source firmware and hardware. Unique 'Blind Oracle' PIN security model (no secrets stored on device when locked). Camera for air-gapped QR signing. Genuine Check hardware verification. Anti-Exfil protection against Dark Skippy attacks.

100% open-source (MIT license). No pre-built hardware to trust—build it yourself from generic components. Community-driven project since December 2020. Stateless design (no secrets stored on device). Reproducible builds for verification.

Swiss-designed and manufactured. Fully open-source firmware and hardware. Dual secure chip design. SOC 1 & SOC 2 audited. Highest-rated hardware wallet on Trustpilot.

Fully open-source hardware and software. Air-gapped by design. Made in USA. Backed by leading Bitcoin investors. Passport is widely praised for security and UX.

World's first transparent, auditable secure element (TROPIC01). Open-source firmware. Post-quantum cryptography (SLH-DSA-128) protects firmware updates and authentication. Fully transparent and community-verifiable.

TapSigner is manufactured by Coinkite, the company behind the well-regarded COLDCARD hardware wallet. The device generates and stores your private key (XPRV) entirely within a secure element chip - the key never leaves the card. Key generation uses verifiable entropy combining user-supplied chain code with the card's internal randomness, ensuring you can verify the key wasn't pre-generated.

Each card includes a factory certificate signed by Coinkite that can be cryptographically verified through their open-source Python tools (cktap) or by tapping the card to visit tapsigner.com/start. This certificate chain allows you to confirm your card is genuine and hasn't been tampered with. The NFC protocol is fully open, enabling any compatible wallet to integrate with TapSigner.

As a self-custody solution, there are no third-party servers involved in key storage or signing. Your Bitcoin security depends solely on the physical card and your PIN, with no centralized points of failure.

OpenDime operates as a fully self-custodial device where the private key is generated inside the hardware using 256KB of user-provided random data combined with the device's serial number and internal hardware random number generator. The key remains completely unknown and inaccessible until the device is physically unsealed by breaking a resistor, making it impossible for anyone, including the manufacturer Coinkite, to access funds on a sealed device.

The device includes a dedicated secure element for hardware-based key storage and features tamper-evident design with a transparent cover that makes any physical modification immediately visible. Coinkite, the manufacturer, also produces the well-regarded Coldcard hardware wallet and has established credibility in the Bitcoin hardware security space. The firmware is fully open-source on GitHub with reproducible builds, and a 75-line Python verification script allows users to audit the key generation process. No security incidents, exploits, or counterfeits have been reported, with the design claiming it would cost over $100 million to extract the factory key needed to create fakes.

Satscard is a non-custodial bearer device where the private key is generated and stored inside an EAL6+ certified secure element chip. The key never leaves the card or touches the internet, and users can add their own entropy (such as dice rolls) during setup to ensure keys cannot be pre-generated by the manufacturer.

The product is made by Coinkite, the same company behind the Coldcard hardware wallet and Opendime devices. Coinkite has been producing Bitcoin-focused hardware for years and is widely regarded as security-focused within the Bitcoin community. The SATSCARD protocol is fully open and auditable, allowing independent verification of how keys are generated and used.

There are no widely documented security breaches of Satscard. The device operates without any third-party servers or custody - whoever physically holds an unredeemed card controls the associated Bitcoin.