Skip to content
hw-wallet.com
Dansk

Guide

How to choose a hardware wallet

A short, practical walk-through. Read it once before you buy and you will know which questions to ask yourself.

1. Start with the amount

A hardware wallet makes the most sense when your crypto holdings are large enough that losing them would actually hurt. Rule of thumb: if you own more than a couple of months of salary in crypto, it belongs on a hardware wallet, not on an exchange.

For a few hundred euros in Bitcoin, do not bother spending the same on hardware. For ten thousand euros and up, the wallet is cheap insurance.

2. Bitcoin-only or multi-coin?

If you only own Bitcoin, pick a Bitcoin-only device. Less code on the device means less attack surface. Coldcard Mk5 and the BitBox02 in Bitcoin-only edition are the obvious picks.

If you also own Ethereum, Solana or anything else, you need a multi-coin device. Ledger Nano S Plus and Trezor Safe 3 are both solid in the cheap tier.

3. Open source or closed source?

Trezor, BitBox and Coldcard ship fully open source firmware, which means independent researchers can audit the code. Ledger keeps its firmware closed but reaches certifications such as CC EAL6+ at the chip level instead.

Both approaches have a zero-track-record of compromised private keys to date. Pick the philosophical starting point you prefer, not one that is supposedly safer than the other.

4. How much screen do you actually need?

The small OLED screen on a Nano S Plus or Safe 3 is fine for signing the occasional transaction. If you reach for your wallet often, the small screen quickly becomes frustrating, because long addresses scroll across multiple frames.

In that case, a touchscreen model is worth the price: Ledger Flex, Trezor Safe 5 and Ledger Stax all show the entire transaction in one view, which makes Clear Signing far easier and removes a major source of mistakes.

5. iPhone or not?

To sign transactions from an iPhone, you need a device with Bluetooth or NFC: Ledger Nano X, Flex, Stax, Trezor Safe 5 (limited) or the new BitBox02 Nova. The classic BitBox02, Coldcard Mk5 and Trezor Safe 3 are primarily desktop and Android devices.

6. Where do you buy?

Direct from the manufacturer is always the first choice. The second choice is an authorized reseller. Never buy on Amazon Marketplace or eBay, where there are documented cases of devices with compromised seeds.

Manufacturers ship with a tamper-evident seal. If the seal is broken or looks different from the manufacturer's website pictures, return the unit unopened.

7. Setup routine, every time

  1. Unpack the device and check that the seal is intact.
  2. Update firmware via the manufacturer's own app (Ledger Wallet, Trezor Suite, BitBoxApp).
  3. Generate a new seed on the device, never from memory.
  4. Write the seed on paper (or a steel plate), never digitally.
  5. Test recovery with a small amount before sending the real funds.

The last point matters most. A seed you think you have but have not tested is not a seed.

Frequently asked questions

What exactly is a hardware wallet?

A hardware wallet is a small device that stores your private keys offline. When you make a transaction, it is signed physically on the device, and only the signed transaction leaves the device. Even if your computer is full of malware, your coins cannot move unless you physically confirm it on the hardware itself.

Where does the device store my coins?

It does not. Your coins live on the blockchain, not on the device. The hardware wallet stores the private key (or a seed of 12, 20 or 24 words) that gives you access to the addresses. If you lose the device, you can restore access on a new one with your seed.

What is the difference between Bitcoin-only and multi-coin?

A Bitcoin-only device (typically a Coldcard or BitBox02 BTC-only edition) can only be used for Bitcoin. That reduces the attack surface, because the firmware is smaller and contains no code for handling other chains. A multi-coin device can hold Ethereum, Solana, XRP and thousands of other tokens.

What does Secure Element CC EAL6+ mean?

A Secure Element is a chip designed specifically to resist physical attacks and side-channel analysis. CC EAL6+ is a Common Criteria certification level, where 7 is the highest practically achievable. Passports, payment cards and SIM cards use the same chip type. EAL6+ chips ship in the Ledger Flex, Stax, Nano S Plus and the Trezor Safe 3 and Safe 5.

Should I pick open source or closed source firmware?

Open source (Trezor, BitBox, Coldcard) lets independent researchers audit the code, but only matters if those researchers actually do. Closed source (Ledger) reaches certifications by keeping attack details private. Both approaches have a zero-track-record of compromised private keys so far. Pick the philosophical starting point you prefer.

Where do I buy a genuine hardware wallet?

Buy direct from the manufacturer's own shop, or from an authorized reseller. Buying on Amazon Marketplace or eBay has documented cases of devices with compromised seeds. The makers ship in tamper-evident packaging, but that is not a guarantee if the device has been opened and resealed.

Will I pay customs when buying from the US or Switzerland?

Yes. Coldcard ships from Canada and BitBox from Switzerland. Both are outside the EU, and EU buyers pay VAT plus a customs fee. Ledger and Trezor ship from inside the EU (France and the Czech Republic), so no extra cost.

How long does a hardware wallet last?

Manufacturers typically support firmware updates for 5 to 10 years after launch. The Trezor Model One, for example, gets security updates until at least 2036. The hardware itself lasts longer, and you can always migrate to a new device by entering your seed.