Wallets · Hardware · Part 2 of 4
Crypto Wallets Part 2: Beyond Ledger and Trezor
Ledger and Trezor receive the most coverage but are not the only serious hardware wallet options. Depending on your priorities — extreme air-gap isolation, Bitcoin-only security, lower price points or alternative open-source implementations — there are other devices worth knowing about. This part covers five alternatives: NGRAVE ZERO, SafePal S1 Pro, BitBox02 Nova, Coldcard and Keystone.
- NGRAVE ZERO holds the highest security certification available: EAL7
- Coldcard uses two Secure Elements from different manufacturers for Bitcoin-only cold storage
- Keystone 3 Pro uses three Secure Elements and communicates entirely via QR codes
- All descriptions are factual reference only — independent research is advised before purchasing
Air-gap and alternative designs
Why look beyond the two dominant brands
Ledger and Trezor cover the majority of use cases for active traders and general crypto holders — both are covered in detail in Part 1 of this series. But specific priorities — maximum isolation from network-based attacks, a focus on Bitcoin only, or a preference for a different open-source implementation — may point toward a different device.
Air-gapped wallets communicate only through QR codes or physical media such as MicroSD cards, eliminating any wired or wireless connection through which malware could interact with the device. This removes the remote attack surface entirely. The trade-off is that every transaction requires a scanning workflow rather than a direct USB connection, which adds friction for regular use.
The devices below are presented as factual descriptions. They are not recommendations. Independent research, including reviewing official documentation and security audits, is advisable before purchasing any device.
What this means
Hot wallets are connected to the internet and therefore exposed to remote attack vectors. The security trade-off for convenience is real and measurable — most crypto theft occurs from hot wallet compromises, not cold storage. This is context, not advice.
Maximum isolation
NGRAVE ZERO
NGRAVE is a Belgian company whose ZERO device holds the highest security certification available for a consumer hardware wallet: EAL7, one level above the EAL6+ certification found in most competitors including the Trezor Safe 5 and Ledger's Secure Elements.
The ZERO has no USB port, no Bluetooth, no Wi-Fi and no NFC. All communication happens through QR codes displayed on the 4-inch touchscreen and scanned by the companion GRAPHENE mobile app. This architecture eliminates the remote attack surface entirely — there is no connection through which software could interact with the device.
Private key generation uses NGRAVE's Perfect Key process, incorporating entropy from the device's light sensor and user biometrics alongside standard cryptographic randomness. The device integrates with MetaMask and Rabby Wallet for DeFi access and supports thousands of coins and NFTs.
The trade-off is convenience and cost. Every transaction requires a QR code scan, adding steps compared to USB-connected devices, and the ZERO sits at the premium end of the market. It is well suited to cold storage of high-value holdings where transactions are infrequent; it is less practical for day-to-day use.
The FCA's proposed custody rules under CP25/42 include operational resilience requirements for platforms — which includes the security of assets held in hot wallet infrastructure.
Air-gap at a lower price
SafePal S1 Pro
SafePal offers air-gapped security at a more accessible price point than NGRAVE. The S1 Pro uses an EAL6+ secure element, signs transactions entirely through QR codes and includes a self-destruct mechanism that wipes keys if physical tampering is detected. The hardware design is open source and the device supports over 200 blockchains with a 500mAh battery for standalone operation.
SafePal received investment from Binance. This does not affect the device's security specifications but is worth noting for users who consider exchange affiliations a relevant factor in their choice of self-custody hardware.
The S1 Pro represents a practical option for traders wanting air-gapped security without the premium pricing of NGRAVE. The QR-code-only workflow adds friction to each transaction but maintains the same fundamental isolation from network-based attacks.
Swiss open-source
BitBox02 Nova
The BitBox02 Nova is made by Shift Crypto, a Swiss company. It uses an EAL6+ certified secure chip, fully open-source firmware — placing it alongside Trezor in terms of transparency — and supports microSD backup. Connectivity includes USB-C for desktop and Bluetooth for iOS. The OLED display, protected by tempered glass, is smaller than Ledger or Trezor devices; the overall design is deliberately minimal.
BitBox02 suits users who want Trezor-equivalent open-source credentials in a more compact form factor. The Swiss manufacture and open-source posture give it credibility beyond marketing claims, and it has a solid community following among users who prioritise code auditability. It is a less prominent brand than Ledger or Trezor but has a consistent track record since launch.
Bitcoin-only
Coldcard Mk5 / Q
Coldcard is produced by Coinkite and is designed exclusively for Bitcoin. It uses two Secure Elements from different manufacturers — a Microchip ATECC608 and a Maxim DS28C36B — alongside the main processor. For funds to be compromised, exploitable backdoors would need to exist simultaneously in three separate chips from two separate manufacturers. This is a notably robust security architecture. Supply chain considerations for hardware wallets — including where to buy safely — are covered in Part 4 of this series.
The firmware and hardware are fully open source with reproducible builds — users can compile the firmware themselves and verify that it matches what is running on the device. Coldcard supports true air-gap operation via MicroSD using PSBT files, meaning it can sign transactions without ever connecting to a computer.
- Duress PIN: A secondary PIN that either wipes the device or unlocks a decoy wallet containing a separate balance
- Tamper-evident packaging: Designed to reveal if the device has been opened before reaching the customer
- Dice roll seed generation: Option to generate seed phrases using physical dice rather than trusting the device's internal random number generator
- Q model: 3.2-inch LCD, physical QWERTY keyboard, QR scanner, dual MicroSD slots; operates on AAA batteries or USB power
Coldcard's interface is oriented towards technically experienced users. It does not support any cryptocurrency other than Bitcoin — this is a deliberate design choice. For Bitcoin holders who want maximum security and full verifiability, it is widely regarded as the most security-focused option available.
Triple secure element
Keystone 3 Pro
Keystone uses QR-code-only communication for air-gap operation and supports a broader range of assets than Coldcard, including Bitcoin, Ethereum and EVM tokens, XRP, Solana, Polkadot and more. The 3 Pro uses three Secure Element chips — a Microchip ATECC608B, a Maxim DS28S60 and a Maxim MAX32520 — protecting recovery phrases, storage and biometric data through separate hardware components.
The hardware schematics, firmware and secure-element logic are open source. The 4-inch touchscreen is large and clear. Batteries are detachable with AAA support; the Pro model adds a rechargeable battery option, a fingerprint sensor and a self-destruct mechanism that wipes keys if disassembly is detected.
The triple-SE architecture is newer than Coldcard's established design and is still undergoing long-term community scrutiny. The open-source commitment means this scrutiny is happening publicly — the appropriate model for evaluating security claims in this category. The Pro model is priced at approximately $169.
Summary
Choosing between air-gap and connected devices
Maximum isolation
NGRAVE ZERO and Coldcard eliminate network attack surfaces entirely. Best suited to high-value cold storage where transactions are infrequent. Adds workflow friction for every transaction.
Bitcoin only
Coldcard is purpose-built for Bitcoin holders who want full code verifiability and maximum security architecture. Not suitable if you hold other assets.
Multi-asset air-gap
Keystone and SafePal offer QR-based air-gap operation with broader asset support. More practical for active traders than NGRAVE while maintaining isolation from direct network connections. Both pair well with the hot wallets covered in Part 3.
Open-source alternative
BitBox02 Nova provides Trezor-equivalent open-source credentials in a compact form factor with a different manufacturing and company background.
Market impact snapshot
UK-regulated exchanges have broadly moved to hybrid custody models with the majority of assets in cold storage, reflecting both security best practice and anticipated regulatory standards.
Next in this series
Part 3: Hot Wallets That Pair Well With Hardware Wallets
Coinbase Wallet, Exodus, MetaMask, Rabby and Trust Wallet — the hot wallets most relevant to UK traders and how each integrates with hardware devices.