Bitcoin Multisig Hardware Wallet Comparison

"Your keys, your bitcoin. Not your keys, not your bitcoin."


Ledger Nano S

Trezor Model T

Coldcard™ Mk2

USD Price (excluding shipping)
Multisig Support
User Input
Other Criteria
Programming Language C C C & Python C & Python
Altcoin Support 40+ 1,100+ 1,000+ Bitcoin Only

(Click on each star rating for supporting details)

Also, see my interview on multi hardware wallet multisig for more info about these criteria.


Q: Why is multisig so important?
A: Multisig (with > 1 required signatures) is essential for large transactions because it eliminates single points of failure in both your hardware and software. There are so many things that could go wrong and cause you to lose funds with a single hardware wallet. You can spend an insane amount of effort to be 99.999% sure it won't happen with one signature, or spend much less effort to be 99.9% sure that each of two devices are secure. It's a huge security/useability win. See this tweet for more info.

Q: What's the best way to do multi-device multisig now?
A: For now, the easiest solution for most people is to use Electrum (guide here). This is very bad for privacy unless you run your own Electrum Personal Server, which is much more complicated than just running Bitcoin Core. Hopefully, all decent hardware wallet manufacturers will adopt BIP174 in the future. Then you can get the privacy, security, and enforcement of consensus rules that only Bitcoin Core can provide, and without the heavy resources requirements of Electrum Personal Server.

Q: Why the alarmism, isn't any hardware wallet good enough?
A: As any software engineer will tell you, all the modern systems we use are held together by the tech equivalent of duct-tape, and cryptography is much harder than writing regular code. It's not just an academic thing, stealing bitcoin private keys is perhaps the most lucrative use of bugs, exploits and backdoors. This talk on the History of Hardware Wallet Attacks should convince you that solving 100% of these and all future problems is an unrealistic goal (hence the importance of multi hardware wallet multisig).

Q: Why are you so zealous about securing bitcoin?
A: While it is impossible to know for sure how many coins have been lost, estimates range from 0.5%-2% of all coins are lost each year (excluding Satoshi's possibly lost bitcoin). The ability to secure bitcoin is fundamental to its value proposition, and threatens its adoption. When bitcoin is hard to secure, users turn towards trusted third parties. This is the problem bitcoin was made to solve, and these trusted third parties with massive bitcoin holdings create systemic risk for the bitcoin ecosystem.

Q: Who are you and why should I trust your opinion?
A: I'm just a humble HODLer who has become frustrated that after a decade bitcoin still doesn't have a straightforward way for end-users to secure their own bitcoin trustlessly (and without giving up their privacy). With PSBT (BIP174) now part of Bitcoin Core, we are really close to solving this problem. I have no affiliation with any of these companies and none are paying me. Don't trust me and do your own research anyway. Follow me on twitter here.

Q: Why such a strong emphasis on BIP174 (PSBT)? Isn't it just a serialization format?
A: Partially Signed Bitcoin Transactions (PSBT), aka BIP 174, is a serialization format for passing around new bitcoin transactions between devices in various states (unsigned, partially signed, and fully signed). As of bitcon core v0.17, it is the "official" standard for how to do this. PSBT support is not sufficient for simple multi HW wallet multisig, but accomplishing that goal without PSBT is very difficult. Thus PSBT adoption signals that a wallet is attempting to be interoperable and support more of bitcoin core's features. While currently it's command-line only in bitcoin core, there are several teams building GUIs on top of this (and any wallet that doesn't support BIP174 will likely be excluded).

Q: Why isn't "security" an evaluation criteria?
A: Each category is directly tied to security, and being "secure" is very hard to define. While it's hard to prove that something is secure, any wallet that doesn't get high marks on all these criteria is likely insecure.

Q: What about a "secure element"?
A: A secure element stores your private key material inside a chip that that is designed to never reveal your seed, even to an attacker with physical access. It can also be trusted to perform other actions, for example it might delete itself after X invalid PIN attempts, or display if their device's firmware had been tampered with. This is useful at preventing an evil maid attack. There are three main drawbacks to a secure element:

  1. There is currently no way to run open source code on a manufacturer's secure element, and the cost to produce your own is very high. This means that at least some portion of your code must be closed-source, which is dangerous. Coldcard has a unique approach where they use the secure element only to store your private key material, but use a general purpose microcontroller unit (MCU) to perform business logic on that key. Ledger does security audits.
  2. To take advantage of the secure element, you effectively must have some sort of PIN. If your hardware wallet is lost/destroyed, this PIN is useless in recovering bitcoin. If you use a standard BIP39 passphrase (i.e. 25th word) for your bitcoin you must now remember this PIN in addition to that passphrase. Having more passwords to remember often causes users to use weaker ones and/or forget.
  3. Complexity is the enemy of security. If you know what you're doing, then you can take advantage of the secure element's benefits to enhance your security. However, for a proper multisig setup (which has redundancy in case a key is lost/stolen), the benefit / complexity tradeoff is more of a personal preference.

Q: What about hardware wallet X?
A: I excluded hardware wallets that don't support multisig as this seems fundamentally broken for a security product. These include BitBox02, CoolWallet S, Ellipal, BitFi, and SafePal S1, Cobo Vault (supports multisig but not with competitors). If any of these add multi HW wallet multisig support, it might be worth reconsidering them. While the best measure of supporting multisig across different hardware manufacturers is using Bitcoin Core (ideally with BIP174), hardware wallet multisig with Electrum is another possibility. TODO: consider adding Archos Safe-T mini?

Fork me on GitHub