On April 13, 2022 Consumer Reports published a review reviewing five crypto wallets (hardware wallets for cold storage of on-chain cryptocurrency). The review is by now 3½ years old so of course newer models of wallets are available, but one can still review CR‘s review, which is what I will try to do here. What did they get right in that review? What important selection factors, if any, did CR miss?
CR got a lot of things right. The review nudged the reader away from leaving crypto on exchanges and toward on-chain storage using a cold wallet. It helped the reader to appreciate that one wallet or another may turn out to be a better fit for the reader depending on the device (notebook computer, Android phone, iPhone) that the reader plans to use with the wallet. The review helped the reader who is new to cold storage get a bit of an introduction to things like seed phrases and the fact that loss of a particular cold wallet need not entail loss of the cryptocurrency.
The chief thing CR missed was the open-source or proprietary nature of the firmware in the wallets.
The cold wallets reviewed were:
- CoolWallet S
- Ledger Nano S
- Ledger Nano X
- ShapeShift KeepKey
- Trezor Model One
At the time of the review, these were indeed five of the most frequently mentioned cold wallets in Internet discussion groups. They ranged in price from about $50 to about $150.
Proprietary charger. CR pointed out that the CoolWallet S required a proprietary charger. Indeed quite a few cold wallets need no charger at all, because they get their power from a USB port on the associated device such as an Android phone or notebook computer. If one were to misplace the charger for the CoolWallet S, this would be a big problem.
iPhone support. iPhones lack a conventional USB port, so as CR pointed out, most cold wallets won’t work with them. At the time of the review, the Ledger Nano X was one of the few cold wallets with Bluetooth connectivity, permitting use with an iPhone.
Support of particular cryptocurrencies. In 2026 one benefits from hindsight that by now there are only two cryptocurrencies (bitcoin and ethereum) with non-negligible market capitalization, non-negligible trading volumes (and liquidity), and total supply. I personally do not pay much attention to the remaining several dozen cryptocurrencies due to what I perceive as their much higher volatility.
But in 2022, CR did correctly note that the software apps and firmware for the five cold wallets being reviewed differed from one to the next in their support of particular cryptocurrencies. CR observed that “the Nano X supports Monero, Polkadot, and Ripple (XRP), among others.” As for the KeepKey, “a wide variety of cryptocurrencies are supported, including ShapeShift’s own Fox token.” The Trezor Model One is “not compatible with more obscure cryptocurrencies, such as Monero and Cardano,”
No consideration of open-source or proprietary firmware. The chief selection factor that CR missed, in my view, was the night-and-day difference among the five cold wallets being reviewed — the open-source or proprietary nature of the firmware and software.
When a consumer product is not open-source, this means the firmware and software are proprietary. The company making the product might or might not have been sufficiently careful in designing the firmware and software. A bad actor might be able to find some flaw or weakness in the product.
If the product is, say, an MP3 player, then maybe the consequences of failure are modest. Maybe the MP3 player won’t reproduce the music flawlessly. But if the product is a cold wallet for on-chain storage of cryptocurrency, the consequences of failure could be the irretrievable loss of the money.
Four of the five cold wallets reviewed used proprietary firmware and software. It was impossible for the user community to inspect or audit the firmware and software to look for possible flaws or weaknesses. Only the Trezor Model One was open-source. This night-and-day difference among the five wallets went unmentioned in the CR review.
How securely is the private crypto key stored? In the 3½ years that have passed since this review, another selection factor for cold wallets has risen to higher visibility — the difficulty or ease with which a bad actor that had gotten its hands on someone’s cold wallet might be able to extract the user’s private cryptographic key from it. The earliest cold wallets simply stored the key in ordinary nonvolatile memory. A bad actor might be able to extract the private cryptographic key using readily available tools.
By now in 2026, some wallet makers have upped the game, storing the key in a “secure element” that is designed to make it harder for a bad actor to extract the key. But most of the supposedly “secure” chips are themselves proprietary. If the maker of the secure element even makes it possible to audit the chip’s design (and not all makers of such secure elements even make this possible), it is only upon signing of a non-disclosure agreement (NDA) that the would-be auditor can commence the audit.
Wouldn’t it be nice if some maker of a cold wallet were to not only to make its firmware open-source, but if the maker were also to store the key in a secure element that is itself open-source? Wouldn’t it be nice if the secure element were NDA-free? The alert reader knows where I am going with this. Trezor, the maker of the Model One that was recommended in CR‘s review, now offers the Safe 7. The Safe 7, like all other Trezor cold wallets, has open-source firmware. But it also stores the key in an NDA-free secure element (called the TROPIC01).
The Safe 7 also has Bluetooth, and so can be used with an iPhone. The Safe 7 can also charge using USB or can charge using a wireless Qi charger. The wallet is IP54-rated for dust and splash resistance. It provides haptic feedback for user entries at its touch screen. Yes, at $249 the Safe 7 is the most expensive cold wallet on the market, but it has many good qualities.
Leave a Reply