A lot of Bitcoin maximalists really love the Bitcoin only Coldcard hardware wallets. Personally, I’ve always been a fan of the Trezor company and their hardware wallets having had a Trezor One from 2015, so there is a rich history of advancement and addressing of security vulnerabilities. And they just came out with a new hardware wallet, Trezor Safe 7, featuring their own secure element chip (I own a Safe 5 and Safe 3 with proprietary secure elements). And they addressed one previous chip they tested behind an NDA which was trash as they could retrieve the information from the secure element chip they rejected, which they said a competitor uses. And the previous wallets that used secure element chips used a proprietary one that passed their security attacks, with the NDA issues and not being able to be open pushing them into designing their own secure element chip. And even though Trezor used USB, with the newest wallet adding Bluetooth, all communications over these interfaces is the same encryption with hardening of the interfaces impact to the rest of the system.
This brings me to the Coldcard wallet, and though they use two secure element chips, one with the keys to decrypt the secret key in the second chip, Are they using the chip that Trezor broke leaving just one secure element left to break? And much is made of the device being air-gapped, but you have the blackbox of the QR code scanner, the SD card readers used to transfer data, NFC radio capabilities, as well as USB connectivity. Of course air-gapped sounds good, but there are a lot of attack avenues depending on what you enable. The project is opensource, but have they put the research into all these vectors of attack? And they don’t offer a software wallet suite for the device, so is their knowledge for security and attacks deep enough? Which is why I investigated the CEO of Coinkite with an interview below. He seems like a logical and smart guy, but too profane for my tastes and I don’t get the same level of professionalism that I do from the corporate officers of Trezor, which you can see in the link above as they gave their presentation on the Trezor Safe 7. Which leads me to believe Trezor has avoided the QR code scanners as another device with security concerns not worth the effort to include quite yet. All that to say, I’d watch the whole interview before buying a Coldcard hardware wallet to see if that meets your security threshold.