What are hardware wallets/signers?

A hardware wallet is really a hardware signer: a dedicated device that keeps your private keys off your laptop or phone and signs transactions on the device itself. Your keys don’t sit on an internet-connected machine, and when you send funds you’re meant to verify the important bits (amount, address, fees) on the device’s own screen before it signs.

That’s the whole point, and why people like them. They’re a strong option for longer-term holding, they add a deliberate “are you sure?” moment you don’t get with a hot wallet, and they play nicely with more advanced setups like multisig. The trade-offs are real, though: they cost money, firmware updates matter (you can’t ignore them forever), and none of this replaces the one thing you must protect properly – your seed/recovery phrase (and a passphrase, if you use one).

Also worth saying out loud: a hardware signer doesn’t “store your coins”. Your funds live on the blockchain. The device protects the secret that authorises spending.

Trezor tends to be the default recommendation because it lands in a very usable middle ground: straightforward enough for beginners, but not limiting once you start caring about things like multisig, better wallet software, or more deliberate workflows. The general feel is open and transparent, with a mature ecosystem and a setup experience that doesn’t make you feel like you need to earn a badge first. The only nuance is the same everywhere: model choice and threat model matter, especially if you’re thinking about physical attackers rather than remote ones.

Ledger is still popular for a reason: it’s polished, convenient, and many people find it the easiest “first proper signer” experience. Where it keeps catching heat is trust. A lot of users haven’t forgotten the earlier customer data breaches around e-commerce/marketing systems, and the way those incidents were communicated left a lingering “do I want my details in this vendor’s orbit?” discomfort. The device security conversation often gets mixed up with privacy and reputation, but in practice: reputation sticks, and that influences buying decisions.

If you slide further towards the security-maximalist end, Coinkite is the classic “power user” choice. It’s built around deliberate, offline-friendly workflows and a minimise-assumptions mindset. The trade-off is that it expects more of you: the learning curve is steeper, it’s less hand-holdy, and it’s easier to confuse yourself if you rush the setup or don’t understand what each step is achieving.

Then you’ve got a newer wave of “serious, but not miserable” devices. Foundation is very much in that camp: Bitcoin-focused, open-source, and designed for QR-based, air-gapped signing if you want it. The pitch is basically “hardcore security in a premium package” with a guided UX – i. e., you can stay disciplined without feeling punished by the interface.

Blockstream sits in a slightly different niche: it leans into being fully open-source while still offering a distinctive security model (they describe it as a “virtual secure element”) and strong QR-based, air-gapped workflows using an on-device camera. If you like the idea of “keep the signing device simple, keep it offline, and verify everything on the device”, it’s built around that worldview.

And finally there’s the “if you want maximum control, be your own vendor” option: SeedSigner. It’s explicitly a DIY, verifiably air-gapped Bitcoin signing device you build from inexpensive off-the-shelf parts, with a strong emphasis on being stateless (you don’t have to permanently store keys on the device).  That’s incredibly appealing if you’re security-minded and enjoy understanding every moving piece – and it’s also why it’s not everyone’s first stop.

Whichever route you choose, the device is only one part of the story. The real security wins come from the boring bits: how you generate and store your seed/recovery phrase, whether you add a passphrase (and where that lives), how you verify addresses on-screen, and whether you’ve ever actually tried a recovery while you’re calm and not under pressure. Different signers just shift the balance between convenience, openness, and “lock it down and assume nothing” workflows – so the best choice is the one that matches your habits and your threat model, not whatever looks coolest in a YouTube thumbnail.