The Keystone 3 Pro leads with a feature most competitors cannot match: a 4-inch color touchscreen. Combined with QR-code-based signing, a fingerprint sensor, triple EAL6+ secure elements, and switchable Bitcoin-only firmware, it packs serious hardware into a $169 device.
Two things deserve honest upfront treatment. First, Keystone ships with multi-coin firmware by default. You have to manually flash the Bitcoin-only version. Second, the company has Chinese manufacturing origins, which matters to some Bitcoiners and not others. The firmware is fully open source, which partially addresses the second concern. Neither of these is a dealbreaker, but both are worth knowing before you buy.
Quick Verdict
Best air-gapped QR wallet with a large touchscreen
| Category | Score | Notes |
|---|---|---|
| Air-Gap Security | 9/10 | QR + MicroSD, no USB data, triple SE chips, no wireless radio |
| Touchscreen UX | 8.5/10 | 4-inch display is class-leading. Navigation is intuitive and smooth |
| Open Source | 8/10 | Firmware is open source. Hardware schematics less complete than Passport |
| Fingerprint Auth | 8.5/10 | Convenient, secure, optional. Data stays in secure element |
| Price / Value | 8.5/10 | $169 with a 4-inch screen, fingerprint, triple SE. Good value |
| Overall | 8/10 | Best touchscreen air-gap wallet. Chinese manufacturing is the main caveat |
| Chip | PSOC62 (application processor) + 3x Infineon EAL6+ secure elements |
| Display | 4-inch color touchscreen |
| Air-gap method | QR codes + MicroSD card (dual methods) |
| Connectivity | USB-C charging only. No USB data, no Bluetooth, no WiFi, no NFC |
| Fingerprint sensor | Yes (optional, data stored in secure element) |
| Bitcoin-only firmware | Yes (available on GitHub, requires manual flash) |
| Open-source firmware | ✓ Yes |
| Power | AA batteries (2x) |
| Price | $169 USD |
| Made in | China (Hong Kong-based company) |
The Keystone 3 Pro is an air-gapped Bitcoin hardware wallet made by Keystone, a company formerly known as Cobo Vault, based in Hong Kong. It launched in 2023 as the third generation of the Keystone line and represents the most ambitious hardware the company has shipped: a 4-inch touchscreen, three separate EAL6+ secure element chips, fingerprint authentication, and support for both QR code and MicroSD air-gap signing.
The device competes directly with the Foundation Passport and the Coldcard Mk4 in the air-gapped wallet category. It beats both on screen size by a considerable margin. The Passport uses a 1.8-inch display. The Coldcard Mk4 has a small monochrome screen. The Keystone 3 Pro's 4-inch color touchscreen is genuinely in a different class for readability and transaction verification.
Keystone ships the device with multi-chain firmware installed by default, supporting Bitcoin and a range of altcoins. For Bitcoin holders, this is not ideal. Wider coin support means a larger codebase and a larger attack surface. The good news: Keystone publishes a separate Bitcoin-only firmware on GitHub. Flashing it before setup takes about ten minutes and is the recommended first step for any Bitcoin-focused buyer.
The battery-powered design is a practical distinction worth noting. Most hardware wallets charge via USB. The Keystone 3 Pro runs on AA batteries. That means it works anywhere, does not need a charging cable, and has no USB charging dependency that could theoretically introduce a supply chain attack vector. Batteries are cheap and available globally. Some users see this as a feature. Others find it less elegant than USB charging.
The Keystone 3 Pro's primary air-gap method is QR codes. Both the wallet and your computer software display and scan QR codes to exchange transaction data. No cable touches the device at any point. Here is the complete signing workflow with Sparrow Wallet:
Export your public key to Sparrow
On the Keystone 3 Pro, navigate to the wallet settings and display the QR code for your xpub (extended public key). In Sparrow Wallet, choose "New Wallet" and select "Keystone" as the hardware device. Scan the QR from the Keystone screen using your computer camera. Sparrow creates a watch-only wallet linked to your keys.
Build and export the unsigned transaction
In Sparrow, construct the transaction: destination address, amount, fee. Click "Create Transaction" and then "Show QR." Sparrow displays an animated QR code (the unsigned PSBT). Hold your Keystone 3 Pro up to scan it with the device camera. The Keystone reads the entire unsigned transaction.
Review, sign, and scan back
The Keystone 3 Pro displays the transaction details on its 4-inch screen: destination address, amount, fee. Verify everything matches. Approve using your fingerprint or PIN. The device displays a new QR code containing the signed transaction. Scan it with Sparrow. Sparrow broadcasts the transaction to the Bitcoin network.
QR codes are a visual, one-directional channel during the scanning phase. You can see exactly what the device is displaying. There is no invisible data being transmitted over a cable that could be spoofed or intercepted. The entire transaction exchange happens through camera-to-screen communication that you can physically observe.
For transactions too large for a single QR code, the Keystone 3 Pro also supports MicroSD as a secondary air-gap method. You can write the PSBT to a card, insert it into the Keystone, sign, and carry the signed file back. The flexibility to switch between QR codes and MicroSD depending on transaction size is a practical advantage over devices that support only one method.
Screen size is not just a comfort feature on a hardware wallet. It directly affects your ability to verify transactions. When you approve a Bitcoin transaction, you should read the destination address on the hardware wallet screen and compare it to what you intended to send. On a small screen, that address is compressed or truncated. On a 4-inch screen, you can read it fully.
The Coldcard Mk4 displays addresses on a small monochrome screen with limited characters per line. The Foundation Passport uses a 1.8-inch display that is better than the Coldcard but still compact. The Keystone 3 Pro's 4-inch color touchscreen lets you see a complete Bitcoin address, the full amount in both BTC and fiat, the fee, and a confirmation prompt, all without scrolling or squinting.
Touchscreen navigation also makes the setup process significantly less painful. Creating a new wallet, entering a passphrase, navigating menus, and configuring settings all happen through a responsive touch interface that feels closer to a modern smartphone than to a calculator. The Coldcard Mk4 requires numeric keypad navigation that takes time to learn. The Keystone 3 Pro is intuitive within minutes.
The tradeoff for the large touchscreen is physical size. The Keystone 3 Pro is larger and heavier than more compact hardware wallets. It is not a device you slip into a thin wallet. It is a dedicated device you handle deliberately, which is appropriate for cold storage. The size is a feature, not a compromise.
The Keystone 3 Pro includes a fingerprint sensor that handles device unlock and transaction approval. You register your fingerprint during the initial setup process. After that, tapping the sensor unlocks the device and can be used to approve transactions in place of typing your PIN each time.
The fingerprint data is stored entirely within the secure element chips and never leaves the device. Keystone does not transmit biometric data anywhere. There is no cloud backup, no server sync, and no way for the fingerprint to be extracted remotely. If someone physically dismantled the device, the secure element protects the data through tamper-resistance.
The sensor is optional. If you prefer PIN-only authentication for any reason, including a philosophical objection to biometric data on security devices, you can skip fingerprint registration entirely and the device functions identically. The PIN remains the fallback in all cases: if the fingerprint sensor fails or is unavailable, you always have PIN access.
In practice, the fingerprint sensor makes daily use considerably faster. Hardware wallets that require full PIN entry every time tend to be used less often, which discourages the habit of verifying balances and preparing test transactions. Fingerprint unlock removes that friction while maintaining the security that matters: keys still never leave the device.
The Keystone 3 Pro ships with multi-chain firmware that supports Bitcoin alongside dozens of other cryptocurrencies. For a Bitcoin-focused security device, that is not ideal. Every additional coin requires additional parsing code, additional address validation logic, and additional dependencies. More code means more surface area for bugs and vulnerabilities.
Keystone publishes a separate Bitcoin-only firmware build on their GitHub repository. It strips out all altcoin support, resulting in a smaller, simpler codebase that is faster to audit and has fewer potential failure points. If you are only holding Bitcoin, the Bitcoin-only firmware is the right choice.
Flashing the Bitcoin-only firmware takes approximately ten minutes. The process involves downloading the firmware file from GitHub, verifying its signature, copying it to a MicroSD card, inserting the card into the Keystone, and following the on-screen update prompts. The device verifies the firmware signature before installing. Keystone documents the process clearly. Do this before generating any seed phrase or funding the wallet.
One practical note: once you flash Bitcoin-only firmware, the altcoin features are gone until you re-flash the multi-chain version. The two firmwares generate wallets from the same seed phrase but with different derivation paths for non-Bitcoin coins. For someone holding only Bitcoin, this is irrelevant. The commitment to Bitcoin-only is a feature.
Keystone is headquartered in Hong Kong with manufacturing and supply chain ties to mainland China. This is a fact that matters to some Bitcoin security researchers and means nothing to others. The right stance depends on your threat model.
The main concern with Chinese-manufactured hardware is supply chain transparency. It is harder to verify what components were used, where they were sourced, and whether the assembled device matches the published specifications. Foundation Devices (USA) publishes complete hardware schematics and sources components with documented provenance. Shift Crypto (Switzerland) operates under Swiss manufacturing standards with detailed supply chain documentation. Keystone's hardware documentation is less complete by comparison.
The mitigating factor is the open-source firmware. You cannot easily verify what is soldered onto a circuit board, but you can verify what software is running on it. The Keystone 3 Pro firmware is fully open source on GitHub. You can read every line, build it from source, and flash the compiled binary yourself. The software you are trusting is auditable.
For most threat models, this is sufficient. The realistic attack vector for hardware wallets is malicious firmware, not malicious hardware. Open source firmware with public review significantly reduces that risk. Hardware-level attacks require physical access, lab equipment, and expertise that state-level adversaries have but common thieves do not.
If your threat model specifically includes nation-state adversaries with supply chain access, the Foundation Passport (made in the USA with full hardware documentation) or a Coldcard (made in Canada) may be a better fit. For everyone else, the Keystone 3 Pro's open firmware provides reasonable assurance.
The Keystone 3 Pro is well-suited to multisig cold storage. The QR-based PSBT workflow means it participates in any multisig coordination without a USB cable. Sparrow Wallet handles the coordination: it collects unsigned PSBTs, routes them to each signer, and assembles the final signed transaction once the threshold is met.
A practical 2-of-3 multisig setup might look like this: Keystone 3 Pro as one signer (QR-based air-gap), a Coldcard Mk4 as the second (MicroSD air-gap), and a Foundation Passport as the third (QR air-gap, stored off-site). Three manufacturers, three different supply chains, three different firmware codebases, three different air-gap implementations. No single point of failure at any level.
Setting up the multisig starts with exporting the xpub from each device. On the Keystone, this is a QR code you scan with your computer camera. Sparrow imports all three xpubs and creates the multisig wallet descriptor. From that point, any transaction requires scanning two QR codes (one round trip per signer) to collect two signatures. The entire process is cable-free.
The 4-inch touchscreen proves valuable here. Reviewing a multisig transaction shows the destination address, the amount, and the full multisig policy on screen. Verifying that information is easier on 4 inches than on a 1.8-inch display. For a security operation where you are authorizing a large transfer, readability is a genuine security property.
Before you generate a seed phrase on the Keystone 3 Pro, there is one non-negotiable first step: flash the Bitcoin-only firmware. The device ships with multi-chain firmware. Download the Bitcoin-only build from the Keystone GitHub, copy it to a MicroSD card, insert the card, and follow the update prompt. Ten minutes. Do not skip this.
Once the firmware is updated, power cycle the device and begin the wallet creation flow. The touchscreen walks you through seed phrase generation clearly. You can use the device's built-in random number generator, or you can use dice rolls to generate entropy manually. The dice roll option works the same way it does on the Coldcard: you roll physical dice and enter the results, giving you control over the randomness used to create your seed.
Write down your 24-word seed phrase on paper. Stamp it into metal if you take seed storage seriously. The Keystone ships with a seed phrase backup card but metal stamping is more durable against fire and water. Verify the backup by clearing the device and recovering from your written words before moving any funds.
After seed creation, set up your fingerprint if you want it. Then pair the device with Sparrow Wallet by exporting your xpub as a QR code. Import it into Sparrow to create a watch-only wallet. Send a small test amount, verify the receiving address on both Sparrow and the Keystone screen, receive it, build a small test withdrawal, sign it with the Keystone via QR, and broadcast. Run this full cycle with a small amount before trusting the setup with significant funds. This is not paranoia: it is standard practice for any new hardware wallet.
The Keystone 3 Pro supports BIP39 passphrases, which act as a 25th word appended to your seed phrase. Enter a different passphrase and you access a completely different set of addresses. This creates plausible deniability: your base seed shows one wallet, your passphrase reveals another. Neither reveals the existence of the other.
The touchscreen makes passphrase entry tolerable. On a device like the Coldcard Mk4 with a numeric keypad, typing a long passphrase requires multiple button presses per character. On the Keystone's touchscreen, you type on a full on-screen keyboard. The friction is dramatically lower, which matters because people who find passphrase entry painful tend to use weaker passphrases or skip them entirely.
Beyond passphrases, the Keystone 3 Pro supports storing up to three separate wallets on a single device. Each wallet has its own seed phrase and optional passphrase. You can keep a small decoy wallet with a modest balance alongside your main holdings. If you are ever under duress and forced to reveal a wallet, the decoy provides plausible cover while your main holdings stay separate.
The multi-wallet support is one area where the Keystone 3 Pro matches or exceeds more expensive competitors. Foundation Passport supports single wallet per device. Coldcard supports multiple accounts through BIP-85 derived wallets. The Keystone's approach of three distinct seed phrases on one device is more straightforward for users managing separate use cases.
Store your seed phrase backups in separate physical locations. The device itself is not the critical backup: the 24-word seed is. If the Keystone 3 Pro is lost, stolen, or damaged, any compatible wallet software can recover your funds from the seed words. The hardware is replaceable. The seed backup is not.
If you use a BIP39 passphrase, that passphrase is equally critical and must be backed up separately from the seed. Losing the passphrase means losing access to the funds behind it, permanently, with no recovery path. The touchscreen makes passphrase entry comfortable enough that there is no reason to use a short or weak one. Use a strong passphrase and back it up as carefully as your seed words.
Four wallets compete most directly with the Keystone 3 Pro in the air-gapped and security-focused segment. Here is an honest comparison.
| Feature | Keystone 3 Pro ($169) | Coldcard Mk4 ($157) | Passport ($199) | Trezor Safe 3 ($79) |
|---|---|---|---|---|
| Air-gapped | Yes (QR + MicroSD) | Yes (MicroSD) | Yes (QR codes) | No (USB) |
| Screen size | 4-inch color touch | Small mono (no touch) | 1.8-inch color | 1.54-inch color |
| Secure element | Triple EAL6+ (Infineon) | Dual (ATECC608A + SE050) | Single EAL6+ | Optiga Trust M |
| Fingerprint sensor | Yes | No | No | No |
| Bitcoin-only FW | Yes (manual flash) | Yes (always) | Yes (default) | No |
| Open source | Firmware only | Firmware + hardware | Full stack (HW+FW+app) | Firmware only |
| Companion app | None (use Sparrow) | None (use Sparrow) | Envoy (excellent) | Trezor Suite |
| Power source | AA batteries | USB-C | AA batteries | USB-C |
| Made in | China | Canada | USA | Czech Republic |
| Best for | QR + big screen | Maximum security | Air-gap + usability | Beginners |
Most hardware wallets use a single Secure Element chip to protect private keys. The Keystone 3 Pro uses three, all from Infineon and all certified to EAL6+ (Evaluation Assurance Level 6+, the second-highest security certification in the Common Criteria framework). Understanding why this matters requires a brief explanation of what Secure Elements do.
A Secure Element is a tamper-resistant chip designed to store and process cryptographic secrets. It resists physical probing (trying to read memory directly), side-channel attacks (timing analysis, power consumption analysis), and fault injection (inducing errors to extract keys). An attacker with a single Secure Element to attack needs to beat one chip. An attacker facing three cross-verifying chips needs to beat all three simultaneously.
The cross-verification is the key part. The three chips do not simply duplicate storage. They verify each other during critical operations: seed generation, key derivation, and transaction signing. If one chip returns an anomalous result during verification, the operation is rejected. A hardware fault injection attack that corrupts one chip's output gets caught by the other two. This makes certain classes of physical attack significantly harder.
In practice, most hardware wallet users are not facing sophisticated physical attackers with lab equipment and expertise. The Secure Element architecture matters most at the extreme end of threat modeling. But it is also a genuine differentiator. The Coldcard Mk4 uses dual Secure Elements from different manufacturers. The Keystone 3 Pro uses three from the same manufacturer with cross-verification. Both approaches are more robust than the single-chip designs used by Trezor and most other wallets.
For buyers choosing between the Keystone 3 Pro and the Coldcard on security hardware alone: the Coldcard's dual-chip approach uses different chip vendors, which provides diversity as well as redundancy. The Keystone uses three chips from one vendor. Different threat model assumptions favor different designs. Either way, both are meaningfully more secure than single-chip alternatives.
The Keystone 3 Pro is the right device if you want air-gap signing through QR codes and the large screen matters to you. If you have tried to verify a full Bitcoin address on a small hardware wallet display and found it uncomfortable, the 4-inch touchscreen solves that problem. Address verification is critical security practice. A screen that makes it easy is a genuine improvement.
Mobile wallet users who currently rely on BlueWallet for on-chain management will find the Keystone 3 Pro an excellent companion. BlueWallet natively supports QR PSBT signing, and the two devices pair through camera-to-camera exchange without any cables or adapters. You monitor balances in BlueWallet, build the transaction, and scan back and forth with the Keystone. Clean, physical, cable-free.
Multisig users should consider the Keystone 3 Pro as one key in a diverse quorum. Pair it with a Coldcard (Canadian, MicroSD air-gap) and a Foundation Passport (American, QR air-gap) in a 2-of-3 setup. Three manufacturers, three different supply chains, three different firmware codebases. The Keystone's QR workflow integrates naturally into a Sparrow-coordinated multisig.
If supply chain origin is a primary concern in your threat model, look at the Coldcard (Canada) or Foundation Passport (USA) instead. Both offer full hardware documentation. If you are comfortable with the Chinese manufacturing origin given the open-source firmware, the Keystone 3 Pro delivers excellent hardware at a fair price.
Not recommended as a first hardware wallet for beginners. Start with a Trezor Safe 3 at $79 to learn the fundamentals. The Keystone 3 Pro assumes you already understand PSBT workflows and why air-gapping matters.
The Keystone 3 Pro earns an 8/10 by delivering the best screen in the air-gapped hardware wallet category alongside strong security credentials: triple EAL6+ secure elements, QR code air-gap, open-source firmware, and an optional Bitcoin-only build. At $169, it undercuts the Foundation Passport ($199) while offering more hardware features on paper.
It loses points for the Chinese manufacturing origin and the fact that it ships with multi-coin firmware by default. Both issues are manageable: the open-source firmware compensates for hardware transparency concerns, and flashing Bitcoin-only firmware is a ten-minute process. But they require action from the buyer that competing wallets do not. The Foundation Passport ships Bitcoin-only. The Coldcard never included altcoins.
The QR-only workflow is slower than USB for users signing transactions daily. If you are a frequent signer, a USB-connected wallet like the BitBox02 is more practical. For cold storage that you access occasionally, QR is fine, and the security benefit of full air-gap is worth the added friction.
For air-gap purists who want QR signing, a large display, and a fingerprint sensor, the Keystone 3 Pro is the best option at its price. Flash the Bitcoin-only firmware on day one and you have a capable, auditable signing device that pairs well with Sparrow or BlueWallet.
$169. Air-gapped QR signing, 4-inch touchscreen, fingerprint sensor, triple secure elements.
Affiliate Disclosure: Bitcoin.diy may earn a commission if you buy through our links. This does not affect our ratings.
Yes. The Keystone 3 Pro supports two air-gap methods: QR codes and MicroSD card. There's no USB data connection, no Bluetooth, no WiFi, and no NFC. The USB-C port handles charging only. Your private keys never touch an internet-connected device through any wired or wireless channel.
Keystone ships with multi-chain firmware by default, but they offer a separate Bitcoin-only firmware on GitHub. It strips out all altcoin support, which reduces the codebase and shrinks the attack surface. If you're only holding Bitcoin, flash the Bitcoin-only firmware before setting up your wallet. The process takes about ten minutes.
The fingerprint sensor handles device unlock and transaction approval. You register your fingerprint during setup, and from then on you can tap to unlock instead of entering a PIN every time. It's optional. You can stick with PIN-only if you prefer. The fingerprint data stays inside the secure element and never leaves the device.
It's worth thinking about. Keystone (formerly Cobo Vault) is based in Hong Kong with ties to mainland China. The firmware is open source, so you can audit what's running on the device. But hardware supply chain transparency is less complete than Foundation Devices (USA) or Shift Crypto (Switzerland). Some Bitcoiners avoid Chinese-manufactured hardware on principle. Others focus on the verifiable code. Make your own call based on your threat model.
Yes, up to three separate wallets on a single device. Each wallet has its own seed phrase and optional passphrase. This is handy for keeping a decoy wallet alongside your main stash, or for managing separate cold storage accounts.
Yes, and it's the best pairing for Bitcoin-focused use. Sparrow supports Keystone via QR code PSBT signing. You build a transaction in Sparrow, scan the QR on the Keystone, review and approve, then scan the signed QR back into Sparrow. No USB cable touches the device at any point. Connect Sparrow to your own Bitcoin node for maximum privacy.
The Keystone 3 Pro uses three Infineon EAL6+ certified secure element chips instead of the single chip most wallets use. They cross-verify each other during critical operations like key generation and transaction signing. A hardware attacker would need to compromise all three chips at once rather than just one.
Both are air-gapped QR wallets with open-source firmware. Keystone has the bigger screen (4 inches vs 1.8 inches), fingerprint auth, triple secure elements, and a lower price ($169 vs $199). Passport has the better companion app (Envoy), publishes full hardware schematics, is made in the USA, and is Bitcoin-only by default. If screen size and price matter most, go Keystone. If transparency and companion app quality matter most, go Passport.
Very good. The QR-based PSBT workflow means it can participate as a signer in any multisig setup without cables. Pair it with a Coldcard and a Passport in a 2-of-3 multisig coordinated through Sparrow, and you've got three different manufacturers, three different air-gap implementations, and no single point of failure.
For an air-gapped wallet with a 4-inch touchscreen, fingerprint sensor, triple secure elements, and two air-gap methods? Yes, $169 is fair. It's cheaper than the Foundation Passport ($199) and offers more hardware features. The main tradeoffs are the Chinese manufacturing origin and the fact that it's not Bitcoin-only out of the box.
The most security-hardened Bitcoin wallet with dual Secure Elements and full air-gap.
Foundation Passport Review (8.5/10)→Fully open-source air-gapped wallet with the best companion app in the category.
Sparrow Wallet Review→The best desktop Bitcoin wallet for hardware wallet pairing and coin control.
BlueWallet Review (8/10)→Best free mobile Bitcoin wallet with native QR PSBT signing support.
Bitcoin Cold Storage Guide→Step-by-step guide to moving Bitcoin off exchanges into cold storage.
Bitcoin Security Guide→Comprehensive guide to protecting your Bitcoin from theft and loss.