The best hardware Ledger currently makes. 2.84-inch E Ink touchscreen, EAL6+ chip, $249. But closed firmware and Recover remain real concerns.
The Flex is the best hardware wallet Ledger currently makes, and the clearest value in their lineup. A 2.84-inch E Ink color touchscreen protected by Gorilla Glass, a CC EAL6+ Secure Element, Bluetooth, and USB-C at $249. It is a significant upgrade over the Nano X and a smarter buy than the Stax. The hardware is genuinely good. The limiting factor is the same one that has held every Ledger device back for years: closed-source firmware you cannot independently verify.
That trust gap is why the Flex earns 7.5 rather than 9. For mainstream users who want a polished experience and are comfortable with closed-source tradeoffs, it is an excellent device. For Bitcoin holders who treat self-custody as a way to eliminate third-party trust, the closed firmware is a direct contradiction. The Trezor Safe 5 at $169 and the Foundation Passport at $199 both deliver open firmware with strong hardware. This review breaks down exactly who the Flex is for and who should look elsewhere.
| Category | Score | Notes |
|---|---|---|
| Security | 7.0/10 | EAL6+ SE is strong, but firmware is a black box |
| Ease of Use | 9.0/10 | E Ink touchscreen + Ledger Live = smooth setup |
| Transparency | 4.0/10 | Closed firmware, NDA-restricted chip, Recover capable |
| Price / Value | 6.0/10 | $249 while open-source rivals cost $148 to $199 |
| Build Quality | 8.5/10 | Gorilla Glass, solid feel, good haptics |
| Overall | 7.5/10 | Good hardware held back by closed firmware trust model |
| Specification | Detail |
|---|---|
| Secure Element | ST33K1M5 (STMicroelectronics), CC EAL6+ certified |
| Display | E Ink color touchscreen, 2.84 inch, Gorilla Glass |
| Connectivity | USB-C + Bluetooth (no NFC, no wireless charging) |
| Firmware | Closed-source (NDA with STMicroelectronics) |
| Bluetooth | Yes |
| Origin | France |
| Asset support | Multi-asset (5,500+ coins and tokens) |
| Price | $249 USD |
Substantially. The Nano X has a tiny OLED screen, button navigation, and shows truncated addresses that require multiple button presses to scroll through. Verifying a Bitcoin receive address on a Nano X is tedious enough that people genuinely skip the check. That is a security problem disguised as a UX problem. If users are not verifying addresses before sharing them, the hardware wallet is not doing its most important job.
The Flex shows the full Bitcoin address on screen in a single view. Touch navigation is faster than button-pressing. The E Ink display is crisp and easily readable in direct sunlight, unlike any OLED. If you are upgrading from an older Nano device, the Flex is a genuine improvement to the address verification workflow that actually matters for security. Users who previously skipped address verification will check it on the Flex because it takes two seconds instead of twenty.
Clear Signing is a meaningful addition. Ledger added human-readable transaction details that show you the actual destination address, amount, and fees in plain language before you confirm. This reduces the risk of blind signing attacks where malicious software on your computer shows you one address while preparing to send to another. You confirm what the Flex screen shows, not what your computer screen shows.
The E Ink display has a useful trick: it can display a custom image when the device is idle or asleep, and it draws zero battery power to hold a static image. Your wallet can sit on your desk showing a lock screen design or personal art. Cosmetic, yes. But it makes the device feel considerably more premium than the Nano X's plain black bar.
Battery life is a real quality-of-life improvement over the Nano X. The Nano X had documented battery issues that led to widespread customer complaints and warranty replacements. The Flex's larger battery combined with the E Ink display's near-zero standby draw means a single USB-C charge genuinely lasts weeks of typical use. Most people charge it once a month.
If you are currently using a Nano X or Nano S Plus and wondering whether the upgrade is worth it: yes, the Flex is a meaningful step up in daily usability. The question is not whether it is better than what you have. It is whether it is the best option at $249. Open-source alternatives at $148 to $199 make that a legitimate question worth considering.
The Flex is the right call for someone already committed to the Ledger ecosystem. If you use Ledger Live to manage a multi-asset portfolio spanning Bitcoin, Ethereum, and other tokens, the Flex is the most comfortable upgrade path. If you want the most recognizable hardware wallet brand for a family member who will need hand-holding through setup, Ledger's support infrastructure and documentation are genuinely good. If the open-source firmware debate registers as a theoretical concern rather than a practical one for your threat model, those are all defensible positions.
Within the Ledger lineup specifically, the Flex is the smart buy over the Stax. Both run identical firmware and use the same Secure Element. The extra money for the Stax buys you a larger curved screen, Qi wireless charging, and NFC. Those are design improvements, not security improvements. The $50 to $150 you save choosing the Flex over the Stax buys a titanium seed backup plate or contributes to a second signing device for a multisig setup.
If you are Bitcoin-only and firmware auditability is a priority, the Foundation Passport at $199 gives you open hardware, open firmware, and QR air-gap security. The BitBox02 at $149 gives you open firmware with a clean minimalist design. Neither has a touchscreen as good as the Flex. That is the trade-off. The hardware wallet comparison lays it all out side by side.
The Flex also suits users who have been burned by the Nano X's battery issues or frustrated by its small-screen signing experience and want to stay in the Ledger ecosystem without switching brands. The E Ink touchscreen genuinely solves the Nano X's biggest usability problem. Address verification goes from a chore you might skip to a quick two-second tap. For existing Ledger users upgrading, the Flex is the straightforward answer.
In May 2023, Ledger pushed a firmware update enabling a paid service called Ledger Recover. The service encrypts the seed phrase, splits it into three cryptographic shards, and distributes them to three custodians: Coincover, EscrowTech, and Ledger. The update revealed something fundamental: the Secure Element on every Ledger device is capable of exporting seed material via software. Before Recover launched, many users and researchers assumed keys were physically incapable of leaving the chip. That assumption turned out to be wrong. The backlash was immediate and significant. Ledger's community called it a betrayal of the device's core security promise.
Ledger maintains that Recover requires explicit user consent and no keys are exported without user initiation. This is probably accurate. But the firmware is closed source. You cannot read the code. You cannot independently verify that the export path requires consent, that it cannot be triggered remotely, or that a future firmware update will not change the behavior. You are trusting Ledger's internal processes about what runs on a chip you cannot inspect. For a hardware wallet whose entire purpose is removing trust from your security model, this is a direct contradiction. Open-source alternatives like the Trezor Safe 5, Foundation Passport, and Coldcard give you the code to verify claims like "this can only happen with consent." Ledger does not.
If you choose to use Ledger Recover, you should understand exactly what you are opting into. The three custodians each hold one encrypted shard. Recovering your wallet requires two of three custodians to cooperate, which provides some resilience against a single custodian being compromised or going out of business. Ledger's identity verification is required to initiate recovery. The service costs a monthly subscription fee. For most self-custody users, this level of custodial involvement defeats the purpose of a hardware wallet. The recommendation is to skip Ledger Recover entirely, maintain a robust physical seed backup, and rely on your own redundancy rather than Ledger's cloud service.
Yes, and for Bitcoin specifically you should seriously consider it. Sparrow Wallet paired with the Flex over USB-C is the recommended privacy setup. Ledger Live connects to Ledger's own servers to check your balance and broadcast transactions. That means every time you open the app, Ledger's infrastructure sees which Bitcoin addresses belong to you and your complete transaction history. For a product intended to protect financial sovereignty, routing your wallet data through a third-party server is an uncomfortable contradiction.
Sparrow connects to your own Bitcoin node or a trusted Electrum server. No external party sees your addresses or transactions. Setup takes about ten minutes: install Sparrow, connect the Flex via USB-C, scan for the extended public key, and you are done. Sparrow handles coin control, custom fee selection, UTXO labeling, and PSBT-based transaction signing. If you run your own node, point Sparrow at it and you have a fully sovereign Bitcoin setup.
On mobile, BlueWallet connects to the Flex via Bluetooth and works well for smaller amounts. The same privacy logic applies: point BlueWallet at your own Electrum server for full privacy. The Bluetooth connection between your phone and the Flex is encrypted, but the server you use for balance data matters more than the local wireless link. Using Ledger Live for altcoin management while running Sparrow for Bitcoin is a reasonable split if you need both.
The Flex is not competing against budget hardware. At $249, it sits above every open-source Bitcoin-focused wallet on the market. Here is a direct comparison of the most relevant alternatives.
| Feature | Ledger Flex | Trezor Safe 5 | Passport | Coldcard |
|---|---|---|---|---|
| Price | $249 | $169 | $199 | $148 |
| Screen | 2.84" E Ink touch | 1.54" color touch | 1.8" color LCD | Small OLED |
| Open firmware | No (closed) | Yes (full) | Yes (full) | Yes |
| Air-gapped | No | No | Yes (QR only) | Yes (QR + microSD) |
| Bitcoin-only | No (5,500+ coins) | Optional firmware | Yes (by design) | Yes (by design) |
| SE certification | CC EAL6+ | EAL6+ (NDA-free) | STM32 + SE | ATECC608B |
| Bluetooth | Yes | No | No | No |
| Shamir backup | No | Yes (SLIP-39) | No | No |
The Flex leads on screen quality and ecosystem breadth. It trails on firmware transparency, air-gap options, and price relative to what you get. For Bitcoin-only holders, the open-source alternatives represent a more defensible security model.
Within the Ledger lineup, yes. The Flex is clearly the best value: better screen than the Nano X, cheaper than the Stax, same Secure Element and firmware across the board. If you are going to use Ledger Live, hold multiple asset types, and want the most polished touchscreen experience in the Ledger range, this is the one to buy. There is no internal competitor that beats it on price-to-features.
But "best Ledger value" and "best hardware wallet for Bitcoin" are different evaluations. The Flex carries closed firmware, no air-gap option, Bluetooth as a potential attack surface, and Ledger Live privacy concerns. None of these make the Flex a bad device in absolute terms. They define specific trade-offs that some buyers will find acceptable and others will not.
If open firmware matters to you, the BitBox02 at $149 and Foundation Passport at $199 are the honest alternatives. If you want open firmware with a color touchscreen, the Trezor Safe 5 at $169 does exactly that. These are not hypothetical alternatives: they are real products with stronger transparency postures at lower prices.
The simplest framework: if you hold Bitcoin and nothing else, buy an open-source wallet. If you hold Bitcoin plus Ethereum and other tokens and want one device to handle everything, the Flex is a reasonable choice. If you want the biggest screen Ledger makes, get the Stax and accept the premium.
Whatever you choose, moving Bitcoin from an exchange to a hardware wallet is the action that actually matters. The specific brand is secondary to doing it. The cold storage guide has the full decision framework if you are still weighing options.
It depends on your threat model. Ledger states that Bluetooth only transmits public data such as unsigned transactions and public keys. Private keys never leave the Secure Element, regardless of whether you use USB-C or Bluetooth. That is technically correct and represents a reasonable security boundary.
The concern is not that Bluetooth directly leaks your private keys. The concern is that Bluetooth is an additional radio interface that expands the attack surface of the device. Every wireless protocol has had vulnerabilities discovered over time. BlueBorne in 2017 allowed remote code execution on Bluetooth devices without pairing. KNOB attack in 2019 reduced Bluetooth encryption key entropy. BrakTooth in 2021 found denial-of-service flaws in dozens of Bluetooth chipsets. Each new vulnerability creates a theoretical path that a USB-only or QR-only wallet simply does not have.
In practice, no hardware wallet has been compromised through its Bluetooth interface in a real-world attack. The risk is theoretical rather than demonstrated. The Flex also lets you disable Bluetooth entirely in settings if you prefer USB-C only operation. That option is worth using if you are cautious.
For context: the Trezor Safe 5, Coldcard, Foundation Passport, and BitBox02 all skip Bluetooth entirely. Their view is that any radio interface is an unnecessary addition to a device that only needs to sign transactions. That is the more conservative position. For a device securing meaningful amounts of Bitcoin, conservative is usually correct.
Yes, and using the Flex in a multi-vendor multisig quorum is actually one of the best ways to address the closed firmware concern. In a 2-of-3 setup via Sparrow Wallet or Specter Desktop, you would pair the Flex with devices from two other manufacturers, for example a Coldcard and a Foundation Passport. Even if Ledger's closed firmware were somehow compromised, an attacker would still need to compromise both of the other signing devices to move your funds. Multisig converts the Flex's biggest weakness into a managed and bounded risk.
Setup via Sparrow is straightforward. You import the extended public keys from each signing device, define the quorum threshold, and generate a multisig wallet descriptor. The Flex signs PSBTs over USB-C. Sparrow handles the coordinator role. This approach works well for long-term cold storage of significant amounts where no single device should be a single point of failure.
If you already own a Flex and have concerns about its firmware, putting it into a multi-vendor multisig configuration is the most pragmatic path forward. You get to use the hardware you have already paid for while meaningfully reducing the trust concentration in any single manufacturer's firmware.
Sparrow's multisig coordinator is well-documented and straightforward to configure. You import each device's xpub, define the quorum, save the wallet descriptor in multiple secure locations, and you are operational. The Flex signs its portion of any PSBT without needing to know the other cosigners, which keeps the setup modular and maintainable over time.
The hardware itself is well-made. Gorilla Glass protects the E Ink panel. The frame is solid with good weight distribution. The touchscreen is responsive with low latency and the haptic feedback gives each tap a satisfying physical confirmation. It does not feel like a piece of consumer electronics designed to be replaced in eighteen months. At $249, it should not feel that way, and it does not.
Battery life is rated at approximately ten hours of active use, or roughly 150 transaction signings per charge via USB-C. In actual use, since you only pick the Flex up to sign transactions or check addresses, a single charge realistically lasts three to five weeks. The E Ink display consumes no power when holding a static image, which makes standby life exceptional compared to an OLED screen. Most users report charging it once or twice a month at most.
In terms of physical size, the Flex sits roughly between a large keychain fob and a small remote control. It is compact enough for a drawer or a small safe but large enough that the touchscreen is comfortable to use with a fingertip. The flat display (unlike the Stax's curved panel) means it rests flush on a desk, which makes it easier to use when plugged into a computer via USB-C. A small but practical detail.
The Flex ships with a USB-C cable in the box, which is enough to get started immediately. A magnetic charging cradle accessory is available separately for desk use, but it is not required for standard operation. The packaging is minimal and thoughtfully designed, with the device protected by a form-fitting insert. Nothing arrives loose or poorly packaged. Ledger's attention to the unboxing experience is evident and matches the overall premium positioning of the product.
For the vast majority of users, no. The Stax runs identical firmware, uses the same ST33K1M5 Secure Element, and operates the same BOLOS operating system as the Flex. The premium you pay for the Stax over the Flex buys three things: a 3.7-inch curved E Ink screen instead of a 2.84-inch flat one, Qi wireless charging, and NFC. These are industrial design upgrades, not security upgrades. The signing experience, address verification, and security model are functionally identical on both devices.
The curved screen is genuinely beautiful. Tony Fadell, the iPod designer, was involved in its development and the craftsmanship shows. But for verifying a Bitcoin address before signing, the Flex's flat 2.84-inch screen is entirely sufficient. You can read the full address, confirm the destination, and verify the fee. The larger screen adds visual elegance, not meaningful functionality for the core security task.
Wireless charging is a nice feature for a phone you charge nightly. For a hardware wallet you charge every few weeks, plugging in a USB-C cable once a month is not a meaningful inconvenience. The $50 to $150 you save by choosing the Flex is more usefully spent on a titanium or steel seed backup plate for your seed phrase, which is a far more impactful security upgrade than a curved screen.
Bitcoin-only holders who prioritize firmware auditability. If your security philosophy is "trust but verify," the Flex fails the verify part. The Secure Element firmware is closed source. You cannot audit what it does. The Ledger Recover controversy is a concrete demonstration that capabilities exist inside that firmware which were not publicly disclosed until Ledger chose to enable them. Open-source alternatives exist at lower prices and deliver stronger transparency guarantees. That is a hard argument to counter.
Advanced users who need PSBT air-gap workflows or who sign transactions from offline machines will also find the Flex limiting. The device has no QR code scanner or microSD slot, which means it cannot participate in a fully air-gapped signing flow. If your security model requires the signing device to never have any electrical connection to a networked computer, the Flex is not compatible with that workflow. The Coldcard and Foundation Passport are the right choices for that use case.
Privacy-first users who will not use Ledger Live. If you are going to pair the Flex exclusively with Sparrow Wallet, you are paying the Ledger premium for hardware whose companion app you will never use. A BitBox02 at $149 or a Trezor Safe 5 at $169, both with open firmware, paired with Sparrow gives you the same workflow with a cleaner trust model. The Flex's best feature, Ledger Live's polished UX, becomes irrelevant if you use Sparrow.
Anyone on a constrained budget. At $249, the Flex is the most expensive hardware wallet in its tier. A Coldcard Mk4 at $148 gives you every advanced Bitcoin feature, full air-gap capability, and open-source firmware. A BitBox02 at $149 gives you open firmware in a clean, small package. The Flex's price is only justifiable if you specifically want the Ledger ecosystem combined with the E Ink touchscreen experience.
Fifteen to twenty minutes from opening the box to your first receive address. You download Ledger Live on your computer or phone, connect the Flex via USB-C, let Ledger Live update the firmware to the latest version, and then walk through the onboarding sequence. The device generates a 24-word seed phrase and displays each word on the E Ink touchscreen for you to write down. You then verify the seed by selecting the correct words in order. The touchscreen makes this process noticeably smoother than the button navigation on Nano devices.
The most important step during setup is recording your seed phrase correctly and securely. Write it on paper or stamp it into a steel backup plate. Never photograph it. Never type it into a phone, email, or notes app. Never store it digitally in any form. The seed phrase is the only backup of every Bitcoin in the wallet. If someone else obtains it, they own your Bitcoin. If you lose it and the device breaks or is lost, the Bitcoin is permanently inaccessible. Ledger Live explains this during setup, but it bears repeating because the consequences are irreversible.
For Bitcoin specifically, Sparrow Wallet is the better choice. Ledger Live is well-designed and genuinely beginner-friendly, but it connects to Ledger's servers by default. Every balance check, address lookup, and transaction broadcast passes through Ledger's infrastructure. If financial privacy matters to you, routing your Bitcoin wallet activity through a third-party server is a meaningful compromise.
Sparrow connected to your own Bitcoin node eliminates that exposure entirely. No external party sees your wallet. You get full coin control, custom fee selection, UTXO labeling and management, and PSBT-based signing with the Flex over USB-C. The setup is slightly more technical than Ledger Live, but Sparrow's documentation is thorough and the privacy benefit is substantial for anyone who takes self-custody seriously.
If you use the Flex for altcoin and token management as well, Ledger Live is the only path for those assets. Sparrow is Bitcoin-only by design. A reasonable split is using Sparrow for your Bitcoin stack and Ledger Live only for other assets. You get privacy where it matters most while keeping access to the broader Ledger ecosystem for everything else.
One practical note for Sparrow setup: during wallet creation, choose Native SegWit (bech32, addresses starting with bc1q) or Taproot (P2TR, addresses starting with bc1p) as your address type. Legacy addresses still work but carry higher transaction fees. Sparrow surfaces this choice clearly during setup and does not default to legacy formats the way some older workflows do.
Ledger ships the Flex in sealed tamper-evident packaging. The device itself runs a firmware attestation check during setup that verifies the firmware has not been modified. When you first connect to Ledger Live, the app performs a genuine check that confirms you are running authentic Ledger software on authentic Ledger hardware. This is a meaningful protection against supply chain attacks where a third party intercepts the device and installs modified firmware before it reaches you.
The practical recommendation is always to buy directly from Ledger's official website or authorized resellers. Avoid buying used hardware wallets, discounted devices from third-party marketplaces, or any device that arrives without factory seals intact. A hardware wallet bought at a discount from an unverified seller is not a bargain. The risk of receiving a compromised device is real and the financial consequences of using one can be total loss of funds.
One additional physical security note: the Flex supports BIP39 passphrases, which act as a 25th word appended to your seed phrase and create an entirely separate wallet derivation. Even if someone finds your 24-word seed phrase written on paper, they cannot access the passphrase-protected funds without knowing the additional secret. For significant amounts, a strong BIP39 passphrase is one of the highest-leverage security upgrades available on any hardware wallet, and the Flex supports it fully.
The PIN code on the Flex is another layer worth noting. After three incorrect PIN attempts, the device wipes itself. This protects against physical theft scenarios where someone steals the device and tries to brute-force the PIN. The wipe does not destroy your Bitcoin since the funds are recoverable from the seed phrase on a new device. It simply makes the stolen device useless to the attacker. Combined with a BIP39 passphrase stored separately from the seed phrase, you have a strong physical security posture even against a motivated adversary who obtains both the device and the seed backup.
The Flex is not an air-gapped device. It requires a connection to either a computer (via USB-C) or a smartphone (via Bluetooth) to sign transactions and interact with blockchain networks. The private keys never leave the Secure Element, but the transaction data travels over USB or Bluetooth to reach the connected host device. This is the same model used by the Nano X and the Stax.
This is a meaningful distinction from air-gapped wallets like the Foundation Passport and Coldcard, which can sign transactions using QR codes or microSD cards without any direct electrical connection to a potentially compromised computer. Air-gap signing means there is no data channel between the signing device and any networked machine, which eliminates a category of attack. The Flex does not offer this.
For most users securing moderate amounts of Bitcoin, the Flex's USB-C and Bluetooth connectivity model is entirely adequate. The attack scenarios that air-gap signing defends against require a sophisticated and targeted adversary. If your threat model includes nation-state actors or highly motivated and technically capable attackers targeting you specifically, an air-gapped device is worth the additional operational complexity. For the overwhelming majority of self-custody users, the Flex's connectivity model is not the weakest link in their security setup.
$249 from Ledger's official store. Only buy directly from Ledger or authorized retailers to avoid tampered devices.
Affiliate Disclosure: Bitcoin.diy may earn a commission if you purchase through our links. This does not affect our ratings or recommendations.
The Flex is a slightly smaller, slightly cheaper Stax. Both have E Ink touchscreens and run the same firmware. The Stax has a 3.7-inch curved screen versus the Flex's 2.84-inch flat screen. The Stax has Qi wireless charging; the Flex charges via USB-C only. The Stax has NFC; the Flex doesn't. If you're choosing between them, the Flex at $249 is the practical pick. You lose screen size and wireless charging but keep all the core functionality.
No. The Secure Element chip firmware is closed source due to NDA restrictions with STMicroelectronics. Ledger publishes their operating system and developer tools, but the critical firmware on the secure chip can't be independently verified. For Bitcoin holders who prioritize firmware auditability, the Trezor Safe 5, Coldcard, BitBox02, and Foundation Passport all offer open firmware.
Yes. The Flex supports all current Bitcoin address formats: Legacy (P2PKH), SegWit (P2SH-P2WPKH), Native SegWit (P2WPKH/bech32), and Taproot (P2TR). For new wallets, Native SegWit or Taproot are the right choices for lower fees and better privacy.
Yes, and it's the recommended setup for Bitcoin privacy. Sparrow connects to the Flex via USB-C. If you point Sparrow at your own Bitcoin node, no external party sees your addresses or transaction history. Ledger Live connects to Ledger's servers by default, which is a privacy trade-off worth avoiding.
Compared to the Stax, yes. Same core functionality for less money. Compared to open-source alternatives, it's harder to justify. A Foundation Passport at $199 gives you open hardware, open firmware, QR air-gap security, and the Envoy app. A Coldcard Mk4 at $148 gives you every advanced Bitcoin feature available. The Flex's $249 buys you a nice touchscreen and the Ledger ecosystem.
Ledger Recover is an optional paid service that encrypts your seed phrase, splits it into three shards, and stores them with custodians. A May 2023 firmware update proved that Ledger's Secure Element can export key material via software. Ledger says it requires explicit user consent. But it means you're trusting closed-source firmware not to do this without your knowledge. Most Bitcoin holders should skip Recover entirely.
Ledger rates it at about 10 hours of active use or roughly 150 transactions per charge via USB-C. Since you only pick it up to sign transactions, a single charge lasts weeks of real-world use. The E Ink screen draws zero power when displaying a static image, which helps standby time.
Yes. The Flex supports multisig Bitcoin wallets via Sparrow or Specter Desktop. You can use it as one signing device in a 2-of-3 or 3-of-5 setup alongside wallets from different manufacturers. Using hardware wallets from multiple vendors means no single firmware vulnerability can compromise your setup.
Yes. The device itself doesn't require an account. Ledger Live asks you to create one for full features, but you can skip that. If you use Sparrow Wallet instead of Ledger Live, you never touch Ledger's servers at all. The hardware wallet works independently.
The BitBox02 Bitcoin edition at $149 has open-source hardware and firmware, a clean minimalist design, USB-C only (no Bluetooth), and focuses entirely on Bitcoin. The Flex has a better screen, Bluetooth, and supports 5,500+ assets. If you're Bitcoin-only and care about open source, BitBox02. If you want a touchscreen and use multiple chains, Flex.
Bigger screen, wireless charging, same closed firmware
Open-source touchscreen alternative at $169
Open hardware, QR air-gap, Bitcoin-only at $199
Minimalist open-source wallet at $149
Maximum Bitcoin security with full air-gap
Complete decision framework for securing your Bitcoin