The best-looking hardware wallet ever made. 3.7-inch curved E Ink touchscreen, wireless charging, premium design. Closed firmware pulls the score down.
The Stax is genuinely impressive hardware. A 3.7-inch curved E Ink touchscreen designed with Tony Fadell's studio, wireless Qi charging, NFC, and a credit-card form factor. It is the best-looking hardware wallet ever made and nothing else in this market comes close. It also runs closed-source firmware, ships with the Ledger Recover capability baked in, and comes from a company with a customer data breach and a supply-chain hack on its recent record.
Both things are true at once. The hardware is beautiful. The trust model has real problems. This review lays out exactly where the Stax shines, where it falls short, and who should actually spend $279 on one in 2026. The score is 7/10. The design earns near-perfect marks. The closed firmware and Ledger Recover situation pull it down from the top of the chart.
We cover the full picture: the 3.7-inch E Ink display and what it means for address verification, the Ledger Recover controversy and why it matters for self-custody, the 2020 data breach and 2023 Connect Kit hack, how the Stax compares to the cheaper Flex and to open-source alternatives, and whether the design premium is worth $50 to $150 extra over competing products. Read all sections or jump to the one most relevant to your decision.
The Stax earns a 7 because the hardware is exceptional and the user experience is unmatched. Points come off for closed-source firmware, the Ledger Recover controversy, and a price premium that buys design rather than additional security. A great wallet for multi-asset Ledger ecosystem users. A harder sell for anyone who holds only Bitcoin.
| Category | Score | Notes |
|---|---|---|
| Security | 7.0/10 | EAL6+ SE is strong, firmware is unverifiable |
| Ease of Use | 9.5/10 | Best touchscreen + Ledger Live = smoothest setup |
| Transparency | 4.0/10 | Closed firmware, NDA chip, Recover-capable |
| Price / Value | 5.0/10 | $279 while open-source rivals cost $148 to $199 |
| Build / Design | 9.5/10 | Best-looking hardware wallet ever made |
| Overall | 7.0/10 | Premium design cannot fully offset trust model concerns |
| Specification | Detail |
|---|---|
| Display | Curved E Ink touchscreen, 3.7 inch, Gorilla Glass |
| Connectivity | USB-C + Bluetooth + NFC + wireless charging (Qi) |
| Firmware | Closed-source (NDA with STMicroelectronics) |
| Secure Element | ST33K1M5 (STMicroelectronics), CC EAL6+ |
| Bluetooth | Yes |
| Wireless Charging | Yes (Qi) |
| Origin | France |
| Asset Support | Multi-asset (5,500+ coins and tokens) |
| Price | $279 USD |
The Stax makes the most sense for one specific type of holder: someone who manages a multi-asset portfolio in Ledger Live, wants the best possible user experience for that workflow, and is not singularly focused on open-source security principles as a non-negotiable requirement. If that describes you, the Stax is objectively the best hardware wallet Ledger has ever shipped and the most polished multi-asset signing device available anywhere.
The large touchscreen makes navigating addresses and confirming transactions faster and less error-prone than any button-based device on the market. Bluetooth connectivity makes mobile use with Ledger Live seamless. Wireless charging makes the device feel genuinely low-maintenance in everyday life. The credit-card form factor slips into a wallet or card slot without awkward bulk. Nothing else in the hardware wallet category looks or feels like this product, and nothing else is likely to for some time.
Ledger Live itself is the most beginner-friendly hardware wallet interface available. The onboarding process for a new wallet, setting up accounts, and sending first transactions are all smoother on Ledger Live than on competing software. If you are helping a non-technical family member or colleague set up their first hardware wallet and you want them to actually use it correctly, the Stax and Ledger Live is the combination most likely to succeed in the real world.
The Stax also makes strategic sense inside a multisig setup. If you pair it as one signing device alongside a Coldcard and a Foundation Passport, the closed firmware concern matters substantially less. You are distributing trust across three manufacturers with independent codebases, and no single device's compromise can drain your funds unilaterally.
If you hold only Bitcoin and firmware auditability is a hard requirement, this is not your device. A Foundation Passport at $199 or a Coldcard Mk4 at $148 gives you fully open firmware, a proper air-gap signing workflow, and costs substantially less. The Stax's price premium goes entirely to design excellence and UX polish, not to stronger security fundamentals or a more verifiable trust model.
At 3.7 inches, it is the largest screen on any hardware wallet, and the curved Gorilla Glass gives it a finishing quality that no competitor has matched. Tony Fadell's studio, the team behind the original iPod and Nest thermostat, shaped the industrial design. The curve wraps around one edge of the device and feels intentional rather than decorative. This is consumer electronics design applied seriously to a product category that usually looks like a USB prototype or a chunky remote control.
For the actual job of signing Bitcoin transactions, the screen size is a genuine usability and security improvement in combination. You can see a complete Bitcoin address, the transaction amount, and the fee estimate in a single unscrolled view. On the Ledger Nano X, verifying a 34-character address requires pressing buttons to scroll through it segment by segment on a postage-stamp OLED display. On the Stax, you see the whole address at once. That makes it meaningfully harder to approve a substituted address without noticing. Address substitution attacks, where malware replaces your intended recipient with an attacker's address in the clipboard, depend on users not carefully checking the full address on the device screen. A larger screen reduces that risk.
E Ink has one trade-off worth acknowledging before you buy: refresh rate. The display is noticeably slower than LCD or OLED when updating. Touch input carries a slight lag compared to any smartphone screen. For a device you use a handful of times per month to confirm Bitcoin transactions, this is not frustrating in practice. But if you hold the device in a store and tap through menus expecting instant response, you may be surprised. Calibrate your expectations slightly downward and use the device for a week before judging the experience.
The E Ink touchscreen also enables Ledger's Clear Signing feature, which displays human-readable transaction details on the device screen before you approve. On older button-based hardware wallets, you might be approving a hex blob you cannot parse. On the Stax, you see amounts, addresses, and fee details in plain language. This is a security feature as much as a usability improvement.
One detail worth appreciating: the E Ink display shows custom artwork when the device is asleep. You can load any image as a personalized lock screen. Since E Ink draws zero power for static content, this costs absolutely nothing in battery life. It is a purely cosmetic feature, but it adds genuine character to a device category that otherwise treats aesthetics as a distant afterthought behind circuit board density and button count.
In May 2023, Ledger pushed a firmware update introducing a paid service called Ledger Recover. The service encrypts your seed phrase and splits it across three custodians: Coincover, EscrowTech, and Ledger itself. The critical revelation: the Secure Element on every Ledger device can export seed material via software. This surprised many users who assumed key material was physically incapable of leaving the chip. Ledger says Recover requires explicit user consent. But the firmware is closed source, so that claim cannot be independently verified. For Bitcoin self-sovereignty, trusting a closed-source chip to protect your keys is a contradiction. The Stax runs the same firmware architecture. Whatever key export capability exists on any Ledger device, it exists on this one too. Open-source alternatives like the Trezor Safe 5 and Foundation Passport publish code you can actually inspect.
Ledger Recover is an optional paid subscription at $9.99 per month. Nobody is forced to activate it. The controversy is not that Ledger is extracting your keys by default. The controversy is that the capability to extract seed material exists in the firmware at all, and because the firmware is closed source, users cannot independently verify the conditions under which that capability can be invoked. That distinction matters enormously for a self-custody security model built on the principle of not trusting third parties.
Two incidents every prospective buyer should understand before ordering. Neither compromised hardware wallet private keys, but both matter for your overall threat model as a Bitcoin holder.
Attackers accessed Ledger's customer database through a third-party API. Approximately 1.1 million email addresses were exposed. For 272,000 customers, full names, phone numbers, and home addresses leaked publicly. No private keys were compromised and the hardware security model held entirely.
But the physical address leak led to targeted phishing campaigns and, in documented cases, direct physical threats against Bitcoin holders whose home addresses were now publicly known. Some Bitcoiners have since adopted the practice of using a PO box for any hardware wallet purchase specifically because of this incident. If your threat model includes physical security, your home address being associated with Bitcoin ownership is a real risk.
In December 2023, attackers compromised an npm account belonging to a former Ledger employee and published malicious versions of the Ledger Connect Kit JavaScript library. Wallet-draining code was live for approximately five hours and drained an estimated $600,000 to $700,000 from DeFi users interacting with web-based dApps that used the library.
The hardware wallets themselves were not compromised. Bitcoin-only users conducting standard on-chain transactions were not affected. But the incident raised serious questions about Ledger's software supply chain security practices, specifically around contractor offboarding, access revocation, and npm package signing. A company selling products that protect Bitcoin should have security-grade controls over its own software publishing pipeline.
Neither incident resulted in hardware wallet private keys being extracted through the device. The Secure Element architecture performed exactly as designed in both cases. These are company infrastructure and operational failures, not vulnerabilities in the hardware security model. They are still material facts worth knowing before you hand Ledger your home shipping address and $279.
In hand, the Stax feels like a finished consumer electronics product. Not a prototype. Not a reference board inside a 3D-printed shell. The curved Gorilla Glass wraps smoothly around the device edge. The chassis is solid and gives no sensation of flex or creak under pressure. The whole package has the tactile quality of something designed by people who care deeply about materials and tolerances. It feels closer to a premium credit card or a high-end hotel keycard than anything else in the hardware wallet category.
The credit-card proportions are functional as well as aesthetic. The device slides into a card slot in a physical wallet and sits flat without bulging. It stores cleanly in a desk drawer without the awkward cable management problem that comes with stick-shaped wallets. The magnetic back enables stacking multiple Stax devices flush against each other, which is a niche feature for now but reflects forward-looking design thinking about how people might organize multiple wallets or keys.
A note on the design pedigree: Tony Fadell is the engineer who created the original iPod at Apple and later founded Nest before selling it to Google. His involvement with the Stax's industrial design is not marketing language. It shows in the device. The proportions, the way the screen curves at exactly the right radius, the material selection on the back surface, all of it reflects serious design thinking applied to a product category that has historically received almost none.
Wireless Qi charging is a meaningful convenience improvement. Drop the Stax on any standard wireless charging pad and it tops up passively. Since the battery lasts weeks between charges, this is not solving a pain point you would experience frequently. But the absence of any charging cable ritual, even an occasional one, reinforces the feeling that this is an everyday object rather than a piece of infrastructure you have to maintain.
The NFC capability enables tap-to-connect with compatible applications for certain workflows. In practice, most Bitcoin users will not engage with this feature regularly. It is more relevant for DeFi and NFT workflows that involve frequent dApp interactions and mobile-first signing. For Bitcoin self-custody, the NFC chip is present on the device but irrelevant to your typical usage pattern. You can ignore it entirely without losing any Bitcoin-related functionality.
Yes, and multisig is actually the most defensible use case for the Stax among security-conscious Bitcoin holders. In a 2-of-3 multisig setup alongside a Coldcard and a Foundation Passport, the Stax is just one of three required signing devices. Even a theoretical firmware compromise on the Stax alone could not move funds without also compromising one of the other two wallets from entirely different manufacturers with different codebases and different attack surfaces.
The Stax functions as a PSBT signing device through Sparrow Wallet or Specter Desktop via USB-C. Setting up the multisig quorum requires importing the extended public key (xpub) from each device into your coordinator software and registering the multisig descriptor on each device individually. The Stax's large touchscreen makes reviewing the multisig descriptor details and confirming receive addresses substantially easier than on smaller-screened alternatives like the Coldcard's compact OLED.
In a multisig context, the closed firmware concern carries less weight because no single device controls your funds. The Ledger Recover capability becomes irrelevant if Ledger cannot access your full seed: in a 2-of-3 multisig, the Stax only holds one of three keys, and a single key cannot move Bitcoin. You would need compromises across multiple independent devices for the threat to be realized.
If you already own a Stax and are uncomfortable with the closed firmware situation after reading about Ledger Recover, incorporating it into a multi-vendor multisig arrangement is the most practical way to reduce that trust dependency without selling the device. You are no longer trusting Ledger alone. You are distributing the requirement for compromise across three independent vendors with no shared infrastructure.
For most people, no. The Ledger Flex at $249 runs the same BOLOS operating system, the same ST33K1M5 Secure Element at CC EAL6+ certification, and the same closed-source firmware architecture. The security model is completely identical between the two devices. Every limitation of the Stax applies equally to the Flex and vice versa. The difference between the two products is entirely in the hardware experience, not in what they actually protect you against.
The Stax has a 3.7-inch curved E Ink screen behind Gorilla Glass. The Flex has a 2.84-inch flat E Ink screen. Both are touchscreens. Both display full Bitcoin addresses clearly enough to verify before signing. The address verification process on the Stax is more comfortable and slightly faster due to the larger viewing area, but the security outcome of verifying an address on the Flex is identical. A larger screen is a luxury improvement, not a security upgrade.
Qi wireless charging on the Stax is the other distinguishing feature. The Flex charges via USB-C only. For a device you charge once every few weeks, this difference is real but not significant enough on its own to justify a $30 premium. If you find yourself consistently frustrated by hunting for a USB-C cable to recharge devices, the Stax's wireless charging is worth something to you. For most people, it is not worth $30 to $150.
The price gap between the Flex and Stax configurations ranges from $30 to over $100 depending on which Stax bundle you purchase. That gap covers a quality metal seed backup plate, or contributes meaningfully toward a second signing device to start a multisig setup. Either of those spending decisions produces more measurable security improvement than a larger curved screen on a device that already works well.
| Feature | Ledger Stax | Flex ($249) | Passport ($199) | Coldcard ($148) |
|---|---|---|---|---|
| Price | $279 | $249 | $199 | $148 |
| Screen | 3.7" curved E Ink | 2.84" flat E Ink | 1.8" color LCD | Small OLED |
| Open Firmware | No (closed) | No (closed) | Yes (full) | Yes |
| Air-Gapped | No | No | Yes (QR) | Yes (QR + microSD) |
| Wireless Charging | Yes (Qi) | No | No | No |
| Bitcoin-Only Mode | No | No | Yes | Yes |
| Bluetooth | Yes | Yes | No | No |
| NFC | Yes | No | No | No |
Yes, and for Bitcoin specifically you should strongly consider it. Ledger Live connects to Ledger's servers by default for every operation. Every balance check, every transaction broadcast, every address lookup goes through their infrastructure. That means Ledger's servers carry visibility into your wallet activity, your address history, and your transaction timing. For a product whose purpose is protecting your financial sovereignty, routing all data through a corporate server represents a meaningful privacy gap.
Sparrow Wallet connects to the Stax via USB-C and supports full PSBT transaction signing with Ledger devices. Point Sparrow at your own Bitcoin Core node and your wallet data never touches Ledger's servers at any stage. Electrum works in a similar fashion. BlueWallet connects over Bluetooth for mobile signing sessions. All three alternatives are meaningfully better for privacy than Ledger Live's default server configuration.
If you use the Stax for altcoins and tokens across the 5,500+ supported assets, Ledger Live is the practical requirement since Sparrow is Bitcoin-only software. But for Bitcoin self-custody, Sparrow with your own node is the correct privacy-respecting setup. The Stax hardware signs the same PSBT transactions regardless of which wallet software coordinates the process. The Secure Element does not care whether the unsigned transaction was assembled by Ledger Live or Sparrow.
Bluetooth connectivity lets you pair with BlueWallet or other compatible mobile wallets. The Bluetooth connection is encrypted and transmits only public data such as unsigned transactions and public keys. Private keys never travel over any wireless connection. If Bluetooth makes you uncomfortable given the 2020 data breach history, it can be disabled in device settings and the Stax used exclusively via USB-C.
The recommended privacy setup for serious Bitcoin holders: Stax connected via USB-C, Bluetooth disabled in device settings, Sparrow Wallet running on a dedicated desktop machine, connected to your own Bitcoin Core full node. No data touches Ledger's servers at any point. No wireless interfaces are active during signing sessions. The closed-source firmware remains the one element you cannot independently audit, but the surrounding operational security sits entirely within your control.
Excellent, and the E Ink technology is the central reason. The display consumes essentially zero power when showing a static image. The Stax draws from its battery only during active interaction: signing transactions, navigating menus, establishing Bluetooth connections, or loading new content onto the screen. Since most people use a hardware wallet a handful of times per month, a single charge realistically lasts weeks without any top-up required.
Qi wireless charging fundamentally changes the recharging experience compared to any previous Ledger product. Drop the device on any standard wireless charging pad and it tops up passively in the background. There is no cable to locate, no USB-C port to align in the dark, no ritual interruption. The Ledger Flex lacks Qi support entirely and charges only via USB-C. The difference is minor in absolute terms since both devices require charging rarely, but it contributes meaningfully to the Stax feeling like a premium everyday object rather than a piece of infrastructure you have to manage.
The customizable E Ink lock screen compounds this advantage. Because E Ink draws zero power for static content, you can display elaborate artwork or a detailed image on the screen indefinitely without any battery cost. The device can sit on your desk showing a custom image for months and the battery drain will be indistinguishable from a blank-screen device. This is a technical property of E Ink that has no equivalent in LCD or OLED display hardware.
One improvement worth noting over older Ledger hardware: the Stax has not exhibited the battery degradation issues that plagued some early Nano X units, which arrived at customers with reduced capacity or failed to hold charge after extended drawer storage. Ledger addressed battery quality in the Stax design. If you plan to store this device for months between use, the battery will be in substantially better shape when you return to it than a first-generation Nano X in the same scenario.
Bitcoin maximalists. If you hold only Bitcoin and firmware auditability matters to you, every open-source competitor represents a better choice at a lower price point. The Stax's $279 premium buys design excellence and user experience polish. It does not buy stronger security fundamentals or a more verifiable trust model. The Coldcard Mk4 at $148 is airgapped, Bitcoin-only, and has fully auditable firmware. The Foundation Passport at $199 has open hardware schematics and a QR-based airgap. Neither costs anywhere near $279.
Budget-conscious buyers. At $279, you could purchase a Coldcard Mk4 at $148 and a BitBox02 at $149 and have two open-source hardware wallets ready for a proper multisig setup. That arrangement is strictly more secure than a single Stax, costs roughly the same, and gives you multi-vendor redundancy that no single wallet can provide.
First-time hardware wallet buyers. Start with something cheaper and learn the concepts well before spending $279: seed phrases, address verification, transaction signing workflow, backup procedures. A Trezor Safe 3 at $79 or BitBox02 at $149 teaches you everything fundamental without the premium price tag. Once you understand what you are doing and know what you want in a device, you can decide whether the Stax's design premium is worth upgrading into. Get your Bitcoin off an exchange first. That step matters more than which device you use.
Privacy-first holders. The 2020 customer data breach exposed 272,000 physical addresses. Ledger Live's default server connections mean your wallet activity flows through Ledger's infrastructure. If keeping your Bitcoin ownership private is part of your threat model, a company with that track record demands extra caution. Use a PO box if you order. Better still, consider a manufacturer with a cleaner data security record like Foundation Devices or Shift Crypto.
Anyone who wants airgap security. The Stax connects via USB-C and Bluetooth. Both interfaces carry data between the device and your computer. An airgapped workflow using QR codes or microSD cards, where the signing device never has a live data connection, is simply not available on any Ledger product. If your threat model includes a compromised host computer, you need an airgapped signing device. The Stax is not that.
If you manage a multi-asset portfolio and want the best Ledger experience available, yes. The Stax is a legitimately impressive piece of hardware and the most polished product Ledger has shipped. Nothing in this market has a screen this good or a form factor this refined. If user experience matters more than firmware transparency in your decision framework, the Stax delivers everything it promises at $279.
If you hold primarily Bitcoin and security is your primary consideration, look elsewhere. Closed-source firmware means you cannot verify what runs on the Secure Element. The Recover capability demonstrates that seed extraction is architecturally possible in the firmware. The 2020 data breach and 2023 supply chain hack are company-level flags that matter for your threat model even if neither incident compromised hardware wallet keys directly.
The score of 7/10 reflects a genuine tension. Design and usability score near-perfect. Transparency and value score poorly. The Stax's strengths are real. So are its weaknesses. The score lands where it does because a hardware wallet's job is ultimately to protect keys, and a device whose firmware cannot be independently audited carries an irreducible trust dependency that elegant hardware cannot resolve.
For Bitcoin-only holders, the better alternatives are the Foundation Passport at $199 with open hardware and a QR air-gap, or the Trezor Safe 5 at $169 with fully open-source firmware and a touchscreen experience that approaches the Stax's usability at a much lower price.
Before spending $279 on any hardware wallet, the cold storage guide maps every option by budget, threat model, and use case. The right device depends on what you are protecting and what you are protecting it against. Whatever you choose, moving Bitcoin off an exchange into self-custody is the step that actually matters most. The beginner's guide covers the full path from first purchase to proper self-custody.
$279 from Ledger's official store. Only buy directly from Ledger to avoid tampered or counterfeit devices.
Affiliate disclosure: Bitcoin.diy may earn a commission if you purchase through our links. This does not affect our ratings or editorial independence.
The Stax is a complete design rethink. The Nano X is a USB stick with a small OLED screen. The Stax is a credit-card-sized device with a 3.7-inch curved E Ink touchscreen, Qi wireless charging, NFC, and a magnetic back for stacking. Same CC EAL6+ Secure Element. Same closed-source firmware. Dramatically better experience. $279-399 versus $149 for the Nano X.
No. The Secure Element chip firmware is closed source because of NDA agreements with STMicroelectronics. Ledger publishes their OS and tooling, but the critical firmware on the secure chip can't be independently audited. Coldcard, BitBox02, Trezor, and Foundation Passport all publish open firmware. If firmware auditability matters to you, the Stax isn't the right choice.
Ledger Recover is an optional paid subscription ($9.99/month) that encrypts your seed phrase, splits it into three shards, and stores them with custodians. The controversy: a May 2023 firmware update proved the Secure Element could export key material via software, contradicting earlier statements. Most serious Bitcoiners don't use it. A metal seed plate in a safe is free and doesn't involve trusting three companies.
Yes. The Stax works with Sparrow Wallet and Electrum via USB-C, and with BlueWallet via Bluetooth. These are better for privacy since Ledger Live connects to Ledger's servers by default. Using Sparrow with your own node keeps your transaction data off Ledger's infrastructure entirely.
In December 2023, attackers compromised an npm account belonging to a former Ledger employee and injected wallet-draining code into the Ledger Connect Kit JavaScript library. The code was live for about five hours and drained an estimated $600,000-700,000 from DeFi users. The hardware wallets themselves weren't compromised. Bitcoin-only users doing standard transactions wouldn't have been affected.
For Bitcoin-only use, it's hard to justify over a $199 Foundation Passport or $148 Coldcard Mk4. Both have open firmware and air-gap options at lower cost. The Stax premium goes to design and UX, not security. If you manage a multi-chain portfolio in Ledger Live and want the best Ledger experience, the Stax is the top of that range.
The Flex at $249 gives you 90% of the Stax experience for less money. Both run the same firmware, support the same assets, and have the same security model. The Stax adds a bigger screen (3.7 vs 2.84 inches), wireless charging, NFC, and the curved glass design. Unless those features specifically matter to you, the Flex is the better value.
Attackers accessed Ledger's e-commerce database via a third-party API. About 1.1 million email addresses were exposed and 272,000 customers had names, phone numbers, and home addresses leaked. No keys were compromised, but the physical addresses led to phishing campaigns and reported threats. Some Bitcoiners now use a PO box for hardware wallet purchases because of this.
Weeks of standby on a single charge. E Ink consumes almost no power when static. Active signing drains it faster, but since you only pick up the device occasionally, battery life is never a concern. Qi wireless charging means you can drop it on any charging pad to top up.
Yes. The Stax works as a signing device in multisig setups via Sparrow Wallet or Specter Desktop. You can pair it with wallets from different manufacturers in a 2-of-3 quorum, which reduces the trust you place in any single vendor's firmware. In a multisig context, the closed firmware concern is less of an issue because the Stax is only one of three required signing devices.
Same security, smaller screen, better value at $249
Open-source touchscreen alternative at $169
Open hardware, QR air-gap, Bitcoin-only at $199
Maximum Bitcoin security with full air-gap
Minimalist open-source wallet at $149
Complete decision framework for securing your Bitcoin