Our top pick for most people. Fully open-source hardware and firmware, an EAL6+ secure element, Bitcoin-only firmware option, and it costs less than dinner for two. Here's the full breakdown.
The Trezor Safe 3 is the hardware wallet we recommend to most people. It's $79, fully open-source, has a proper secure element chip, and offers a Bitcoin-only firmware mode that strips out everything except BTC. That combination doesn't exist anywhere else at this price.
Made by SatoshiLabs in Prague, Czech Republic, Trezor was the world's first commercial hardware wallet back in 2014. They've been at it longer than anyone. And their commitment to open-source hasn't wavered: every line of firmware code, every hardware schematic, is publicly available for anyone to audit.
We tested both the Safe 3 ($79) and the Safe 5 ($169) over several weeks. This review explains why the Safe 3 is our pick, what the Safe 5 adds, and where Trezor still has room to improve.
Quick Verdict
Our top pick for most people
| Category | Score | Notes |
|---|---|---|
| Security | 9/10 | EAL6+ secure element, open-source firmware |
| Ease of Use | 8/10 | Trezor Suite is clean and fast |
| Open Source | 10/10 | Hardware + firmware + bootloader fully auditable |
| Features | 8/10 | Bitcoin-only firmware, Shamir backup, passphrase on device |
| Price / Value | 10/10 | $79 for EAL6+ open-source security is unmatched |
| Overall | 9/10 | Best value open-source hardware wallet available |
| Secure Element | Optiga Trust M (Infineon) EAL6+ |
| Connectivity | USB-C |
| Display | OLED monochrome |
| Open Source | 100% firmware + hardware |
| Weight | 22g |
| Dimensions | 59 x 32 x 7.4 mm |
| Companion App | Trezor Suite (desktop + web) |
| Price | $79 USD (Safe 3) / $169 USD (Safe 5) |
| Made in | Czech Republic |
Trezor is made by SatoshiLabs, a company founded in Prague in 2013. They shipped the first-ever commercial hardware wallet in January 2014. That's over a decade of building security devices for Bitcoin holders.
The idea is the same as any hardware wallet: your private keys live on a physical device, offline, where hackers can't reach them. You sign transactions on the Trezor, confirm on its screen, and the signed transaction goes to the network. Your seed phrase never touches the internet.
What sets Trezor apart is the open-source commitment. The firmware, the hardware schematics, the bootloader, the companion app (Trezor Suite), all of it is published on GitHub. Anyone can read the code, report bugs, or fork it. This matters because in security, "trust but verify" beats "just trust us" every single time.
The current lineup is the Safe 3 ($79) and Safe 5 ($169). Older models (Trezor One and Model T) are still supported but no longer manufactured.
Both models share the same security core. The differences are about experience, not protection.
| Feature | Safe 3 | Safe 5 |
|---|---|---|
| Price | $79 | $169 |
| Secure element | EAL6+ (Optiga Trust M) | EAL6+ (Optiga Trust M) |
| Display | OLED monochrome | Color touchscreen |
| Input | Single button | Touchscreen + haptic |
| Connection | USB-C | USB-C |
| Bluetooth | ✗ No | ✗ No |
| Bitcoin-only firmware | ✓ Yes | ✓ Yes |
| Shamir backup | ✓ Yes (SLIP-39) | ✓ Yes (SLIP-39) |
| Open-source | 100% | 100% |
Our take: The Safe 3 at $79 is the sweet spot. You get the same secure element, the same firmware, and the same security features as the Safe 5. The touchscreen on the Safe 5 is nicer for entering passphrases and verifying addresses, but it's not $90 nicer for most people. If budget isn't a concern and you want the premium experience, the Safe 5 is excellent. For everyone else, the Safe 3.
Setting up a Trezor Safe 3 takes about 10 minutes. It's one of the simpler hardware wallet setups we've tested.
Get the desktop app from trezor.io. Available for Windows, Mac, and Linux. There's also a web version at suite.trezor.io, but the desktop app is more reliable.
Connect via USB-C. Trezor Suite will check for firmware updates and install the latest version. This is also where you choose between universal firmware or Bitcoin-only firmware.
The device generates a 12 or 24-word seed phrase (or Shamir shares if you choose SLIP-39). Write it down on the included cards. Store it somewhere fireproof and offline. This seed is your ultimate backup.
Choose a PIN up to 50 digits long. You'll enter this every time you connect the device. After 16 wrong attempts, the device wipes itself. Your seed backup is your recovery path.
Create a Bitcoin account in Trezor Suite. You'll see a receive address. Always verify on the device screen that it matches. Then send Bitcoin from your exchange to your Trezor address.
Trezor Suite is a solid companion app. It handles portfolio tracking, transaction history, fee estimation, and coin control. It's not as flashy as Ledger Live, but it's clean and functional. And if you prefer a different interface, the Trezor works with third-party wallets like Electrum, Sparrow, and Wasabi too.
This is the single biggest reason we recommend Trezor over Ledger.
When a hardware wallet's code is open-source, it means thousands of security researchers, developers, and Bitcoin enthusiasts can inspect it. If there's a bug, someone finds it. If there's a backdoor, someone catches it. Closed-source code relies on one company's internal team to find problems. Open-source has the whole world looking. Trezor's firmware is publicly auditable on GitHub.
Bitcoin itself is open-source. The ethos of "don't trust, verify" runs deep in this community. A hardware wallet that asks you to trust closed-source code is at odds with that philosophy. Trezor aligns with it perfectly.
The practical benefit? When Ledger launched their Recover feature, it proved their closed-source firmware could extract seed phrases from the device. With Trezor, you can read the code yourself and confirm that no such capability exists. That's not theoretical security. That's verifiable security.
Trezor offers two firmware options: universal (supports 8,000+ coins) and Bitcoin-only (supports exactly one coin: BTC). You pick which one during setup, and you can switch later.
Why would you want Bitcoin-only firmware? Less code means less attack surface. Every line of altcoin support is a line that could potentially contain a bug. By stripping everything except Bitcoin, you're running a leaner, tighter piece of software. The firmware binary is smaller, the codebase is simpler, and there are fewer things that can go wrong.
For Bitcoin-only holders, this is a no-brainer. Install the Bitcoin-only firmware and forget about the altcoin world entirely. Your Trezor becomes a pure Bitcoin security device. No Ethereum, no tokens, no distractions.
No other major hardware wallet offers this. Ledger doesn't have a Bitcoin-only mode. Coldcard is Bitcoin-only by design (there's no multi-coin option). Trezor gives you the choice.
The Safe 3 packs serious security into a small package. Here are the standout features:
The Safe 3 uses an Infineon Optiga Trust M chip certified to EAL6+. This is a higher certification than Ledger's EAL5+ chip. It stores your private keys in tamper-resistant silicon that's designed to resist physical attacks. And unlike Ledger, the firmware interacting with this chip is open-source, so you can verify how it's used.
Add a passphrase on top of your 24-word seed to create a hidden wallet. Someone who finds your seed but doesn't know the passphrase can't access the hidden wallet. You can even set up a decoy wallet (no passphrase) with a small balance, while your real funds live behind the passphrase. On the Safe 3, passphrase entry happens directly on the device, not on your computer.
Instead of backing up one 24-word seed phrase, you can split your backup into multiple shares using Shamir's Secret Sharing scheme. For example, create 5 shares and require any 3 to recover. Store the shares in different locations. No single share is enough to steal your funds. This is far more resilient than keeping a single seed phrase in one place. Learn more in our cold storage guide.
Older Trezor models (without a secure element) were vulnerable to a physical seed extraction attack if someone got their hands on the device. The Safe 3's EAL6+ chip fixes this entirely. Even with physical access and lab equipment, extracting the seed from the secure element isn't feasible. If you're upgrading from an older Trezor, this is the biggest reason to switch. If you used a passphrase on your old device, you were already protected, but the secure element adds defense in depth.
Three philosophies. Same goal. Here's how they compare:
| Feature | Trezor Safe 3 | Ledger Nano X | Coldcard Mk4 |
|---|---|---|---|
| Price | $79 | $149 | $148 |
| Open-source | ✓ Yes (100%) | ✗ No (firmware) | ✓ Yes (100%) |
| Secure element | EAL6+ | EAL5+ | ATECC608B |
| Bluetooth | ✗ No | ✓ Yes | ✗ No |
| Air-gapped | ✗ No | ✗ No | ✓ Yes (MicroSD) |
| Bitcoin-only mode | ✓ Yes (firmware) | ✗ No | BTC-only by design |
| Best for | Most people | Mobile + multi-coin | Security maximalists |
Our recommendation: For most Bitcoin holders, the Trezor Safe 3 hits the sweet spot of price, security, and usability. If you need Bluetooth and hold many coins, read our Ledger review. If you want maximum air-gapped security and don't mind a steeper learning curve, Coldcard is the top of the line. Check our full hardware wallet comparison for more detail.
The Trezor Safe 3 does almost everything right. Open-source hardware and firmware mean you don't have to trust anyone. The EAL6+ secure element fixes the physical vulnerability that plagued older models. Bitcoin-only firmware reduces your attack surface to the absolute minimum. And it costs $79.
It loses one point for the lack of Bluetooth (some people genuinely need mobile access) and the small screen on the Safe 3 that makes address verification tedious. These are minor complaints for a device that nails the fundamentals this well.
If you're looking for your first hardware wallet, or upgrading from an exchange account or mobile wallet, the Trezor Safe 3 is where you should start. It's the best balance of security, transparency, and price on the market right now.
$79 from SatoshiLabs. Fully open-source with EAL6+ secure element and Bitcoin-only firmware.
Affiliate Disclosure: Bitcoin.diy may earn a commission if you buy through our links. This doesn't affect our ratings.
Yes. The Safe 3 stores your private keys in an EAL6+ certified secure element chip that never exposes them to your computer or phone. All transaction signing happens on the device. The firmware and hardware are 100% open-source, meaning security researchers worldwide can audit the code. No private keys have ever been compromised on a Trezor device with a passphrase enabled.
Bitcoin-only firmware is a special build of Trezor's software that strips out all altcoin support entirely. No Ethereum, no tokens, no other chains. Just Bitcoin. This reduces the attack surface (less code means fewer potential bugs) and is preferred by Bitcoin maximalists. You can switch between universal and Bitcoin-only firmware at any time through Trezor Suite.
The Safe 3 ($79) and Safe 5 ($169) offer the same level of security. The Safe 5 adds a color touchscreen with haptic feedback, making it easier to verify addresses and navigate menus. If you want the best experience money can buy, get the Safe 5. If you want the best value for solid security, the Safe 3 is the right choice. We recommend the Safe 3 for most people.
Shamir Secret Sharing splits your seed backup into multiple shares. For example, you can create 5 shares and require any 3 to recover your wallet. This means no single backup location holds enough info to steal your funds, and you can lose up to 2 shares without losing access. It's a more resilient backup method than a single 24-word seed phrase. Trezor is one of the few wallets that supports it.
A passphrase is an extra word or phrase you add on top of your 24-word seed. It creates an entirely separate hidden wallet. Even if someone finds your seed phrase, they can't access funds protected by a passphrase without knowing it. It also means you can have a decoy wallet (no passphrase) with a small amount, and a real wallet (with passphrase) holding your main stack. The Safe 3 enters the passphrase directly on the device screen for safety.
Yes. Older Trezor models (One and Model T) without a dedicated secure element were vulnerable to a physical seed extraction attack. An attacker with physical access and specialized equipment could read the seed from the device's memory chip. The Safe 3 fixes this with its EAL6+ secure element, which is resistant to these physical attacks. Using a passphrase also protected against this vulnerability on older models.
No. Trezor deliberately chose not to add Bluetooth. Wireless connectivity introduces a potential attack vector, and Trezor prioritizes security over convenience. The Safe 3 connects via USB-C only. If mobile access matters more than anything else, the Ledger Nano X is the only major hardware wallet with Bluetooth.
The biggest difference is philosophy. Trezor is 100% open-source (hardware and firmware). Ledger uses a closed-source secure element. Trezor offers Bitcoin-only firmware. Ledger doesn't. Ledger has Bluetooth. Trezor doesn't. Ledger supports more coins out of the box, but Trezor supports 8,000+ with universal firmware. For Bitcoin-focused users, Trezor wins. For multi-coin mobile users, Ledger wins.
Yes. Trezor works with many popular Bitcoin wallets including Electrum, Sparrow, and Wasabi. You don't have to use Trezor Suite if you prefer a different interface. This flexibility is one of the advantages of open-source hardware. You can pair your Trezor with whichever software wallet fits your workflow best.
Because Trezor is fully open-source, the community could maintain the firmware independently. Your seed phrase works with any BIP-39 compatible wallet, so you can always recover your Bitcoin elsewhere. The open-source nature is actually an insurance policy: even if the company disappears, the code and hardware designs live on. Your coins are safe as long as you have your seed phrase.
Color touchscreen, haptic feedback, and the same open-source security at $169.
Maximum security with air-gapped signing, duress wallets, and BIP-85 key derivation.
The alternative: Bluetooth, closed-source firmware, and multi-coin support.
Side-by-side comparison of every major hardware wallet on the market.
How to move your Bitcoin offline for maximum security.
How to back up, store, and protect your wallet recovery phrase.