Features

Full SegWit Support

SegWit which is short for “Segregated Witness” was an August 2017 upgrade to the Bitcoin protocol which came with new address types.

Full SegWit Support means that the wallet can both send to and receive to all SegWit address types, including bech32 starting with “bc1…”.

  • Receiving to SegWit addresses provides fee savings, as sending these funds is possible using less base-block space. In Bitcoin, transaction fees are proportional to the transaction size in bytes.
  • Receiving to bech32 addresses provides more fee savings than P2SH Segwit addresses.
  • Sending to SegWit addresses is sometimes required in order to use more modern tools that dropped support for legacy addresses, often because of another core property of SegWit transactions: They are not malleable, meaning that the transaction ID cannot be changed “in transit” (on unconfirmed transactions).

Full Taproot Support

Taproot is an improvement of how Bitcoin transactions work and was activated on 2021-11-12. It uses a new address format, defined in BIP 350.

While some wallets will be able to send to but not receive to Taproot, this feature only tracks those that support both.

  • Compatibility: Recipients have to choose an address format and due to efficiency improvements, they will tend more and more to expect being paid to a Taproot address. Wallets supporting this are generally more compatible.

  • Cheaper: Taproot allows for smaller transactions, especially for more complex uses of Bitcoin such as multi signature.

  • More private: As public data of a complicated transaction is usually indistinguishable from that of a simple transactions, special uses “hide in a bigger crowd” and become more private.

  • More efficient for offline wallets: Hardware wallets ususally have only a very limited knowledge of the funds being spent, with the user confirming amounts sent but only implicitly the fee being paid. When spending from Taproot, the fee becomes knowable to the offline wallet, making protection against fee overpayment easier.

Initially the privacy will be worse, as using Taproot will make transactions stand out from the crowd.

Lightning Network support

The lightning Network (LN) is a layer two protocol that promises instant, low fee micro payments. Some wallets do not support receiving transactions which disqualifies them for this feature.

Transactions on LN are

  • instant: It usually takes less than five seconds to finish a transaction.
  • cheap: Transactions usually cost a tiny percentage (0.1%) of the transferred amount and might also be free.
  • micro payments: The unit of account on the LN is micro Satoshis (mSat) or 0.00000000001 BTC.

LN is still in early development and several very feasible attacks are known that can cost users money or disrupt the network.

SPV using compact block filters

Compact block filters as in BIP158 are relatively tiny, probabilistic representation of the full blockchain which tell the client which block contains transactions relevant to specific addresses

Compared to SPV using bloom filters:

  • Private: Avoid the leak of the client’s addresses to the full nodes it talks to. If the blocks are downloaded through TOR with new TOR identities for each request from different nodes, the privacy of this mode is almost as good as running a full node. An attacker would have to control a big part of the TOR network to still learn about which addresses are of interes.
  • Fast: No re-scan of the full chain needed when importing a wallet. Compared to using an indexing server of the provider, it leaks no data to the provider

Compared to using an indexing server it is slower and more bandwidth is needed.

TOR - The Onion Router

TOR is a tool to shield the IP address of communicating parties. When communicating with a node on the TOR network, the communication is also necessarily end to end encrypted but not when communicating to a server on the internet that does neither use TOR nor ssl (https). Modern Androids allow to put apps behind a local TOR node independently of the provider offering TOR features. While this can be desirable to shield one’s IP address, it also might expose unencrypted data to different, probably more aware third parties. It also does not replace more advanced TOR features in which the wallet creates multiple TOR identities for different requests.

  • Privacy: TOR shields the client’s IP address and thus his real world location or identity from servers it talks to.
  • Speed: TOR means bouncing messages around a bit more with extra encryption. That makes it slower.

Connect To Own Lightning Node

The LN is very demanding on the wallet, especially for mobile devices, making custodial LN wallets somewhat acceptable. To have a light-weight client without having to trust a centralized provider, one can run ones own Lightning Node and remote-control it with this app.

Always online lightning node with the convenience of a mobile app.

Connect To Own Full Node

The wallet can connect directly to a Bitcoin full node the user controls, typically via Bitcoin Core’s RPC interface or a compatible implementation. This is the highest level of sovereignty — the wallet verifies transactions against the full blockchain as seen by the user’s own node.

  • Full verification: No trust in third-party servers for balance or transaction data.

  • Maximum privacy: Nothing about your addresses or transactions leaves your own infrastructure.

Hierarchically Deterministic

All accounts and keys are derived from one masterseed as defined in BIP 32, BIP 39, BIP 44, BIP 49, BIP 84 and BIP 86. While some wallets might use different definitions and not all support SegWit or Taproot, we only consider this feature as given if

  • no address reuse
  • simple backup
  • no vendor lock-in

Unlimited Accounts

The user can create or restore secondary BTC accounts

  • Accounting: Multiple accounts allow for easier separation of funds.
  • Privacy: Using an account with a positive balance at all time makes it relatively easy for blockchain analysis companies to determine the full history of the wallet. By using multiple accounts, emptying them at times, the user can retain some privacy.

Transaction Batching

Batching allows to aggregate multiple payments into one Bitcoin transaction.

In Bitcoin, transactions always empty the output of received, prior transactions, so called “unspent transaction outputs” or UTXOs. Without batching, sending to five recipients requires the creation of five transactions with their change outputs - if you don’t have the exact amount you want to send to the recipient, you send “change” to yourself. This change UTXO gets then immediately spent in the next transaction and so on, building a chain of transactions.

  • Batching avoids creating intermediate outputs, making the transaction smaller and thus cheaper in terms of mining fees.
  • Batching avoids building chains of transactions. If one were to pay more than ten recipients, the network would probably not broadcast the later transactions as only short chains of unconfirmed transactions are being handled by full nodes. Batching fixes that.

Multi Signature

Bitcoin allows to define addresses controlled by more than one private key. Two-of-three for example would mean that any two of a list of three private keys would be required to send coins from this address.

With keys from distinct devices or users, an attacker would have to compromise multiple devices or users at once. Multi signature thus allows to protect against one device catching a virus, one wallet having a backdoor (if the multi signature works across different providers’ wallets), one hardware wallet not being trusted (if hardware wallets can be used for multi signature), etc.

  • There are no good standards yet for multi signature accounts. This might mean that an account that works with one provider’s wallet won’t load in any other wallet which can complicate recovery should that wallet go out of business.
  • Using Multi Signature results in bigger and thus more expensive transactions.
  • Using Multi Signature accounts makes it easier for blockchain analysis companies to follow the trail of a wallet.
  • Multi Signature accounts require backups of additional descriptors, making financial loss from user error more likely.

Trade from and to other crypto currencies

Exchange one crypto currency for another. You “receive Xcoin to your Ycoin account” while in the background the wallet sends your Ycoin address to a service provider which gives it an Xcoin address which it then displays. Funds sent to that Xcoin address - to that service provider - are then sold for Ycoin and the returns are sent to the wallet’s Ycoin address.

Easily accept receiving more coins without actually holding them.

  • Sometimes the service is less favorable in its fees when used through a wallet integration than when using the service’s website.
  • Some of those services require registration which links your transactions to your ID.
  • The exchange provider might not deliver, making it complicated to prove what happened, who to talk to and how to ultimately recover funds.

Buy with Credit Card

Buy coins with your credit card from within the product.

Ease of use.

Buying with Credit Card usually comes with huge fees and the same exchange provider often offers a better rate when not using via a wallet integration.

CoinJoin / Coin Mixing

Transactions on the Bitcoin network are public and companies like Chainalysis get a very good picture of a user’s past and future spendings knowing just one transaction. Coin mixing — most commonly via CoinJoin, where multiple users collaborate to combine their transactions into one — breaks the heuristics those companies use, giving the user and those they transact with meaningful privacy. On a more fundamental level, transactional privacy is required for fungibility — the concept of all Bitcoins being equal. If transactions can be tracked and attributed to certain activity — gambling, donations to dissidents, medical expenses — users could discriminate against certain sources of payments. Some exchanges already do precisely this.

  • Privacy for you
  • Fungibility for all
  • Some services flag mixed coins as suspicious and may freeze or reject them.

Air Gapped: App works without internet

Some apps mimic hardware wallets in that they don’t request permission to connect to the internet but instead they communicate through a companion app which has internet. That companion app might be on the same phone but with internet permission or it might be on a secondary phone such that the Air Gapped app can run on a phone that has no mobile or wifi internet configured at all.

Security: Splitting an app into a part that keeps the keys safe without access to leak them online and an app that has internet and all the rest can reduce the attack surface for the private keys. In theory this setup can be much more secure than the usual app that has both the private keys and internet access in one.

Liquid Network Integration

The Liquid Network is a Bitcoin sidechain designed to enable faster and more private transactions, launched by Blockstream in 2018. It allows for the issuance of digital assets, including security tokens and stablecoins. Wallet integration with Liquid means users can send and receive Bitcoin and other assets issued on the Liquid Network. This feature assesses wallets that support both sending to and receiving from Liquid addresses. Learn more about Liquid.

  • Faster Transactions: Liquid provides faster and cheaper transactions compared to Bitcoin’s main chain, improving the user experience for certain use cases like transfer between exchanges that support Liquid.

  • Enhanced Privacy: Through Confidential Transactions, Liquid hides the amounts and types of assets being transferred, offering greater privacy for its users.

  • Asset Issuance: Users can issue and manage digital assets on the Liquid Network.

  • Bitcoin Custody: The Liquid Network is operated by a federation of members. “Liquid Bitcoins” are Liquid tokens representing actual Bitcoins in the custody of this federation. If the required quorum of the federation decides to use the bitcoins under their custody, they can. Therefore the user has to trust this federation.

  • Limited Adoption: As a specialized network, Liquid’s benefits are most pronounced in specific scenarios, and the ecosystem is smaller than Bitcoin’s main network, potentially limiting its utility for some users.

  • Fallback custody: Bitcoins held by the Liquid federation need to be rotated on a regular schedule. If the federation fails to do so, they can also be spent by Blockstream alone.

Fingerprint Authentication

Fingerprint authentication in Bitcoin wallets enhances security by adding a biometric layer to the access control mechanisms. This feature leverages the unique patterns of a user’s fingerprint to grant access to the wallet, making unauthorized access significantly more difficult. Biometric authentication is generally faster and more convenient than traditional methods like passwords or PINs, as it eliminates the need to remember complex combinations. This form of authentication is particularly useful in mobile wallet applications, where ease of access and security are paramount. Fingerprint authentication minimizes the risk of phishing or brute force attacks that typically target password-based systems. Furthermore, it can be combined with other forms of security measures, like PINs or passwords, to create a multi-factor authentication system for added security. The use of biometric data, however, raises concerns regarding privacy and data security. Users must be assured that their biometric data is stored securely and not vulnerable to unauthorized access or breaches.

  • Enhanced security through a unique, non-replicable form of identification
  • Convenience and speed of access compared to traditional methods
  • Reduced risk of phishing and brute force attacks

Potential privacy concerns and dependency on device hardware capabilities.

Secure Elements

Secure Elements in Bitcoin wallets refer to dedicated hardware components designed to enhance security. These elements are specialized circuits or chips embedded in the device, providing a fortified environment for storing sensitive data such as private keys. Unlike standard storage, Secure Elements are resistant to tampering and physical attacks, making them an ideal choice for safeguarding cryptographic data and operations. The use of Secure Elements is crucial, especially in hardware and mobile wallets, where the risk of physical theft or tampering is a concern. These elements can effectively shield private keys from a wide range of attacks, including sophisticated ones like side-channel attacks. They ensure that private keys never leave the secure environment, even when signing transactions, offering a higher level of security compared to software-only solutions. While adding a significant layer of security, Secure Elements may pose challenges in terms of wallet recovery. In cases where the device is damaged or lost, retrieving the private keys can be more complex compared to wallets that solely use software-based security measures.

  • Enhanced security against physical and sophisticated attacks
  • Increased protection for private keys and sensitive data
  • Peace of mind knowing that cryptographic operations are performed in a secure, isolated environment

Potential complexities in wallet recovery and dependency on specific hardware.

Camera for Secure Transactions

Camera functionality in Bitcoin hardware wallets, represents a significant advancement in wallet security and data transmission. These wallets use their built-in cameras to scan QR codes, enabling a secure and efficient method for data exchange and transaction signing. The camera-based approach is integral to maintaining an air-gapped environment, meaning the wallet does not rely on potentially vulnerable USB or Bluetooth connections for communication. The process involves creating an unsigned transaction as a QR code using a compatible wallet app. This QR code is then scanned by the hardware wallet’s camera. Inside the wallet, the transaction is securely signed using the stored private key. The signed transaction is subsequently displayed as a new QR code on the wallet, which can then be scanned back by the app to broadcast it to the blockchain network. This method of using a camera for QR code scanning and transmission ensures that the private keys remain solely within the hardware wallet, significantly bolstering security against remote attacks. It also enhances privacy, as the wallet does not directly connect to the internet or other devices, thereby reducing exposure to potential vulnerabilities.

  • Enhanced security by maintaining an air-gapped environment
  • Increased privacy as the wallet does not directly connect to the internet
  • User-friendly transaction process with QR code scanning

Cashu eCash

Cashu is a Chaumian eCash protocol that provides excellent privacy through blind signatures. Products supporting Cashu connect to Cashu mints and typically transact via Lightning Network nodes connected to those mints. Learn more about Cashu.

  • Enhanced privacy — the mint cannot track flows of funds between users.
  • Lower cost — mints batch on-chain operations, reducing fees.
  • User-friendly — no Lightning channel management required.

⚠️ CUSTODIAL WARNING: Unless you run your own mint, you are completely at the mercy of the mint operator. They can steal all funds at any time. There is no recourse. Only use mints operated by people you personally know and trust (“Uncle Jim”), or run your own mint.

Fedimint eCash

Fedimint is a Chaumian eCash protocol using federated custody. Multiple guardians must collude to steal funds, reducing single-point-of-failure risk. Products supporting Fedimint connect to federation mints and typically transact via Lightning. Learn more about Fedimint.

  • Enhanced privacy — the federation cannot track flows between users.
  • Federated custody — multiple guardians required; no single operator can steal.
  • Lower cost — federations batch on-chain operations.
  • User-friendly — no Lightning channel management required.

⚠️ CUSTODIAL WARNING: Unless you are a guardian of the federation or personally know and trust the guardians, you are at the mercy of the federation. A quorum of guardians colluding can steal all funds. Only use federations where you know the operators personally.

eCash Mint Software

This product allows running your own Chaumian eCash mint. As the mint operator, YOU control the underlying Bitcoin/Lightning funds. This is self-custodial for you, but your users trust you completely.

  • Self-custody of the backing Bitcoin funds.
  • Serve your community — provide privacy-preserving payments to family/friends.
  • “Uncle Jim” model — be the trusted custodian for people who know you.
  • You are responsible for others’ funds if you accept deposits.
  • Infrastructure burden — requires reliable hosting, backups, security.
  • Your users trust you completely — you can steal their funds at any time.

Advanced UTXO Control

The wallet offers advanced control over which Unspent Transaction Outputs (UTXOs) are spent. This goes beyond simple coin selection — it may include the ability to freeze or exclude specific UTXOs (e.g., dusting attacks or tainted coins), label UTXOs, or select inputs manually. The user does not necessarily need full visibility of all UTXOs, but has meaningful control over what gets spent.

  • Privacy: Prevent spending from UTXOs linked to unwanted transaction history, or avoid merging coins from different sources in one transaction.

  • Dust protection: Mark suspicious incoming transactions as “do not spend” to avoid revealing your wallet’s full UTXO set.

  • Fee optimization: Strategically select inputs to manage transaction size and fees.

Companion App

This app can act as a companion to a hardware wallet or air-gapped signing device. It handles network connectivity, transaction preparation, and blockchain data — while the signing device manages private key operations. The connection method is irrelevant (USB, QR, NFC, Bluetooth — all count). Examples: Mycelium+Trezor, Sparrow+Trezor, Specter Desktop+Specter-DIY, Envoy+Passport.

This feature is tagged on the companion app (the hot, networked side), not on the hardware wallet or signing device itself.

See also Issue #140 for discussion on verifying companion apps.

  • Convenience: Better UI/UX than tiny hardware wallet screens for browsing balances and preparing transactions.

  • Air-gapped compatibility: Keeps private keys offline while enabling easy transaction creation and broadcasting.

  • Trust requirement: The companion app is trusted to accurately display recipient addresses and amounts — always verify on your signing device’s screen before confirming.

  • Reproducibility matters: An unverifiable companion app undermines the security of an otherwise reproducible signing device.

Custom Node Connection

The wallet can be configured to connect to a user-specified, independently operated Bitcoin node — such as Bitcoin Core, Electrum Server, or other compatible full node software — instead of the wallet provider’s default servers. The key requirement is that the node is clearly independent from the wallet vendor: a third-party node the user controls or trusts.

  • Privacy: Transaction queries go to your own node rather than a third-party server, so no provider learns your wallet addresses or balances.

  • Security: No risk of a provider lying about your balance or the state of the network.

  • Sovereignty: Full independence from wallet provider infrastructure.

  • Requires running and maintaining your own Bitcoin node.
  • More complex initial setup compared to using the provider’s default servers.

Free and Open Source (FOSS)

The wallet’s source code is published under a license approved by the Open Source Initiative (OSI) — such as MIT, GPL, Apache, or AGPL — allowing anyone to inspect, modify, and redistribute it. This is a prerequisite for independent security audits and reproducible builds. Licenses that are merely “source available” but not OSI-approved (e.g., those with Commons Clause restrictions, commercial use prohibitions, or other non-free terms) do NOT qualify. Reproducible builds are not sufficient alone.

  • Transparency: Anyone can verify what the code does — including whether it contains backdoors, bugs, or privacy-violating behavior.

  • Community auditing: More reviewers means vulnerabilities are more likely to be found and fixed.

  • Forkability: If the project is abandoned or goes rogue, the community can fork and continue it.

FOSS alone does not guarantee security. The released binary must also be reproducible from the public source to ensure users are actually running the code that was audited.

NFC (Near Field Communication)

The wallet supports Near Field Communication (NFC) for wireless interaction with hardware wallets, payment terminals, or signing cards. NFC enables tap-to-sign or tap-to-pay functionality over a very short range (typically a few centimeters) without cables or QR codes.

  • Convenience: Quick tap interaction — no cables to connect or QR codes to scan.
  • Hardware wallet compatibility: Some hardware signing cards communicate exclusively via NFC.
  • Requires NFC hardware on both devices.
  • Very short range limits usability compared to QR-based air-gapped setups.

Self-Build Supported

The provider publishes source code and build instructions enabling users to compile and flash the firmware themselves, rather than relying solely on provider-distributed binaries. The project is explicitly designed to support this workflow.

This feature requires the hardware to be constructed from off-the-shelf parts with clear instructions.

  • Verify what you run: Users who build from source can be certain the firmware on their device matches the audited code — no need to trust the provider’s binary distribution.

  • Supply-chain independence: Building yourself removes the provider’s binary distribution as an attack surface. A compromised release server cannot insert malicious firmware into your device.

  • Community resilience: Projects designed for self-build can survive provider abandonment — users can continue building and maintaining the firmware independently.

  • Requires technical ability and a suitable build environment. Not suitable for most end users.

  • Without a reproducibility commitment, self-building still requires trusting the source code has not been tampered with since any given audit.