Known Issues: Keystone (formerly Cobo Vault)

Not Fully Open-Source

The device has been audited, but is not fully open-source for various reason. See more details on their blog.

If firmware cannot be built from source reproducibly, then users are merely trusting that the binaries the software developers sign are actually derived from the correct source. Unless users build the firmware themselves, this is essentially the same tradeoff as just using closed source code. Note that developers working on the project needn’t be malicious for issues to occur as their computers could be hacked.

Built on General Purpose OS (Android)

Most hardware wallets use special purpose operating systems to reduce their attack surface (and improve performance). Keystone did harden their Android installation, but the attack surface is still much larger.


In theory, supporting altcoins does not fundamentally weaken bitcoin security. In practice, the more complex a codebase is the more likely a security bug will be introduced (or go undetected). These wallets are liable to be slow to upgrade their security, and bit rot is more likely to set in.

Keystone does have a bitcoin-only firmware, though this is not a perfect solution.

Mild Annoyances

These are all things that are annoying but not show-stoppers:

Don’t Be Discouraged

Security is not a binary, and no device is 100% secure. Remember that multisig security is additive, and using this device as part of a proper multisig setup can substantially improve your bitcoin security.