Written by Tyler
At present, what is the minimum threshold for obtaining hardware wallet-level Crypto security?
In the hardware wallet market, users often need to strike a balance between “ease of use” and “cost-effectiveness”. Overseas established manufacturers such as Ledger and Trezor have long been criticized for their user experience. The OneKey, which is more familiar to Chinese-speaking users, is not as cost-effective as before. Hardware wallets seem to be generally trapped in the industry dilemma of “security means being bulky”.
It is worth noting that as the earliest incubated by Binance and the only hardware wallet project currently invested by Binance and listed on Binance Launchpad, SafePal has lowered the entry threshold of hardware wallets to US$49.9, while migrating high-frequency operations such as signing and authorization to the mobile phone, and only using the USB interface in low-frequency scenarios such as firmware upgrades and charging . It has also built a full-stack experience of hardware wallets (S1, S1 Pro and X1), software wallets, browser plug-in wallets and compliant banking services.
This article will focus on SafePal's hardware wallet family. Combining actual experience and full-series reviews, this article will try to analyze how SafePal uses the "mobile first" approach, zero-contact communication for daily transactions (authorization/signature), and physical interfaces for firmware upgrades/charging, to find a breakthrough in the game between "security" and "convenience", and open the door to "lightweight security" for hardware wallets for ordinary users.
SafePal hardware wallet family: S1, S1 Pro, X1
Currently, the SafePal hardware wallet product line covers three models: S1 (US$49.99), S1 Pro (US$89.99), and X1 (US$69.99).
in S1 and S1 Pro use QR code interaction , and pair with the SafePal wallet app on the mobile phone by scanning the code with the camera, achieving physical isolation throughout the process; X1 focuses on Bluetooth low-power connection , and can be paired with the mobile phone app via Bluetooth, taking into account both convenience and security, and is more suitable for Degen users who operate frequently.
All three hardware wallets have been audited and open sourced on GitHub. They can set PIN and PassPhrase, and come with anti-hacker self-destruction mechanism, device anti-counterfeiting verification, and firmware tamper-proof protection. They can be used with SafePal App and SafePal plug-in wallets, fully support iOS, Android, Windows and MacOS, and cover more than 200 public chains on the App side and all currencies, NFTs and smart contract asset management needs on all chains.
SafePal S1: The most affordable entry-level hardware wallet
As the first hardware wallet launched by SafePal, the biggest feature of SafePal S1 is that it is “cheap and easy to use”. It can be said to be the most affordable entry-level hardware wallet product on the market.
Currently, the official website price of S1 is only US$49.9 (the prices in this article are all direct prices of a single model on the official website, and do not take into account combination packages or distribution channel discounts, the same below). Among the entry-level models of mainstream hardware wallet products currently on sale, it is one of the most cost-effective ones - in comparison, OneKey Classic 1S is US$99, Trezor Model One is US$49, and Ledger Nano S Plus is about US$86.
From the appearance, S1 looks like an early MP3 player. Its size is about the same as an ordinary bank card in China, which makes it easy to carry around (it can be perfectly put into a wallet that stores bank cards). The configuration on the front and back is very simple:
On the front, the far right side is the color screen at the top (displaying wallet information and QR code) + the direction key at the bottom (for menu navigation);
On the reverse side, there is a camera on the upper right side, which is used to scan QR codes when signing transactions;
On the right side of the device, the only button is the power button; at the bottom of the device, there is a Type C port (charging/connecting devices);
Therefore, the only means of communication between S1 and the outside world are "screen display" and "camera code scanning". Except for updating firmware and charging, it is almost completely physically isolated and does not require any wired connection , which greatly reduces the risk of remote attacks and has a high safety factor. Of course, this also means that the operation is relatively cumbersome, especially for users who need high-frequency operations:
In theory, every daily interaction requires S1 and the mobile phone APP to scan the QR code of each other and complete the offline signature to authorize or send the transaction .
From the actual holding experience, you can clearly feel that the S1 feels light, has a strong plastic feel, and the material is more "pragmatic", not soft, and has good pressure resistance.
At the same time, compared with the thin and light design of some hardware wallets, S1 has a moderate thickness, so it has stronger bending resistance (as shown in the figure below, from top to bottom are imToken imKey, OneKey Classic, SafePal S1). Personally, I have not encountered embarrassing situations like OneKey Classic being accidentally bent and damaged....
The following is the first activation and usage process:
1. Startup settings, create/restore wallet
Long press the power button on the right side, wait for the screen to light up, enter the display language selection interface, select "Simplified Chinese", then confirm the button instructions, enter the initialization page, click "OK, let's get started", and you can enter the wallet settings page, there are two options:
"Create a new wallet": Generate and back up a new set of seed phrase offline. You can choose whether it is 12, 18 or 24 characters. Then back it up and verify it, and you can use it normally.
「Restore existing wallet」: According to the previously backed up seed phrase, enter and restore the old wallet, and you can use it normally;
2. Set a PIN code
After the wallet is created or restored, enter the PIN code setting page, enter a 6-digit, 8-digit or other digit PIN code, and then name the hardware wallet to complete the preliminary settings.
3. Mobile App pairing (scan code to bind)
After the hardware wallet is set up, download and open the SafePal Wallet App, click the wallet name at the top of the App homepage (such as "Tyler-S0K#1" in the figure below) to enter the wallet management interface.
Then, in the wallet management interface, click the "Add Wallet" button and select the "Connect Hardware Wallet" option. At this time, options for different models of SafePal hardware wallets (such as S1, X1, S1 Pro) will appear. Select the corresponding hardware wallet model (S1 in the picture).
Then, follow the prompts and use the S1 camera to scan the QR code displayed on the phone screen.
S1 After scanning the code, select "OK" to bind this wallet, and 13 QR code images containing private key signature information will appear alternately.
At this time, go back to the App and use the code scanning function to scan the QR code displayed on S1. Keep doing this for a while until all 13 pictures are scanned. This completes the binding and pairing of the hardware wallet and the mobile App.
After the binding is completed, the SafePal App can synchronize the address and asset information in the X1 wallet. Users can directly view the balance of assets on each chain, such as BTC, ETH, BNB, etc. in the App, and conduct subsequent on-chain interactions such as transfers and authorizations.
4. Signature/authorization for daily transactions
After the pairing is successful, return to the App homepage and use the mobile App to perform various on-chain interactive operations such as transfer and collection of funds on the connected hardware wallet. When authorization/signature and other links are involved, they need to be confirmed on S1 - information is transmitted through the QR code to complete the offline signature .
Here we take daily transfer operations as an example:
Initiate a transfer : Select the payment wallet (the account corresponding to the connected hardware wallet) on the transfer interface, fill in the transfer currency (such as BNB), receiving address, and transfer amount, and click "Next";
Confirm transaction details : The transfer confirmation interface pops up, showing detailed information such as payment address, receiving address, transfer amount, mining fee, etc. Check the information again, and click "Transfer" after confirming that it is correct;
Trigger biometric verification : the system pops up a fingerprint verification pop-up window (if fingerprint payment is set up) to verify the fingerprint, otherwise enter the PIN code on the App side;
Generate transaction QR code : After verification, the App will generate a QR code containing complete transaction information (as shown in the last picture), and display the verification code for the user to double-check. This QR code is the transaction data that needs to be scanned by the hardware wallet and signed offline;
At this time, use the S1 hardware wallet to scan the QR code displayed on the mobile phone. A verification page will be generated on the hardware wallet screen. After verifying that the key transaction information (transfer amount, address, mining fee, etc.) is correct, click "OK" and enter the PIN code you set previously. Then, two signature QR codes containing private key signature information will be generated on the S1 screen, which will appear alternately .
Finally, return to the App and show the QR code on the S1 screen to the mobile App for scanning. Then, you can sign and broadcast it to the chain to complete the transaction .
From the above operation process of S1 + Wallet App, it can be found that in daily transactions, users can pair the SafePal hardware wallet with the App, and the two transmit information through QR codes. During this period, S1 does not touch the Internet at all. The overall experience emphasizes "extreme isolation and extreme security", which is suitable for long-term "coin hoarding" or usage scenarios that do not require frequent on-chain interactions .
In a nutshell, S1 achieves the ultimate in security isolation with its QR code design, which is very suitable for users who are new to cold wallets and want to "safely store coins" at a low cost - with only less than US$50, you can safely buy and store Crypto assets from hundreds of mainstream public chains . Of course, the QR code isolation design also makes its signing process relatively cumbersome, which is not suitable for high-frequency user needs in daily interactions.
SafePal S1 Pro: A fully upgraded version of S1
As an iterative upgrade of SafePal S1 (the price increased from US$49.9 to US$89.99), S1 Pro is basically the same as S1 in appearance and size, but it is obviously superior in detail polishing and user experience.
First of all, the material has been comprehensively upgraded, from ABS + PVC of S1 to aluminum alloy + tempered glass. The battery capacity has also been expanded from 400 mAh to 500 mAh. The overall body is lighter, thinner and more compact, and the four corners have been changed to a rounded edge design to improve the comfort of holding.
The surface material has removed the more obvious "plastic feel" on the S1, and the overall texture has a more delicate and firm feel that is closer to the ceramic texture. The overall contour is more fit to the hand, making the S1 Pro feel more "smooth" rather than "rough". Without sacrificing hardness and pressure resistance, the texture of the shell has achieved a perceptible leap.
The second is the structural optimization of the camera position - the S1 Pro changes the rear camera from the upper right corner of the S1 to a centered layout, which not only has a smaller aperture and a more coordinated look, but also solves the problem of the S1 needing to frequently adjust the angle when scanning the code to sign because the screen and camera are separated, significantly improving the recognition efficiency of the QR code.
As for the initial activation and usage process of S1 Pro, it is the same as S1, so I will not go into details here.
Of course, like S1, S1 Pro continues the characteristics of "high security and slightly complicated operation" brought by QR code signature. Therefore, it is similar to S1 in application scenarios and is more suitable for users who focus on safe asset storage and coin hoarding . For high-frequency trading users, its operation process still has certain limitations.
SafePal X1: Bluetooth model, a powerful tool for cross-device/multi-account device switching
SafePal X1 is the first Bluetooth hardware wallet launched by SafePal ($69.9). It is slightly narrower than an ordinary bank card and is relatively small. Compared with S1 and S1 Pro, the screen size has been upgraded from 1.3 inches to 1.8 inches. It is also equipped with 12 physical keys (10-digit numeric keypad + 2 function keys), which makes it more intuitive and convenient to enter PIN codes, switch between different pages, and other operations.
Different from the offline QR code interaction mode of S1 and S1 Pro, since X1 is connected via Bluetooth, users can quickly switch between multiple devices to achieve efficient asset management and transaction signatures. It is suitable for users who frequently perform crypto asset operations on multiple accounts and multiple devices:
Users can manage daily transactions on their mobile phones, perform asset analysis on their tablets, and make large transfers on their computers. All operations can be quickly signed through X1, without the need to repeatedly plug and unplug devices or scan QR codes, improving operational efficiency.
The following is the first activation and usage process:
1. Startup settings, create/restore wallet
Long press the X1 power button on the lower left corner of the front to turn on the device. When the screen lights up, enter the display language selection interface. Use the number keys to select "Simplified Chinese" and press "OK" to confirm.
Just like S1 and S1 Pro, when you enter the wallet settings page, there are two options:
"Create a new wallet" : Generate and back up a new set of seed phrase offline. You can choose whether it is 12, 18 or 24 characters. Then back it up and verify it, and you can use it normally.
「Restore existing wallet」 : According to the previously backed up seed phrase, enter and restore the old wallet, and you can use it normally;
2. Set a PIN code
After the wallet is created or restored, enter the PIN code setting page, enter a 6-digit, 8-digit or other digit PIN code, and then name the hardware wallet to complete the preliminary settings.
3. Mobile App pairing (Bluetooth binding)
After the hardware wallet is set up, download and open the SafePal Wallet App, click the wallet name at the top of the App homepage (such as "Tyler-S0K#1" in the figure below) to enter the wallet management interface.
Then, in the wallet management interface, click the "Add Wallet" button and select the "Connect Hardware Wallet" option. At this time, options for different models of SafePal hardware wallets (such as S1, X1, S1 Pro) will appear. Select the corresponding hardware wallet model (X1 in the picture).
After ensuring that the Bluetooth on your phone is turned on, the App will automatically start searching for nearby Bluetooth devices. When the X1 is powered on and the Bluetooth function is turned on, it will automatically search and match the X1 hardware wallet . As shown in the figure, the device name such as "SafePal X1-830B" will appear in the available devices column in the wallet App.
After clicking the corresponding device name, the App will automatically initiate a pairing request, and enter the PIN code on the X1 screen to confirm the pairing. The user only needs to use the "OK" button on the physical button to complete the confirmation, which completes the wallet binding process on the hardware device.
After the binding is completed, the SafePal App can synchronize the address and asset information in the X1 wallet. Users can directly view the balance of assets on each chain, such as BTC, ETH, BNB, etc. in the App, and conduct subsequent on-chain interactions such as transfers and authorizations.
4. Signature/authorization for daily transactions
After successful pairing, users can use the SafePal App to perform various on-chain operations such as transfers and authorizations on the connected X1 Bluetooth hardware wallet. There is no need to scan codes during the entire process. All interactive data will be automatically encrypted and transmitted via Bluetooth, and confirmed and signed on the X1 screen .
The following takes daily transfer operations as an example to show the complete Bluetooth signature process:
Initiate a transfer : Select the payment wallet (i.e. the account bound to X1) in the SafePal App, enter the currency (such as BNB), payment address, amount, and click "Next";
Confirm transaction details : The App will pop up a transaction confirmation interface, showing detailed information such as payment address, payment address, transfer amount, and mining fee. After carefully checking that everything is correct, click "Transfer" to continue the operation;
Trigger biometric verification : If the fingerprint payment function is enabled, the system will pop up a fingerprint recognition box. If it is not enabled, you need to enter the PIN code of the SafePal App;
Bluetooth push signature request : After identity authentication is passed, the transaction data will be pushed to the X1 hardware wallet via Bluetooth. At this time, the X1 screen will automatically pop up the transaction confirmation interface, displaying the core information (transfer amount, address, gas fee, etc.) to ensure that the user checks again;
After the user confirms that the information is correct, use the X1 physical button to complete the PIN code input and click "OK" to sign the transaction. After the signature is completed, X1 will automatically transmit the signature data back to the App via Bluetooth, and the App will automatically initiate the transaction broadcast, and the transaction will enter the on-chain confirmation process.
After the transaction is completed, wait for the blockchain network to confirm the transaction, and you can check the transaction status and progress on the App.
In general, the SafePal X1 Bluetooth hardware wallet provides users with a "second-level response experience" that can complete high-frequency operations without frequent code scanning or plugging in wires for transmission - transaction requests are pushed encrypted via Bluetooth, and users only need to complete PIN input and button confirmation on the X1 physical device to complete offline signing, and the private key does not touch the Internet throughout the process.
In particular, by replacing the QR code with Bluetooth, X1 not only simplifies the entire signature process, but also effectively improves the fluency of use. It is especially suitable for Degen users who frequently trade and switch across devices. Compared with S1 and S1 Pro, its biggest advantage lies in its native adaptation to "high-frequency, multi-terminal, and multi-account" operations :
Seamless cross-device operation : X1 can flexibly switch between multiple terminals such as mobile phones, tablets, and laptops. Users can manage daily transactions on their mobile phones and perform DEX operations or large-scale fund allocation on their PCs. One-click authorization via Bluetooth eliminates the need for repeated plugging and unplugging or scanning codes, greatly improving efficiency.
Parallel management of multiple accounts : SafePal App supports adding multiple wallet accounts. X1 can quickly pair with different accounts via Bluetooth, without the need to repeatedly import seed phrase or reinitialize the device. It can quickly switch accounts via Bluetooth connection, perform corresponding asset management and transaction signatures, and adapt to the efficient needs of advanced users in multi-chain and multi-wallet asset management scenarios;
This makes X1 a rare cold wallet solution among similar products that is truly suitable for "multiple accounts + multiple devices + high-frequency interactions".
In terms of security hardware standards, SafePal X1 is gradually completing the update from the original CC EAL5+ to CC EAL6+ security chip, reaching the same high security standard as S1/S1 Pro. This level of security certification is often used in military, financial and other scenarios with extremely high requirements for data protection, ensuring that private keys are always securely stored in independent chips and cannot be exported or cracked.
Other accessories
In order to further enhance the security and ease of use of asset backup, SafePal has also launched two practical accessories: the SafePal Cypher metal seed phrase board and a hardware wallet-specific protective leather case, priced at US$44.99 and US$9.9 respectively on the official website.
in SafePal Cypher is a stainless steel metal plate designed for long-term secure backup of seed phrase . It complies with the BIP39 seed phrase standard and supports the storage of 12, 18 or 24 seed phrase words. Its biggest advantage is that it is fire-resistant, waterproof and corrosion-resistant, making it more conducive to long-term storage.
After all, compared to paper backups that are susceptible to moisture, burnt, lost, and other risks, Cypher is made of industrial-grade stainless steel with a melting point of up to 1398°C, which is much higher than the average temperature of an ordinary house fire (about 900°C) (similar aluminum alloy products on the market have a melting point of about 650°C and there is a risk of failure in extreme cases).
At the same time, it has good moisture-proof, rust-proof, acid-proof and alkali-proof capabilities. Even in harsh environments, it can be stored for a long time without deformation or damage. It is also impact-resistant and wear-resistant. The high-strength steel ensures that it remains stable and reliable in physical damage scenarios such as falling and collisions. In addition, the overall size is slightly larger than S1/S1 Pro, making it easy to carry and store.
In short, SafePal Cypher is a cold backup solution that truly provides "decades of backup plans", and is particularly suitable for heavy coin holders who value long-term security.
The leather case officially launched by SafePal is specially customized for hardware wallets. It has a flexible and wear-resistant material and a fitted design, which can effectively prevent the device from being scratched and collided during carrying. It is very suitable for users who carry it with them or travel for a long time.
In general, if you are just getting started in the world of Crypto and hope to find a cheap and safe option for storing coins, especially if you mainly use it for long-term holding (HODL) of assets, do not need frequent on-chain interactions, prefer an asset isolation solution of "completely disconnected from the Internet, fully offline", are more sensitive to prices , and hope to get a cost-effective and secure experience within a limited budget, then the cold wallet combination based on SafePal S1 + Cypher + leather case is an excellent choice that is both economical and reliable in the current market (see here ).
"Mobile first" full stack architecture design
As mentioned above, unlike most traditional hardware wallets that rely on USB ports to connect to PCs, SafePal's S1, S1 Pro, and X1 hardware wallets have built a complete "mobile-first" interaction system around the SafePal App since their inception, forming a more unique cold wallet interaction mode:
S1 / S1 Pro: Scan the QR code to achieve offline communication and signature with the App;
X1: Automatically connect to the App via Bluetooth for seamless signing;
Plugin wallet: The App initiates the authorization request (the plugin also supports seed phrase import, and the experience is consistent with MetaMask), opening up multi-terminal interconnection.
Compared with PC plugging in, this design is closer to the experience of logging in to the desktop by scanning the WeChat code: the plug-in initiates the request ➝ the App receives the request ➝ the hardware wallet completes the signature ➝ the transaction is sent back to the chain , which means that the transaction process is both secure and flexible, and the private key never leaves the hardware device and is not directly exposed to the Internet environment.
This architecture is also completely different from the interconnection mode of hardware wallets such as OneKey in the use scenario involving PC plug-in wallets. Take the most typical DeFi operation scenario as an example:
- Traditional mode: PC wallet operates → wake up the hardware device via USB cable → physical confirmation of the hardware device → USB returns data;
- SafePal architecture: PC wallet operates → mobile app receives push request → S1/S1 Pro scans QR code/X1 Bluetooth physical confirmation → encrypted channel transmits data back;
This is equivalent to building a three-layer architecture of "mobile app as the core + hardware security layer + plug-in wallet". When the user initiates a transaction in the plug-in wallet of the PC device, the SafePal App will immediately receive the push request stream, complete the off-chain signature through the hardware wallet, and then send the data back to the plug-in.
This not only retains the operational inertia of the plug-in ecosystem, but also realizes hardware-level security isolation through the mobile terminal. The author believes that this design philosophy of "compatibility but not dependence" is also the core advantage of the "mobile terminal first" full-stack architecture. In essence, it transforms the hardware wallet from an "independent device" to a "security module of the mobile ecosystem", realizing SafePal App as a super application to conquer the world (secure transactions, asset management, and on-chain exploration):
The mobile app is used as the real center of on-chain interaction, the PC side only plays the role of information display and operation assistance, and the hardware side focuses on authorization and signature, fundamentally improving the fluency and security redundancy of multi-terminal collaboration.
After all, judging from the development history of the Internet era, future Web3 applications and Crypto security devices will most likely rebuild their interaction logic around mobile devices.
Conclusion
Crypto security services at the hardware wallet level should become a universal Web3 public product.
Objectively speaking, the current price of SafePal's entry-level product SafePal S1 is only US$49.99. As the most user-friendly entry-level hardware wallet on the market, it can be regarded as "a hardware wallet that everyone can afford."
From the perspective of user experience, with the popularization of mobile wallet experience, SafePal's "mobile app-based + hardware-based QR code/Bluetooth signature" interaction model is also expected to gradually become the mainstream paradigm for the development of Web3 wallets: the PC side is used as the operating interface, and transaction authorization and signature are completed by the mobile app in conjunction with the hardware wallet, truly realizing integrated asset management across devices and scenarios.
From the perspective of security logic, hardware wallets in the future will no longer be a single device, but an App-centric cross-terminal encrypted asset management solution. Next, we look forward to more variables in the hardware wallet track.
