Trezor Safe 3
The Trezor Safe 3 is Trezor's entry-level hardware wallet with a CC EAL6+ secure element, fully open-source firmware, USB-C, and support for 9,000+ cryptocurrencies. It is the most affordable hardware wallet with both a certified secure element and fully auditable open-source code — a combination no Ledger device offers.
Best for open-source advocates who want verified security, skip if you need Bluetooth or a touchscreen.
Where to Buy
Pros
- Fully open-source firmware — anyone can audit the code that handles your keys
- CC EAL6+ secure element (Infineon Optiga Trust M) for tamper-resistant key storage
- 9,000+ supported cryptocurrencies — broader coverage than Ledger's 5,500+
- 13.1g and 59mm — lightest and most compact hardware wallet in this comparison
- USB-C connection
Cons
- No Bluetooth — USB-C only, cannot sign from phone wirelessly
- Small 0.96-inch OLED display (128x64) — same limitation as Ledger Nano models
- Single physical button — less intuitive than two-button or touchscreen interfaces
- No NFC
Open Source vs Closed Source
Trezor's firmware is fully open-source on GitHub under the GPL-3.0 license. Every cryptographic operation, every key derivation, every signing routine can be audited by anyone. Multiple independent security researchers have reviewed the code, and Trezor publishes reproducible build instructions so you can compile the firmware from source and verify the binary matches what ships on the device. When Trezor says your keys never leave the device, you can read the code to verify this claim line by line.
Ledger's firmware is closed-source. Ledger publishes security audit results from firms like Quarkslab and has a bug bounty program, but you cannot independently verify what the secure element firmware does. After the 2023 controversy around Ledger Recover — a firmware update that could extract seed phrases from the secure element for cloud backup — the importance of open-source firmware became a mainstream talking point. Trezor's code is publicly verifiable, meaning a feature like Ledger Recover could never be shipped without community detection during code review.
This is the fundamental philosophical split in hardware wallets: Trezor trusts the community to verify; Ledger trusts their own team to secure. Neither approach is objectively wrong, but they serve different user profiles. If you are the type of person who reads smart contract code before signing, you will likely prefer Trezor's transparency. If you trust established companies and prefer convenience, Ledger's track record speaks for itself with millions of devices sold and no confirmed private key compromises.
The Secure Element Addition
The Safe 3 is Trezor's first device with a CC EAL6+ certified secure element (Infineon Optiga Trust M). Previous Trezor devices — the Model One and Model T — relied on a general-purpose STM32 microcontroller with firmware-based security. While no remote key extraction was ever demonstrated against those devices, physical attacks were proven by researchers like Kraken Security Labs using voltage glitching to extract seeds from unprotected Model T devices. The Optiga Trust M secure element defends against these physical attacks at the silicon level with tamper-resistant circuitry.
Critically, Trezor's implementation keeps the secure element's role transparent — the open-source firmware defines exactly how the secure element is used for key storage and transaction signing. This addresses the concern that a secure element could contain hidden backdoors: the firmware that interacts with it is fully auditable. The Optiga Trust M handles private key storage and cryptographic operations, while the main microcontroller runs the user interface, display, and USB communication. The division of responsibility is documented in Trezor's security model whitepaper.
The haptic feedback motor, new to the Safe 3, provides tactile confirmation for button presses. On a device with a single physical button, haptic feedback distinguishes between a registered press and a missed one — important when confirming high-value transactions. The vibration pattern differs between navigation presses and transaction confirmations, creating a physical signal that prevents the "did I press it?" uncertainty that plagued earlier button-only Trezor devices.
Trezor Safe 3 vs Ledger Nano S Plus
At similar price points, these two entry-level hardware wallets represent the clearest embodiment of the Trezor vs Ledger divide. Both use CC EAL6+ certified secure elements — the Trezor with Infineon's Optiga Trust M, the Ledger with ST Microelectronics' ST33K1M5. Both are USB-C only with no wireless connectivity. Both have small OLED displays with physical button navigation. The security hardware is, for practical purposes, equivalent.
The differences are firmware philosophy and ecosystem. Trezor's open-source firmware supports 9,000+ cryptocurrencies through community-contributed chain support. Ledger's closed-source firmware supports 5,500+ coins through their own development and certification pipeline. For mainstream assets (Bitcoin, Ethereum, Solana, Cardano), both work identically. For lesser-known tokens on niche chains, Trezor's broader support may matter. Trezor uses Trezor Suite for wallet management; Ledger uses Ledger Live. Both integrate with MetaMask, Rabby, and other browser extension wallets for DeFi.
Shamir Backup (SLIP-39) is available on the Safe 3 but not on any Ledger device. This allows splitting your recovery seed into multiple shares (e.g., 3-of-5) so that no single backup location contains enough information to steal your funds. If multi-share seed recovery is important to your security model, Trezor is the only option at any price point. Ledger uses standard BIP-39 24-word seeds exclusively, which means a single backup sheet is a single point of failure.
Shamir Backup: Multi-Share Seed Recovery
The Trezor Safe 3 supports SLIP-39 Shamir Backup — a recovery scheme that splits your seed into N shares, of which any M are required to reconstruct the wallet. Instead of writing down a single 24-word BIP-39 seed phrase and storing it in one location (a single point of failure), Shamir lets you create, for example, 5 shares and require any 3 to recover. Each share is a 20-word mnemonic that reveals nothing about your seed on its own. A thief who steals one or even two shares cannot reconstruct your wallet.
The practical deployment model solves real-world security problems that standard seeds cannot. Store one share in your home safe, one in a bank safety deposit box, one with a trusted family member, one in a fireproof bag at your office, and one with an attorney. Any single location can be compromised — fire, theft, flood, legal seizure — and your funds remain recoverable from the remaining shares. With a standard 24-word seed, losing your single backup means losing everything. A 3-of-5 Shamir split tolerates two simultaneous failures before funds are at risk.
No Ledger device supports Shamir Backup at any price point. Ledger uses standard BIP-39 24-word seeds exclusively, which means your entire crypto portfolio depends on a single piece of paper (or steel plate) stored in a single location. The Trezor Safe 5 also supports Shamir, but the Safe 3 is the most affordable device with this capability. For users holding significant crypto value — enough that a total loss would be financially devastating — Shamir Backup is arguably the single most important security feature in hardware wallets today, and Trezor is the only vendor offering it.
Common Gotchas
The single physical button navigation is tedious for entering passphrases and PINs. Scrolling through the alphabet one character at a time to enter a 12-character passphrase takes 3-5 minutes. This is the #1 reason users upgrade to the Safe 5 with its touchscreen keyboard.
Shamir Backup (SLIP-39) recovery phrases are NOT compatible with standard BIP-39 wallets. If you set up Shamir shares and later try to recover on a Ledger or MetaMask using those shares, it won't work. Shamir recovery only works on Trezor devices. This is important for estate planning — make sure heirs know they need a Trezor.
Trezor Suite requires a desktop or browser — there is no official Trezor mobile app for iOS or Android. You manage your wallet from a computer only. For mobile access, use third-party wallets like Rabby or MetaMask that connect to the Trezor via USB on supported devices.
The Safe 3's OLED display shows only 2-3 lines of text at a time. Verifying a complex DeFi transaction requires scrolling through 10-15 screens. Compare addresses digit by digit, checking start and end characters at minimum.
Full Specifications
Processor
| Specification | Value |
|---|---|
| security_chip | Optiga Trust M (CC EAL6+) [1] |
| certification | CC EAL6+ [1] |
| open_source | Firmware fully open-source [1] |
Memory
| Specification | Value |
|---|---|
| supported_coins | 9,000+ [1] |
| supported_chains | 50+ blockchains [1] |
Connectivity
| Specification | Value |
|---|---|
| connectivity | USB-C [1] |
| bluetooth | No [1] |
| nfc | No [1] |
I/O & Interfaces
| Specification | Value |
|---|---|
| Display | 0.96" OLED (128x64) [1] |
| Touch | No (1 physical button) [1] |
| USB | USB-C [1] |
Power
| Specification | Value |
|---|---|
| battery | No (USB-powered) [1] |
Physical
| Specification | Value |
|---|---|
| Dimensions | 59 x 32 x 7.4 mm [1] |
| weight_g | 13.1 g [1] |
| Form Factor | USB stick (compact) [1] |
Who Should Buy This
Fully open-source firmware is the only way to independently verify what code handles your private keys. Ledger's firmware is closed-source — you trust their claims. Trezor's you can verify yourself.
9,000+ supported coins vs Ledger's 5,500+. If you hold tokens on lesser-known chains, Trezor's broader support may cover assets Ledger cannot.
No Bluetooth — cannot sign from phone. The Ledger Nano X adds Bluetooth for mobile signing. The Trezor Safe 5 adds NFC but still no Bluetooth.
Better alternative: Ledger Nano X
Ecosystem & Community
Trezor's fully open-source ecosystem includes auditable firmware, the Trezor Suite desktop/web app, and integration with MetaMask, Rabby, and Electrum. The only hardware wallet ecosystem where every line of security-critical code is publicly verifiable.
Compatible Software
What to Build First
Download Trezor Suite, verify the firmware hash against the public GitHub source code, set up the device with a verified PIN and passphrase, receive your first Bitcoin, and create a steel seed backup. Security-first workflow from minute one.
View tutorial →Must-Have Accessories
Video Reviews & Tutorials
Tutorials & Resources
- Trezor Wiki / LearnOfficial setup guides, security best practices, and cryptocurrency educationdocs
- trezor-firmwareFully open-source firmware — verify every line of code handling your private keysgithub
- Trezor SuiteOpen-source desktop app for portfolio management and transaction signinggithub
Frequently Asked Questions
Trezor Safe 3 vs Ledger Nano S Plus: which is more secure?
Both use CC EAL6+ secure elements. The key difference is firmware: Trezor is fully open-source (auditable by anyone), Ledger is closed-source (audited by Ledger and their partners). If you value independent verification, Trezor wins. If you trust Ledger's track record, both are equally secure.
Why does Trezor support more coins than Ledger?
Trezor's open-source firmware allows community-contributed coin support. Anyone can add a new blockchain. Ledger requires their team to develop and certify each app, which slows expansion but may provide more consistent quality.
Does the Trezor Safe 3 work with Ledger Live?
No. Trezor uses Trezor Suite (desktop and web app) for wallet management. The two ecosystems are separate. However, both devices support standard wallet protocols and can restore from each other's recovery phrases.
Is the single button hard to use?
The Safe 3 uses one button with different press patterns — short press, long press, and double press — to navigate menus and confirm transactions. It is less intuitive than the Ledger's two-button or the Safe 5's touchscreen, but functional once learned.
Can I recover a Trezor wallet on a Ledger device?
Yes. Both devices use the standard BIP-39 recovery phrase (24 words). Your recovery phrase restores your keys on any compatible wallet — Trezor, Ledger, MetaMask, or any BIP-39 wallet. You are not locked into one vendor.