Ledger vs Cypherock X1

Team Cypherock
Team Cypherock
12 min read
Ledger vs Cypherock X1

Introduction

With the growing popularity of cryptocurrencies, the need for secure ways to store digital assets is more important than ever. As the value of crypto increases, so does the risk of hacks, making the security of hardware or cold wallets a top priority for anyone involved in the crypto space. Choosing the best hardware wallet is crucial, with the ideal choice being one that is not only highly secure but also easy to carry and use.

In this comprehensive hardware wallet comparison, we’ll compare two of the most popular cold wallets on the market to store your crypto: the Ledger hardware wallet and the Cypherock X1. Our analysis and comparison will focus on their hardware architecture, security features, transparency, wallet transferability, and coin support, amongst others. We aim to provide a clear and concise analysis to help you decide which wallet best fits your crypto security needs.

Hardware

Architecture

Ledger wallets have a dual-chip architecture and they function on their custom operating system, BOLOS (Blockchain Open Ledger Operating System). The device incorporates a secure element (EAL6+ certified for the cheaper Nano S Plus and an EAL5+ certified chip for the flagship Nano X model) and an STM32 microcontroller. The wallet also has a display and buttons.

Contrasting with Ledger and other traditional hardware wallets, the Cypherock X1 adopts a distinct design philosophy. Its architecture consists of the X1 vault and four NFC-enabled X1 cards, each designed to optimize security and the user experience.

The X1 vault is the main device, and at the core of the X1 vault is a dual-chip setup comprising an STM32 microcontroller and a secure element, tailored for robust offline computation and verification purposes. The integration of an OLED display and joystick not only enhances user interaction but also ensures secure and effortless transaction verification and authentication.

The X1 Cards are encrypted NFC-based smartcards with EAL 6+ secure elements. Which simply means they have exactly the same security as that of your bank’s credit card. These cards also support encrypted NFC connectivity with smartphones, enhancing user convenience and security.

The Cypherock X1 stands out with its decentralized storage of Crypto private keys, enabled by its innovative multi-component architecture. This approach diverges significantly from traditional hardware wallets like Ledger, which store the private key in a single location.

In Cypherock X1, the X1 vault divides your private key into five distinct parts. Each part is securely stored in a separate, tamper-proof hardware component. To access your private keys, only two parts are needed: a combination of the X1 vault and an X1 card or two X1 cards. This unique design significantly enhances the Cypherock X1’s defense against physical attacks.

When attackers physically access a wallet, the centralized key storage becomes vulnerable. Skilled attackers can exploit this vulnerability to extract private keys and crypto assets. This architecture has been exploited in the past with Ledger devices.

Cypherock’s architecture addresses this vulnerability at an architectural level to complicate such unauthorized access. Compromising one component doesn’t reveal the complete key, ensuring a high level of security for your crypto assets.

To extract the full private key from Cypherock X1, an attacker must breach multiple security layers. An attacker would first need to gain physical access to both the X1 vault and an X1 card and then breach their individual security measures. This layered security approach renders successful attacks highly unlikely, setting a new standard in hardware wallet security.

Both wallets feature the secure element, which adds an extra layer of security. Both wallets have very good build quality, too.

It is also important to mention that the Cypherock X1 comes with a free hard case, specially designed to keep your device and components safe. It offers splash and dust resistance, shields against drops and bumps, and even protects against electromagnetic waves like a Faraday cage. Whether you’re on the move or at home, this case is a great way to ensure your Cypherock X1 stays secure in any situation.

Display

An on-device display is crucial for crypto security in hardware wallets. It enables users to visually verify transaction details before confirmation.

Both Ledger wallets and the Cypherock X1 (the X1 vault) are equipped with an on-device trusted display. This feature presents all necessary transaction information, such as coin type, amount, and recipient address, on the display, allowing for offline verification before transaction authorization.

By integrating trusted displays, both Ledger and Cypherock X1 not only enable completely trustless interactions with blockchain and crypto for the users but also promote clear and secure transaction signing practices.

Buttons

Buttons on a hardware wallet are as crucial as the display, enabling manual approval of transactions. After reviewing transaction details on the wallet’s trusted display, you confirm the action by pressing these buttons. This manual input is vital for security by ensuring user control and preventing unauthorized actions.

Essentially, this button acts as a safeguard, ensuring that no malware can bypass the user’s authorization and strengthening the overall security of the user.

Both Ledger wallets and the Cypherock wallet have these buttons. On the Cypherock X1, the X1 vault has both an on-device display and a button.

The 5-way joystick on the Cypherock X1’s X1 vault offers smooth navigation over the screen and also serves as the confirmation button. This design guarantees that no transaction can be executed and signed without explicit user consent.

Cypherock’s integration of a 5-way joystick offers a significant advantage, enhancing both the user experience and functionality. This is in contrast to wallets like Ledger and Trezor, which rely on just two buttons and, therefore, add complexity when performing various actions such as confirming transactions or navigating the device.

Security

Product Authentication and Verification

Ledger wallets and Cypherock X1 are both hardware wallets. These are specialized hardware designed to keep your private key and seed phrase safe and secure offline. They will only use your private key to sign crypto transactions.

The companion apps, Ledger Live and the CySync app, facilitate the initial setup of the wallets. During this setup, both companion apps perform the device authentication (verify and authenticate both the device hardware and firmware) of their respective wallets. This authenticity check provides safety for users against Supply Chain and Evil Maids Attacks.

Furthermore, Cypherock users can set up 2-factor authentication by providing an email ID. When users enable this feature, they directly receive authenticity results via email from Cypherock’s server. This enhances security because, like any software, the CySync companion app is also not immune to hacking. A compromised app could potentially display false authentication results, posing a significant risk to users’ financial security. By introducing email 2-FA, Cypherock effectively mitigates this risk.

With 2-factor authentication, the result is sent directly to your email. This makes it possible for the users to not solely rely on the CySync companion app to know the wallet’s authenticity. It’s like having an extra security check to ensure everything stays safe.

Entropy Generation

Entropy generation is crucial for creating secure private keys. It’s like a digital coin flip, ensuring that keys are random and secure.

Ledger hardware wallets leverage their secure elements (EAL5+ or EAL6+, depending on the model) for this purpose. During the initial setup of the wallet, the True Random Number Generator (TRNG) embedded in the wallet’s secure element springs into action, generating the wallet’s entropy. These hardware TRNGs in Ledger wallets derive randomness from several sources. Additionally, Ledger incorporates standard post-processing treatments to further enhance the security of the generated entropy.

In contrast, the Cypherock X1 employs an innovative distributed entropy generation approach. The X1 vault utilizes two components for entropy generation: the STM32L4 MCU and the ATECC608 secure element. Both of these components independently generate a random number. These numbers are then combined using an XOR operation and the result is used as the wallet entropy.

The approach taken by Cypherock serves as a safeguard against potential security backdoors by chip manufacturers. Furthermore, by using two independent sources and combining them, the Cypherock X1 avoids any single point of failure in entropy generation, enhancing overall security.

Seed Phrase Backup and Private Key Storage

Both the Cypherock X1 and the Ledger wallets generate a truly random 12–24-word BIP-39 seed phrase for you during the device initialization and setup, followed by a PIN setup for an extra layer of protection. This seed phrase will be used to derive private keys for your Bitcoin, Ethereum, and other coins.

Ledger, just like any other traditional wallet, displays the seed phrase on its screen during the initial setup. This is for you to securely back it up, as this seed phrase essentially backs up your private key. Traditionally, users would write this seed phrase on a piece of paper or sometimes use a metal backup to keep it safe.

However, there is an issue with traditional seed phrase backups such as paper and metal backups: they fully expose the seed phrase in an unprotected, human-readable form. Furthermore, anyone who has access to this seed phrase can access all of the crypto assets associated with it. If you lose access to your seed phrase backup, you will lose access to your private keys and crypto assets. This makes the seed phrase backup a single point of failure.

In the event of a loss of seed phrase backup, to recover your crypto assets, you would need to create a new wallet, one for which you have access to its seed phrase, and then individually transfer all your coins from your Ledger to this new one.

The Cypherock X1 uniquely resolves this issue. As the world’s first hardware wallet without any seed phrase vulnerabilities, the Cypherock X1 splits the private key into five distinct parts, storing each in separate, tamper-proof hardware components. To reconstruct your private keys, you only need any two of the five parts: an X1 card and the X1 device or two X1 cards. This is achieved through a cryptographic technique called Shamir Secret Sharing.

Cypherock X1 doesn’t just secure your private keys securely; it also gives you more control and accessibility. Unlike traditional wallets, Cypherock X1 allows you to view and access your seed phrase securely at any time after the initial setup. You would still require the X1 vault, 1 X1 card, and the PIN you had to set to be able to do that.

This unique feature makes the Cypherock X1 interoperable with all other BIP-39 compatible wallets while completely eliminating the need for an additional seed phrase backup for later access to your wallet and assets. For users who still prefer having a separate seed phrase backup, the flexibility remains, offering a balanced approach to security and convenience. This way, there are no worries about losing your backup, giving you full peace of mind.

Even if you lose three out of the five parts, your crypto assets and private keys remain safe and recoverable with any two remaining parts. In case of such a loss If such a loss occurs, simply replace the lost components, sync them with the existing ones, and your wallet is operational again—no written seed phrase backup is needed.

Cypherock X1’s design not only enhances security but also offers practicality. With just a single X1 card and the X1 vault, you can perform various actions, from viewing your seed phrase to executing transactions. Interaction is as simple as tapping the X1 card onto the X1 vault.

By utilizing five hardware components instead of a single seed phrase, the Cypherock X1 eliminates the need for traditional paper or metal seed phrase backups, enhancing security and convenience.

The Cypherock X1 with its robust design and architecture not only addresses one but two critical vulnerabilities—that is, two single points of failure commonly found in crypto wallets: the need for a seed phrase backup and the centralization of private keys.

Traditional hardware wallets like Ledger and Trezor themselves represent a single point of failure by storing the private key within the device, a method that poses significant security risks. If the security of the wallet is breached, the private key becomes exposed, leading to the potential theft of crypto assets.

There have been instances where these popular wallets have faced security breaches. For example, Kraken successfully extracted the full private key from the Trezor wallets with just 15 minutes of physical access. Even Ledger’s security model was broken by a 15-year-old in the past. These incidents highlight the dangers of centralized key storage.

In contrast to the other wallets, the Cypherock X1 adopts a decentralized approach. Neither the X1 vault nor the X1 cards store the private key completely; they only hold a cryptographic part of it. Importantly, the X1 vault only temporarily stores the private key or seed phrase in its volatile memory during the actions of transaction signing or viewing. What remains permanently in the X1 vault are just the wallet names and an encrypted Cryptographic part of the private key. These pieces alone are insufficient to compromise your assets. This design significantly reduces the wallet’s attack surface, enhancing the security of your crypto assets.

Furthermore, even if an attacker compromises parts of your Cypherock X1, they cannot access the full private key, as it is not stored in one location. The wallet is also PIN-protected. This PIN code is also never stored inside the wallet directly. In the case of a brute force attack on the PIN, the wallet’s security is such that it progressively increases the PIN reattempt duration exponentially with each incorrect try. So, as long as you remember your PIN, your crypto stays secure.

Keep the X1 vault and an X1 card for regular use, and distribute the remaining cards across multiple geographical locations that only you know and can access. This added security layer ensures the safety of your crypto assets, offering unparalleled peace of mind.

Transaction Signing

In both Ledger wallets and the Cypherock X1, transaction signing is securely conducted on the device itself, within the X1 vault for the Cypherock X1.

This method ensures safety, as both the Ledger wallet and Cypherock X1 Vault feature a display and physical buttons. These allow users to verify and confirm transactions offline in a secure way.

Passphrase Support

Both Ledger and Cypherock wallets support BIP-39 passphrases. The passphrase acts as your 25th word, combined with your 24-word seed phrase.

This feature adds an extra layer of security on top of the PIN protection and offers additional advantages and functionalities. For instance, passphrases allow you to derive multiple wallets from a single seed phrase, enabling the segregation and diversification of your crypto assets. Additionally, it aids in protecting against seed exposure and supports the creation of hidden wallets for added privacy.

While this feature is optional, it’s particularly recommended for expert users. Caution is advised, as forgetting the passphrase could lead to irreversible loss of your crypto assets.

Wallet Transferability

Both Ledger wallets and the Cypherock X1 conform to BIP-39 standards, enabling you to seamlessly import or export BIP-39 seed phrases. This compatibility facilitates easy access to crypto assets associated with these seed phrases across different wallets.

Like many other wallets, Ledger wallets are also designed to store one wallet at a time. Access to the initial seed phrase generated by the Ledger device is crucial for transferring your wallet to any other BIP-39 compatible wallet

Ledger places the burden of safeguarding the seed phrase on the users for future uses, such as transferring the wallet, as the seed phrase is only displayed once during the initial setup.

On the other hand, Cypherock X1 offers more flexibility. With Cypherock X1, you can easily transfer your wallet to another BIP-39 compatible wallet using the seed phrase. The ability to view the seed phrases anytime eliminates the need for a separate seed phrase backup while transferring or importing wallets to a different device, making the whole process easier and more convenient.

While both Ledger and Cypherock support importing existing BIP-39 wallets via seed phrase, Cypherock X1 takes it a step further. The Cypherock X1 allows you to store up to four separate wallets on the product at the same time by just importing each of the wallet’s seed phrases. These wallets can be individually protected by a user-selected PIN code as well.

In practical terms, this means you can import other software or hardware crypto wallets, such as Ledger, Trezor, and Metamask, into your Cypherock X1. This capability positions the Cypherock X1 not just as a wallet but as a versatile seed phrase vault, enabling you to efficiently manage and back up multiple crypto wallets with the same decentralized key storage security.

Open Source

Ledger wallets run on a proprietary or custom operating system called BOLOS(Blockchain Open Ledger Operating System). BOLOS isolates different cryptocurrency applications, such as Bitcoin, Ethereum, Solana, etc.

Ledger’s firmware is closed source due to nondisclosure agreements (NDAs). This means we cannot see what code goes into the device and what it runs on. The firmware is also not reproducible for the same reason. However, the specifications and the cryptography librarythat they use are open source.

The problem with Ledger code being closed source is that people cannot review or know what a firmware update would be doing.

To put this more into context, Ledger recently announced their “Ledger Recover” service. This feature would allow users to recover their seed phrase if they lost their backup. And Ledger would be providing this feature through a firmware update.

This is how Ledger Recover works, in brief: Your Ledger wallet will divide the encrypted seed into three parts cryptographically, and these parts will be sent to three independent servers where they will be stored securely. Your seed phrase can be reconstructed with any two out of the three parts. Just like how Cypherock X1 splits and reconstructs your private keys, Ledger also uses Shamir’s Secret Sharing for Ledger Recover.

Ideally, your private key should only be used for offline transaction signing on the hardware wallet itself and nothing else. But this service would allow the Ledger wallets to extract your seed phrase or private keys out of the device, which should not have been possible in the first place.

This leads to the accusation that Ledger can potentially access the user’s seed phrase if they want, at their will. It is also possible that Ledger always had a backdoor hidden in their code that could extract their user’s seed phrase. All of this raises alarming concerns because, again, the Ledger wallets operate on closed-source software. The whitepaper and explanations alone are not sufficient. As they say, “Don’t Trust, Verify.” but it’s simply not possible with Ledger.

Unlike Ledger wallets, the Cypherock X1 vault’s firmware is fully open source and available on their GitHub repository. This transparency extends to the wallet firmware, the CySync companion app, and the signing function, allowing users to check and verify what the code running on the device is doing.

Furthermore, Cypherock X1’s firmware has undergone thorough auditing by KeyLabs, the same security firm that uncovered vulnerabilities in Trezor and Ledger. In addition to Keylabs, WalletScrutiny has scrutinized and certified the firmware as ‘reproducible.’

Both audit and scrutiny reports are publicly accessible, providing users with clear insights into the security measures in place.

This level of transparency is crucial in the field of crypto where user’s life savings are involved. Cypherock X1, being audited, scrutinized, and open source, assures the users that the wallet is safe to use.

Secure Firmware Updates

The firmware update servers are high-value targets for hackers. This is because infected firmware can be used to make a device do unexpected and unpredictable things to the hacker’s wish.

In the case of crypto wallets, this threat becomes more prominent. This is because software and hardware wallets store your private key locally within the device. Such storage practices create a vulnerability that could be exploited through software updates to steal your assets.

In the case of Ledger wallets, something like this could very well happen as it centralizes the private key and the firmware is closed source. Malicious entities, internal or external to the company, could push malicious firmware updates to steal your private key and crypto assets. In fact, something like this has happened in the past with Ledger.

Remember the recent Ledger hack where an attacker outside of the company was able to push a malicious update to their Connect-Kit package to steal thousands of dollars? Fortunately, this particular package was open-source, and due to that, the community was able to swiftly alert Ledger regarding the hack for a prompt resolution.

Such incidents, compounded by the use of closed-source code, have brought Ledger into the spotlight, raising concerns about the unpredictability and security of their firmware updates.

Furthermore, it’s not just external threats that need consideration. There is also the possibility of Ledger itself introducing updates that users may find undesirable or risky (such as the Ledger Recover feature discussed above, which could be enabled through a firmware update). Such updates have the potential to compromise your private keys and crypto assets.

In contrast, Cypherock ensures that the updates only impact the X1 vault and not the X1 cards. The X1 cards are non-upgradeable and permanently cold. This method not only supports the addition of new coins and features but also offers a significant security advantage: updating offline hardware like the X1 Vault is inherently more secure than updating software-based systems, as it minimizes exposure to online threats. This way, Cypherock ensures that the security of users’ private keys won’t be compromised, effectively balancing adaptability with safety.

Further distinguishing itself, Cypherock leverages its open-source nature. This ensures that the firmware running within the X1 Vault is aligned with rigorously reviewed open-source code, providing an additional layer of security and transparency.

Cryptocurrency Support

The Ledger Live companion app supports over 5,000 different cryptocurrencies. However, because of the device memory constraint, the Ledger hardware wallets only support storing up to 100 different crypto assets on the Nano X and Nano S Plus models.

This means you can only install 100 different coin apps at a time. If you have more than 100 different coins, you would have to uninstall and reinstall a few of those apps to make everything work. You can find the full list on Ledger’s coin support page.

Supporting 9000+ assets and 10 different blockchains, Cypherock X1 already provides one of the most comprehensive ranges of support for various coins and tokens. You can find a full list on Cypherock’s coin support page. The Cypherock X1 can store thousands of assets, so there are no low memory issues here and support for other coins is on the public roadmap.

Both wallets exhibit strong support for the most popular and widely used coins and networks. The EVM ecosystem is well covered on both wallets.

Companion App

Ledger Live acts as the primary companion app for all the Ledger wallets. You can download all the apps like Bitcoin, Ethereum, Solana, etc on your Ledger hardware wallet through the Ledger Live app and manage all of your coins. It also allows you to interact with your favorite dApps. Ledger Live lets you buy and swap crypto too.

The Cypherock X1 comes with the CySync companion app to help you manage your crypto seamlessly. The CySync app guides you throughout the onboarding process with clear and helpful instructions.

The CySync app offers a convenient and unique feature for portfolio management and aggregation.

While spreading your crypto across different wallets is a good safety move, it can be quite complex when it comes to user experience and overall management. So, if you’ve diversified your crypto across various wallets and are struggling to keep tabs and track everything, the CySync app offers the solution. Simply store the seed phrases of your different wallets in the Cypherock X1 and manage them all in one place. This way, you can use your Cypherock X1 as your all-in-one crypto portfolio aggregator.

The portfolio management feature would also be very useful for someone who owns a business and is involved in managing company assets and his own assets separately but doesn’t want to use multiple seed phrases and hardware wallets for the same.

This way, Cypherock simplifies the management of diversified holdings while promoting better security practices.

Moreover, Cypherock X1 will soon be compatible with other software wallets and apps. For this, the Cypherock SDK is currently in development. It is a Javascript library that can be used to communicate with the Cypherock X1 wallet. This is the same SDK used for CySync v2.0.0.

The SDK will offer a common interface for third-party developers and crypto asset service providers to seamlessly connect and communicate with the Cypherock X1 hardware wallet while accessing the wallet’s capabilities without exposing the seed phrase. This integration extends the wallet’s compatibility, allowing the Cypherock X1 to be used directly for signing transactions with other software wallets like Metamask, Gnosis Safe, and Liminal, among others.

Building on this, the integration brought by the SDK will broaden Cypherock X1 users’ access to the world of NFTs and DeFi, enhancing the functionality and utility of the Cypherock X1 wallet.

Both Ledger Live and CySync are great, they are both open source and facilitate various functions like the device authentication process, initial setup, and making transactions for their respective wallets.

Supported OS

Both Ledger and Cypherock wallets are compatible with all desktop OSs, like Windows, MacOS, and Linux. Ledger also supports Android and iOS through the Ledger Live apps. But only the Ledger Nano X has Bluetooth mobile connection support. In the case of the Ledger Nano S Plus, an OTG cable should be used to connect the wallet to your phone.

While Cypherock does not have an Android or iOS app currently, it will be launched soon. Users would be able to make transactions and perform other functions on their phone (that supports NFC-based communication) with the Cypherock X1.

Ledger Pros and Cons

Pros

  • Supports multiple coins, assets, and networks.
  • Compatible with MetaMask.
  • Supports DApp connectivity.
  • EAL6+ or EAL5+ secure elements.
  • Great form factor.
  • Mobile support.
  • Supports passphrases for extra security.

Cons

  • Firmware is not open source.
  • Possible backdoor. Since Ledger announced their Recover feature, it is evident that the private key can be extracted from the wallet, which should not be possible.
  • Unsecure wallet updates.
  • Smaller screen size compared to other hardware wallets.
  • Single point of failure with private key storage.
  • No non-custodial inheritance support.
  • Storage limitation.
  • Irreplaceable battery in Ledger Nano X.
  • Ledger Nano X is more expensive than Cypherock X1.
  • Risk of losing the seed phrase backup.
  • Risk of losing the hardware wallet.

Cypherock Pros and Cons

Pros

  • Supports multiple coins, assets, and networks.
  • Good form factor.
  • X1 Vault and the CySync app are fully open source.
  • Decentralized private key storage.
  • No seed phrase backup is required.
  • The flexibility of viewing seed phrases anytime.
  • Supports multiple wallets (up to four).
  • EAL6+ is a secure element.
  • NFC-enabled for quick operations.
  • There is not a single point of failure in entropy generation.
  • dApp connectivity is supported through WalletConnect.
  • Stress-free wallet updates.
  • Provides email 2FA for checking the authenticity of the hardware.
  • Supports passphrases for extra security.
  • Can also be used as a seed phrase backup for other wallets.
  • Aggregated crypto portfolio management with the CySync companion app.
  • Inheritance of Crypto assets is possible without compromising control.

Cons

  • Not compatible with MetaMask (support coming soon).
  • Mobile Support is currently missing (support is coming soon).
  • Smaller screen size compared to other hardware wallets.

Cypherock X1

We are live for orders @ www.cypherock.com/product/cypherock-x1

Connect with us:
Twitter: twitter.com/CypherockWallet
Telegram: t.me/cypherock