The Keystone Pro 3 is a solid air-gapped hardware wallet at $149 with a strong security foundation and transparent firmware. Its EAL5+ secure element, open-source reproducible builds, and QR-only signing make it a credible choice for users who prioritize supply-chain auditability. The undisclosed chip manufacturer and basic multisig support are real gaps — advanced multisig users should look elsewhere.
The Keystone Pro 3 uses a secure element rated EAL5+, which matches the certification level found in Ledger's ST33 chip and exceeds the EAL6+ claims made by some newer entrants like Ledger Flex. However, Keystone discloses neither the chip model nor the manufacturer — a meaningful transparency gap. Comparing to the Coldcard Mk4, which publicly identifies its ATECC608B secure element, or the Foundation Passport, which names its STM32 microcontroller, Keystone's undisclosed silicon is a legitimate concern for researchers who want to audit the full stack.
On the firmware side, Keystone scores well: firmware is fully open source, and the project supports reproducible builds, meaning anyone can compile the source and verify the binary matches what ships on the device. Firmware updates are signed and delivered via QR code or SD card — no USB required for updates, which reduces the attack surface meaningfully.
Genuine check is supported — vendor claims the device verifies its own authenticity at boot via secure boot. This is listed as implemented, but the specific attestation mechanism has not been independently audited by a named third party as of this writing.
Secure element: EAL5+, chip model and manufacturer undisclosed
Open source firmware with reproducible builds — independently verifiable
Secure boot implemented — vendor-claimed, no public third-party audit cited
No known published CVEs specific to Keystone Pro 3 hardware at time of review
Compared to Ledger Nano X, which runs closed-source firmware on a disclosed chip, Keystone's open firmware is a clear advantage. Compared to Coldcard Mk4's fully named silicon, Keystone's chip opacity is a disadvantage.
SecurityKey Factor
The Keystone Pro 3 generates seeds entirely on-device using a BIP39 standard 12-word seed phrase, with optional SLIP39 support for Shamir Secret Sharing. The 12-word default is shorter than the 24-word default used by Ledger, Trezor Model T, and Coldcard — users who prefer 24-word seeds should verify whether Keystone supports that length before purchasing (vendor documentation suggests 12-word as the primary flow).
Shamir Secret Sharing (SLIP39) is a standout feature: users can split the seed into multiple shares requiring a threshold to reconstruct — for example, 3-of-5 shares. This is also supported by Trezor Model T, but notably absent from Coldcard Mk4 and the Foundation Passport, making Keystone one of the more flexible options for advanced backup schemes.
Passphrase support is included, enabling hidden wallets — standard BIP39 passphrase behavior. Recovery on a new device is straightforward for anyone familiar with BIP39: enter the seed phrase on any compatible wallet. SLIP39 recovery requires a SLIP39-compatible device, which limits portability slightly.
Seed: 12-word BIP39 on-device generation (SLIP39 also supported)
Backup methods: paper seed phrase and Shamir multi-share
Passphrase: supported for hidden wallet derivation
No proprietary backup card format (unlike Ledger Recover subscription service)
Compared to Trezor Safe 3, which also supports SLIP39 at a lower $79 price point, Keystone's recovery options are comparable. Compared to Coldcard Mk4, which lacks Shamir support, Keystone offers more backup flexibility.
Recovery & backups
The Keystone Pro 3 ships with a 4-inch color LCD touchscreen — the largest display of any mainstream hardware wallet currently available. For comparison, the Trezor Model T uses a 1.54-inch touchscreen and the Ledger Flex uses a 2.8-inch touchscreen. The extra screen real estate makes transaction detail review significantly more readable, particularly for long contract addresses and NFT metadata.
Initial setup involves powering on, generating a seed phrase, confirming backup, and setting a PIN — vendor estimates this at under 10 minutes. The touchscreen interface is gesture-based and requires no physical buttons for navigation, which lowers the mechanical failure risk but may feel unfamiliar to users coming from button-based devices like Coldcard.
Daily use workflow is QR-code-centric: the device never connects to a computer directly for signing. Transactions are passed via animated QR codes between the Keystone companion app (available on iOS and Android) and the device. This air-gap approach adds a step compared to USB-connected wallets but eliminates USB attack vectors entirely.
The companion app supports Windows, macOS, Linux, iOS, and Android. Third-party integration via MetaMask, Rabby, and Sparrow Wallet is also QR-based. Users new to air-gapped QR workflows — particularly those migrating from Ledger or Trezor — will face a learning curve of roughly one to two sessions before the process feels natural.
4-inch color touchscreen — largest in class
QR-only signing workflow — no USB data transfer
Companion app: iOS, Android, Windows, macOS, Linux
Usability / UX
Keystone Pro 3 supports approximately 5,500 tokens across multiple networks. Key L1 chains include Bitcoin, Ethereum, Solana, and a range of EVM-compatible chains (BNB Chain, Polygon, Avalanche, Arbitrum, Optimism). This token count is competitive with Ledger's catalog but exceeds what Foundation Passport or Coldcard support natively — both of which are Bitcoin-only or Bitcoin-first devices.
Third-party wallet compatibility is a genuine strength. Keystone integrates via QR with MetaMask, Rabby Wallet, Sparrow Wallet, BlueWallet, and Electrum, among others. This is broader than Trezor's third-party QR support, though Trezor compensates with a more mature USB-based integration ecosystem.
WalletConnect is not natively supported on the device itself — DeFi interactions are routed through MetaMask or Rabby as intermediaries, which adds steps but maintains the air-gap. NFT display is supported on the 4-inch screen, which is functionally useful given the screen size. Coin control is available for Bitcoin UTXO management.
~5,500 tokens supported across EVM and non-EVM chains
No native WalletConnect — DeFi requires intermediary app
Multisig: basic support only — advanced multisig coordinators like Specter Desktop require testing
For pure Bitcoin users, Coldcard Mk4 remains more feature-complete (PSBT, advanced multisig, CoinJoin via JoinMarket). For multi-chain users, Keystone's breadth is a clear advantage over Bitcoin-only competitors.
Ecosystem & integrations
Keystone Pro 3 requires no account registration to use the device or companion app — a baseline privacy requirement that Ledger fails with its optional (but marketed) Ledger Recover service. No email address, phone number, or KYC is collected during setup.
Telemetry behavior is not explicitly documented in public-facing technical documentation as of this review. Whether the companion app phones home with usage data — and whether opt-out is available — is not independently verified. Users with strict privacy requirements should run the app through a network monitor before trusting it.
The QR-code-only signing workflow means the device itself never connects to the internet, making it inherently Tor/VPN-agnostic at the hardware level. The companion app, however, does connect to external nodes for balance and transaction data — users should configure custom nodes (Bitcoin Core, Electrum personal server) to avoid leaking xpub data to third-party servers.
CoinJoin support is not natively implemented. Compared to Coldcard Mk4, which supports CoinJoin via JoinMarket and Wasabi integrations, or Foundation Passport with its Whirlpool integration, Keystone lags for privacy-focused Bitcoin users specifically. For general multi-chain privacy hygiene, the no-registration, air-gapped design is solid but not class-leading.
No account registration required
Telemetry: not independently verified
Device never connects to internet — air-gapped by design
No native CoinJoin support
Privacy
The Keystone Pro 3 retails at $149 USD. Direct competitors at similar or lower price points include:
Trezor Model T — $179: touchscreen, SLIP39, open source, but smaller screen and USB-only (no air-gap)
At $149, Keystone Pro 3 undercuts the Trezor Model T by $30 while offering a larger screen, air-gap architecture, and comparable open-source credentials. It undercuts the Ledger Flex by $100 while offering open-source firmware — a meaningful advantage for users who prioritize auditability over Ledger's brand recognition.
Best value for: Multi-chain users who want an air-gapped QR workflow, open-source firmware, and a large readable screen without paying Ledger Flex prices. Also suitable for users who want Shamir backup flexibility without moving to Trezor Model T.
Consider alternatives if: You are a Bitcoin-only user — Coldcard Mk4 at $147 offers deeper Bitcoin-specific features for the same price. If you need the highest possible secure element certification with a named chip, Ledger Flex's disclosed ST33K1M5 at EAL6+ may justify the $100 premium despite closed firmware.
Price & value
Keystone Pro 3 Review Verdict:
The Keystone Pro 3 is an excellent choice for users looking for a secure and versatile hardware wallet with advanced features. With a Secure Element (EAL5+), open-source software, and support for Shamir Secret Sharing, this device offers a robust security framework. Its USB connectivity and compatibility with multiple operating systems (iOS, Android, Linux, Windows, macOS) make it accessible for a wide range of users.
Who it's for:
Cryptocurrency users seeking a secure and customizable hardware wallet.
Those who require offline signing capabilities and multisig support.
Advanced users who want both BIP39 and SLIP39 recovery options.
Who should avoid it:
Users looking for Bluetooth connectivity, as this device does not support Bluetooth.
Individuals who require water-resistant hardware wallets.
Overall Summary:
The Keystone Pro 3 offers an impressive set of features, including a color LCD touchscreen, support for 5500+ tokens, and multiple recovery options. While it lacks Bluetooth and water resistance, these limitations do not detract from its overall security and usability. If you are looking for a reliable, secure hardware wallet that is compatible with various platforms and supports advanced recovery features, the Keystone Pro 3 is a great choice.
✓ Our Verdict
Keystone Pro 3 Review Verdict:
The Keystone Pro 3 is an excellent choice for users looking for a secure and versatile hardware wallet with advanced features. With a Secure Element (EAL5+), open-source software, and support for Shamir Secret Sharing, this device offers a robust security framework. Its USB connectivity and compatibility with multiple operating systems (iOS, Android, Linux, Windows, macOS) make it accessible for a wide range of users.
Who it's for:
Cryptocurrency users seeking a secure and customizable hardware wallet.
Those who require offline signing capabilities and multisig support.
Advanced users who want both BIP39 and SLIP39 recovery options.
Who should avoid it:
Users looking for Bluetooth connectivity, as this device does not support Bluetooth.
Individuals who require water-resistant hardware wallets.
Overall Summary:
The Keystone Pro 3 offers an impressive set of features, including a color LCD touchscreen, support for 5500+ tokens, and multiple recovery options. While it lacks Bluetooth and water resistance, these limitations do not detract from its overall security and usability. If you are looking for a reliable, secure hardware wallet that is compatible with various platforms and supports advanced recovery features, the Keystone Pro 3 is a great choice.
Ready to buyKeystone Pro 3?
We may earn a commission if you purchase through our links. This doesn't affect our editorial independence.
Impermanent loss happens when asset prices in a liquidity pool diverge from external markets, reducing the value of liquidity providers' holdings compared to simply holding the assets.
EAL Certification (Evaluation Assurance Level) from Common Criteria rates the security of hardware components, like secure chips in crypto hardware wallets. Higher levels, such as EAL5+ or EAL6+, indicate stronger resistance to attacks.
Reproducible Builds refer to the process where the same source code consistently produces identical binary outputs, ensuring verifiable and trustworthy software in blockchain and crypto projects.
Firmware Attestation is the process of verifying the authenticity of a device's firmware to ensure it has not been tampered with, commonly used in hardware wallets for security.
Secure Boot is a security feature that ensures only trusted software runs on a device by verifying its integrity during startup, preventing unauthorized code execution in crypto systems.
Open Source Firmware refers to firmware in hardware devices, like wallets, where the source code is publicly available, allowing transparency, auditability, and customization.
Coldcard is an air-gapped hardware wallet for Bitcoin, made by Coinkite, that stores private keys offline and signs transactions without internet exposure.
BIP39 is a standard for generating mnemonic seed phrases that are used to create deterministic wallets and securely back up cryptocurrency private keys.
Shamir Secret Sharing (SSS) divides a secret, like a crypto wallet seed, into multiple shares. A threshold number of shares reconstructs it, enhancing security as in SLIP-39 backups.
A backup in cryptocurrency is a secure copy of a wallet's seed phrase or private keys. It enables recovery of funds if the original wallet is lost or damaged.
A passphrase is an additional security layer for cryptocurrency wallets, acting as a 25th word in the BIP39 seed phrase, protecting access to hidden wallets.
Recovery is the process of restoring access to a cryptocurrency wallet using its seed phrase or mnemonic backup if the original wallet is lost or inaccessible.
A hidden wallet conceals a secondary cryptocurrency wallet behind an additional passphrase on the same seed, providing plausible deniability against coercion.
A Recovery Card is a physical card or sheet for backing up a cryptocurrency wallet's seed phrase, enabling recovery if the original wallet is lost or damaged.
Vendor Backup is a service by hardware wallet manufacturers that securely stores encrypted seed phrase shards with third parties, enabling recovery without self-custody of the full seed.
An NFT (Non-Fungible Token) is a unique digital asset stored on a blockchain, representing ownership of a specific item, such as artwork, music, or virtual goods.
QR Code Signing is a method used in cryptocurrency transactions where a QR code is generated to confirm and sign a transaction, enhancing security and user convenience.
A companion app is a software application used to manage and interact with cryptocurrency wallets or blockchain networks, typically offering features like transactions and security controls.
Bitcoin (BTC) is the first decentralized cryptocurrency, launched in 2009. It uses blockchain technology for secure, peer-to-peer digital transactions without intermediaries.
Ethereum is a decentralized blockchain platform that enables smart contracts and decentralized applications (dApps). Its native cryptocurrency is Ether (ETH).
Solana is a high-performance layer-1 blockchain platform that enables fast, low-cost transactions using Proof of History and Proof of Stake. Its native token is SOL.
BNB Chain is a high-performance blockchain network developed by Binance, formerly Binance Smart Chain (BSC). It supports smart contracts, DeFi, and uses BNB as its native token.
Polygon is a layer-2 scaling solution for Ethereum that enables faster, cheaper transactions via its Proof-of-Stake sidechain. Native token: MATIC (also called Polygon PoS).
Avalanche (AVAX) is a scalable layer-1 blockchain platform that achieves high throughput and sub-second transaction finality using its novel proof-of-stake consensus.
Optimism is an Ethereum Layer 2 optimistic rollup network. It batches transactions off-chain for faster, cheaper processing while inheriting Ethereum's security.
BlueWallet is a mobile Bitcoin wallet that allows users to securely store, send, and receive Bitcoin. It offers features like Lightning Network support and multi-sig capabilities.
Electrum is a lightweight Bitcoin wallet that allows users to store, send, and receive Bitcoin securely. It is known for its speed and low resource usage.
WalletConnect is a protocol that enables secure communication between decentralized applications (dApps) and mobile wallets through QR code scanning or deep linking.
DeFi (Decentralized Finance) refers to a set of financial services, such as lending and trading, built on blockchain technology without traditional intermediaries like banks.
Coin Control is a feature that allows users to manually select which unspent transaction outputs (UTXOs) to use in a transaction, giving more control over privacy and fees.
UTXO (Unspent Transaction Output) is a unit of cryptocurrency from a previous transaction that remains unspent and serves as input for new transactions in blockchains like Bitcoin.
Multisig (multi-signature) is a security feature that requires multiple private keys to authorize a transaction, enhancing protection against unauthorized access in blockchain networks.
Specter is a Bitcoin hardware wallet solution designed for advanced users, offering secure storage through a customizable, self-hosted setup with options like Specter Desktop and Specter DIY.
PSBT (Partially Signed Bitcoin Transaction) is a Bitcoin transaction format that allows multiple parties to sign a transaction incrementally before finalizing it.
CoinJoin is a privacy technique in cryptocurrency where multiple users combine their transactions, making it harder to trace individual senders and receivers.
KYC (Know Your Customer) is the regulatory process where cryptocurrency exchanges verify users' identities using documents like ID or proof of address to prevent fraud and money laundering.
Telemetry in cryptocurrency and blockchain refers to the automatic collection and transmission of anonymous usage data, metrics, and error reports from wallets or nodes to improve software.
XPUB is an extended public key (xpub) in hierarchical deterministic (HD) wallets. It derives child public keys and addresses from a master public key without exposing private keys.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Offline Signing refers to signing cryptocurrency transactions on a device that is not connected to the internet, ensuring private keys remain secure from online threats.
Bluetooth Connectivity enables wireless communication between devices, like hardware wallets and smartphones, using Bluetooth or Bluetooth Low Energy (BLE) for secure data transfer.
Keystone Pro 3 uses a certified Secure Element chip to store private keys in tamper-resistant hardware. Even if the device's software were compromised, the Secure Element isolates your keys from extraction. The firmware is open-source, meaning security researchers worldwide can audit the code for vulnerabilities. The device has been independently security audited.
What if Keystone goes out of business?
Keystone's firmware is open-source — even if the company disappears, the community can maintain the software. Your seed phrase works with any BIP39-compatible wallet, so your funds are always recoverable.
What if I lose my Keystone Pro 3?
Your cryptocurrency is stored on the blockchain, not on the device. If you lose your Keystone Pro 3, you can recover full access using your seed phrase on any compatible wallet. Keystone Pro 3 also supports Shamir Secret Sharing, letting you split your backup across multiple secure locations. Multiple backup cards are supported for redundant recovery.
How long will Keystone Pro 3 receive security updates?
Keystone actively maintains Keystone Pro 3 with regular firmware updates.
Is the Keystone Pro 3 safe to use?
The Keystone Pro 3 is considered a highly secure hardware wallet. It features an EAL5+ certified Secure Element, secure boot, and open-source firmware with reproducible builds — meaning anyone can verify the code running on the device. Its air-gapped design relies on QR codes for transaction signing, eliminating USB attack vectors during normal use. The genuine check feature also helps users verify they received an authentic, untampered device. For most users, it represents a robust cold storage solution.
Keystone Pro 3 vs Passport Batch 2: which is better?
Both are air-gapped, open-source wallets, but they differ in key areas:
Screen: Keystone Pro 3 has a 4-inch color touchscreen; Passport uses a smaller non-touch display.
Price: Keystone Pro 3 is $160; Passport Batch 2 is around $199.
Keystone is the better pick for multi-chain users; Passport suits Bitcoin-only purists.
How many coins does the Keystone Pro 3 support?
The Keystone Pro 3 supports over 5,500 tokens and coins, covering major blockchains including Bitcoin, Ethereum, Solana, and many EVM-compatible networks. It also supports coin control for advanced UTXO management and offline transaction signing. Setup is straightforward: generate or import a seed phrase (12–24 words via BIP39 or SLIP39), then pair with a compatible software wallet like MetaMask, Rabby, or Sparrow via QR code — no USB connection required for signing.
Are there any known vulnerabilities or concerns with the Keystone Pro 3?
No critical exploits have been publicly disclosed for the Keystone Pro 3. However, a few concerns worth noting:
Chip transparency: The Secure Element manufacturer and chip model are undisclosed, which limits independent hardware auditing.
No water resistance: The polycarbonate/ABS body offers no rated water or dust protection.
Bluetooth/NFC absent: This is actually a security feature, not a gap, but limits convenience.
The open-source firmware and reproducible builds partially offset hardware transparency concerns, allowing software-level verification by the community.
Is the Keystone Pro 3 worth the $160 price tag?
At $160, the Keystone Pro 3 sits in the mid-to-premium range for hardware wallets. For that price you get a large 4-inch color touchscreen, EAL5+ Secure Element, air-gapped QR signing, Shamir Secret Sharing, and support for 5,500+ tokens. Compared to the Ledger Nano X ($149) or Trezor Safe 3 ($79), it offers stronger air-gap security and more advanced recovery options. If you hold a diverse portfolio and prioritize open-source transparency and air-gapped signing, the Keystone Pro 3 offers strong value.
Does the Keystone Pro 3 support Shamir Secret Sharing backup?
Yes. The Keystone Pro 3 supports SLIP39 Shamir Secret Sharing, which allows you to split your recovery seed into multiple shares (e.g., 3-of-5). You only need a defined threshold of shares to recover your wallet, meaning no single backup location holds your complete seed. It also supports standard BIP39 seed phrases (12 or 24 words) with optional passphrase. This makes the Keystone Pro 3 one of the few wallets in its price range offering both recovery standards alongside a passphrase layer.
Does the Keystone Pro 3 work with iPhone and Android?
Yes, the Keystone Pro 3 is compatible with iOS and Android mobile devices, as well as Windows, macOS, and Linux desktops. Mobile pairing is done via QR code scanning — no Bluetooth or NFC is required. Supported companion apps include MetaMask Mobile, Solflare, and others. For desktop use, it can also connect via USB or WebUSB for firmware updates, though transaction signing remains air-gapped through QR codes during normal operation.
Some links on this page are affiliate links. If you purchase through them, I may earn a commission at no additional cost to you. This helps support the site and allows me to continue creating detailed, independent reviews.
Our testing methodology is evolving. Ratings and assessments will be refined as we improve our scoring framework to reflect the most accurate results.
Ready to get Keystone Pro 3?
Long-term support • Secure Element • Security audited • Open source
