Ellipal Wallets: A Critical Security Review, Model Comparison, and Benefits
You will learn about the security and all types of Ellipal wallets. Also, about a comparison with competitors such as SafePal, Trezor, and Ledger.
Overview and Purpose of Ellipal
The core idea of Ellipal wallets is complete absence of internet connectivity. All transactions are executed by scanning QR codes in the mobile application and using the cameras of the hardware wallets themselves.
Moreover, the QR code format is open – anyone can verify on GitHub that keys are not transmitted over the network.
At the same time, you see the transaction details (address, amount) on the Ellipal display before the QR signing. And although QR codes eliminate attack vectors because there are no USB or Bluetooth/Wi-Fi connections, constant QR scanning significantly slows down the process. Especially if you plan to send transactions frequently.
That’s a brief overview. Now let’s dive into the security details, analyze the wallet, and take a look at the company itself.
Is the Company’s Reputation Reliable?
Now let’s consider what kind of company it is and the reputation of its developers.
Ellipal was founded in Hong Kong and began producing hardware wallets in 2018.
According to reviews on Trustpilot, users praise the high security and fast support, but complain about delivery delays and defective included SD cards.
Overall, not much is known about the company aside from the fact that they call themselves “the leader of cold wallets.” But we won’t just take the manufacturers at their word.
Types of Wallets
The company offers 4 types of wallets:
- Titan – a wallet version resembling a smartphone with a large screen and running the Android OS.
- Titan Mini – a smaller version without the Android firmware. This is important from a security standpoint, as a reduced firmware surface lowers the attack vector.
- Card Wallet (X Card), with an included starter. Essentially just a bank card with a chip. It works via tapping to a phone (NFC).
- Ellipal as a mobile application – it serves as an interface for interacting with the hardware wallets, but also functions as a standalone hot wallet.
Read about each wallet via the links above to gain a deeper understanding of the specifics and security of each wallet.
Supported Cryptocurrencies
All Ellipal wallets support 40 blockchains and over 10,000 tokens on these networks. Among the assets, you will find BTC, ETH, SOL and networks like ERC20, BSC, TRX, etc. Essentially, the full spectrum of cryptocurrencies is supported here.
However, you buy a hardware wallet primarily for security and convenient crypto storage. Let’s examine what Ellipal offers you in these aspects.
Security and Risks
The following security measures are implemented in the hardware wallets:
Your Security:
- Complete isolation. No USB, Bluetooth, or Wi-Fi – only QR codes between the hardware device and the mobile application. Keys never leave the device.
- Self-destruction. Upon physical tampering, the Ellipal automatically erases all data.
- Reset mode. After 10 incorrect PIN entry attempts, the device wipes the private keys and returns to factory settings.
Additional security measures:
- Hidden accounts (passphrase). An optional passphrase creates a hidden layer in the wallet – without it, the hidden account does not appear.
- Dust- and water-resistant casing enhances reliability in everyday use.
- Metal seed phrase plate. You can purchase a steel template instead of paper. It protects against water, fire, and corrosion.
Now, for the downsides. Let’s start with the minor ones
- Partially closed-source code – there is no independent software audit – you have to trust the manufacturer.
- Slow transactions – constant QR code scanning slows down the process.
Now let’s look at the security downsides in more depth.
Critique of the Security Architecture
Ellipal Titan is, in essence, a regular Android phone with all its vulnerabilities, protected only by software measures.
A security research team from Ledger conducted an investigation, during which they found that with physical access to the Ellipal Titan hardware wallet, an attacker could extract the seed phrase and also install a malicious firmware version!
Ellipal responded promptly by releasing an update (v2.0), but an independent verification of the effectiveness of the fixes has not been conducted.
Thus, despite the marketing claim of physical isolation, the Ellipal Titan is vulnerable to attacks if there is physical access to the device.
Read the detailed guide about the Ellipal Titan 2.0 version.
The Titan Mini is a different matter, and it is more secure! Here, the main controller microchip turned out to be the Allwinner Sochip V831, which indicates that the device runs on its own embedded firmware, not on a full-fledged Android operating system.
Thanks to this, the software attack surface is significantly smaller compared to the original Ellipal Titan, which ran on a locked-down Android system. In other words, they merely disabled Android functions through software, but the lock could actually be removed. And connections could appear on the wallet that shouldn’t be there.
It’s time to compare the security of the Titan and Mini versions.
Comparing the Security of Titan vs. Mini
Comparing the Titan Mini with the original Titan, it became clear that this is a completely new hardware-software platform, not just a smaller version of the previous model. The Titan Mini has its own firmware installed (instead of Android) and a dedicated secure element. This significantly reduces the software attack surface and increases the level of security compared to the previous generation.
However, it should be noted that the firmware on all Ellipal devices, including the Titan Mini, remains closed-source. For some, this may be a significant drawback, while others may prefer to trust the Ellipal company.
|
|
||
|
Screen |
2.4″ HD |
3.97″ |
|
Camera |
2 MP (almost identical to the 5 MP Titan) |
5 MP |
|
Battery |
600 mAh (lasts a long time) |
1400 mAh |
|
Keyboard |
No letter-shuffle |
Letter-shuffle (protection from shoulder-surfing) |
|
Auto-shutdown |
Yes |
Manual only |
In summary, the camera on the Mini version is 2 MP, whereas the original is 5 MP, but in testing, the differences in QR code scanning were negligible. The Mini’s screen measures 2.4″ (HD), while the original Titan’s screen measures 3.97″. Despite the smaller battery (600 mAh versus 1400 mAh), the Mini holds a charge for about the same duration. The Mini consumes less power, while the Titan has a brighter and larger display.
Our conclusion is that the Mini is smaller in size, convenient to carry, less expensive, and offers greater security due to its different firmware.
The Mini version is also quite sturdy – the device withstood being driven over by a car without damage. At the factory, its components are placed in a frame, and then the entire assembly is secured to the front panel with adhesive.
The Titan version also sometimes has issues recognizing the SD card when updating firmware.
Card-Style Wallet
ELLIPAL X Card Cold Wallet – this is a hardware wallet in the form of a bank card. It stores your seed phrase in its secure chip. To sign transactions, you just need to tap the card to a smartphone (NFC), which provides convenience and, in theory, a high level of security. This eliminates transmitting private keys online.
However, the card has no screen, making it a blind signer – you cannot verify transaction details (e.g., the recipient address or amount) directly on the device. This creates a high risk of signing fraudulent transactions if an attacker tampers with the data in the application.
The second downside is that the starter for activating the card has closed-source code – you cannot verify how exactly the seed phrases are generated and whether their cryptographic security is ensured.
Read the separate guide about the Ellipal Card Wallet.
Ellipal Mobile Application
Although the application has strong security features (PIN code, Touch ID/Face ID, etc.), its level of protection is lower than cold storage due to internet access (hot wallet). As a standalone solution, it is reliable, but it more often serves as an interface for Ellipal hardware wallets, providing cold storage of keys.
Read the separate guide about all the features of the mobile application and its security.
Having reviewed security, let’s move on to an overview of the convenience and benefits of using Ellipal wallets.
Convenience and Benefits
All Ellipal wallets operate through the mobile application and offer the following options.
Your Economic Opportunities:
- Stake ADA (3.9% per annum), XTZ, DOT, KSM, and more.
- Swap cryptocurrencies from one to another.
- Use the built-in dApp browser for secure access to DeFi applications, games, and more.
- Manage NFTs through the mobile wallet.
- Buy and sell cryptocurrencies directly within the app.
- Connect external dApps via
WalletConnectand interact with DeFi protocols. - Add and manage custom tokens beyond the standard list.
The application offers swap, purchase, and staking functions without charging additional fees, although some of their third-party partners charge their own fees.
The process of setting up the hardware wallets is very simple since the device resembles a smartphone. And although the wallet and its charging adapter are rather bulky, the large screen makes the operation easier.
In terms of convenience, the Titan version’s touchscreen is very responsive. The Mini version’s screen is slightly less so.
Let’s move on to comparisons to understand which wallets provide the best conditions for you.
Comparison of Ellipal with SafePal
|
Criterion |
Ellipal Titan 2 |
SafePal S1 Pro |
Who is better? |
|
Price |
~$199 |
~$89.99 |
SafePal |
|
Security |
Chip CC EAL5+ |
Chip CC EAL5+ |
Parity (both EAL5+ and isolated) |
|
Screen and Control |
Large touchscreen |
Small screen (1.3″) |
Ellipal |
|
Crypto Support |
All major networks (ERC-20, BSC, Solana, Polkadot, Cosmos, etc.) |
All major networks + Aptos |
Parity (SafePal + Aptos) |
|
Durability |
Laminated screen, non-disassemblable design |
Aluminum + tempered glass |
Same |
|
Pros |
Best user experience (UX), premium feel |
Best price, compactness |
|
|
Cons |
Twice the price, Android firmware |
Uncomfortable control (joystick, small screen) |
|
SafePal, unlike Ellipal, also has a browser extension, which is useful for quick transactions and connecting to DeFi applications.
Comparison of Ellipal with Ledger and Trezor
Let’s compare Ellipal with the Ledger Nano X.
|
Feature |
Ledger Nano X |
|
|
Connection Type |
Bluetooth, USB-C |
Fully isolated (only QR codes, no USB, Bluetooth, or Wi-Fi) |
|
Screen |
Small OLED screen |
Larger color screen (approximately like a small smartphone) |
|
Protection |
Chip CC EAL5+; wireless connectivity raises concerns for some users |
Chip CC EAL5+; IP65 casing, non-disassemblable design, self-destruct mechanism upon tampering |
|
Supported Coins |
About 46–75 coins via Ledger Live (major coins and ERC-20) |
Wide range: top major coins + rare and exotic (CMT, TRX, Decred, Grin, ADA, PTON, BSV, etc.) |
|
Software Management |
Ledger Live (iOS/Android/PC) |
Own mobile application (iOS/Android) |
|
Price |
~ $140 |
~ $129–199 |
|
Other Features |
Compactness, metal casing; smaller screen for pocket convenience |
Rugged casing, water- and dust-resistant, easier to read addresses and confirm transactions |
Ledger is more convenient to carry due to its USB-stick size.
Despite the not-so-convenient Ledger Live app, Ledger wallets have been on the market since 2016 and are the second oldest hardware wallet after Trezor.
Comparing Ellipal with the Trezor lineup, we can conclude the following:
- Trezor Model One: only if you use BTC/ETH and want to save – the most budget-friendly option at just $29.
- Trezor Model T: on the other hand, supports thousands of assets and has a touchscreen. But it costs from $76. However, it allows you to split your seed phrase into multiple shares (e.g., to store in different locations). This is useful for large sums.
Conclusions, Issues, and Whether to Use
Advanced users will likely prefer a more flexible open-source solution, although Ellipal handles tasks such as importing old paper wallets excellently. When evaluating Ellipal as a company, remember that you are trusting closed-source software.
The advantage is that the data exchange format via QR codes between the app and the device is open. You can verify exactly what information is transmitted and ensure that the device only signs the information you intend to sign.
However, in the cold crypto wallet market, there are a plethora of different offerings. You need to choose once the most secure and convenient wallet to store crypto long-term.
Whether to use this wallet or select another from the comparison rankings – the final decision is always yours.
Overall, Ellipal devices are designed for users who need a very simple cold wallet connected to a smartphone rather than a PC.
If you need advanced features such as biometrics, multisignature, Sign Message, and so on – Ellipal is not suitable for you.
One of the functions you will appreciate as an advanced user is that Ellipal devices allow importing raw single private keys. If you have old paper wallets for Bitcoin, Dogecoin, Litecoin, or similar, Ellipal remains the only device on the market that allows you to safely import single-key wallets, withdraw or send those balances, and sign transactions offline.
It is also important to remember that Ellipal forces users to use its own wallet application. For beginners, this can be convenient, as it reduces the chance of error, but on the other hand, it means total dependence on Ellipal’s infrastructure.
If their servers go down or you want to work with an unsupported Ethereum network, you will find yourself in a difficult situation.
Support:
- User support page.
- Contact email: [email protected].
- Contact page.
Now reading
Electrum users often face high fees, even when the network is not congested. Fees can reach high values (30+ satoshi per byte).
This article explains the functions of Bitcoin addresses: how to find the current one, why to create new ones for each transaction and what types of addresses exist.
