Crypto Wallet Security Ranking
After years of research and months of rigorous testing, Coinspect is proud to present the Wallet Security Ranking — a comprehensive framework for crypto wallet security. This ranking aims to help users make better-informed decisions on how to choose a safe crypto wallet and to challenge wallet developers to meet the highest standards of security.
In this article, we’ll dive into how this ranking was created, why it’s relevant for the web3 industry, the first results, and how wallets can improve to reduce scams and build trust in the Web3 ecosystem.
Why a Wallet Security Ranking?
Most web3 security work focuses on smart contracts and protecting DeFi vaults from hacks, but phishing is still a big problem that doesn’t get enough attention. It’s more common to see articles about how users can protect their assets rather than what wallets can do to protect users. While crypto wallet security features are the first defense against phishing, compromised dApps, and fraud.
As mentioned in a previous blog post, not all security features are equally important when assessing the overall safety of a crypto wallet. To prioritize these checks effectively and reduce bias, we needed a structured approach. We adopted the Analytic Hierarchy Process (AHP), which helped us assign numerical weights to each check by directly comparing them within the same category.
With this approach, we assessed each wallet based on four key security categories:
dApp Permissions (maximum score: 35): A higher score indicates better permissions control, ensuring the wallet consistently requests user approval, which helps minimize the risk of unauthorized actions from dApps.
Intent Verification (maximum score: 25): A higher score means the wallet provides clear, understandable summaries for a broader range of transaction types, helping you avoid mistakes or scams.
Physical Access (maximum score: 20): A higher score reflects the wallet leverages robust device-level security features, reducing the risk of unauthorized access if your device is lost or stolen.
Threat Prevention (maximum score: 20): A higher score means the wallet is more effective at preventing attacks by using updated lists of known threats, such as phishing websites and scammers’ addresses.
If you want to see why these four categories of security features can defend users against real-world scams, you can check out our blog post, where we explain how wallet security features can protect users and help prevent scams like phishing and malicious approvals.
Behind the Scenes of the Ranking Creation
This story began years ago, during Bitcoin’s early stages, Coinspect’s journey in wallet security started a decade ago with our first blog post, where we exposed a vulnerability in one of the most innovative multisig Bitcoin wallets available at the time. Since then, we’ve assessed the security of countless wallets through our crypto security services and reported vulnerabilities to improve web3 security for users.
During these assessments, we uncovered several critical aspects of wallet security that required improvement, one of which was transaction simulation. We found significant vulnerabilities in how some wallets simulate transactions, such as Blowfish’s failure to detect ownership transfers, which highlighted the need for wallets to have reliable fallback mechanisms. You can read more about these challenges in our blog post on Transaction Simulation Challenges.
Over the years, we’ve developed a comprehensive threat model and checklists for conducting crypto wallet security audits and a methodology that starts as a manual process but is designed to be fully automated over time, ensuring the project’s long-term sustainability. You can read more about our methodology here.
These insights led us to realize that while our individual private wallet audits were effective, we needed to provide public, objective insights and make them easy to digest for end users. And that’s how we decided to create the Wallet Security Ranking.
The first results
Not all wallets are built the same — not even across the platforms they support. That’s why we created a different ranking between iOS, Android and chrome extensions. Three Ethereum-compatible crypto wallets stood out as the top performers across multiple platforms: MetaMask, Rabby Wallet, and Coinbase Wallet. The Chrome Extension versions of these wallets scored the highest in all four security categories — dApp Permissions, Intent Verification, Physical Access, and Threat Prevention.
In the mobile wallet category, MetaMask, Rabby, and Coinbase shared the top ranks with 1inch, Rainbow, imToken, Zerion, and OKX, showcasing a strong security profile across Android and iOS as well.
If you’re interested in learning about the specific improvements wallets can make to boost their scores, check out our blog post for more insights.
What’s next?
Whether you’re a developer striving to create a safer wallet or a user looking to protect your assets, the Wallet Security Ranking is designed to guide you with objective, easy-to-understand insights. We invite you to explore the ranking, learn more about wallet security, and help us spread the word to advocate for better security standards across the Web3 industry
