ELLIPAL Titan 2.0 Review 2024: Safe Hardware Wallet?
The ELLIPAL Titan 2.0 hardware wallet features a CC EAL5+ certified secure element, making it even more secure than the original. The Titan 2.0 is a user-friendly solution for storing and managing cryptocurrencies. With its robust security features and intuitive interface, it provides peace of mind to crypto enthusiasts by safeguarding their digital assets. We found the Titan wallets to be the most versatile and multi-functional hardware wallets on the market.
ELLIPAL are a well-respected and recognized hardware wallet manufacturer, creating industry-leading air-gapped wallets since 2018.
Being the creators behind one of the best-selling QR-code scanning cold storage wallets on the market, ELLIPAL is back and recently released the upgraded ELLIPAL Titan 2.0.
We have previously reviewed the original ELLIPAL Titan and the Titan Mini (one of my personal favourites), it is great to see the team not rest on their laurels and continue to innovate and release new wallets.
This ELLIPAL Titan 2.0 review will cover the pros, cons, and everything you need to know about this next evolution in the Titan wallet lineup.
But first, some background.
Who are ELLIPAL?
Established in 2018 and operating out of Hong Kong, ELLIPAL is a leader in Web3 security hardware and has advocated for "Air-Gapped" wallet technology since 2019. The Titan lineup is 100% offline and anti-tamper crypto storage solutions that have reached users in more than 140 countries. In 2022, Forbes certified ELLIPAL as one of the safest and best cold wallets globally, placing them among the top hardware wallets worldwide.
In our previous Titan reviews, we tout that one of our favourite aspects of ELLIPAL is the multi-functional utility of the wallets, with fantastic DeFi and DApp support, built-in swapping capabilities, and ELLIPAL are known for having the best asset support in the industry, supporting a whopping 10,000 cryptocurrencies, a cut above the likes of Ledger and Trezor which support around 5,000.
What is the ELLIPAL Titan 2.0?
Crypto security is a constantly evolving game of cat and mouse. Web3 builders create a product, hackers find a way to breach it, and then the builders need to go back to work to patch vulnerabilities and find new protections against known attacks.
During 2022 and 2023, whitehat hackers from Keylabs, Kraken Security Labs, Ledger Donjon and more shocked the crypto community when they showcased how easily they could hack into popular wallets like Trezor and Ledger. It seemed no crypto wallet was safe as the Keepkey and early ELLIPAL wallets were hacked into as well.
Now before you panic, it is important to point out that to the best of our knowledge, there has never been a successful remote hack of any of these wallets. All these security vulnerabilities that were exploited were conducted by sophisticated hackers with physical access to the device.
In response to this, Trezor and ELLIPAL took action. ELLIPAL released a new hardware version back in 2020 that addressed the vulnerability. To further optimize and advance their security models, both Trezor and ELLIPAL released the Trezor 3 and ELLIPAL Titan 2.0, which contain more secure chips that are more resistant to physical attacks. Here are the key upgrades of the Titan 2.0 over the original:
- Improved CC EAL5+ secure element
- The device has sharper responsiveness
- Rapid upgrade capabilities
- More powerful and efficient processing
- A more premium design and feel
- Full HD IPS Display and advanced lamination
As we’ve been covering ELLIPAL products for quite some time, the team were kind enough to send us the upgraded Titan 2.0 for testing purposes. After being familiar with both the original Titan and Titan Mini, I certainly noticed that the Titan 2.0 is a superior product to its predecessor.
The first thing I noticed was that the device felt more robust than the original, and that is saying something as I noted in my first ELLIPAL review how the device felt so durable that it could probably survive a punt out of a third-storey window... Not that I would recommend that.
When comparing ELLIPALs to plastic hardware wallets like Trezor or Cypherock, I do feel a lot more confident in the physical durability of the appropriately named Titan. The Titan series is also great for crypto use on the go for point-of-sale purchases thanks to QR code capabilities. The durability of the Titan series makes it and the NGRAVE ZERO the only wallets in my lineup that I don’t mind just tossing in a bag and roughing around a bit as I leave the house.
The fact that the new Titan 2.0 is more durable is nice, but not really that necessary in my opinion as the other wallets were already absolute beasts in that regard. One area of improvement I was relieved to notice was the significantly enhanced responsiveness and processing power. Trying to type anything into the touchscreen of the original Titan was difficult as the accuracy of the touchscreen was quite poor. Trying to get the device to register the correct letters I was touching felt like being blindfolded and playing Pin the Tail on the Donkey,s o the Titan 2.0 is a welcomed improvement.
The design and UX have also been enhanced and I noticed the increased speed of adding assets and performing firmware updates. But of course, the key update is the addition of the CC EAL5+ certified secure element, which places the ELLIPAL into similar categories as Trezor and Ledger when it comes to security.
ELLIPAL continue to dominate the air-gapped QR code style of wallets, creating solid-quality devices that look and feel similar to smartphones. The Titan 2.0 features a spacious and vibrant interface that enables users to effortlessly monitor their coins and NFTs. Users can engage in asset exchange and staking, and conduct transactions while staying updated on market rates through the synchronized mobile app. The Titan 2.0’s user-friendly design extends to seamless access to decentralized applications (DApps) such as Uniswap, Compound, PancakeSwap, and more, all conveniently managed through the mobile app.
Speaking of the mobile app, this is one of the things that makes the ELLIPAL one of the most convenient hardware wallets on the market. The Titan 2.0 feels like a great middle-ground product, striking a balance between the convenience of a software wallet but boasting the security of a hardware wallet.
As the corresponding app is on your smartphone, the navigation and user experience/interface (UX/UI) of the app are intuitive and familiar to smartphone users.
Another positive aspect of the Titan 2.0 is its designed mobility, as it can be conveniently charged and used on the go. With a built-in QR code scanner, the Titan 2.0 facilitates easy cryptocurrency transactions and purchases at point-of-sale merchants, a feature not available with the Trezor or Ledger.
However, it's good to note that the Titan's size, comparable to that of a smartphone, makes it relatively large and cumbersome compared to the smaller, sleeker designs of the Ledger and Trezor. That is one of the reasons the Titan Mini is a solid consideration (and, the Mini is cheaper!). Check out our Titan Mini Review.
To utilize the wallet, users are required to download the ELLIPAL mobile app onto their phones, as the wallet itself operates in an air-gapped environment, ensuring complete isolation from the internet and other systems.
The significance of employing an air-gapped device as an added security layer for cold wallet crypto storage lies in safeguarding the user's private keys from internet connections, thereby providing protection against hacks, malware, and viruses. For a more in-depth understanding of hardware wallets, you can explore the intricacies in our article: "How Hardware Wallets Work."
Now we will dive into the specific features and functions of the Titan 2.0.
ELLIPAL Titan 2.0: Features
Priced at $169.00, the ELLIPAL Titan 2.0 is a metal-cased cryptocurrency wallet with anti-tampering features, ensuring its durability against both impacts and physical hack attempts. The device is impervious to unauthorized access without causing damage to its internal components.
The anti-tamper feature is essentially an auto-self-destruct feature, so if anyone tries to break into the device, it will damage all the internal components to the point where a hacker hopefully would not be able to salvage enough working parts to exploit.
The ELLIPAL mobile app is available for both IOS and Android and supports 2FA, fully offline upgrades and is a great wallet for NFT support on both Ethereum and Polygon.
Here are the specs:
- Dimensions: 118 × 66 × 9.7 mm
- Screen Type: IPS Display (Color)
- Display Size: 4.0 inch
- Weight: 140g
- Battery: 1400 mAh
When users purchase the Titan 2.0, here is what comes in the box:
- 1 ELLIPAL Titan 2.0
- 1 Type-C Charging Cord
- 1 Security Adapter
- 1 User Manual
- 2 Seed Phrase Recovery Sheets
- 1 SD Card
For anyone looking to save some cash for Sats, ELLIPAL were nice enough to give Coin Bureau readers 10% off the price for any ELLIPAL products by using our ELLIPAL Link. Nice 😎
When acquiring a hardware wallet, it's important to make your purchase directly from the official ELLIPAL website. This goes for any hardware wallet company. Avoid buying second-hand hardware wallets as instances have been reported where users purchased a wallet and lost their crypto after discovering that the original owner retained control of the wallet's private keys.
Along with the Titan 2.0, ELLIPAL also offers metal seed phrase protectors, the ELLIPAL Joy, the Titan Mini, and accessories. We cover these products in our original Titan Review.
ELLIPAL Titan 2.0 Security
Much of the ELLIPAL's security relies on the fact that the Titan 2.0 is completely air-gapped. This means that the device never comes into contact with the internet, Bluetooth, mobile networks, NFC, or any other form of wireless communication
This effectively isolates the Titan 2.0 and keeps it out of the reach of any known remote attack vectors. The mobile app is not a cause for concern as even if the mobile phone is breached with malicious software, the Titan is needed to sign and verify transactions, acting as a secure gatekeeper and keeping your funds safe.
If any hackers steal the device and attempt to break into it, the automatic self-destruct feature should destroy the inner computing components so they cannot be accessed, leaving the original user free to recover their funds using the recovery phrase on a different wallet. Because the Titan 2.0 uses a BIP39-compatible recovery phrase, users will be able to import their ELLIPAL recovery phrase into other wallets such as MetaMask to restore their funds if needed, meaning they are never reliant on the ELLIPAL lineup of devices.
Titan 2.0 users can also set a passphrase as a sort of “hidden” wallet that only appears if the correct passphrase is used. This can help protect against physical threats of theft and act as a secondary protection against someone finding your recovery phrase. However, it is important to note that if you forget this passphrase you will not be able to recover your funds so use this feature responsibly!
Then, of course, there is the CC EAL5+ secure element which is an improvement against physical hack attempts over previous ELLIPAL wallets.
As for source code, ELLIPAL's codebase is open-source on Github, which is a plus as many security proponents consider open-source code to be more secure as it has more eyes from the community searching for malicious code and security vulnerabilities, however, like Ledger, ELLIPAL's firmware has not been open-sourced.
Some wallet users will only opt for fully open-sourced hardware wallets like Trezor, while there is plenty of debate around how much open-sourcing code really contributes to security. Some security experts advocate that open-source code is actually less secure as hackers are free to get into the source code and have a look around, making it easier for them to find vulnerabilities.
For me, the partial open-source approach is good enough and the Titan 2.0 allows users to import their own private keys if they choose not to trust the ELLIPAL device.
As far as standard pneumonic phrase Hierarchical Deterministic wallets go, (the likes of Ledger, Trezor, MetaMask, Trust Wallet and the vast majority of hardware and software wallets), the Titan 2.0 is a highly secure choice and meets industry standards when it comes to crypto security.
While the wallet is perfectly secure and trusted by hundreds of thousands of users, it doesn't quite go above and beyond in terms of security like the NGRAVE Zero, BC Vault or Cypherock. That is not to say that users should avoid it, as the three wallets I just mentioned may be a bit overkill when it comes to security, but every user has their own preferred thresholds when it comes to security confidence.
One thing that is worth pointing out is that with all Hierarchical Deterministic wallets, there is a significant single point of failure risk that comes in the form of mishandled recovery phrases, which is why many wallets such as BC Vault, Cypherock, NGRAVE, and Zengo have chosen to go a different route. You can learn more about passphrase risk in our Zengo Review. It is up to you to determine if you are up to the responsibility of securing your own recovery phrase. Given the over 100 billion lost from passphrase mismanagement, it is clear that this is not a responsibility to be taken lightly
Setting Up the ELLIPAL Titan 2.0
If you’ve set up a previous ELLIPAL device, feel free to skip past this part as the process is the same as previous versions.
Given that the Titan operates as a hardware wallet without an internet connection, it relies on interaction with the user's mobile device. The app is currently compatible with both Android and Apple devices. To initiate the setup, the Titan 2.0 will show you a QR code you can scan with your mobile phone that will take you to the app download in either Google Play or Apple App Store.
After downloading the app, users will be prompted to create an account (create new wallet), recover a previous wallet, or import accounts. Users have the option to create a new wallet, recover a previous wallet by entering a 12, 15, 18, 21, or 24-word mnemonic phrase, or import private keys individually. The ELLIPAL Titan even supports the scanning of QR codes from paper wallets, facilitating seamless imports.
Note that some users find the use of the word “account” strange here as users are creating wallets, not accounts, but either way, for ELLIPAL, “account” and “wallet” mean the same thing. If you choose to create a new account, you will be shown this warning followed by your recovery phrase:
Note that this is the most important step when creating any wallet. This recovery phrase is the ONLY way you will be able to recover your funds should you lose or break the device. Note that nobody, not even the ELLIPAL team can help retrieve this information if you lose it, so write this down on paper and keep it ultra-secure. We cover more on this topic and the importance of recovery phrases in our in-depth Guide on Crypto Safety.
Once you write down your recovery phrase you will be asked to verify it to ensure you have it down correctly.
The next step is where you will select the coins you want to include in your wallet and finish the process. Note that you can always add more coins later if you don't want to select them all during setup.
Pair the Mobile App
After successfully setting up your account on the ELLIPAL Titan 2.0, the next step is to pair it with the ELLIPAL mobile app for viewing your balance and conducting transactions. On the account recently created on the Titan 2.0 device, click on the icon located at the top right of the screen.
The hardware wallet will now start showing a series of changing QR codes, each of which represents one of your wallets. You will hit the “Connect to App” button in the mobile app, which will open your phone’s camera to scan the QR codes displayed on the Titan 2.0.
Once your phone has scanned all the QR codes, you will be able to see your wallet balance and addresses in the mobile app.
It is strongly advised to choose a robust password on the Titan 2.0 and mobile phone to enhance security, preventing unauthorized access to funds. This password will be required whenever the user intends to send funds. Additionally, the wallet's access can be further secured by establishing a directional swipe pattern, which must be entered correctly to gain entry to the device.
How to Use the ELLIPAL Titan 2.0
We covered how to set the Titan 2.0 up, now we will get into the simple process of sending transactions.
The mobile app presents the opportunity for users to view their portfolios, but the hardware wallet will be required for actual crypto transactions or modifications to the account. Sending transactions on the wallet involves scanning the QR code on the Titan 2.0 to sign and verify it before the funds can be sent, acting as a second authentication factor and protecting against unauthorized transactions.
To initiate a transaction, users begin the process within the mobile app. Once transaction details are entered, a QR code is generated on the mobile device, necessitating scanning by the wallet's camera to sign and confirm the transaction.
This action transfers all the necessary information to the hardware wallet, which then generates a second QR code. This second QR code is scanned by the mobile app to complete the transaction verification. At this juncture, users are required to enter the password before the transaction is sent, provided they opted in for this additional layer of security.
After using the Titan devices myself for quite some time, I find both sending and receiving to be very straightforward and intuitive. The fundamental functions of the wallet are quite user-friendly.
Buying, Selling, and Swapping Crypto with the Titan 2.0
Teaming up with Moonpay and Simplex, the wallet app enables users to directly acquire cryptocurrency in 173 supported countries. Additionally, through collaborations with Changelly and Swift, users can conveniently exchange their preferred cryptocurrencies within the wallet itself, ensuring that their funds remain securely in the custody of the user and avoiding the third-party risk involved with using centralized exchanges.
The ELLIPAL Titan 2.0 is compatible with WalletConnect, a platform facilitating the connection between wallets and decentralized applications (DApps). This integration empowers ELLIPAL users to engage with well-known third-party DeFi and crypto platforms.
ELLIPAL Titan 2.0 Review: Pros
The ELLIPAL Titan 2.0 offers a user-friendly experience, particularly welcoming for beginners. Users appreciate the large touchscreen, considering it an improvement over the smaller touchscreen of the Trezor Model T or the two tiny buttons on the Ledger. The air-gapped feature adds an extra layer of security, and the convenience of staking multiple assets and accessing DApps directly within the app is noteworthy. The stronger processing power and more secure CC EAL5+ secure element are also fantastic additions.
Upon holding the Titan 2.0, its high-quality construction was immediately evident. The Titan 2.0 not only feels like a more durable improvement over the original Titan, but I must say it is the most robust-feeling hardware wallet I've tested.
The rugged metal casing instils confidence, ensuring the device can easily withstand impacts and drops, and is more than durable enough to handle daily wear and tear.
I value the Titan lineup for its mobile app, enabling direct access to over a hundred DApps and Web3 features. The Titan 2.0 uniquely combines the convenience of a software wallet with the security of a hardware wallet, offering a notable edge over Trezor or Ledger. Unlike the latter options, the Titan doesn't require a PC for DApp access, streamlining the process without relying on complex third-party applications.
The Titan 2.0 is built with a core ethos of crypto, which is the principle of trustless trust, as Titan users have absolute control over their assets and aren't reliant on any custodial authority. The BIP 39 mnemonics-generated recovery phrase doesn't demand blind trust either, as users have the freedom to import a previously created or used recovery phrase. Much of ELLIPAL's programming code adheres to an open-source format and is publicly verifiable, and the QR code technology ensures the offline status of private keys.
The Titan's ability to offline sweep paper wallets and import variable-length mnemonic phrases enhances its multifunctionality and versatility. The import private key feature is particularly beneficial for recovering assets sent to the wrong address without compromising wallet security, such as in the event a user mistakenly sends VET to an ETH address.
In terms of security, I appreciate the option to protect the device with a password and pattern protection featuring a gesture pin. Additionally, the availability of setting up alternate accounts with a passphrase is a noteworthy feature, similar to the functionality offered by Trezor.
ELLIPAL Titan 2.0: What Could Be Improved?
Some drawbacks associated with the wallet include the default Bitcoin address generating the BIP 49 address starting with the number 3, rather than the newer and widely accepted BIP 84 (bech 32) Bitcoin addresses that begin with "bc." This is suboptimal as the absence of this address format could potentially result in higher transaction costs for Bitcoin users.
The firmware isn't open-source, which could also be a deal breaker for some users. While this might raise concerns within the crypto community, it's not unprecedented. Even the prominent hardware wallet brand Ledger hasn't open-sourced its firmware. For those prioritizing open-source code, I recommend Trezor as the most reputable hardware wallet with 100% open-source code.
Another potential downside for advanced crypto users is that the Titan 2.0 wallet doesn't provide access to users' Xpub keys. This limitation renders the wallet incompatible with various apps and denies users the option to import "view only" wallets. While many wallets restrict access to Xpub keys, which is generally advisable for security reasons, it's worth noting that some crypto payment gateways utilize Xpubs to generate new payment addresses for various checkouts. This limitation, along with the absence of multi-sig support and lack of support for Monero should be taken into consideration.
Security-conscious users might find the Titan 2.0's limitation of generating only a 12-word seed phrase, rather than a more secure 24-word phrase, a drawback. However, users do have the option to import a 24-word seed phrase if they prefer. Additionally, the absence of support for testnet coins on any blockchain networks and the inability to add a custom RPC could be deal-breakers for users interested in running testnets or testing coins to understand specific network functionalities.
Another noteworthy limitation is ELLIPAL's non-standard method of reusing Bitcoin addresses, unlike Trezor or Ledger. This could potentially pose challenges for users intending to import a seed phrase from another wallet. Furthermore, the ELLIPAL Titan does not permit full node support via third-party software.
The final thing worth bringing up is more of an observation as the 2023 releases of both the Trezor 3 and ELLIPAL Titan 2.0 were a bit…"Meh." It would have been nice to see these wallet manufacturers release something different and innovative, not simply release what is essentially the same product, just with a more secure chip.
The more secure chip is great, don't get me wrong, but this chip upgrade mainly protects against the highly unlikely event that a sophisticated hacker breaks into your house, steals your device, and has the setup to hack into it. Many crypto users in the space felt the severity of the Ledger, Trezor and ELLIPAL hacks were overblown. Simply secure the device, add a strong passphrase and pin and the risk is effectively mitigated.
I am hoping future ELLIPAL and Trezor devices will be a little more “cutting edge” and not just re-releasing the same thing. These releases felt similar to how Apple and Samsung release new phones every year that are hardly different to the previous years' versions.
So, am I Trusting the ELLIPAL Titan 2.0 With My Crypto?
No, but only because I prefer the ELLIPAL Titan Mini. If you already own an ELLIPAL, in my opinion, shelling out for the upgraded Titan 2.0 is not worth the cost. And if you are looking for a new wallet, the Titan Mini offers nearly the same functionality at half the price. However, if you are concerned about the lack of a secure element, the Titan 2.0 is a great wallet!
I also don't rely on the ELLIPAL Titan wallets for long-term storage as I prefer to avoid the single point of failure risk associated with recovery phrases. I prefer the Cypherock and BC Vault for the majority of my long-term hodl-stash.
The reason ELLIPAL wallets have a permanent place in my lineup is that I love the ease of DApp and DeFi access with the Titan wallets. The Titan Mini has become my go-to wallet for funds I expose to DeFi and the Titan wallets have the best staking functionality and most convenient DApp interfacing out of all the wallets I've tested. Plus, on the rare occasion I get to use crypto in real life, the Titan is great for crypto on the go.
ELLIPAL Titan 2.0 Review: Conclusion
The ELLIPAL Titan 2.0, an all-in-one crypto solution, offers diverse crypto functions, including transfers, exchanges, staking, NFTs, and DApp access.
Maintaining offline status and the use of the industry best practice CC EAL5+ secure chip leads to the Titan 2.0 being a secure on-the-go wallet, distinguishing itself from PC-tethered options like Ledger and Trezor.
It assures fund security and is the best in the industry for asset support and crypto functionality such as staking and interactions and DApp exploration.
While suitable for regular needs, users seeking advanced features may find better alternatives at similar or lower costs. For utmost convenience, the Titan 2.0 excels, but budget-conscious users might prefer the Titan Mini.
Security-focused users could consider more secure alternatives such as the Cypherock or NGRAVE ZERO, though those wallets are not as convenient or versatile. ELLIPAL could improve by adding multi-sig support, Bitcoin addresses starting with "bc," Xpub access, and new payment address generation, elevating its ranking among hardware wallets.
Frequently Asked Questions
Certainly! The Titan 2.0 hardware wallet ensures complete air-gapping, keeping private keys offline and mitigating the primary risk of cryptocurrency—malware attacks and remote hacks. Additionally, it incorporates anti-tamper and anti-disassembly features. In the event of a breach, the device automatically erases all internal data, making it unusable. Users can easily recover their funds by employing their recovery phrase on another wallet in such circumstances. The Titan 2.0 also comes equipped with a CC EAL5+ certified secure element, furthering protection against physical attacks.
The security between these two wallet companies is comparable. Both the Ledger and Titan 2.0 have the same CC EAL5+ security rating. We would argue that the Titan 2.0 is more secure than the Ledger Nano X since the Nano X has Bluetooth functionality, vs. the Titan 2.0, which is completely air-gapped. However, it is worth noting that there has never been a known Bluetooth exploit resulting in loss of funds, though many security experts feel Bluetooth functionality could be a potential attack vector.
The Ledger Nano S and Titan 2.0 are comparable. Both wallets have great DeFi and DApp integrations. The Ledger has a better long-standing reputation and track record, while ELLIPAL supports more assets and is more convenient and user-friendly.
After Ledger's 2023 blunder with the recovery feature and the blatant disregard for their community, Trezor is left standing as the most reputable, trusted, and longest-standing hardware wallet in the space. Much of this is in thanks to their fully open-sourced software.
ELLIPAL does not have the trust or reputation that Trezor has and has aspects of its software closed source. However, from a security perspective, the Titan 2.0 and Trezor are on par. Trezor is more trustworthy while the Titan 2.0 has far better asset and DApp support, as well as its more user-friendly and more functionality.
There are many dimensions to measure what makes a hardware wallet safe. From our years of research and experience in the space, we found the BC Vault, Cypherock and NGRAVE ZERO to be the most secure hardware wallets thanks to their audits and robust security features. We can't go into all the details here, but you are more than welcome to check out our reviews on why we labelled these as the safest:
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.