
Wallet Security Ranking: Second Edition — April 2025

After weeks of thoroughly analyzing 74 wallet apps across iOS, Android, and browser extensions, we’re thrilled to unveil the second release of Coinspect’s Wallet Security Ranking — Since launch, we’ve:
- Expanded coverage by adding Binance Wallet, Okto, Tomo, and Family to the evaluation pool.
- Re‑tested every previously ranked wallet on their latest stable versions to capture recent fixes (or regressions).
- Updated our testing tools and threat data including malicious web sites and blockchain addresses.
Our goal remains the same: set transparent, objective security benchmarks that help users choose safer wallets and push developers to raise the bar across Web3.
If you missed the backstory, revisit our original methodology deep‑dive here.
Release 2 Highlights
- 74 wallets tested. Most improved in at least one critical security check, while a handful regressed.
- Phishing defenses trending upward. Rainbow, Ambire, Exodus, and Tomo all enhanced their threat-prevention integrations.
- Chain-switch confirmations evolving. More wallets now switch networks without asking, though some allow users to manage trusted-chain lists.
- 1inch for iOS climbed from 10th to 3rd place.
- Zerion for Android achieved a major improvement, gaining 12.2 points and climbing to 3rd place in the Android ranking.
- OKX introduced built-in token approval management at login.
- OneKey fully parses EIP-712 structures, eliminating blind signatures for typed-data transactions.
- MetaMask extension achieved a perfect score in dApp Permissions.
- Ambire extension achieved a perfect score in Intent Verification.
- XDEFI Wallet rebranded to Ctrl Wallet, and was evaluated under its new identity.
Why Zerion and 1inch Climbed the Ranking
Both Zerion (Android) and 1inch (iOS) made significant security enhancements that propelled them up the ranking in this release. Highlights include:
- Stronger authentication, with Zerion adding new controls (despite a remaining bypass bug) and 1inch implementing rate-limited login attempts.
- Improved phishing defenses, as both wallets now alert users when connecting to malicious dApps or sending funds to known phishing addresses.
- Clearer dApp connection transparency, with full display of dApp origin URLs, connection permissions, and actions.
- Enhanced transaction clarity, including showing verifying contracts when signing EIP-712 objects and adding clickable links inside transaction previews and history.
- Better handling of scam tokens, with Zerion now automatically hiding spam and scam tokens from users’ asset lists.
Testing Scope Adjustments
In this round, we did not test wallets that hadn’t released a new version (e.g., Aurox, ShapeShift) or that presented exceptional difficulties such as geofenced downloads, unstable backend servers, or onboarding experiences unusually complex or broken compared to typical non-custodial wallets.
We are also now accepting new wallets for evaluation, beyond those listed on the Ethereum.org wallets directory.
Help Us Spread the Word
Coinspect’s Wallet Security Ranking is a living resource built to keep pace with an ever‑changing threat landscape. Share the ranking, nudge your favorite wallet teams to close gaps, and help us push for a safer, more transparent Web3 ecosystem.