coinhost / docs / hardware setup

Hardware setup

Your hardware wallet is one of your two keys. This page covers how pairing works via the Coinhost web bridge, why we don't use Bluetooth, and the specific flows for Trezor and Ledger.

03 of 4 ~6 min read last updated Apr 18, 2026

The web bridge

Coinhost does hardware wallet signing through bridge.coinhost.com — a small web app you open on a desktop or laptop with your hardware device connected via USB.

The flow, at the highest level:

In the mobile app, tap Add hardware key. A one-time link is sent to your email.
Open the link on a desktop. The bridge loads, establishes a session with Coinhost's API, and detects your device.
Approve key extraction on the device. The bridge reads the xpub; the private key never leaves the device.
The bridge posts the xpub back to Coinhost. Your mobile app updates in real time.

Why not Bluetooth from the phone?

Mobile hardware wallet integration is a long list of known-bad surprises: BLE pairing bugs, iOS/Android USB restrictions, inconsistent library support across hardware models. Keeping signing on a trusted desktop host lets us audit the entire flow and support Trezor and Ledger with identical security guarantees.

What the bridge can see

The bridge sees your xpub, PSBTs awaiting signature, and signatures produced by the device. It cannot access your device's seed, private keys, or PIN. Link tokens expire after 15 minutes and are single-use.

Trezor

Supported: Model T, Safe 3, Safe 5. Use current Trezor firmware.

Via the web bridge (recommended)

In mobile app: Vault → Add hardware key → Trezor → Send link to email.
Open the link on desktop. Plug in your Trezor. Trezor Bridge must be running at 127.0.0.1:21325 — install from trezor.io/start if needed.
Click Connect. Approve on the Trezor screen.
The bridge derives m/48'/0'/0'/2' (or testnet equivalent) and shows the xpub and fingerprint.
Approve on device. Return to your phone — the vault has moved from PENDING_HARDWARE to ACTIVE.

Via Trezor Suite (alternative)

Trezor Suite deep-linking works from mobile for users who already have Suite installed. The mobile app launches Suite, Suite extracts the xpub, and returns control to Coinhost. Same end result, one fewer desktop step.

Ledger

Supported: Nano S Plus, Nano X, Stax. Bitcoin app version 2.1+ required.

In mobile app: Vault → Add hardware key → Ledger → Send link to email.
Open the link on desktop. Plug in Ledger, unlock with PIN, open the Bitcoin app.
The bridge detects the device via WebUSB/WebHID and prompts you to approve xpub extraction.
For multisig, Ledger requires wallet policy registration — a one-time step where you confirm the vault's descriptor on the device. Approve it; the bridge stores the returned HMAC to your vault record.
Vault becomes ACTIVE.

Ledger gotcha

If you see "Ledger is connected but signing fails", the wallet policy HMAC was likely lost. Re-register the policy from the vault's advanced settings. This is a Ledger protocol requirement, not a Coinhost bug.

Air-gapped / QR fallback

For users with air-gapped hardware wallets (Coldcard, SeedSigner, or similar): you can provide the xpub via QR. In the mobile app, choose Scan xpub QR during hardware setup. This path is V1.1 and experimental — the primary flow remains the web bridge.

Signing transactions

After pairing, every send generates a PSBT that the bridge hands to your device. You'll see:

On your phone: the destination address and amount. Tap Sign with hardware.
On your hardware wallet's screen: the same destination address and amount. Compare them byte-for-byte. They should match exactly.

If they don't match, reject on the device and stop. You've either got a clipboard hijacker on the phone, a man-in-the-middle on the bridge session, or — most commonly — a bug we want to know about.

← previousCreating a vault nextRecovery →