Linkmerica Research Team

Independent Custody
Risk Intelligence

Deterministic, versioned LISR ratings for hardware wallets and the agentic payment stack. Locked at publication. Built for institutional due diligence.

$3.1B lost to custody failures in H1 2025  ·  22 agentic protocols monitored weekly  ·  Zero other independent ratings exist.

View the Wallet Index Request Institutional Review
6
Wallets Scored
5
Research Briefs
22
Protocols Monitored
Feb 2026
Versioned Record Since

Wallet Index

LISR v1.0 — 6 wallets scored. Scores are deterministic, versioned, and locked at publication. Lower score = lower custody risk.

Some manufacturer links below are referral links — disclosed per our independence policy. Referral status never affects scores.

Independence is the product. Linkmerica accepts no payment from wallet manufacturers or protocol operators for ratings. Scores are locked at publication and cannot be retroactively altered. Referral links, where present, are disclosed and have no bearing on LISR scores — several rated products carry no referral relationship. Linkmerica never requests private keys, seed phrases, or wallet access.

Ledger

MODERATE RISK
LISR Score
4.8
/ 10.0
Risk Tier
MODERATE
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 3.2
Firmware Integrity 6.4
Supply Chain Risk 7.7
Key Management 2.8
Operational Security 3.4
Recovery Risk 6.9
Key Risk Flags
  • Closed-source firmware and operating system
  • Centralized supply chain with single manufacturer
  • Historical data breach exposure (customer database, 2020)

Full LISR Report Manufacturer Site ↗

Trezor

MODERATE RISK
LISR Score
4.7
/ 10.0
Risk Tier
MODERATE
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 6.7
Firmware Integrity 2.8
Supply Chain Risk 7.7
Key Management 3.2
Operational Security 4.5
Recovery Risk 3.8
Key Risk Flags
  • No secure element in Trezor One
  • Susceptibility to physical side-channel attacks on Trezor One
  • Supply chain lacks comprehensive tamper-evident packaging

Full LISR Report Manufacturer Site ↗

Tangem

HIGH RISK
LISR Score
6.8
/ 10.0
Risk Tier
HIGH
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 4.2
Firmware Integrity 8.2
Supply Chain Risk 5.1
Key Management 5.5
Operational Security 7.7
Recovery Risk 7.7
Key Risk Flags
  • Closed-source firmware with no reproducible build verification
  • Centralized manufacturing with single vendor dependency
  • No user-accessible seed phrase by default—backup dependent on additional cards

Full LISR Report Manufacturer Site ↗

SafePal

HIGH RISK
LISR Score
6.4
/ 10.0
Risk Tier
HIGH
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 5.5
Firmware Integrity 8.2
Supply Chain Risk 7.8
Key Management 4.5
Operational Security 5.0
Recovery Risk 4.8
Key Risk Flags
  • Binance strategic investment — regulatory exposure and ecosystem centralization risk
  • Closed-source firmware across all product lines
  • Proprietary secure element implementation without independent verification

Full LISR Report Manufacturer Site ↗

ELLIPAL Titan

HIGH RISK
LISR Score
6.4
/ 10.0
Risk Tier
HIGH
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 6.5
Firmware Integrity 7.8
Supply Chain Risk 7.2
Key Management 5.5
Operational Security 5.8
Recovery Risk 3.5
Key Risk Flags
  • Closed-source firmware with no reproducible builds
  • No secure element — general ARM processor used for cryptographic operations
  • Chinese supply chain with no disclosed independent manufacturing audit
  • Mobile app dependency creates additional attack surface
  • No Common Criteria or FIPS certification for institutional compliance

Full LISR Report Manufacturer Site ↗

Foundation Passport Prime

MODERATE RISK
LISR Score
4.1
/ 10.0
Risk Tier
MODERATE
lower = lower risk
Framework
LISR v1.0
versioned + locked
0.0 LOW 10.0 CRITICAL
Category Score Risk Bar
Security Architecture 3.8
Firmware Integrity 4.0
Supply Chain Risk 2.9
Key Management 3.5
Operational Security 5.8
Recovery Risk 4.8

Full LISR Report Manufacturer Site ↗

Methodology

The Linkmerica Institutional Security Rating (LISR) is a deterministic, versioned custody risk framework produced by the Linkmerica Research Team. Scores are locked at publication and cannot be retroactively altered. Methodology revisions increment the LISR version number and are disclosed in the public changelog.

LISR scores are produced across six structural risk categories. Category weights, sub-factor definitions, and internal scoring math are proprietary to the Linkmerica Research Team. Evidence is drawn exclusively from publicly available information at the time of assessment. Read the full methodology →

Risk Tiers
Score Range Risk Tier Institutional Guidance
0.0 – 3.5 LOW Suitable for institutional consideration with standard diligence.
3.6 – 6.0 MODERATE Requires additional controls or policy mitigations.
6.1 – 8.0 HIGH Significant risk factors present — limited institutional suitability.
8.1 – 10.0 CRITICAL Not recommended for institutional custody use.

LISR scores are deterministic and version-controlled. Lower scores indicate lower custody risk. Scores reflect publicly observable factors at time of review and are subject to revision following material firmware updates, security incidents, or scheduled review periods. Category weights, sub-factor definitions, and internal scoring math are proprietary to the Linkmerica Research Team and are not disclosed.

Agentic Protocol Ratings

NEW — ACR FRAMEWORK

LISR Agentic Custody Readiness (ACR) — independent custody risk ratings for agentic payment protocols and agent wallet infrastructure. The first framework of its kind.

Mastercard AP4M

HIGH RISK
ACR Score
6.9
/ 10.0
Framework
ACR v1.0
first agentic protocol score
Scored
Jul 8, 2026
monitoring since Jun 11

The first independent agentic protocol custody score. Machine-to-machine payment protocol with 31 launch partners and on-chain agent permissioning across Polygon, Solana, and Base. Primary finding: absence of public disclosure on session key scoping, guardrails, and multi-party approval mechanisms.

Full ACR Report

Google AP2

HIGH RISK
ACR Score
6.4
/ 10.0
Framework
ACR v1.0
second agentic protocol score
Scored
Jul 13, 2026
monitoring since Jun 15

Agent Payments Protocol under FIDO Alliance governance since April 2026, with 100+ partners and cryptographic mandate architecture. More publicly documented than AP4M — risks are visible and research-validated rather than undisclosed. Key gaps: no native mandate revocation, no multi-party approval, and demonstrated prompt injection attacks producing cryptographically valid mandates for unintended purchases.

Full ACR Report

Additional protocol scores publishing as the framework matures. See the full 22-target monitoring surface →

Research

View all 4 briefs ↗
HIGH MATERIALITY DATED RECORD

AP4M: 30 Days After Launch — What the Intelligence Record Shows

The first institutional research document built on a dated monitoring record. Linkmerica tracked AP4M from the day after launch — before the protocol could be independently verified.

Published: June 30, 2026 · LISR Research Brief v1.0 Read Brief
HIGH MATERIALITY FEDERAL POLICY

The Quantum Readiness Gap: Rating the Self-Custody Stack Against Q-Day

Hardware wallet manufacturers are responding unevenly to the 2029–2035 Q-Day risk window. LISR assessment of four wallets against the post-quantum transition.

Published June 15, 2026 — one week before federal quantum executive orders validated the same thesis.

Published: June 15, 2026 · LISR Research Brief v1.0 Read Brief
View All Research ↗
LISR Advisory Review

Institutional Custody Risk Assessment

A structured, written custody risk assessment produced by the Linkmerica Research Team under the LISR framework. Asynchronous — no calls required. Delivered within 5 business days. Linkmerica never requests private keys, seed phrases, or wallet access.

Individual
Custody Review
$750 founding rate
Rises to $1,200 after cohort closes
  • HNW self-custody holders
  • Single-setup written LISR assessment
  • PDF delivery, 5 business days
Apply
Most Requested
Institutional
Custody Review
$2,500
RIAs, funds, family offices
  • Multi-wallet / multisig treasury
  • Compliance-ready documentation
  • 12-month changelog monitoring
Apply
Enterprise
Agent Fleet Assessment
From $5,000
Enterprises deploying AI agents
  • Agentic wallet infrastructure review
  • Payment rail custody risk assessment
  • By application
Apply
FAQ
What do I receive?
A written LISR assessment in PDF format, versioned and dated, suitable for compliance documentation.
What do you need from me?
Your custody setup details via email. No keys, no seed phrases, no wallet access — ever.
Is this financial advice?
No. This is an informational custody risk assessment. It does not replace legal counsel or internal controls.
Can the report be cited in compliance documentation?
Yes — that is its purpose. Reports are versioned, dated, and produced by the Linkmerica Research Team.
LISR Update Notifications
Stay current on score revisions and new research.
Institutional-format email. Score revisions, changelog entries, new briefs. No marketing.
Subscribe
LISR maintains a versioned changelog of all score revisions and methodology updates. Score files are locked at publication — revisions increment the version and are dated.