the "supply chain" attack he outlines is pretty worrisome. better steer clear of 3rd party resellers on ebay, amazon, etc!
The major part of the people going for a hardware wallet, don't even know anything about the product they are buying aside from their assumption that it is the safest possible way of storing coins. If they see a discount somewhere on whatever vague site, they will likely fall for it and lose their funds as result.
It's such a weird tendency, isn't it? People rush to invest in cryptocurrency because they think it'll make them rich. Then they cheap out with scammy vendors for what, a $50 discount?!
My first hardware wallet was a Trezor that I bought from the original source, and even then it took me like 2 weeks before I actually used it. I was too paranoid initially, and just decided to 'only' store 1 BTC for testing purposes, just to see what happens. I waited probably a whole month before gaining enough confidence to use it as cold wallet storage for 50% of my holdings. After that I bought a Nano Ledger to store the other 50% of my holdings. I still don't trust both hardware completely, and maybe never will, and maybe that's a good thing -- being too easy of believe in something to function flawlessly is never a good thing in the tech world.
I still treat hardware wallets as experimental -- perhaps safer than a typical hot wallet setup, but nowhere near the safety of actual cold storage. Keeping all private keys on one or two devices that plug into online computers just feels way too risky to me. I use tried-and-true cold storage methods (paper wallets, encrypted offline .dat) for 80-90% of my coins. I know that compromising those keys from me would take an extremely
targeted attack on me -- the likelihood of that is low. Whereas, I believe that hardware wallets are generally a very big target for hackers, and methods for remote exploits are now emerging.
The biggest takeaway from this report, I think, is
don't put all your eggs in one basket.