[AFAIK, CoolWallet has a secure element which makes it that much harder to extract the seeds in the first place.
I did not mean secure element or not about Coolwallet, I meant how uncommon wallets can have vulnerabilities, unlike the common ones like Trezor, Ledger nano and Cold card wallet that have been researched more about by experts. The vulnerability in Coolwallet is not about the secure wallet, it is about having access to the hardware wallet and the phone used to access the wallet. The attack can even be through malware or physical theft of both the phone and the hardware wallet which will make the seed phrase to be know.
We recently discovered the CoolWallet S Android application stores the wallet’s PIN, pairing password, and hardware seed in plaintext. This vulnerability means that if the phone becomes compromised, either by physical theft or with malware, the attacker can easily obtain everything they need to empty the paired hardware wallet.
Additionally, the hardware wallet is reliant on the security protections of the paired phone. If the attacker gets both your phone and wallet, they can unlock your wallet and either pair it to another phone or send funds directly from the device with the push of a button.
Although, there was a report from
Coolwallet company that the vulnerability has been fixed. But I am talking generally about wallets that are not common, not about secure element.