Me too i have the Onekey classic, ordered it but found out of the vulnerability after.

It is fixed, but what i do hope is that the wallet wont send any private key to their app. Is using the usb or bluetooth the same thing in terms of security? Or if the app/wallet has a bug it wont matter anyway?