SecuX is a closed-source hardware wallet, and while they did an 'acceptable' job with W20 and V20 models (it isn't compatible with electrum and other bitcoin clients, hence the 'acceptable'), the company's recent products are crap, and to me, if you're going to use an 'offline' signing device that's closed-source, you're better off setting up cold storage on an old air-gapped deevice with a privacy-focused Linux distro like TailsOS.



Wait, I didn't fully understand your cold storage implementation, but some items weren't very clear:

Do you insert your public key into the online or offline device? Remember that the privkeys must be stored on the offline device, so importing the public key into the offline device is useless, it can remain on the online device to create transactions and sign them on the offline device.

Are steps 3 and 4 being done on the offline device?

Step 5: Oops! Something's wrong here, you disabled your internet connection, does this mean that you're doing both the procedures of creating the transaction, signing and transmitting on the same machine?

Step 6: Why do you need to enter your seed phrase every time you make a transaction?

Step 8: Copy the signed transaction to where? - I see in step 9 you're transferring it back to the same device after rebooting with internet disabled.

This implementation makes no sense. There is still a risk of malware stealing all your coins, since the entire procedure is being done on the same device. If there is malware on that machine, what guarantee is isn't recording everything and waiting for the right moment to steal your funds?