Coldcard Website

View the Project on GitHub

cold card image

The World Needs An Open, Cheap & Ultrasecure Hardware Wallet!

Pre-Order Now

What is the Coinkite Coldcard? It’s a Bitcoin hardware wallet, so it signs transactions and can be used offline.

But it’s different!

Other features:

It’s an open platform, and we expect other “apps” in time, like:

Available For Pre-Order

We deliver, as with all the other projects. We always deliver!

Limited quantity of the first batch Pre-orders are opening today, and these units are planned to ship in Q2 2018.

Enjoy the early-bird prices!

Pre-Order Now

We reserve the right to change the features and prices at anytime without notice.

Bulk orders

If you are already a Opendime reseller or NEW and interested in reselling, reach out to support for orders over 50 quantity.

How It Works

cold card image Pre-Order Now

Duress/Secondary Wallet Feature

To limit the damage from rubber-hose attacks…

XKCD 538

We provide an optional “secondary PIN code”. If you enter that PIN code, instead of the “real” PIN code, nothing special is shown on the screen and everything operates as normal… However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!

To take best advantage of this feature, you should put some Bitcoin into the secondary accounts. How much you are willing to lose or what you need to make it plausible, we don’t know.

The “secondary” wallet will still be derived from the original BIP39 words, so you don’t need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.

Key Storage

We find it a little scary that existing Bitcoin wallets trust the main microprocessor with their valuable secrets.

The Coinkite Coldcard will use Microchip’s ATSHA204 to store the critical master secret (for the root BIP32 HD wallet). This little chip is very powerful and does SHA-256 hashing and has an internal true random number generator (TRNG). Combining those features, and it’s careful protocol design, we can enforce cryptographically, that the attacker must know the PIN to access the secret. An attacker cannot brute-force all 10,000 combinations of a four-digit numeric code: the search space is 2**256 not 10**4. This remains true even if they removed the chip from the board or fully-replaced the firmware in the main microprocessor.

More details in a white paper will come out when the product is finished. We will include code so that you can check we are doing what we say we are.

Genuine vs. Caution Lights

To resist Evil Maids, and other sneaky people with physical access to your Coldcard, we will sign our firmware with a factory key. During boot-up, and continuously during operation, the firmware’s signature will be verified and the appropriate Green/Red light set. Changing that light’s status is actually controlled by dedicated circuitry, so a rogue bit of software cannot override it later. The control circuit for this is exposed on the top surface of the product, so any physical tampering by those maids will be visible as well.

Firmware Upgradable and Expandable

This product will be firmware upgradable in the field. Updated firmware must be signed by the factory, but we will allow third party software to run as well.

We have internal protection on the master secret, so we feel it’s safe to allow potentially hostile firmware on this platform. If you don’t feel safe doing that, then it’s a choice you can make.

We’re hopeful that altcoin proponents will be able to take our system and extend it to support their speciality crypto coins. It should help that all of the firmware is written in MicroPython.

Debug Mode

Upon entering the unlock code (PIN) and selecting the appropriate menu item, we will even support REPL access over USB. This means you can type python commands directly into the product! You might use this to develop new features, create special transactions, or do special signing requests.

Pre-Order Now