Coldcard Hardware Wallet

Bitcoin Only Open-Source Easy-to-Use
Ultra-Secure Loved by Cypherpunks

Secure Element
+ Open Source

Physical Security. Your seed words are stored in a specialized chip, designed to securely store secrets. All code is open source, and you can compile it yourself.

True Air-Gap Operation

Only hardware wallet with option to never be connected to a computer, for full operation: from seed generation, to transaction signing. Uses PSBT (BIP174) natively!


Mk3 Packed with Features

  • numeric keypad

    Full-sized numeric keypad makes entering PIN easy and quick.

  • Bright Screen

    Bright, 128x64 pixel OLED screen. Shows all the critical details of your transactions.

  • Made in Canada

    Lovingly soldered in Toronto, Canada. Secure supply chain verified with: tamper-evident numbered bag, with bag number recorded into device.

  • It's affordable!

    Simple packaging, plain design, no fancy boxes, no redundant cables.

  • It's ultrasecure

    Real crypto security chip. Your private key is stored in a dedicated security chip, not the main micro's flash.

  • Easy back-up!

    MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.

PSBT: Partially Signed Bitcoin Transactions

Interoperation between Bitcoin hardware wallets is now possible, thanks to BIP174 which introduces a binary file format that all hardware wallets can use. Coldcard has been based on BIP174 from day one, and uses it exclusively.

Duress Wallet Features

Duress PIN

We provide an optional "duress PIN code". If you enter that PIN code, instead of the "real" PIN code, nothing special is shown on the screen and everything operates as normal... However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!

To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don't know.

The "duress" wallet will still be derived from the original BIP39 words, so you don't need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.

BIP39 Passphrases (25th word)

We now support BIP39 passphrases so you can also create an unlimited supply of distraction wallets. This feature is also useful for your own organization of funds or accounts. Unlike the single duress PIN, an unlimited number of related wallets can be created using BIP39.

Brick Me PIN

Another PIN can also be defined, which we call the "Brick Me" PIN. Using that PIN code at any PIN prompt, will destroy the secure element and render your Coldcard worthless. Again, this may form some part of your game-theory for duress situations, but is completely optional.

Secure Element for Key Storage

We find it a quite scary that some Bitcoin wallets trust the main microprocessor with their most valuable secrets. Instead, Coldcard uses a Secure Element to protect your Bitcoin.

Specifically, the Coldcard (Mk3) uses Microchip's ATECC608A to store the critical master secret: the 24-word seed phrase for your BIP32/BIP39 wallet.

This little chip is very powerful. Communication is controlled by complex challenges and SHA-256 responses which prevent replay and eavesdropping. The secure element enforces cryptographically, that the attacker must know the PIN to access the secrets. An attacker cannot brute-force combinations or replay a previous login sequence. This remains true even if they removed the chip from the board or fully-replaced the firmware in the main microprocessor. In fact, even with the secure element removed from the system, and all the secrets of the main micro fully-known, the attacher would still only get 13 tries before the secure element bricks itself! (Don't worry, this counter is reset every time you login correctly.)

Even if there was some critical security bug in the secure element that completely exposed the secrets it holds, your Bitcoin would still be safe, because we encrypt the contents of the secure element with a one-time pad known only to the main micro.

More details are available in this white paper and the complete source code is available.

Genuine vs. Caution Lights

To resist Evil Maids, and other sneaky people with physical access to your Coldcard, we sign our firmware with a factory key. During boot-up, the firmware's signature, and every byte of flash memory, will be verified and the appropriate Green/Red light set. Changing that light's status is actually controlled by dedicated circuitry connected directly to the Secure Element, so a rogue bit of software cannot override it. The circuit for the lights is exposed on the top surface of the product, and covered with clear epoxy, so any physical tampering by those maids will be visible as well.

Anti-Phishing Words

The PIN code on Coldcard is divided into two parts, such as 1234-5678. You first enter 1234 and then you will be shown two words on-screen. Those words are unique for all PIN prefixes, and for each Coldcard ever made. (The secrets used to enforce that come from inside the secure element, and are unknown to the rest of the world.)

Your job is to memorize those two words, keep them secret, and every time you use the Coldcard, check them before entering the final 5678 part of your PIN. This protects you against a trojan-horse Coldcard that might look like yours but it cannot known those two words.

Physical Security

The secure element and critical parts of the main micro are covered by epoxy at the factory. Our clear case is part of our security model too, so you can look and see if a "hardware implant" has been inserted inside your device.

Because of the in-depth use of the secure element, there is no "factory reset" for the Coldcard. If you forget your Coldcard PIN, there is nothing we can do except remind you to recycle your e-waste responsibly!

We've even put a label, "SHOOT THIS", for more effective device destruction. When the time comes.



Buy Now







Air Gap Operation

Coldcard never needs to touch a computer. It can work entirely from a USB power pack or AC power adapter. This includes everything you need to do in the whole life of the product:

  • Initial PIN choosing and setup.
  • Pick your 24-seed words using our TRNG, import existing secrets, or use your dice rolls.
  • Export skeleton wallet files, for setup of Electrum or other desktop/mobile wallets.
  • Export lists of payment (deposit) address, using the Address Explorer.
  • Backup of seed and settings, which saves an encrypted 7z file.
  • Sign transactions for spending your Bitcoin, using PSBT files (BIP174) from any standards-compliant wallet.
  • Firmware upgrades.
  • Advanced users can even setup a multisig wallet between multiple cosigners, entirely on-device, and air gapped.

Use our industrial grade MicroSD Cards or any standard MicroSD card, for each of the above steps that require data to come in and out. Sneakernet for the win! If you want to reach the next level a paranoia, you can use different cards for data coming into versus out-of the Coldcard, and/or use cards a single time only.

Dice Rolls for Seeds

If you don't trust our random number generator, you can generate the BIP39 seed phrase using dice rolls. We help with this process: you just have to press 1–6 for each roll (99 rolls recommended). At the end of that process, you'll have a properly-encoded seed phrase based solely on the dice rolls.






Unique Coldcard Features

Change Outputs

One risk with hardware wallets is malicious software tricking them into displaying incorrect details of a transaction. Coldcard is therefore very careful analyzing the contents of the PSBT file and the transaction itself. These checks include:

  • Verify UTXO details of inputs being spent (plus leverage advantages of new SegWit-style transactions in this area).

  • Change outputs, which should be coming back to the same wallet are carefully studied. In particular, we've found other wallets are not being detailed enough in this process.

Anti-phishing Words

We are the only hardware wallet addressing the problem of substitute devices, and other trojans, by using a secure element. In effect you are verifying the Coldcard's secure element every time you login.



Buy Now

Encrypted Backup

We have a convenient backup feature: just a few clicks and an encrypted file is written to MicroSD with everything you would need to restore a lost or broken Coldcard. Because it's a simple text file (inside the encryption), it would also be all you need to switch vendors and avoid any lock-in.

Learn more in our on-line docs about Backups. You can even verify our encryption, using any desktop 7z program. On the Coldcard itself, you can perform quick check that the file is not truncated, and a simple checksum applies.

If you don't like the idea of encrypted backups, because passphrases can get lost, we do offer clear-text backup file output.

Trust Minimization

The Coinkite team has been in the Bitcoin space long enough to know that we shouldn't expect you to trust us! (Since 2012, BTW).

Here are some of the features we offer to support that goal:

  • open source software, every byte.
  • use dice rolls to generate your seed
  • clear plastic case
  • open standards for file formats: BIP174 (PSBT), 7z encrypted archives, simple JSON/text files when possible, etc.
  • tamper-resistant shipping bags

Firmware Upgradable and Expandable

This product is firmware upgradable in the field. Updated firmware must be signed by the factory private key.

We have so much internal protection for the master secret, that we feel it's safe to allow potentially hostile firmware onto this platform. If you don't feel safe doing that, then it's a choice you can make.

We're hopeful that alt-coin proponents will be able to take our system and extend it to support their specialty crypto coins. It should help that all of the firmware is written in MicroPython.

Debug Mode

Upon entering the PIN code and selecting the appropriate menu item, we will even support REPL access over USB. This means you can type python commands directly into the product! You might use this to develop new features, create special transactions, or do special signing requests.

As a developer, you can also download the source and compile it yourself to personalize your Coldcard.


Supply Chain Protections

Getting an uncompromised product into your hands is a challenge:

Bag Number

First and foremost, we use a tamper-evident plastic bag to package the product. Each bag is unique and coded with a number. That "bag number" is written into the Coldcard's secure element as it's put into that bag. That value cannot be changed, and we ask your to verify the bag number when the Coldcard is powered-up for the first time at your location.

Clear Case

The clear plastic case on Coldcard is an important feature as well. There have been demonstrations of inserting custom hardware inside a competitor's hardware wallet to capture key-presses.

Epoxy Globs of Love

We cover the secure element, and other sensitive parts of the Coldcard with epoxy. This makes it harder to remove those chips, or change the wiring around them.


Buy Now


ONLINE DOCUMENTATION

Coldcard user documentation is here.

Baltic Honeybadger 2019 Presentation

  • Open source firmware, no black box software
  • Never needs USB connection. Full life cycle can be offline
  • Rigorous PSBT change-fraud checks
  • Secure element for secret storage, not main MCU memory
  • SE enforces max 13 PIN attempts (not MCU, not policy)
  • Anti-phishing words shown before complete PIN entered
  • Up to 12 digit PIN code (2+2 to 6+6 digits supported)
  • Encrypted backups (7z, AES 256) direct to MicroSD Card
  • Third generation of PCB-level hardware defences, and now epoxy, too
  • MiTM protection in our encrypted USB protocol (open source, see ckcc-protocol)
  • Coldcard firmware releases and signed with factory key
  • Flash memory verified by SE, directly driving red/green LED
  • Bitcoin only so we can focus our efforts
  • Seed encrypted when in SE by One-Time Pad (key for that in secure bootrom area, no access by MicroPython)
  • Side Channel Defences: common-mode chokes, ferrite beads, additional power supply bypassing
  • Display masking signal to foil OLED-generate power supply noise
  • Desktop full simulator and development environment