Address Explorer

What is the Address Explorer?



Video: Using Address Explorer

When interacting with a hardware wallet, the ability to verify the addresses displayed by your wallet interface on the hardware wallet is paramount. Failure to do so can leave you vulnerable to attacks via compromised mobile or desktop wallets that may be displaying addresses not generated by your Coldcard.

Coldcard Address Explorer enables you to view, export and scan the addresses controlled by the device. For absolute peace of mind, you should leverage this feature each time you send bitcoin to your Coldcard.

Accessing Address Explorer

Address Explorer is accessible directly from the main screen of Coldcard after entering your PIN. Don't forget to apply your wallet passphrase (if applicable) before viewing Address Explorer. Failure to do so will result in the incorrect addresses being displayed.

address explorer

You will be shown this background information and warning text:

The following menu lists the first payment address
produced by various common wallet systems.

Choose the address that your desktop or mobile wallet
has shown you as the first receive address.

WARNING: Please understand that exceeding the gap limit
of your wallet, or choosing the wrong address on the next screen
may make it very difficult to recover your funds.

Address Types

The address explorer within Coldcard is capable of displaying and exporting the following address types:

Legacy
Addresses starting with 1, also called P2PKH or classic addresses.
Wrapped Segwit
Addresses starting with 3 a transitional format for segwit.
Segwit
Addresses starting with bc1, also called P2WPKH. (Should be your first choice today.)
Account Number
Addresses within a user defined account (any non-zero account number).
Custom Path
Any address at a user-defined custom derivation path.
Multi-sig
Addresses within your existing multi-signature wallets.

As a safety feature, we present the first address of each type and you should pick the one that your desktop or mobile wallet has already generated for you. If you do not see a familar address, then you should proceed with caution as you may have mistyped your wallet passphrase.

addressexplorer2

After selecting the desired address type, scroll down to view the first 10 addresses. When you reach the bottom of the screen, you'll be given a prompt to show the following 10.

Save to MicroSD Card

After selecting the desired address type, press 1 to save the first 250 addresses to the MicroSD card inserted into Coldcard with a file name of addresses.csv. You can then import these files to your computer for later use without needing to physically access your Coldcard.

Index   Payment Address                                 Derivation
0   bc1qdeej9p8rpxwypmpdgd0zqsmcta2y2pn25jfh59  m/84'/0'/0'/0/0
1   bc1q9wzwyrvmgnp2rr6y8zs939ztjenzg2r0sgtg6v  m/84'/0'/0'/0/1
2   bc1qs7eecptfs4et6vpu8cgun3gcvc3pu6kxmfx6my  m/84'/0'/0'/0/2
3   bc1qspqj2taxchke8atdchj3kckdkuf2krjt2zpfhr  m/84'/0'/0'/0/3
4   bc1qxxdenujj8zw9wwwc39frmt6ld7d4c2nwm09hz2  m/84'/0'/0'/0/4
5   bc1qgwra4qpk7p6gdmdch4kh82k9k7vgtj2hhc4y02  m/84'/0'/0'/0/5

Store this file with great care. Anyone with access can view the first 250 addresses controlled by your Coldcard, and that could impact your privacy. Another potential problem is an attacker could modify the file contents to send to his wallet rather than your Coldcard.

View QR Codes

After selecting the desired address type, pressing 4 will prompt Coldcard to show each address, in index order, along with a QR code version. Pressing down on the keypad will move to the next address along the index.

qr

Using this feature allows you to scan a QR code with any wallet and send bitcoin directly to Coldcard without ever needing to pair it with a third party wallet application.

Don't Send Into The Void

Be careful to only send to an address that a blockchain-watching wallet is monitoring. Although it is possible to get funds back from any address shown by the explorer, it can be very difficult and quite technical.

The correct approach is to use the Coldcard to verify and double-check addresses shown by your desktop/mobile wallet, which is watching the blockchain and able to generate PSBT files to someday move those coins.

Multisig Limitations

Although the Coldcard can generate addresses for multisig wallets, because there are other vendors involved, with unknowable signing policies and limitations, it is never safe to directly deposit to a multisig address generated solely on the Coldcard.

For this reason, the Coldcard will not show the entire address, and blanks out some of the middle digits with underscore. The remaining digits are visible and can be used to verify the address provided by other systems.

The QR code is not offered for multisig addresses because it would not be safe to use.

Custom Derivation Paths and Large Account numbers

We allow you to enter arbitrary derivation paths, and huge account numbers. If you send to those addresses, you need some software that is able to track the UTXO created on the blockchain, and someday build a PSBT that the Coldcard will sign. Without that software, your coins will be stuck.