Table of Contents
Introduction
Understanding the concept of owning Bitcoin or other cryptocurrencies can be a challenge for beginners. They are purely digital assets and the ownership is defined by holding the private key. The private keys are also used to spend your coins and sign transactions. Storing the private key, while still having access to it, can be surprisingly hard. If a malicious entity gains unauthorised access to your keys, all your funds can be gone in an instant and there is no way to get them back. There are multiple ways to deal with the challenge of securing your funds. The applications used for this purpose are called cryptocurrency wallets. You can read about it in-depth in our Cryptocurrency Wallet Guide.
The bottom line in the guide is that the most secure way to do it is to use a cold wallet, meaning that the private key is never exposed on any machine connected to the internet. The most practical type of a cold wallet are hardware wallets, signifying the actual physical hardware devices whose sole purpose is securing your coins. They mostly look like small USB keys or calculators which can be securely connected to a computer or phone.
In recent years, the number of different hardware wallets on offer keeps growing and it can be hard to choose the best one for you. You can check out some of our other reviews on them here: KeepKey Review, Trezor Model T, Trezor Nano S. All 3 are excellent wallets that support different cryptocurrencies. However, if you are looking for a dedicated Bitcoin wallet and if you are interested in the highest level of security and most advanced features then Coldcard wallet is the one for you.
What is so special about the Coldcard Wallet?
Coldcard is made by Coinkite, a Canadian company that makes completely open source hardware gadgets like OPENDIME and Blockclock. The company is dedicated to following the original cypherpunk ethos of personal privacy, superb cryptography and open flow of information. This makes Coldcard the most advanced hardware wallet in regards to security and different game theory security tricks. But it also means that the wallet is not the most user-friendly option that exists on the market. So keep that in mind when choosing.
Coldcard works completely offline and shouldn’t be connected to any computer ever. You can use a removable micro-SD card to sign transactions.
Security Features
MicroSD Card
Coldcard uses partially signed Bitcoin transactions (BIP174) to achieve a completely air-gapped environment where you never need to connect the wallet to a computer. You first create a transaction on your PC using any wallet that supports BIP174. You save the transaction on the MicroSD card and then insert the card in the MicroSD slot on the side of the wallet. The transaction is signed by the Coldcard using your private key. You then plug the SD card back into your PC and broadcast it to the network.
Electrum Support
The partially signed transactions can be created in a number of online wallets, like the very popular Electrum for example. You can find a good guide to do so here.
Anti-Phishing Words
What if an attacker swaps your device with another malicious device? Coldcard has a solution even for this case.The Coldcard, like many other hardware wallets, has an added layer of security in the form of an access pincode. The PIN consists of two parts, for example: 1234-5678 The first part is called the prefix (1234-) and the second, the suffix (-4567)..When you enter the prefix the device will display some predetermined anti-phishing words, since each device is unique the words on your device will be specific to you. So after entering the prefix and verifying the words on the screen you can be sure that the device is really yours and that it is safe to enter the rest of the pin code.
PIN Game Theory Tricks
Duress PIN
Brick Me PIN
Another PIN can also be defined, which is called the “Brick Me” pin. Using that PIN code at any PIN prompt, will destroy the secure element and render your Coldcard worthless. Again, this may form some part of your game-theory for duress situations but is completely optional.
BIP39 passphrases
Coldcard also supports BIP39 passphrases so you can create an unlimited supply of distraction wallets. This feature is also useful for your own organization of funds or accounts. Unlike the single duress PIN, an unlimited number of related wallets can be created using BIP39. Simply put you can add a passphrase to your wallet and by doing so create a completely new separate sub-wallet. You will have to re-enter the passphrase every time you log in to Coldcard to access the new sub-wallet. This option can be used like the distraction or duress wallet in case of malicious actors forcing you to access your wallet. Or it can be used to separate your finances into different accounts.
Encrypted Backups
Using Dice Rolls
If you don’t want to use Coldcard’s random number generator to create a private key you can do so by rolling a six-sided dice (D6). Choose “Dice Rolls” when importing the wallet. And just keep inputting numbers 1-6 as you roll. At least 99 rolls are required for 256-bit security, and if you operate with fewer rolls, you will be warned. Press OK when complete, and the equivalent seed words are shown so you can write those down instead of the dice numbers. As is common in good wallet setups , a word quiz is conducted before the seed is saved. This is to make sure you have recorded and stored your all important seed phrase correctly.
Paper Wallets
This feature creates a new random private key, completely unrelated to your seed words, and saves the deposit address and private key (WIF format) into a text file on MicroSD. It will also add a QR code inside the text file, and if you provide a special PDF-like template file (example in paperwallet.pdf) then it will superimpose the QR codes into the template, and save the resulting ready-to-print PDF to Micro SD. This method of using the Coldcard device to create secure and unique private paper wallets can be useful if you want to gift someone a small amount of Bitcoin. They are not meant to be used for larger amounts of money.
Hardware Features
Genuine / Caution Lights
There are two lights marked as Genuine (green) and Caution (red). These lights are directly connected to the Secure Element of the Coldcard. Their purpose is to indicate the flash memory contents have not changed since your last use of the Coldcard.
When you power up the Coldcard, you should see a verification screen and then the green (genuine) LED will lightup. This means the flash memory has the correct contents. There is no way for trojan software to change this light to green without your PIN.
The Coldcard from the factory will have a green light, and after each firmware upgrade, they update the checksum that is performed so the light will be green again. The only time you should see a red light is during a firmware upgrade process (the first time you enter the PIN after the upgrade), and briefly during power-up sequence when the verification is on-going.
Clear Case
The clear plastic case on Coldcard is an important feature as well. There have been attacks where custom hardware would be inserted inside a hardware wallet to capture key-presses. With a clear case you can see if something like that was done instantly.
“Shoot This” mark
In case you want to destroy your wallet but can’t remember the “Brick Me” pin. Cold Card wallet has it’s main secure chip marked with the words “Shoot This” for easier physical destruction with a drill, a hammer or even a bullet ( if you are American! )
Pros & Cons
Pros
- Superb security
- Game Theory Tricks
- No security vulnerabilities
- Large and bright screen
- Large keyboard
Cons
- Supports only Bitcoin
- It requires some technical knowledge
- Is quite pricey
Coldcard Price
The Coldcard Mk3 on it’s own will cost you $119.97 and you will need to buy a MicroSD card to be able to use the wallet. You can also find different bundles of Coinkite products in their shop. There are a lot of options to choose from, and everybody should be able to find a deal that suits them best.
Unpacking The Coldcard
- You will receive your Coldcard in a special tamper evident bag. It has a large Coinkite logo, green text, a blue border, and a barcode with the number underneath. This number is important and we call it the “bag number”. Make note of this number because the Coinkite factory has recorded this number into the secure area of flash memory inside your Coldcard.
Before opening the bag, inspect the bag for damage or signs of being previously opened. After you pull apart the top seal, it will show the word “VOID”.The purpose of the bag, and its unique number, is to give you confidence that the Coldcard has come directly from the factory and has not been modified by anyone before you get started.
After powering up the Coldcard for the first time the device will ask you to confirm the “bag number”. - The bag will also include a “Wallet Backup Card” that you can use to write down your PIN, Anti-phishing Words and your Seed. You can find a template for Backup Card and some other handy templates here.
- You’ll also receive 2 stickers. One, “Just a calculator” sticker that you can see in the pic above. And the other is a Coinkite logo sticker.
Conclusion
Coldcard is not for everybody. Regular Bitcoin enthusiasts that aren’t complete cypherpunk geeks might find the multitude of options Coldcard offers a bit too much. There is definitely a steep learning curve to using Coldcard properly. However, if you own a large amount of Bitcoin or if you just like the idea of hiding your wallet behind layers upon layers of protection then you can’t do better than Coldcard.
