Coinkite’s Coldcard is a bitcoin hardware wallet which was announced in December 2017. Coinkite started shipping their first batch of it in August 2018.
You might think it looks cheap and underwhelming, but it is an excellent bitcoin hardware wallet.
Find out why in this hands-on review.
Advantages & Disadvantages
- Open source, with a dedicated secure element.
- Can be used without ever connecting it to a PC.
- Includes plausible deniability and self-destruct feature.
- Lightweight and compact design.
- Competitively priced (£55).
- Only supports bitcoin (BTC) and litecoin (LTC) at the moment.
- Not as beginner friendly as other hardware wallets.
What Is a Coldcard?
The Coldcard is a bitcoin hardware wallet which was released in August 2018 by Coinkite.
Coinkite is the same team that made the OpenDime. This is a “small USB stick that allows you to spend bitcoin like a dollar bill”. These little ‘credit sticks’ are awesome, but they’re not intended for long-term storage of all your bitcoin.
The Coldcard is a completely different beast. Like other cryptocurrency hardware wallets, it allows you to securely store and submit transactions without exposing (or transmitting) your private keys. You’ll need to physically confirm all your transactions on this external device.
For all but the most technically savvy, hardware wallets are well-recommended. They make securely storing your cryptocurrency and making transactions simple, easy, and convenient.
I'll go on the record and say the Hardware Wallets are better than software and paper wallets for all except a handful of opsec/infosec experts. Security isn't about absolutes. It's all relative and complexity/operator skill are of the utmost importance.
— Andreas M. Antonopoulos (@aantonop) March 27, 2018
Coinkite’s Coldcard supports bitcoin (BTC) and litecoin (LTC), but there’s not currently a litecoin desktop wallet which works with this hardware wallet. Other cryptocurrencies might be supported in the future, but it’s marketed solely as a bitcoin hardware wallet at the moment.
What’s so special about the Coldcard?
- Cheap: It costs about £55 (+ delivery) from the official website.
- Simple: Encased in a simple transparent plastic shell.
- Secure: Open source, with storage of private keys on dedicated security chip.
- Use Offline: It can sign transactions without ever connecting to another computer.
- i.e., it’s a cheap, compact, and easy-to-setup air-gapped PC.
- Easy Backups: Quickly and easily dump a backup onto a MicroSD card.
The Coldcard supports a secondary wallet (with a different seed) and derived duress wallets too. The duress wallets are a plausible deniability feature. If someone forces you to open your wallet, you can open this decoy wallet instead (thereby protecting the funds in your main wallet).
You can also setup a ‘Brickme PIN’.
If [the Brickme] PIN code is used at any prompt, the Coldcard destroys itself. It becomes a useless brick. All the secrets (including the secondary wallet) are destroyed.
I’ve not seen a self-destruct feature like this on other hardware wallets which I’ve reviewed. There’s more information in this documentation.
What’s in the Bag?
The Coldcard arrives in a sealed bag with an anti-tamper seal. There’s also a barcode on the bag, which you’ll need to check against the number stored on the Coldcard (in secure memory) during setup.
Inside the bag, you’ll find a:
- Coldcard hardware wallet
- Wallet backup card
- ‘Don’t Trust. Verify.’ Sticker
A micro-USB cable isn’t included. If you don’t already have one lying around, you can easily find one on Amazon or eBay for less than £5.
If you want to use the Coldcard offline (or make a backup), you’ll need a MicroSD card.
- Cards up to 32GB are supported, but 8GB or less is enough.
- They need to be FAT formatted (FAT32 or FAT12).
- There’s no list of compatible MicroSD cards, but this 16GB SanDisk MicroSD from Amazon worked for me.
Design & Interface
The Coldcard is a small palm-sized device (9cm x 5cm x 0.5cm) which is lightweight and easy to interact with. It has a 128 x 64 OLED screen and a decently sized numpad. At a glance, I wouldn’t be surprised is people mistook it for a mini-calculator.
It looks cheap, as it only has a clear plastic case. This was a conscious design choice, as it allows you to easily inspect the inside of the device without ripping it open.
Using the Coldcard Offline
If you never want to connect the Coldcard to a computer, you don’t have to.
This might seem like overkill. It probably is, as private key information is protected when you connect the Coldcard to a PC. But if you don’t mind the slight inconvenience of keeping the Coldcard offline, why not add another layer of security?
- Initialise the Coldcard and create a new wallet.
- If you want an offline SegWit wallet, upgrade your Coldcard’s firmware via MicroSD.
- On your Coldcard, select: Advanced > MicroSD Card > Electrum Wallet
- Once you’ve read/approved the warning, it’ll create a wallet file on your MicroSD.
- Move the MicroSD card to your PC.
- Open this wallet file in Electrum.
Making a Transaction
- Insert your MicroSD card into your PC and open your wallet in Electrum.
- Setup and confirm the details of the transaction (like you usually would).
- Select: Preview > Save PSBT
- Save this file to your MicroSD card, then move the MicroSD card to your Coldcard.
- From the Coldcard’s main menu, select: Ready to Sign
- Select the PSBT file you just saved.
- Check and confirm the transaction.
- Move the MicroSD card back to your PC.
- Open Electrum and select: Tools > Load Transaction > From File
- Select the signed transaction and broadcast it.
PSBT is short for ‘Partially Signed Bitcoin Transactions’ and is a new standard described in BIP 174 and supported in Bitcoin Core 0.17. Essentially, this adds support for hardware wallets and air-gapped PCs. The Coldcard is the first ‘PSBT native’ hardware wallet. If you’re curious about this, there are breadcrumbs you can follow in this /r/Bitcoin thread.
It is possible to mix and match online (through the USB) and offline transaction signing (through the microSD).
If you originally initialised the device online but want to transition to only using the Coldcard offline, then you could wipe your existing wallet from the device and create a new one:
- On your Coldcard, open the wallet you wish to remove.
- Select: Advanced > Danger Zone > Destroy Seed > Confirm
This is currently undocumented, and I haven’t tested this process.
There’s no shortage of hardware wallet options.
With over 1.3 million units sold worldwide, the Ledger Nano S is probably the most popular cryptocurrency hardware wallet. It supports dozens of cryptocurrencies, which makes it a great all-in-one solution if you play around with lots of different altcoins.
The Trezor is another great option. It supports over 20 cryptocurrencies. In alignment with their philosophy of openness, Trezor devices don’t use a secure element. Firmware and hardware are open source.
Summary: An Air-Gapped PC in Your Pocket
Coinkite’s Coldcard seems like a love letter to bitcoin maximalists.
But it’s not for everyone. It won’t appease altcoiners (because it only supports bitcoin and litecoin) and it’s not as beginner friendly as other hardware wallets either. So, what sets it apart from the crowd?
- It’s the cheapest bitcoin hardware wallet I’ve reviewed (at about £55).
- Open source, but also features a secure element.
- Alternative hardware wallets are one or the other, not both.
- You never have to take the Coldcard online (sign PSBT messages via a MicroSD instead).
The Coldcard is a little rough around the edges, but it’s still an excellent hardware wallet. I wouldn’t outright recommend it to everyone, but it’s definitely worth a closer look if you’re in the market for an “ultra-secure” hardware wallet.