Skip to content

Address Explorer

What is the Address Explorer?#

Video: COLDCARD Mk: Using Address Explorer

When interacting with a hardware wallet, the ability to verify the addresses displayed by your wallet interface on the hardware wallet is paramount. Failure to do so can leave you vulnerable to attacks via compromised mobile or desktop wallets that may be displaying addresses not generated by your COLDCARD®.

Video: COLDCARD Q: Using Address Explorer

COLDCARD's Address Explorer enables you to view, export and scan the addresses controlled by the device. For absolute peace of mind, you should leverage this feature, or the automatic address verification, each time you send Bitcoin to your COLDCARD.

Accessing Address Explorer#

Address Explorer is accessible directly from the main menu after entering your PIN. Don't forget to apply your wallet passphrase (if applicable) before viewing Address Explorer. Failure to do so will result in the incorrect addresses being displayed.

mk4 address explorer q address explorer

You will be shown this background information and warning text:

The following menu lists the first payment address
produced by various common wallet systems.

Choose the address that your desktop or mobile wallet
has shown you as the first receive address.

WARNING: Please understand that exceeding the gap limit
of your wallet, or choosing the wrong address on the next screen
may make it very difficult to recover your funds.

Address Types#

Address Explorer can display and export the following address types:

Legacy
Addresses starting with 1, also called P2PKH or classic addresses.
Wrapped Segwit
Addresses starting with 3 a transitional format for segwit.
Segwit
Addresses starting with bc1, also called P2WPKH. (Should be your first choice today.)
Applications
Addresses specific to certain applications.
Account Number
Addresses within a user defined account (any non-zero account number).
Custom Path
Any address at a user-defined custom derivation path.
Multi-sig
Addresses within your existing multi-signature wallets.
Start Idx:
Set any index number to begin displaying addresses from (default is 0). Must be enabled in Advanced/Tools > Danger Zone > AE Start Index.

As a safety feature, we present the first address of each type and you should pick the one that your desktop or mobile wallet has already generated for you. If you do not see a familiar address, then you should proceed with caution as you may have mistyped your wallet passphrase.

mk4 list addresses q list addresses

After selecting the desired address type, scroll down to view the first 10 addresses. When you reach the bottom of the screen, you'll be given a prompt to show the following 10.

Save to MicroSD Card#

After selecting the desired address type, you can save the next 250 addresses, beginning at the Start Idx (default 0), to a MicroSD card or the Virtual Disk, if enabled. The resulting file will be named addresses.csv, and can be imported to another wallet without physical access to the COLDCARD.

On the Mk4, press 1 to save the address summary to a MicroSD card, or press 2 to save to the Virtual Disk.

On the Q, press 1 to save the addresses to the MicroSD card in slot A, press B to save to the MicroSD card in slot B, or press 2 to save to the Virtual Disk.

Index   Payment Address                                 Derivation
0   bc1qdeej9p8rpxwypmpdgd0zqsmcta2y2pn25jfh59  m/84'/0'/0'/0/0
1   bc1q9wzwyrvmgnp2rr6y8zs939ztjenzg2r0sgtg6v  m/84'/0'/0'/0/1
2   bc1qs7eecptfs4et6vpu8cgun3gcvc3pu6kxmfx6my  m/84'/0'/0'/0/2
3   bc1qspqj2taxchke8atdchj3kckdkuf2krjt2zpfhr  m/84'/0'/0'/0/3
4   bc1qxxdenujj8zw9wwwc39frmt6ld7d4c2nwm09hz2  m/84'/0'/0'/0/4
5   bc1qgwra4qpk7p6gdmdch4kh82k9k7vgtj2hhc4y02  m/84'/0'/0'/0/5

Store this file with great care. Anyone with access can view 250 addresses controlled by your COLDCARD, and that could impact your privacy. Another potential problem is an attacker could modify the file contents to send to his wallet rather than your COLDCARD.

View QR Codes#

After selecting the desired address type, pressing 4 on the Mk4 or the QR key on the Q will prompt the COLDCARD to show each address, in index order, along with a QR code version. Pressing down on the keypad will move to the next address along the index.

mk4 address qr q address qr

Using this feature allows you to scan a QR code with any wallet and send Bitcoin directly to COLDCARD without ever needing to pair it with a third party wallet application.

Share Over NFC#

After selecting the desired address type (or multisig wallet), press 3 on the Mk4 or the NFC key on the Q to share over NFC.

NFC has to be enabled in Settings > Hardware On/Off > NFC Sharing.

View Change Addresses#

After selecting the desired address type (or multisig wallet), press 0 and scroll down to view change addresses.

Don't Send Into The Void

Be careful to only send to an address that a blockchain-watching wallet is monitoring. Although it is possible to get funds back from any address shown by the explorer, it can be very difficult and quite technical.

The correct approach is to use the COLDCARD to verify and double-check addresses shown by your desktop/mobile wallet, which is watching the blockchain and able to generate PSBT files to someday move those coins.

Multisig Limitations#

Although the COLDCARD can generate addresses for multisig wallets, because there are other vendors involved, with unknowable signing policies and limitations, it is never safe to directly deposit to a multisig address generated solely on the COLDCARD.

For this reason, the COLDCARD will not show the entire address, and blanks out some of the middle digits with underscore. The remaining digits are visible and can be used to verify the address provided by other systems.

Users can override this default behavior by turning on Full Address View in Settings > Multisig Wallets. However, even with this setting enabled you should always cross-verify multisig addresses with your coordinator software.

QR code sharing of multisig addresses is not possible unless Full Address View is enabled.

Custom Derivation Paths and Large Account numbers#

We allow you to enter arbitrary derivation paths, and huge account numbers. If you send to those addresses, you need some software that is able to track the UTXO created on the blockchain, and someday build a PSBT that the COLDCARD will sign. Without that software, your coins will be stuck.