What is the Address Explorer?#
When interacting with a hardware wallet, the ability to verify the addresses displayed by your wallet interface on the hardware wallet is paramount. Failure to do so can leave you vulnerable to attacks via compromised mobile or desktop wallets that may be displaying addresses not generated by your COLDCARD®.
COLDCARD's Address Explorer enables you to view, export and scan the addresses controlled by the device. For absolute peace of mind, you should leverage this feature each time you send Bitcoin to your COLDCARD.
Accessing Address Explorer#
Address Explorer is accessible directly from the main menu after entering your PIN. Don't forget to apply your wallet passphrase (if applicable) before viewing Address Explorer. Failure to do so will result in the incorrect addresses being displayed.
You will be shown this background information and warning text:
The following menu lists the first payment address produced by various common wallet systems. Choose the address that your desktop or mobile wallet has shown you as the first receive address. WARNING: Please understand that exceeding the gap limit of your wallet, or choosing the wrong address on the next screen may make it very difficult to recover your funds.
Address Explorer can display and export the following address types:
- Addresses starting with
1, also called
P2PKHor classic addresses.
- Wrapped Segwit
- Addresses starting with
3a transitional format for segwit.
- Addresses starting with
bc1, also called
P2WPKH. (Should be your first choice today.)
- Account Number
- Addresses within a user defined account (any non-zero account number).
- Custom Path
- Any address at a user-defined custom derivation path.
- Addresses within your existing multi-signature wallets.
As a safety feature, we present the first address of each type and you should pick the one that your desktop or mobile wallet has already generated for you. If you do not see a familiar address, then you should proceed with caution as you may have mistyped your wallet passphrase.
After selecting the desired address type, scroll down to view the first 10 addresses. When you reach the bottom of the screen, you'll be given a prompt to show the following 10.
Save to MicroSD Card#
After selecting the desired address type, press 1 to save the
first 250 addresses to the MicroSD card inserted into COLDCARD with
a file name of
addresses.csv. You can then import these files to
your computer for later use without needing to physically access
Index Payment Address Derivation 0 bc1qdeej9p8rpxwypmpdgd0zqsmcta2y2pn25jfh59 m/84'/0'/0'/0/0 1 bc1q9wzwyrvmgnp2rr6y8zs939ztjenzg2r0sgtg6v m/84'/0'/0'/0/1 2 bc1qs7eecptfs4et6vpu8cgun3gcvc3pu6kxmfx6my m/84'/0'/0'/0/2 3 bc1qspqj2taxchke8atdchj3kckdkuf2krjt2zpfhr m/84'/0'/0'/0/3 4 bc1qxxdenujj8zw9wwwc39frmt6ld7d4c2nwm09hz2 m/84'/0'/0'/0/4 5 bc1qgwra4qpk7p6gdmdch4kh82k9k7vgtj2hhc4y02 m/84'/0'/0'/0/5
Store this file with great care. Anyone with access can view the first 250 addresses controlled by your COLDCARD, and that could impact your privacy. Another potential problem is an attacker could modify the file contents to send to his wallet rather than your COLDCARD.
View QR Codes#
After selecting the desired address type, pressing 2 will prompt COLDCARD to show each address, in index order, along with a QR code version. Pressing down on the keypad will move to the next address along the index.
Using this feature allows you to scan a QR code with any wallet and send Bitcoin directly to COLDCARD without ever needing to pair it with a third party wallet application.
Share Over NFC#
After selecting the desired address type (or multisig wallet), press 3 to share over NFC. NFC has to be enabled in Settings > Hardware On/Off > NFC Sharing
View Change Addresses#
After selecting the desired address type (or multisig wallet), press 4 and scroll down to view change addresses.
Don't Send Into The Void
Be careful to only send to an address that a blockchain-watching wallet is monitoring. Although it is possible to get funds back from any address shown by the explorer, it can be very difficult and quite technical.
The correct approach is to use the COLDCARD to verify and double-check addresses shown by your desktop/mobile wallet, which is watching the blockchain and able to generate PSBT files to someday move those coins.
Although the COLDCARD can generate addresses for multisig wallets, because there are other vendors involved, with unknowable signing policies and limitations, it is never safe to directly deposit to a multisig address generated solely on the COLDCARD.
For this reason, the COLDCARD will not show the entire address, and blanks out some of the middle digits with underscore. The remaining digits are visible and can be used to verify the address provided by other systems.
The QR code is not offered for multisig addresses because it would not be safe to use.
Custom Derivation Paths and Large Account numbers#
We allow you to enter arbitrary derivation paths, and huge account numbers. If you send to those addresses, you need some software that is able to track the UTXO created on the blockchain, and someday build a PSBT that the COLDCARD will sign. Without that software, your coins will be stuck.