Coldcard always generates 24-word BIP-39 seeds. It can also import 12, 18 and 24-word, BIP-39 seeds that other wallets may have created.
There is a single "wallet", derived from the BIP-39 seed words. In addition, we have an optional "duress" wallet, which is derived from the wallet's seed words and is not independent. This means it gets backed-up automatically, and the original seed words also backup the duress wallet.
By adding a BIP-39 passphrase you can unlock nearly unlimited additional wallets which derive from the original 24 seed words. The passphrase you use defines the wallet and cannot be changed. BIP-39 passphrases are not backed up or otherwise tracked, which gives lots of freedom in terms of plausible deniability.
Yes, the PIN is independent of the funds being held. It can be changed at any time as long as you have the original PIN.
BIP-39 passphrases cannot be changed because the text of the passphrase is part of the private key.
Bitcoin and Bitcoin Testnet are supported. Coldcard does not support altcoins.
Use the USB port at the top of the Coldcard. You must provide a standard MicroUSB cable suitable for your computer.
Coldcard does not enable the USB port until a correct PIN code is entered so it will not appear on your computer until the PIN is entered.
There is no need to use the USB port (except for power) during seed setup and when using the MicroSD card slot itself. We use the Coldcard with USB battery packs routinely, although some battery packs do not correctly detect the Coldcard because it uses very little power. They may power down because it appears that nothing is connected. Most simple battery packs and wall chargers are fine.
You don't have to use MicroSD cards with Coldcard. It works fine over a USB connection. You can also switch later if your security needs change.
PSBT is an emerging standard for "Partially Signed Bitcoin Transactions" and is described by BIP 174.
Coldcard is the first "PSBT Native" hardware wallet. It uses PSBT internally, and should be able to sign most PSBT files generated by conforming software. For completed transactions, we can output either a PSBT (with the new signatures added) or a finalized Bitcoin transaction, ready to send.
Bitcoin Core has recently added HWI which supports uploading unsigned PSBT files, and receiving signed PSBT files back from the Coldcard. All the features of the Coldcard, including message signing and showing of addresses are already supported in HWI. This is a great way to use your Coldcard from the CLI over USB connection.
Insert a MicroSD card, and go to Advanced > Backups > Backup System.
You'll be shown a 12-word password to be recorded, and have to pass a short quiz to prove you did that.
Then the file is saved as an AES-encrypted 7Z file on the MicroSD card.
We suggest keeping the password and file in different locations. The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.
Backups can also be verified (checked for completeness) from the menu system.
Yes, Coldcard supports BIP-39 passphrases.
This unlocks approximately 5.9e197 more wallets based on your seed phrase.
There isn't a factory reset due to the secure element. Most of the fields in that chip cannot be quickly reset. However, you can clear the wallet seeds and remove secondary PIN code individually. It's a lot of typing and all corresponding PIN codes must be already known to you.
Coldcard can display the payment address after it has independently calculated what it should be. Without this, it would be hard to make a "deposit" into the wallet of the Coldcard without the possibility of someone misleading you.
In Electrum, click on the "eye" icon shown near the payment address. Check the value shown on the Coldcard screen, compared to the value Electrum is showing.
This 'show address' feature is typically used online, with the Coldcard connected on USB. To achieve a similar result off-line, proceed as follows: choose: Advanced > Address Explorer, and follow the instructions.
You can view ten addresses on the screen at at a time (press 9 to see more), and also write out a CSV file with the first 250 addresses, onto the MicroSD card.
You should never buy a "used" Coldcard from EBay or another online store. A new Coldcard from the factory would arrive sealed in a special tamper-evident bag. That's an important security feature since it's possible to change the firmware on the Coldcard. It's impossible to trust what you're receiving from the second-hand vendor.
All legitimate resellers should be providing the Coldcard unused and still in it's original tamper-evident bag. As part of the first-use sequence, you will verify the bag number matches the factory bag number.
There are so many MicroSD cards out there, it's not possible for us to test with them all. We have tested with all the cards we can find locally, and a few ultra-cheap ones from Aliexpress. Still there will be some that won't work. If it's formatted as FAT32 and equal or smaller than 32GB, it should work.
Please try another brand of card and if that fails, try one of our high quality true SLC cards, available in our store.
Yes. We have comprehensive segwit support, and strongly recommend it, but do not require it. We will display Bech32 and P2SH (segwit wrapped) addresses appropriately.
The limiting factor is usually the wallet software generating the PSBT files for Coldcard to sign, and the BIP-32 key derivation paths involved.
For the Electrum wallet, we generate a PSBT file which will result in Coldcard producing a segwit transaction every time (this does not relate to use of Bech32 or P2SH addresses, just the transaction's signatures).
Segwit is preferred since the cryptographic signature will cover exactly the payment details that the user has previewed on the Coldcard screen.
In order to (safely) produce a non-segwit transaction, the Coldcard must be provided enough data in the PSBT to completely verify the inputs and since a full copy of the transaction for all UTXO inputs is needed, the result is a much larger PSBT file. Coldcard will refuse to sign a PSBT file where it does not have complete information on all inputs.
At some point in the future, we may even block non-segwit signatures on the Coldcard, or make it disabled by default.
Although the ATECC608, and the 508 used on older versions, do implement standard SHA-256, HMAC(SHA-256) and AES, we use those implementations only to secure the secrets that the chip holds.
Bitcoin signatures, and all other Bitcoin-specific operations are completed with the open-source software found in our open-source code.
The ATECC608A is a fixed-function device for private key storage. It is not a general purpose CPU like some other secure elements. As a result, neither Coinkite nor the chip's manufacturer can change how it works without revising the hardware of the chip itself. It is in effect a flash ROM (read only memory) with about 10k bits of storage. All access and updates are predefined by the hardware and its design. The complete Coldcard firmware can be seen here and we have a detailed white paper specifically about this Secure Element, and how we use it.
As soon as you enter the correct PIN code, the login attempt counter is reset to zero. This means you'll still have a full 13 attempts next time.
When you've failed 3 times or more, we warn you that you are in danger of bricking the device. The message encourages you to double-check the PIN entered, and even gives you a peek at what you entered, before submitting it as an login attempt.
Please note that Mk3 systems will brick themselves after 13 failed login attempts. There is no way to reset or recover the device.
Mk2 and earlier Coldcards will allow infinite attempts, but make it slower and slower each time, until at one point, you have to wait hours between each attempt.
It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The Coldcard uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor. We do not use the TRNG present in the secure element because we do not want to expose the number to external probing.
The number from the TRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again.
During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked.
You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss.
We've found relevant search results.