How many seed words does it use?#
COLDCARD® generates either 12- or 24-word BIP-39 seeds. It can also import 12, 18, and 24-word, BIP-39 seeds that other wallets may have created.
Can I have multiple wallets in each COLDCARD?#
There is a single "wallet", derived from the BIP-39 seed words. In addition, we have an optional "duress" wallet, which is derived from the wallet's seed words and is not independent. This means it gets backed-up automatically, and the original seed words also backup the duress wallet.
By adding a BIP-39 passphrase you can unlock nearly unlimited additional wallets which derive from the original 24 seed words. The passphrase you use defines the wallet and cannot be changed. BIP-39 passphrases are not backed up or otherwise tracked, which gives lots of freedom in terms of plausible deniability.
What's new in the Mk4 COLDCARD?#
We have a complete table of differences here but the highlights: NFC (tap) is supported, USB-C connector, new plastic and dual secure elements, from different vendors.
Can I change my PIN?#
Yes, the PIN is independent of the funds being held. It can be changed at any time as long as you have the original PIN.
BIP-39 passphrases cannot be changed because the text of the passphrase is part of the private key.
Which blockchains do you support?#
Bitcoin and Bitcoin Testnet are supported. COLDCARD does not support altcoins.
Why does it have a microSD slot?#
- The COLDCARD can backup the seed into an encrypted file.
- New transactions to be signed can be imported from the card.
- Public key data (XPUB, payment addresses) can be written onto the card.
- Firmware upgrades can be done by copying the new firmware file onto a card.
- A skeleton Electrum wallet can be created on the card which allows Electrum to "pair" with the COLDCARD without it ever connecting to a USB port.
- Multisig wallets can be joined using files transferred via cards.
How do I connect to a computer?#
Use the USB port at the top of the COLDCARD. You must provide a standard micro USB cable suitable for your computer.
COLDCARD does not enable the USB port until a correct PIN code is entered so it will not appear on your computer until the PIN is entered.
There is no need to use the USB port (except for power) during seed setup and when using the microSD card slot itself. We use the COLDCARD with USB battery packs routinely, although some battery packs do not correctly detect the COLDCARD because it uses very little power. They may power down because it appears that nothing is connected. Most simple battery packs and wall chargers are fine.
With the Mk4, you may enable "USB Virtual Disk" mode so the COLDCARD will look like a USB drive to your computer or mobile phone. This simplifies operation because you can drag-n-drop PSBT files onto the COLDCARD.
Do I need to use MicroSD cards?#
You don't have to use MicroSD cards with COLDCARD. It works fine over a USB connection. You can also switch later if your security needs change. NFC (tap) can also be used on to send and receive files.
What is PSBT?#
PSBT is an emerging standard for "Partially Signed Bitcoin Transactions" and is described by BIP-174.
COLDCARD is the first "PSBT Native" hardware wallet. It uses PSBT internally, and should be able to sign most PSBT files generated by conforming software. For completed transactions, we can output either a PSBT (with the new signatures added) or a finalized Bitcoin transaction, ready to send.
Bitcoin Core has added HWI which supports uploading unsigned PSBT files, and receiving signed PSBT files back from the COLDCARD. All the features of the COLDCARD, including message signing and showing of addresses are supported in HWI. This is a great way to use your COLDCARD from the CLI over USB connection.
How do I backup?#
Insert a microSD card, and go to
Advanced > Backup > Backup System.
You'll be shown a 12-word password to be recorded, and have to pass a short quiz to prove you did that.
Then the file is saved as an AES-encrypted 7Z file on the microSD card.
We suggest keeping the password and file in different locations. The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.
Backups can also be verified (checked for completeness) from the menu system.
Can COLDCARD import an encrypted BIP-39 seed phrase?#
Yes, COLDCARD supports BIP-39 passphrases.
This unlocks approximately 5.9 × 10197 more wallets based on your seed words.
Is there a factory reset?#
There isn't a factory reset due to the secure elements. Most of the fields in those chips cannot be quickly reset. However, you can clear the wallet seed, delete all Trick Pins, and change the main PIN to something easy. It's a lot of clicking and the main PIN code must be already known to you.
How do I know desktop software is showing a payment address that truly is a deposit into this COLDCARD?#
COLDCARD can display the payment address after it has independently calculated what it should be. Without this, it would be hard to make a "deposit" into the wallet of the COLDCARD without the possibility of someone misleading you.
In Electrum, click on the "eye" icon shown near the payment address. Check the value shown on the COLDCARD screen, compared to the value Electrum is showing.
This 'show address' feature is typically used online, with the COLDCARD connected on USB. To achieve a similar result offline, proceed as follows: choose Address Explorer from the main menu, and follow the instructions.
You can view ten addresses on the screen at at a time (press 9 to see more), and also write out a CSV file with the first 250 addresses, onto the microSD card.
I found a previously-used COLDCARD online, should I buy it?#
You should never buy a "used" COLDCARD from eBay or another online store. A new COLDCARD from the factory would arrive sealed in a special tamper-evident bag. That's an important security feature since it's possible to change the firmware on the COLDCARD. It's impossible to trust what you're receiving from the second-hand vendor.
All legitimate resellers should be providing the COLDCARD unused and still in it's original tamper-evident bag. As part of the first-use sequence, you will verify the bag number matches the factory bag number.
This random microSD card doesn't work!#
There are so many microSD cards out there, it's not possible for us to test with them all. We have tested with all the cards we can find locally, and a few ultra-cheap ones from AliExpress. Still there will be some that won't work. If it's formatted as FAT32 and equal or smaller than 32GB, it should work.
Please try another brand of card and if that fails, try one of our high quality true SLC cards, available in our store.
Do you support Segwit (Segregated Witness) on the COLDCARD?#
Yes. We have comprehensive segwit support, and strongly recommend it, but do not require it. We will display Bech32 and P2SH (segwit wrapped) addresses appropriately.
The limiting factor is usually the wallet software generating the PSBT files for Coldcard to sign, and the BIP-32 key derivation paths involved.
For the Electrum wallet, we generate a PSBT file which will result in COLDCARD producing a segwit transaction every time (this does not relate to use of Bech32 or P2SH addresses, just the transaction's signatures).
Segwit is preferred since the cryptographic signature will cover exactly the payment details that the user has previewed on the COLDCARD screen.
In order to (safely) produce a non-segwit transaction, the COLDCARD must be provided enough data in the PSBT to completely verify the inputs and since a full copy of the transaction for all UTXO inputs is needed, the result is a much larger PSBT file. COLDCARD will refuse to sign a PSBT file where it does not have complete information on all inputs.
Is the secure element's crypto used for Bitcoin processing?#
Although the ATECC608 (and the 508 used on older versions), do implement standard SHA-256, HMAC(SHA-256) and AES, we use those implementations only to secure the secrets that the chip holds. The same is true of the secondary SE (Maxim DS28C36B) on the Mk4.
Bitcoin signatures, and all other Bitcoin-specific operations are completed with the open-source software found in our open-source code. Ultimately the critical math is performed by the same libsecp256k1 code used in Bitcoin Core.
What kind of secure element is used?#
The ATECC608 is a fixed-function device for private key storage. It is not a general purpose CPU like some other secure elements. As a result, neither Coinkite nor the chip's manufacturer can change how it works without revising the hardware of the chip itself. It is in effect a flash ROM (read only memory) with about 10k bits of storage. All access and updates are predefined by the hardware and its design. The complete COLDCARD firmware can be seen here and we have a detailed white paper specifically about this secure element, and how we use it.
With the new mark (Mk4) of the COLDCARD, a second secure element (Maxim DS28C36B) has been added so that if either vendor has a critical security flaw, it will not affect the overall security of your seed words. We combine the power of both secure elements as described in this white paper about Mk4 secure elements
When does the PIN attempt counter reset?#
As soon as you enter the correct PIN code, the login attempt counter is reset to zero. This means you'll still have a full 13 attempts next time.
What happens when I can't remember my PIN?#
When you've failed 3 times or more, we warn you that you are in danger of bricking the device. The message encourages you to double-check the PIN entered, and even gives you a peek at what you entered, before submitting it as an login attempt.
Please note the COLDCARD will brick itself after 13 failed login attempts. There is no way to reset or recover the device.
Mk2 and earlier COLDCARDs will allow infinite attempts, but make it slower and slower each time, until at one point, you have to wait hours between each attempt.
Where does the entropy (randomness) come from?#
It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The COLDCARD primarily uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor.
The TRNG from the MCU would be sufficient, but we also maintain a PRNG which is mixed (by XOR) into the TRNG output. That PRNG is seeded once at boot up from the TRNG in each of SE1 and SE2. We limit the of use the TRNG present in the secure elements because the protocol involved is complex and slow.
The 256-bit number from the TRNG⊕PRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again.
During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked.
You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss.
If you do choose to roll your own dice, it is critical that you do it honestly and truly rely on how your dice fell. Do not press buttons arbitrarily or repeat the same roll a bunch of times. Humans are very bad at generating entropy!