Topic: Coinkite ColdCard Mk4 Review - page 2. (Read 424 times)

I'm no technical guru, but as far as I know dkbit98 is correct, the difference is in the licensing; i.e. whether it can be reproduced and distributed, or not.  

The firmware and the hardware are open for review:
Firmware: https://github.com/coldcard/firmware
Hardware: https://github.com/Coldcard/firmware/tree/master/hardware

99% of people around the world have no idea what mk4 or mk3 even means, so it's not a bad idea and you can always use some case to cover transparent cover.
This is not meant to be used as real calculator or as ultimate protection for your hardware wallet, so that is no problem for me.
Much more people know about ledger wallet but this is still a small percentage of total population.

It's not open source, but to be fair you can still inspect and verify their code, only thing you can't do is fork it.
You could use some of their old open source code and make changes if you know what you are doing, but their old code has some known security flaws.

This is a well-thought out move by them. The uglier and less conspicuous the box is, the better. I never liked the fact that my Ledger came in a box clearly stating it's a cryptocurrency wallet and mentioning Bitcoin and Ethereum in the process.    

This is a pretty weird thing to do. You would expect that it has everything required for normal operation without forcing you to go out and buy your own cables.

It's interesting that they are still claiming on their website that the source code is verifiable and open-source. Is it just the firmware that is closed-source or is everything else close-source?

I think the only way to get NFC working in a way that I would use it, is if there was an companion app from ColdCard, and if that app was open-source.  Otherwise, the feature might as well not be included.  I'm usually reluctant to install apps on my mobile devices unless they're absolutely necessary, so even if there was a third-party app to use with the feature I would probably opt-out.

---

Meh, I wouldn't count them out just yet.  Competition has a way of coercing companies to adapt to their clients' desires.

---

There is a way to generate individual keys that are indeed backed up by the master seed, but I believe the "Paper Wallet" generator is decoupled from that on purpose.  There are indeed use cases where you want to generate a key that isn't recoverable; keys for physical coins or Paper Wallet gifts for example.

---

If you travel with your device and find yourself in a compromised position you may find the ability to brick your device rather handy.  Again, there specific use cases for this feature, and it's not enabled by default.

---

That's always the concern with closed-source code.  Obviously there are risks, and everybody needs to assess those risk for themselves.  Since the original intent is for ColdCard the to remain as an air-gapped device, many of the risks are mitigated if you use the Mk4 in that way.

Thank you for your review and all details you wrote about. I never owned or used a ColdCard, just like to add my opinion to this device.

Printing "ColdCard" on the PCB doesn't quite disguise this device from a cheap calculator. I wouldn't count on that, likely nobody does or should.

I don't like closed-source firmware. This cuts you and others off to check and verify what the firmware does at sensitive points of wallet "procedures". For me this is kind of security by obscurity and clearly not a policy I want to support with my money.

While I like a lot of the features you mentioned, there's one or two in particular I dislike a lot: first the ability to create paper wallet data which is unrelated to the main ColdCard seed. There might be use cases for that, but I simply find it a dangerous features, because you can't recreate such paper wallets if you loose any details or documentation of it. The second feature I don't like is the ability to have a special PIN which completely bricks the device. As far as I understood it, it's optional and I don't have to use it, still doesn't feel comfortable for me personally.

Some interesting features which are also new for the Mk4 incarnation of the ColdCard device set this Mk4 apart from predecessors. How do we know that Coinkite did it "right" with those new features? With closed-source firmware you'll have to put too much trust into them for my personal security taste and comfort.

My personal conclusion is: as long as I have more open-source alternatives and no unique feature that this device offers and which I need, I'd stay away from ColdCard Mk4.

Thank your for your in-depth review. I have also a MK4 and I think basically the same about the wallet. Maybe we can get some news about NFC sooner or later, especially since the CEO of Coinkite is reading in this forum 


To me the bitcoin only solution is also the only downside. I understand that they don't want to include every shitcoin and tell people to simply buy another hardware wallet, but in my opinion this is like telling people we sell you a car only in color black because we like only the color black. You can go to another brand if you want a red car. This is their right to do, but it is just a stupid decision.

I have other options, like an air-gapped laptop, and I also have a Trezor Model T, which I do use for monero.  I don't hodl XMR, so it's not my biggest issue, but it does feel weird to have thousands of dollars in a desktop wallet, even if it is for a short time while I wait for a Bisq offer to get a bite.  I know most bitcoin maximalists appreciate monero's privacy features, which is why I think ColdCard should support it.


I just looked up my old invoices; I paid $149 for my Model T in January of 2019, and in May of the same year I purchase a bundle from Ledger that included the Nano X and Nano S.  The bundle price was also $149.  It's insane how much things have gone up in the last three years.  Although the Trezor T is my favorite HW wallet, I too would have a hard time justifying $280 for one, especially since the Foundation Passport has been released.


The hardware wallet did arrive in a sealed, tamper-evident bag, as Coinkite demonstrates on their Quick Start page.   I did not photograph the bag because it has identifying information on it.  As a supply-chain security feature the bag and hardware wallet are numbered to match.  It was obvious that the device was new, I don't think any effort was made to skirt customs, tariffs, or taxes.


Thank you, I'm glad you find it helpful.  As for the closed-source vs. open-source debate, everyone is going to have an opinion and I wasn't expecting to change anyone's mind.  As I've said I believe the firmware should be open source, but I understand why it isn't.  I also feel the features of the ColdCard are worth the extra effort I have to take ensure my safety due to it's closed-source nature.

You will never have this for ColdCard wallet now after they changed their source code license so you can only view it and not fork it.
I think that only Trezor model T and ledger wallets support Monero for now, but someone started to work on fork of open source project SeedSigner that is called MoneroSigner.
It's easy to make this signing device on your own with RaspberryPi zero and printing your own 3d case.

To be fair, there was a time few months ago when you could buy ColdCard for around $120 on presale, and some other hardware wallets also offered lower prices like Foundation Passport.
I would never give $280 for Trezor T or $157 for ledger model X.

This is really interesting and I didn't know they are sending their hardware wallet like this.
Is returned address or anything else mentioning Coldcard hardware wallet or not?
I wonder if this could trick customs and that could avoid paying extra import taxes in some countries, even if I am not a fan of their cheap calculator look.

Very good review and I think it could help someone who ios thinking of buying their new Mk4 device, but if you ask me would I buy it, I would say No
However, I do think new Coldcard wallet is still better and more secure than other hardware wallets like ledger, so it's middle ground between open and closed source devices.
I don't think they solved anything with two secure elements, and I bet this will create some issues down the road.

It's been a little over a month since I received my ColdCard Mk4, and I'd like to share my thoughts, opinions and observations here.  I purchased the ColdCard Mk4 with my own money, I was not offered a discount nor did I receive any promotional pricing of any type.  I have no affiliation with Coinkite, I have had no communication with them since my purchase, nor have they offered any incentive for making this post.

---

tl;dr

If you can get over the fact that the firmware is not open-source, this is the most feature filled and among the most secure hardware wallet I've ever used.  It's not the most user-friendly or newbie-friendly wallet I've used, but for the experienced bitcoin maximalist, I do recommend it.

I am a bitcoin maximalist and the ColdCard is a Bitcoin Only hardware wallet, but I do wish they would integrate support for Monero's official wallet.

---

Price

The price of the ColdCard as compared to the competition:

• Trezor Model One:   $77
• Ledger Nano S+:   $83
• Ledger Nano X:   $157
• ColdCard:   $158
• Foundation Passport:   $249
• Trezor Model T:   $280

At the time of writing this review the ColdCard costs $158, which puts it in the bracket of moderately priced competitor models, and nearly identical to the Ledger Nano X.  Despite it's price being roughly twice that of a Trezor One, I think it's still a good value given it's many features which I'll touch on below.

---

Purchase

The purchasing process directly from Coinkite was easy, and secure.  When I ordered the Mk4 it was on backorder, but I received it within three weeks of reserving mine.  The wallet arrived in a non-descript cardboard box, with no indication that it had anything to do with cryptocurrency, other than the return address.  There were no accessories included with the wallet, other than a couple of stickers, and a card for a mnemonic seed phrase.  A USB-C cable is required to power up the device, which again is not included.

 

---

Form

The wallet it's self is a very simple design, intentionally meant to look like a 90's vintage calculator that you got for free when opening your first checking account.  An uneducated thief looking for items of value wouldn't give it a second look.  The clear plastic housing is a cool look in my opinion; however I do believe a flat black option would further the intent of making it look like a cheap calculator.

The injection molded plastic housing is upgraded from the Mk3 in that it includes a protective cover for the keypad and screen.  The fit of the cover is secure, both on the front and the back where it stows away neatly during use.  The overall quality and feel of the device seems solid and practical.

 

---

Function and Quality

Functionally, the wallet has some minor issues that are more annoyances rather than issues.  The keypad buttons are deeply set within the housing and my fat fingers have trouble getting in there at times.  Another observation is that as I scroll through some of the function pages if I start pressing a bit too quickly the scroll function doesn't keep up.  Again, I find these to be relatively minor observations.  It's worth noting, however that the only other wallet within my realm of consideration that has a physical keypad is the Passport which costs $90 more.  With the even more expensive Trezor Model T's touchscreen I tend to be prone to mistakes.  Again I blame my fat fingers.  So, even with the minor observations regarding the keypad, in contrast with the competition a full number pad of real buttons is a welcome feature.

The other hardware functionality seems pretty solid.  The USB-C connection is solid feeling, and so is the slot for the micro-SD card.  The screen is on the small side, but the font is bright, clear, and large enough for me to see without issues.

---

Security

Now if it's one thing I've learned about trusted vendors and services within the crypto world, it's easily summed up by a Russian proverb that was made famous in the US by Ronald Reagan in 1987; doveryay, no proveryay (trust, but verify.)  So I'll take this opportunity to note again that the ColdCard is bult with source code for firmware that is licensed as common clause, not open-source.  The firmware is open for peer review, but cannot be forked or distributed.  Of course verification is possible, and verifying your transactions is always recommended.  Any bitcoin transaction can and should be verified prior to signing, and again prior to broadcasting.

Discounting the the controversies around common-clause licensed firmware, the wallet strikes me as a brick house in terms of security.  It includes the typical features one would expect; 24-word seeds, complex passphrases with full keyboard of special characters, and control over derivation paths for multiple, less prominent wallets. It also has a special configuration for entering PINs which I find to be more secure than the more common methods.  It can also create a fake pin to use when under "duress," and even allows a special configuration of the duress PIN which, when entered will result in the device being bricked.

As would be expected, the Bip39 passphrases (extensions) are entered on the device, and only stored while the device remains powered up and logged in.  An automatic logoff timer can be set, so if you must step away from the device for a few minutes it'll automatically log itself off.

---

Privacy

This category is where I believe the ColdCard sets itself apart from the competition.  Due to the simplicity with which it can generate new, unaffiliated addresses, multiple HD wallets, and integration with Bitcoin Core the device makes it very simple to prioritize your privacy, and give you tools to make it easy.  I will discuss these features more in the next section.

---

Features

The ColdCard is full of neat features that help the use remain safe and private.  Here are some of the ones I find useful:

• Bip85 sub-seed generator
• Paper Wallet generator
• Optional USB connectivity
• Wallet file generator for popular desktop clients
• Multiple user accounts
• Simplified backups

Most of the items I've listed above are, as far as I know, unique to the ColdCard.  Most are also self-explanatory, but I will touch on the Bip85 feature here because knowledge of its existence is new to me, and it's super cool.  With this feature you can generate any number of mnemonic seed phrases, WIF HD seeds, and standard single-address private keys.  These keys are derived from your master seed, so as long as you've backed up your master seed phrase, you'll always have the ability to restore any of the derived seeds and keys.  For example, you can generate a 12 or 24-word seed phrase that's derived from your master seed to use for a hot wallet and if you choose to not write it down, no big deal.  You can always use the ColdCard with the same master seed to retrieve the hot wallet seed.

The Bip85 feature along with the single key generator can help improve privacy by creating wallets that are unaffiliated with your main wallet but can be recovered later if needed.  It is worth noting that the "Paper Wallet" generator creates random keys that are not backed up by your master seed.

The other feature I want to touch on is the optional USB connectivity.  ColdCard models prior to the Mk4 did not include this feature, they had no method of connecting to a host device (PC or phone) through the USB port.  They relied on transferring data through the use of the micro SD card.  The Mk4 can be used the same way, but it also provides the option to use USB connectivity so the wallet can work similar to other, more typical hardware wallets, i.e., it can be paired to a desktop client to sign transactions directly.  

Another feature it includes is the option to enable 4 megabytes of integral volatile storage.  This can be used to transfer wallet files generated by the ColdCard or save PSBTs generated on the host.  This storage is non-persistent and is lost once the device is logged off or powered off.

---

Conclusion

The bottom line about the ColdCard, or just about any purchase can be summed up with one question; would I buy it again?  The answer is a resounding "Yes!"

I am of the opinion that all crypto currency wallets, hardware or otherwise should be open-source primarily for trust and transparency purposes.  I do find the ColdCard to be secure and practical hardware wallet.  All in all, I think it is a great tool for any bitcoin maximalist.

---