I don't have a Trezor, but have a couple of Ledger Nano S wallets. One seemingly unique feature is the MicroSD slot. From their docs:
Why does it have a MicroSD slot?
The Coldcard can backup the seed into an encrypted file.
New transactions to be signed, can be imported from the card.
Public key data (xpub, receive addresses) can be written onto the card.
Firmware upgrades can be done by copying the new firmware file onto a card.
A skeleton Electrum wallet can be created on the card which allows Electrum to "pair" with the Coldcard, without it ever connecting to a USB port.
The second one, in particular is interesting, as it makes completely air-gapped transactions possible. I don't know of any others that can do that, at any price. There may be, I just don't know about them.
Topic: ColdCard hardware wallet - page 5. (Read 2459 times)
The wallet looks to be pretty tiny and compact. I like it. Not a big fan of the transparent casing but I can get behind that as well. However, with "cheap" in the product's slogan, it still costs $100 for a single piece. That's nearly twice the price of a Trezor or a Ledger nano s..
Bumping an old one, here. Today (April 4, 2019) there was a new firmware update for the Coldcard: https://coldcardwallet.com/docs/upgrade
Electrum was apparently vulnerable to a phishing problem, this info from electrum.org: Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org.
I bumped into this in a scary way. I don't trade in BTC, just buy and hold. I keep different cold/paper wallets for each year, so when (if?) I cash out, it will be easy to demonstrate it's over a year old, to help with long-term capital gains. A couple of times I needed to sell a little bit for bills. Rather than sweep the whole thing into an exchange wallet, the Coldcard/Electrum combo is great for this. Sweep paper wallet to Electrum, send a bit to the exchange to sell. I left the balance in Coldcard for a couple of days, when I started to send it back to paper wallet, it wouldn't sync.
I run Electrum in Linux from a command line, and there were many alien messages in the terminal. I used the seed words to create a new Electrum wallet, this time without the Coldcard hardware option. Still fail. I looked online, and found the problem, upgraded Electrum. Now the new wallet read everything fine. I like Electrum a lot, but this is a good example of why you should not depend on any one wallet for everything.
Electrum was apparently vulnerable to a phishing problem, this info from electrum.org: Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org.
I bumped into this in a scary way. I don't trade in BTC, just buy and hold. I keep different cold/paper wallets for each year, so when (if?) I cash out, it will be easy to demonstrate it's over a year old, to help with long-term capital gains. A couple of times I needed to sell a little bit for bills. Rather than sweep the whole thing into an exchange wallet, the Coldcard/Electrum combo is great for this. Sweep paper wallet to Electrum, send a bit to the exchange to sell. I left the balance in Coldcard for a couple of days, when I started to send it back to paper wallet, it wouldn't sync.
I run Electrum in Linux from a command line, and there were many alien messages in the terminal. I used the seed words to create a new Electrum wallet, this time without the Coldcard hardware option. Still fail. I looked online, and found the problem, upgraded Electrum. Now the new wallet read everything fine. I like Electrum a lot, but this is a good example of why you should not depend on any one wallet for everything.
It's poor designed. Toooooo ugly IMO...
Yes, that's all I did. This was on latest/upgraded Ubuntu. I haven't tried it on Tails.
EDIT a few minutes later
Got it working with Electrum 3.23 had to add 51-coinkite.rules to /etc/udev/rules.d Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger
info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
Is that all you did? Because I cannot get it to work (I'm using Tails). I am also like you, and have a Nano S. I cannot get that to work either (I haven't tried on Tails, but on debian).
[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.
Huh ?
What kind of backup is being generated if you still need your 12 word mnemonic ?
Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.
As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.
When you create a wallet, it will give you 24 bip39 words to write down. After creating the wallet, if you choose the backup option, it will give you a 12 word 'passphrase' (if you want to call it that) to encrypt the file.
The 'backup' is essentially a system image, which includes the seed, as well as system preferences.
You can read about how it works here:
https://coldcardwallet.com/docs/backups
'Background
The Coldcard is unique in that we offer a backup feature to save your wallet seeds to MicroSD card. Settings and other meta is saved as well. The encrypted file can be treated as any other file because we use AES-256 encryption, with a strong pass phrase.
Even using this feature, you should still have a paper-only copy of your 24 seed words. Use the encrypted backup feature for convenience and duplication.'
Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.
{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:
Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine
https://coldcardwallet.com/docs/upgrade
I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.
Oops. hehe. Must have missed that part.
I agree. I like that option that Electrum provides.
Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.
{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:
Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine
https://coldcardwallet.com/docs/upgrade
I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.
[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.
Huh ?
What kind of backup is being generated if you still need your 12 word mnemonic ?
Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.
As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.
I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).
I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.
I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.
I HODL, so all of this is just experimentation so far.
EDIT a few minutes later
Got it working with Electrum 3.23 had to add 51-coinkite.rules to /etc/udev/rules.d Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger
info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.
I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.
I HODL, so all of this is just experimentation so far.
EDIT a few minutes later
Got it working with Electrum 3.23 had to add 51-coinkite.rules to /etc/udev/rules.d Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger
info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.
I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).
I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.
I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.
I HODL, so all of this is just experimentation so far.
EDIT a few minutes later
Got it working with Electrum 3.23 had to add 51-coinkite.rules to /etc/udev/rules.d Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger
info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.
I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.
I HODL, so all of this is just experimentation so far.
EDIT a few minutes later
Got it working with Electrum 3.23 had to add 51-coinkite.rules to /etc/udev/rules.d Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger
info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
Legit question... I would love if ColdCard developers can respond and answer this and other question people have,
but I must say that its for sure more easy to do this 'fake mailicious firmware' for other more popular hardware wallets.
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card
Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.
You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.
You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.
I agree with you that Trezor and Ledger are looking more attractive and with more features,
but when it comes to security... I think that ColdCard is a much safer option.
I would agree with you that price could be a bit cheaper... maybe around 49$
Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.
You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.
You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.
Here is the interview with creator of ColCard hardware wallet Rodolfo Novak
https://www.youtube.com/watch?v=HIMuJ6CXCM0
I think they created Opendime wallet before also
Has anyone tried to hack it or examine it from inisde ?
https://www.youtube.com/watch?v=HIMuJ6CXCM0
I think they created Opendime wallet before also
Has anyone tried to hack it or examine it from inisde ?
Has anyone used and tested ColdCard hardware wallet so far ?
https://coldcardwallet.com/
What is the Coinkite Coldcard? It's a Bitcoin hardware wallet, so it signs transactions and can be used offline.
BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses.
It knows how to understand transactions, so you can see what you are approving.
The first PSBT (BIP 174) native wallet which can be used completely offline for it's entire lifecycle.
But it's different!
NO specialized software required. It accepts standard PSBT transaction (BIP 174) stored on an MicroSD card.
NO companion 'app' on your computer, works with the major wallets already (Electrum, and more to come).
It's cheap! Simple packaging, plain design, no fancy boxes, no redundant cables.
It's ultrasecure! Real crypto security chip. Your private key is stored in a dedicated security chip, not the main micro's flash.
Easy back-up! MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.
Open source software design runs Micropython and you can change it.
https://coldcardwallet.com/
What is the Coinkite Coldcard? It's a Bitcoin hardware wallet, so it signs transactions and can be used offline.
BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses.
It knows how to understand transactions, so you can see what you are approving.
The first PSBT (BIP 174) native wallet which can be used completely offline for it's entire lifecycle.
But it's different!
NO specialized software required. It accepts standard PSBT transaction (BIP 174) stored on an MicroSD card.
NO companion 'app' on your computer, works with the major wallets already (Electrum, and more to come).
It's cheap! Simple packaging, plain design, no fancy boxes, no redundant cables.
It's ultrasecure! Real crypto security chip. Your private key is stored in a dedicated security chip, not the main micro's flash.
Easy back-up! MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.
Open source software design runs Micropython and you can change it.
Jump to: