Coldcard Review

Coldcard Review

Robert McDougall 

January 9, 2024

Cryptocurrency

Are you a crypto enthusiast looking for a secure hardware wallet? With storage security being paramount for storing cryptocurrency, owning a hardware wallet can help better protect your coins. But how does a hardware wallet secure your cryptocurrency? These small plug-in devices are designed with offline private keys to separate your crypto tokens from the internet. 

One well-known and highly secure hardware wallet is Coldcard. Invented and manufactured by Coinkite, the advanced version of this hardware wallet, i.e., Mk4, was introduced in 2022. 

While Coldcard is known for some of the best security features, the Mk4 version offers NFC, a USB port, improved security, and added features. However, to determine if Coldcard is the right choice for your hardware wallet needs, read my review  on what this popular wallet has to offer.

Key Features of Coldcard 

The ColdCard wallet stands out for offering the following features: 

Air-Gapped Security

While Coldcard's competitors, Trezor and Ledger, played a prominent role in introducing air-gapped security in hardware wallets, Coldcard also offers this advanced security approach to its owners. But wait, what is air-gapped security anyway? 

An air gap is a cybersecurity measure that isolates a computer or network, preventing it from establishing an external connection. This means there is no physical connection between the two networks, ensuring that both networks are protected from malicious attacks and data breaches. Air-gapped hardware wallets store the private keys offline. 

Likewise, a Coldcard wallet can be used without connecting to the internet. The best part? Coldcard is the first native PSBT (partially signed Bitcoin transactions) hardware wallet that allows you to partially sign transactions without connecting the wallet to a computer or internet service. As a result, this adds an extra layer of Bitcoin storage security while preventing virus attacks. 

Physical Number Pad

Have you ever used hardware wallets like Ledger Nano or Cobo Vault with no numeric keypads? If so, you'd be familiar with the challenge of entering your PIN one digit at a time using only a few buttons. This, of course, makes the usage of such hardware wallets more challenging and time-consuming.

I found that Coldcard was much easier to use, with the numeric keypad and black-and-white screen which is easy to read. From my experience, this design makes Coldcard far more intuitive than most other hardware wallets in the market. 

Secure Element Chip

Another worth-mentioning key feature of Coldcard is the integration of ATECC608A Microchips on this hardware wallet. These microchips are used to store your secret keys. Coldcard only allows for restricted communication via encryption and SHA 256 answers, preventing message replay and eavesdropping.

Hence, to prevent repetition, knowing the PIN is the sole method to access the Bitcoins in the wallet. This means that attackers cannot try to break into it via brute force or simply replaying the PIN. As a result, even if attackers remove the chip from its board or update the firmware in the microprocessor, the chip's security remains intact. 

Furthermore, the secure element contents — which store seed phrases and private keys in the wallet — are encrypted using a one-time pad known only to the main microchip. This adds an extra layer of security to Coldcard wallets, ensuring that all your sensitive data is protected. 

Open-Source Firmware

Last but not least, it is also worth noting that Coldcard is built with open-source firmware. This means a global developer's community can constantly contribute to its advancement and quickly fix potential flaws. 

Additionally, even though Coldcard doesn't actively support altcoin storage, developers can use their own altcoin integrations if necessary. Hence, this wallet's storage and usage options always have room for advancement. The only requirement here is that the factory must sign the new firmware. 

Usability and User Experience

Coldcard is designed differently than most hardware wallets. Precisely, Coinkite has prioritized utility over portability ensuring a design that focuses on more than just compactness.

Notably, this hardware wallet is roughly the size of a debit card, measuring 88 mm x 52 mm x 9 mm and weighing slightly under 30g. While this makes it larger than other popular hardware wallets like Trezor or Ledger, the ColdCard still fits comfortably in one hand. Its case is made of clear plastic, making the internal structure visible. The wallet also seems sturdy enough to withstand knocks and bangs without damage.

Adding to its appearance, the physical keypad of this wallet features 12 buttons beneath a small 128x64 pixel OLED screen on the front, a microSD slot on the back, and a micro USB connector on the top. Its overall appearance is quite similar to a small calculator. Notably, the Mk4 version of Coldcard, this hardware wallet can be powered by a 9V battery (if not connected to a computer) or a micro USB-C cable. 

How to Set Up the Coldcard? 

Before delving into the setup options, it’s important to understand that you can configure Coldcard with or without an air gap. Let’s explore the two methods for setting up your Coldcard wallet.

Using a Direct USB Connection

To set up your Coldcard without the air gap, connect the wallet directly to your desktop computer using a USB cable. From there, you can send or receive assets/funds directly to your desktop wallet.

Using a MicroSD Card Bridge

Conversely, if you prefer to use an air gap, you’ll need a MicroSD card to bridge between your wallet and the PC wallet. Here’s how it works:

  • Import the wallet file to the MicroSD card by plugging the MicroSD card into your Coldcard.
  • Then, insert the MicroSD card into your desktop computer.
  • Finally, drag the wallet file from the MicroSD card into your desktop wallet.

This setup allows you to keep your Coldcard physically isolated from your computer while still managing your wallet securely.

Sending and Receiving on Coldcard

While you can receive funds anytime, if the sender has your public address, transferring from Coldcard is similar to setting up with or without air gap. Precisely, you need to confirm your transaction on the Coldcard to transfer funds by connecting your wallet to your PC.

In contrast, when transferring with airgap, just export the PSBT to the SD card and insert it into the Coldcard Device after creating the transaction on your desktop wallet. After this, you can see and approve the transaction amount and recipient address. 

Upon approval, you have to eject the SD card, re-insert it into the PC, launch your desktop wallet, import the transaction, and broadcast it to the network. Your transaction will now be visible to the public on the blockchain.

Coldcard Backup Function

One of the unique features of the Coldcard is that it offers a backup option that allows you to save your wallet seeds to a MicroSD card. This backup option also lets you store your wallet settings and other metadata. Since Coldcard uses AES-256 encryption with a strong passphrase, you can manage the encrypted backup file just like any other file without any security concerns.

To create a backup on Coldcard, you need to: 

  • Select "Backup System" from the drop-down option.
  • After this, Coldcard will generate a password of 12 words. These words are chosen randomly and do not affect your wallet seed.
  • After receiving a password, you must pass a quiz to demonstrate that you have written down the words.
  • Once the quiz ends, the new file will be saved to the MicroSD card.
  • After this, the backup file will be created, and a number will be attached to the filename. Notably, the most recent backup file will have the highest number.

Security Measures and Safeguards

The Coldcard wallet prioritizes security to give customers the best Bitcoin (BTC) protection. How does it ensure this security? Let's take a look: 

  • Encrypted Backup: Encrypted backup is one of the notable features that adds to the security of Coldcard. How does this work? Considering the earlier-mentioned process, you can save an encrypted file containing all the information needed to repair a lost or damaged Coldcard to a MicroSD card with a few clicks. This backup is a simple encrypted text file that can be used to switch between suppliers, preventing vendor lock-in.
  • Thorough Examination of PSBT Files and Transactions: Coldcard wallet also thoroughly examines the content of PSBT files and transactions made with it. In this approach, the Coldcard wallet checks UTXO information and extensively inspects change outputs to ensure they return to the same wallet. This way, you can avoid potential software tricks that may display false transaction details, resulting in the transfer of your assets to a different wallet.
  • Design and Casing: The wallet's translucent plastic casing also provides visible proof of manipulation. This lets you easily determine whether you have the original Coldcard wallet or a fake device, ensuring that your Bitcoins are transferred to a secure and tamper-free hardware wallet. Additionally, the wallet is delivered in tamper-resistant shipping bags.
  • Login Countdown: This function locks your Coldcard wallet after several failed attempts to enter your PIN code. This will stop others from trying your PIN code over and over again.
  • Firmware Upgrades and Open-Source Software: As mentioned earlier, the Coldcard also accepts firmware upgrades. Furthermore, the wallet's adoption of open-source software demonstrates its dedication to openness and security.
  • Duress PIN: The duress PIN code allows you to open a separate wallet with fake money in case someone tries to get you to share your real PIN code. Notably, there's no need to back up the duress wallet individually because it is based on your original seed words.
  • Brick Me PIN: Setting up a Brick Me PIN code means that whenever you enter this code, it will destroy your device forever and delete all of your data. This is helpful if you ever want to safely get rid of your wallet or if you need to keep your money from being accessed in an emergency.
  • Countdown to Brick Me PIN: This feature lets you sneakily use the Brick Me PIN code. When you log in to the Coldcard, it delays the destruction time by minutes, hours, or days. But once a Brick Me Countdown is set, unlike the normal timer, this special mode bricks the Coldcard in secret (or, if needed, just wipes the seed phrase). The point of this mode is to delay access to the wallet, similar to how time-delay safes work in banks. However, if the attacker turns off this mode, they still won't be able to use the wallet.

Integration and Compatibility 

When it comes to connecting your Coldcard with other software wallets and services, there are various options you can consider, including: 

Compatible Wallets

The good thing about Colcard is that it is compatible with any software wallet that follows Bitcoin standards, like BIP-174, which introduced Partially Signed Bitcoin Transactions (PSBT). Examples of such wallets include: 

  • Bitcoin Core
  • Casa
  • BlueWallet
  • Fully Noded
  • Electrum
  • Coldcore
  • Sparrow
  • Unchained
  • Specter Desktop
  • Nunchuk
  • Wasabi Wallet

Compatible Bitcoin Financial Tools

Coldcard is also compatible with financial tools and services used for commercial transactions and services. 

These include: 

BTCPay Server

This is a free and open-source Bitcoin payment processor. Specifically, it allows you to gather tips or donations from others by directly accepting funds in BTC. Hence, you can easily manage funds using BTCPay's wallet with your air-gapped Coldcard. 

Unchained

Serving both individuals and enterprises, Unchained allows self-custody of your assets by using multi-signature (multisig) vaults. You must input two or more private keys to make any transactions. This tool also offers additional financial services, including loans and retirement accounts. But remember that these services are currently restricted to a few US jurisdictions.

NFC-V 

NFC is the technology that allows for tap-to-pay and keyless entry. With this technology, you can sign a transaction with a tap of your Coldcard, whenever you want to. You can use this NFC for PSBT, transactions, address sharing, and other related data.

Note: The NFC feature is disabled by default and can be permanently disabled (if needed) by cutting a trace on the board. This destructible trace doesn't manage any other functions of the Coldcard. 

USB Virtual Disk Mode

Another data transfer option supported by the Coldcard Mk4 is Virtual Disk Mode. This lets you perceive the Mk4 as a 4 MB USB stick once connected to a computer or mobile phone. Additionally, since it lets you save information straight to your Coldcard Mk4, it is easy to use with any PSBT sources or web browsers. 

Pricing 

Unfortunately, Coldcard may appear as a more expensive hardware wallet, especially compared to other devices like the Ledger Nano S Plus ($79) or the Trezor Model One ($69).

The Coldcard device Mk4 version is available for $157.94, which is cheaper than its competitor Trezor Model T ($219). However, it is worth noting that this hardware wallet requires some accessories for its usage. This includes:

  • Power-Only USB-C Cable ($16.99)
  • Industrial MicroSD ($39.94)
  • COLDPOWER Adapter (est. $24.99)
  • 9V battery to use the hardware wallet without any computer connection.

This makes a total of $239.86, excluding the price of a 9V battery. This shows that Coldcard offers its unique security features at a higher rate than most other hardware wallets. 

Pros and Cons

Pros
  • Top-class specialized chips are integrated to keep your seed words safe.
  • The wallet never requires a computer connection. Instead, you can use a MicroSD card to backup and store data easily.
  • A bright, 128×64 pixel OLED screen makes it highly convenient to view all the critical details of your transaction.
  • The availability of a USB port makes the Mk4 easy to connect to various devices.
  • Offers an overall attractive design with a full-sized numeric keypad and protective cover.
  • Features several options for preventing physical tampering.
Cons
  • Only compatible with Bitcoin.
  • Requires high technical skill to use the wallet.
  • Fairly expensive than some other hardware wallets.
  • No touchscreen.

Conclusion 

To summarize, Coldcard is a secure hardware wallet that provides a novel method of storing your Bitcoin private keys offline. This hardware wallet has gained immense popularity among Bitcoiners for its robust safety features ever since it launched. 

From the various levels of protection and features that make compromising or stealing your funds impossible, Coldcard emphasizes a safer user experience. But, at the same time, it also necessitates advanced technical knowledge and additional technology for its efficient usage while being costly. 

Because Coldcard has both positives and negatives, the only way to know if it's right for you is to look at its features and decide if they meet your protection and usability needs. If you are looking for other crypto wallet options, have a look at my article here on the best crypto wallets.


Tags


You may also like

Best Crypto Interest Accounts

Best Crypto Interest Accounts
>