• ₹14,999

Imported & Original

Imported
& Original

Free Shipping

Free
Shipping

Awesome Support

Awesome
Support

Secure Checkout

Secure
Checkout


Ships after Thu, Mar 4


Need help?

Coldcard is a Bitcoin-only open-source ultra-secure hardware wallet. It is a physical Security. It stores seed words in a specialised chip which is designed to securely store secrets. On top of it, all code is open source, so you can compile it yourself.

Supply Chain Protections

Coldcard MK3 Etherbit India

First and foremost, Coldcard uses a tamper-evident plastic bag to package the product. Each bag is unique and coded with a number. That "bag number" is written into the Coldcard's secure element as it's put into that bag. That value cannot be changed, and we ask your to verify the bag number when the Coldcard is powered-up for the first time at your location.

The clear plastic case on Coldcard is an important feature as well. There have been demonstrations of inserting custom hardware inside a competitor's hardware wallet to capture key-presses.

Coldcard covers the secure element, and other sensitive parts of the Coldcard with epoxy. This makes it harder to remove those chips, or change the wiring around them.

Secure Element + Open Source

Physical Security. Your seed words are stored in a specialised chip, designed to securely store secrets. All code is open source, and you can compile it yourself.

True Air-Gap Operation

Only hardware wallet with option to never be connected to a computer, for full operation: from seed generation, to transaction signing. Uses PSBT (BIP174) natively!

Secure Element for key storage

We find it a quite scary that some Bitcoin wallets trust the main microprocessor with their most valuable secrets. Instead, Coldcard uses a Secure Element to protect your Bitcoin.

Specifically, the Coldcard (MK3) uses Microchip's ATECC608A to store the critical master secret: the 24-word seed phrase for your BIP32/BIP39 wallet.

This little chip is very powerful. Communication is controlled by complex challenges and SHA-256 responses which prevent replay and eavesdropping. The secure element enforces cryptographically, that the attacker must know the PIN to access the secrets. An attacker cannot brute-force combinations or replay a previous login sequence. This remains true even if they removed the chip from the board or fully-replaced the firmware in the main microprocessor. In fact, even with the secure element removed from the system, and all the secrets of the main micro fully-known, the attacher would still only get 13 tries before the secure element bricks itself! (Don't worry, this counter is reset every time you login correctly.)

Even if there was some critical security bug in the secure element that completely exposed the secrets it holds, your Bitcoin would still be safe, because we encrypt the contents of the secure element with a one-time pad known only to the main micro.

More details are available in this white paper and the complete source code is available.

Genuine vs. Caution Lights

To resist Evil Maids, and other sneaky people with physical access to your Coldcard, we sign our firmware with a factory key. During boot-up, the firmware's signature, and every byte of flash memory, will be verified and the appropriate Green/Red light set. Changing that light's status is actually controlled by dedicated circuitry connected directly to the Secure Element, so a rogue bit of software cannot override it. The circuit for the lights is exposed on the top surface of the product, and covered with clear epoxy, so any physical tampering by those maids will be visible as well.

Anti-Phishing Words

The PIN code on Coldcard is divided into two parts, such as 1234-5678. You first enter 1234 and then you will be shown two words on-screen. Those words are unique for all PIN prefixes, and for each Coldcard ever made. (The secrets used to enforce that come from inside the secure element, and are unknown to the rest of the world.)

Your job is to memorize those two words, keep them secret, and every time you use the Coldcard, check them before entering the final 5678 part of your PIN. This protects you against a trojan-horse Coldcard that might look like yours but it cannot know those two words.

Physical Security

The secure element and critical parts of the main micro are covered by epoxy at the factory. Our clear case is part of our security model too, so you can look and see if a "hardware implant" has been inserted inside your device.

Because of the in-depth use of the secure element, there is no "factory reset" for the Coldcard. If you forget your Coldcard PIN, there is nothing we can do except remind you to recycle your e-waste responsibly!

We've even put a label, "SHOOT THIS", for more effective device destruction. When the time comes.


Customer Reviews

Based on 2 reviews Write a review