Coldcard Hardware Wallet


A bitcoin only Hardware Wallet produced by Coinkite for Secure Offline Private Key Storage

Buy one with a CypherWheel for complete Bitcoin Security!

  • Open source firmware, no black box software
  • Never needs USB connection. Full life cycle can be offline
  • Rigorous PSBT change-fraud checks
  • Secure element for secret storage, not main MCU memory
  • SE enforces max 13 PIN attempts (not MCU, not policy)
  • Anti-phishing words shown before complete PIN entered
  • Up to 12 digit PIN code (2+2 to 6+6 digits supported)
  • Encrypted backups (7z, AES 256) direct to MicroSD Card
  • Third generation of PCB-level hardware defenses, and now epoxy, too
  • MiTM protection in our encrypted USB protocol (open source, see ckcc-protocol)
  • Coldcard firmware releases and signed with factory key
  • Flash memory verified by SE, directly driving red/green LED
  • Bitcoin only so we can focus our efforts
  • Seed encrypted when in SE by One-Time Pad (key for that in secure bootrom area, no access by MicroPython)
  • Side Channel Defenses: common-mode chokes, ferrite beads, additional power supply bypassing
  • Display masking signal to foil OLED-generate power supply noise

Complete Documentation at Coldcard website.


Coldcard Bitcoin Hardware Wallet

  • Bitcoin Only
  • Open-Source Easy-to-Use
  • Ultra-Secure
  • Loved by Cypherpunks

Secure Element + Open Source

Physical Security. Your seed words are stored in a specialized chip, designed to securely store secrets. All code is open source, and you can compile it yourself.

True Air-Gap Operation

Only hardware wallet with option to never be connected to a computer, for full operation: from seed generation, to transaction signing. Uses Partially Signed Bitcoin Transactions (PSBT) (BIP174) natively!

Duress Wallet Features

Duress PIN

We provide an optional “duress PIN code”. If you enter that PIN code, instead of the “real” PIN code, nothing special is shown on the screen and everything operates as normal… However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!

To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don’t know.

The “duress” wallet will still be derived from the original BIP39 words, so you don’t need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.

BIP39 Passphrases (25th word)

We now support BIP39 passphrases so you can also create an unlimited supply of distraction wallets. This feature is also useful for your own organization of funds or accounts. Unlike the single duress PIN, an unlimited number of related wallets can be created using BIP39. And backup your BIP39 seed words with a CypherWheel.

Brick Me PIN

Another PIN can also be defined, which we call the “Brick Me” PIN. Using that PIN code at any PIN prompt, will destroy the secure element and render your Coldcard worthless. Again, this may form some part of your game-theory for duress situations, but is completely optional.

Login Countdown

Force a time delay when logging into the Coldcard. Once enabled, you must enter you PIN correctly, and then wait out a forced delay (of minutes/hours/days) while a count down is shown on-screen. Then enter your PIN correctly, a second time, to get in.

Air Gap Operation

Coldcard never needs to touch a computer. It can work entirely from a USB power pack or AC power adapter. This includes everything you need to do in the whole life of the product:

  • Initial PIN choosing and setup.
  • Pick your 24-seed words using our TRNG, import existing secrets, or use your dice rolls.
  • Export skeleton wallet files, for setup of Electrum or other desktop/mobile wallets.
  • Export lists of payment (deposit) address, using the Address Explorer.
  • Backup of seed and settings, which saves an encrypted 7z file.
  • Sign transactions for spending your Bitcoin, using PSBT files (BIP174) from any standards-compliant wallet.
  • Firmware upgrades.
  • Advanced users can even setup a multisig wallet between multiple cosigners, entirely on-device, and air gapped.

Use our industrial grade MicroSD Cards or any standard MicroSD card, for each of the above steps that require data to come in and out. Sneakernet for the win! If you want to reach the next level a paranoia, you can use different cards for data coming into versus out-of the Coldcard, and/or use cards a single time only.

Dice Rolls for Seeds

Casino Dice
If you don’t trust our random number generator, you can generate the BIP39 seed phrase using dice rolls. We help with this process: you just have to press 1–6 for each roll (99 rolls recommended). At the end of that process, you’ll have a properly-encoded seed phrase based solely on the dice rolls.
Buy Casino Grade Dice right here at CypherWheel, or buy a package deal of a Coldcard and Dice together!

Supply Chain Protections

Getting an uncompromised product into your hands is a challenge:

Bag Number

First and foremost, we use a tamper-evident plastic bag to package the product. Each bag is unique and coded with a number. That “bag number” is written into the Coldcard’s secure element as it’s put into that bag. That value cannot be changed, and we ask your to verify the bag number when the Coldcard is powered-up for the first time at your location.

Clear Case

The clear plastic case on Coldcard is an important feature as well. There have been demonstrations of inserting custom hardware inside a competitor’s hardware wallet to capture key-presses.

Epoxy Globs of Love

We cover the secure element, and other sensitive parts of the Coldcard with epoxy. This makes it harder to remove those chips, or change the wiring around them.

Additional information

Weight10 oz
Dimensions3 × .3 × 4 in

Coldcard, Coldcard and Dice, Coldcard and CypherWheel, Coldcard, Dice, and CypherWheel

Visit our sister companies: