5

(808) 466-7324

Cold Card Guide

“The Coldcard device is the most secure Bitcoin wallet of all time. Blue Wallet is the most easy Bitcoin wallet of all time. Combined together, they are the most powerful financial sovereignty toolkit ever created.”

Notes, Benefits, & Limitations of Cold Card

  • The Coldcard Mk.3 is an open-source Bitcoin-only hardware device dedicated to the purpose of creating ultra-secure Bitcoin wallets and making Bitcoin transactions. It allows you to manage all of your Bitcoin private keys and access your funds securely, even if your computer or your phone is compromised.
  • The Coldcard is created by cypherpunks and adheres to the highest standards of Bitcoin security hardware. It is the optimal device for those seeking extreme security and individuals and businesses wishing to store several bitcoins for a long time.
R

Ultra-secure access with pin and passphrase

R

Fully open-source and heavily reviewed

R

Easy backup and secure recovery

R

Bitcoin-only firmware

R

Advanced transaction features

R

Plausible deniability options

R

Great for long-term storage

R

Very reputable and renown team

R

Setup time: 60 minutes

Q

Requires shipping

Q

Less convenient usage

What is this all for?

The Coldcard device is designed to be used in combination with laptop or mobile Bitcoin software wallets. Our recommendation is to use the Coldcard in combination with Blue Wallet or Specter Wallet.

  • Buying Bitcoin from a non-custodial exchange.
  • Ability to transact with Bitcoin on mobile or laptop (funding exchanges, making payments).
  • Storing Bitcoin with backups for long-term before upgrading to a hardware wallet.
  • Managing different wallets for different purposes.
  • Transact easily using the QR code capabilities.

Tip: If this is your first time configuring a bitcoin wallet, schedule a call with us so we can walk you through the process. Go slow, create test transactions, and ask questions before using a wallet for large amounts of bitcoin.

Getting Started

This guide will cover, in order:

  • Installing the mobile application (Blue Wallet) or the desktop application (Specter Wallet)
  • Creating a Bitcoin wallet
  • Creating a passphrase-protected wallet
    Password
  • Creating a backup recovery
  • Updating the firmware
  • Receiving Bitcoin payments
  • Sending Bitcoin payments
  • Additional settings and options

By the end of this guide, you will have an interface installed on your computer or mobile phone which lets you receive, send and store bitcoins from your Coldcard device. Your wallet will be secured with a passphrase, and you will have proper backups in case your Coldcard is damaged, lost or stolen. You will know how to use the privacy features of your Bitcoin wallet to stay anonymous.
This is perfect if you want to buy great amounts of Bitcoin and store them privately and securely and for a long time.

Companion Deskop App: Wasabi Wallet

In this guide, we will teach you how to use the Coldcard in combination with a desktop application called Wasabi Wallet.
The best way to think about the Coldcard is that it is simply a sophisticated calculator that will take care of all the cryptographic algorithms that protect your Bitcoin wallet.
The device doesn’t have access to the internet and does not come with a user interface.
Instead, it is designed to be connected to be used in combination with another mobile or desktop Bitcoin wallet, such as Wasabi Wallet.
To view your Bitcoin balance, to monitor your incoming transactions and to make Bitcoin payments you need access to the Bitcoin Network, which requires the internet.
The purpose of Wasabi Wallet is to connect to the Bitcoin Network and provide a nice user interface which lets you receive, send and monitor payments.
When making Bitcoin transactions, you will enter the amount you want to send and the destination Bitcoin address into the Wasabi Wallet interface, but you will also need to “plug in” your Coldcard device into your computer, unlock it with your PIN, then unlock the wallet with your passphrase directly on the device, then physically confirm on the device which amount you want to send and to which address you want to send it.
If you only want to monitor your balance or receive Bitcoin payments and monitor transactions, you do not need to plug in your Coldcard (after the initial connection). This is commonly referred to as “watch-only” mode.

Security

Coldcard in combination with Wasabi Wallet is one of the safest ways you can use Bitcoin.

  • Both Coldcard and Wasabi Wallet are open-source and have been reviewed independently to make sure there is no malware or backdoor that could compromise your Bitcoin.
  • The Coldcard device is extremely difficult to hack, tamper-proof, tamper-evident, using a secure element. The only purpose of the device is to protect your Bitcoin.
  • The private keys that control the Bitcoin are generated securely on the Coldcard device itself. Everything is encrypted and protected by multiple layers of advanced security.
  • You create a secret “passphrase” which is required to unlock access to your funds when you make transactions or during the wallet recovery process. It is impossible for anyone to steal your Bitcoin without this passphrase.
  • The Coldcard has a keypad which you will use to type in your passphrase. You never have to type in your passphrase on a computer or mobile app: everything happens directly on the device.
  • Even if your computer is compromised by malware which affects Wasabi Wallet, the Coldcard device will prevent unauthorized access to your Bitcoin wallet. That’s what it’s for.
  • Coldcard lets you create backups easily and securely which let you recover access to your money if your computer is damaged, lost or stolen.
  • Coldcard has a double-entry PIN feature which is required to unlock the device.
    The device can be used securely in combination with Wasabi Wallet on your computer by connecting it via a USB cable. For maximum security, you can use a microSD card instead (called an “air-gapped” method).

Securing the wallet: Overview of the basics

p

Before we get into the process of setting up your wallet, go over these basic security principles to make sure that you don’t miss any important information and that you don’t make any avoidable mistakes.

There are 3 security mechanisms that prevent you from accidental loss or theft of your Bitcoin:
1. Two-part PIN on the Coldcard device
2. Seed Backup recovery codes
3. Wallet passphrases

If you lose your Cold Card

  • The Seed Backup allows you to recover your Bitcoin wallets
  • Your Passphrase allows you to unlock the recovered Bitcoin wallets
s

Warning

Both the Seed Backup and the Passphrase are required to recover a lost wallet. If you lose the Seed Backup OR the Passphrase, you will not be able to recover access to your Bitcoin if you lose the Coldcard device.

If someone steals your Coldcard
  • The PIN protects unauthorized access to your Coldcard device, should it fall into the wrong hands.

If someone steals your Coldcard and your PIN

  • They will be able to unlock the device, but they will not have access to your Bitcoin wallets without the Passphrase

If someone steals your Seed Backup recovery

  • They will not be able to recover your Bitcoin wallets without the Passphrase.
s

Warning

If someone has access to both your Seed Backup your Passphrase, they can steal your Bitcoin! Do not keep a copy of them in the same place!

How people lose their Bitcoin

The risks of losing funds by getting hacked are very low, unless you are specifically targeted by a highly skilled attacker. You must develop a “threat model” by analyzing different risks based on different situations.
Always keep the following scenarios in mind when creating and using your Bitcoin wallet.

Loss and Physical Theft

The most common causes of people losing their bitcoin is accidental loss and physical theft.

  • You forget your passphrase.
  • You lose your Coldcard device (or it breaks) and you don’t have a backup.
  • Someone finds a copy of your backup and you hadn’t put a passphrase.
  • Someone finds a copy of your backup, but you were also storing your passphrase at the same place and now they have both.
  • You write down your PIN and your passphrase (or you don’t put a passphrase) in the same location as you keep your physical device and someone steals all of it.

Scenarios where you can lose your funds:

s

There are 5 rules to making a Bitcoin backup;

  1. If you do not have a backup and you lose access to the Cold Card device, you will lose access to the Bitcoin permanently.
  2. Each wallet you create in Blue Wallet has its own backup that you must write down – there is no general backup.
  3. If someone finds the backup of your wallet, they can steal your money.
  4. Never store your passphrase in the same place as your backup. Don’t leave them out in the open either, someone will take your bitcoin.
  5. Don’t take a picture, print or share your words

What you Need

  • A Coldcard Mk.3
  • A USB-A to micro USB cable
  • A microSD card (32GB or less)
  • An adapter to connect the USB-A cable and/or the microSD card to your computer
  • A desktop or laptop computer with one of the following operating systems:
    • MacOS
    • Windows
    • Debian / Ubuntu
    • Linux
  • Or a mobile phone with Blue Wallet installed
  • Paper and pen for the wallet backup process
  • An internet connection
  • 60 minutes of your time

Make sure you are in a secure location with no peering eyes

Initializing the Device

  1. Inspect that the sealed bag hasn’t been tampered with.
  2. Open bag and remove its contents.
  3. Make sure the serial number inside of the bag matches the one on the outside.
  4. Using the USB-A to micro USB cable, plug the Coldcard to your computer. Use the USB adapter if necessary.
  5. Make sure the number displayed on the device screen matches the one on the bag.
  6. Accept Terms of Service.

Choosing a Pin

The next step invovles creating a pin to protect access to your device and wallet. Take a few minutes to choose the right PIN for your wallet. No rush!

PIN security basics

  • Write down the PIN you want to use before entering it in your Coldcard.
  • Use at least 4 digits for each half of the PIN (8 in total).
  • The PIN is required every time you want to use the Coldcard.
  • Ideally, create a unique PIN that nobody can guess but that you can remember.
  • If you lose the PIN, you lose access to your Coldcard forever.
  • You cannot change your PIN.
  • If you want to change your PIN, you will have to start the process all over again.

WARNING: There is no way to recover a lost or forgotten PIN. You have up to 15 attempts to enter your PIN, after those attempts, the device becomes useless.

What happens if I lose the pin?

If you lose the PIN, you will lose access to the device. However, you will be able to recover access to the Bitcoin using your Bitcoin backup and your passphrase (see below).

Pin Steps

Entering this is a two-step process. The PIN is composed of two parts, the prefix and the suffix. Use at least 4 numbers for each half of the PIN.

PIN example: 10101-1971

After entering the prefix, two words will be generated and displayed on the device. These are known as your anti-phishing words. The same two words are supposed to appear each time you enter the prefix. The purpose of these words is checking that the Coldcard has not been compromised and is safe for you to use before entering in the rest of the PIN.

  1. Enter the PIN prefix;
  2. Write down the two anti-phishing words;
  3. Enter the Suffix (second half of your PIN);
  4. Confirm your PIN Prefix and Suffix.

Updating the Firmware

Updating the firmware is essential to making sure that your Coldcard is not vulnerable to any new attack vectors.

  1. Insert microSD card in computer (often it will appear as “NO NAME”);
  2. Download latest firmware version from here onto microSD card;
  3. Eject microSD card and insert it in your Coldcard;
  4. Select “Advanced” > “Upgrade” > “From MicroSD card” > select the .dfu file.
  5. Enter PIN code once upgrade is complete.

You will be back on the Coldcard’s main menu, stay there until you read the instructions on the next page.
Now that your device is up to date with the latest firmware, we will proceed with the actual creation of your wallet.

p

To view your current version on your Coldcard, select “Advanced” > “Upgrade” > “View Version”.

Wallet Backup Basics

  • The most important job of a Bitcoin Wallet is generating and managing cryptographic private keys which allow you to control your Bitcoin. The keys are generated and stored on the device itself.
  • Creating a backup means exporting these keys from the device and making a physical copy of them.
  • If the device on which your Bitcoin private keys are stored is lost, broken, stolen or otherwise inaccessible, you can import the physical backup into a new device and your Bitcoin will be recovered there.
  • A Bitcoin backup consists of a series of 24 words generated randomly by the Coldcard’s secure element.
  • These words, in combination with your passphrase, allow you to recover access to the keys of your Bitcoin wallet in case you lose them.

 

s

There are 5 rules to making a Bitcoin backup;

  1. If you do not have a backup and you lose access to the Cold Card device, you will lose access to the Bitcoin permanently.
  2. Each wallet you create in Blue Wallet has its own backup that you must write down – there is no general backup.
  3. If someone finds the backup of your wallet, they can steal your money.
  4. Never store your passphrase in the same place as your backup. Don’t leave them out in the open either, someone will take your bitcoin.
  5. Don’t take a picture, print or share your words

Create Wallet Backup

The first step to creating a wallet is creating the wallet backup. The reason Bitcoin wallets do this is to make absolutely sure that you created the backup before adding money to the Bitcoin wallet.

Navigating the menu of your Coldcard device

  1. Select “New Wallet”.
  2. Get a pen and the piece of paper that has been provided.
  3. Write down the 24 words that are displayed on the Coldcard in their correct order – this is your private key.
  4. Take your time and write them down correctly.
  5. Make sure that the words are easily readable and in the correct order.
  6. Make sure the number in front of each word corresponds with what is displayed on the device.
  7. Triple check to make sure.
  8. Find a secure way to store it.
  9. Get creative! You can do two backups and store them in different places. You can store your backup on metal. 
  10. Complete the test to confirm that you have correctly written down the words by pressing on the number that corresponds to the word that is asked of you.
p

If Coldcard, Blue Wallet, or Wasabi wallet suddenly go out of business and they remove their device and application respectively, having your backup will allow you to still have access to your funds.

Passphrase Overview

The next step involves entering a passphrase. This prevents you from getting your funds stolen if someone gets access to your device and its PIN or to your 24-word backup. Before doing this step, please read below to know some important basics.

What is a passphrase?

  • It acts as a password that you add on top of your wallet backup (24-word seed phrase).
  • You can create as many passphrase-protected wallets as you like, with each new passphrase generating a completely new wallet.
  • It serves to protect your funds in case your 24-word backup is compromised (stolen, someone else sees it), since it is required to gain access to your funds.
  • The default wallet does not have a passphrase, adding one gives you plausible deniability, since little to no funds can be held on the default wallet, with the majority held on the passphrase-protected wallet.
  • If someone comes into contact with your 24-word seed or digital backup, they won’t be able to steal your funds since they also need the passphrase to unlock the funds.

Passphrase Security Basics

  • Write down the passphrase you want to use before entering it in your computer.
  • The passphrase is required every time you want to spend the funds from your Coldcard.
  • Use a combination of words as a passphrase to have less trouble remembering it.
  • Use at least 12 characters in your passphrase, 24 characters offer more security.
  • If someone has access to your PIN and Coldcard, the passphrase will prevent them from taking your Bitcoin.
  • Create a unique passphrase that nobody can guess but that you can remember.
  • If you lose the passphrase, you lose access to your Bitcoin forever.
  • You cannot change your passphrase.
  • You can only create a new one, which in turn will generate a new wallet.
  • The passphrase is required to recover your access to your Bitcoin if your Coldcard is damaged, lost or stolen.

Steps for Adding a Passphrase

  1. Write down the passphrase you want to use before entering it in your computer.
  2. Select “Passphrase”.
  3. Select the following:
    1. Add Word
    2. You will have a selection of words to choose from, taken from the BIP39 wordlist
    3. Select at least 4 different words, and choose up to 12.
    4. Find the word you want by first selecting its first letter. You will also have the option to add a space before or after the word and if you want to use upper or lower case letters.
  4. Once entered, select “APPLY”.
  5. A new wallet identifier, also called a fingerprint, will be created. Note this down.
  6. Press on the check mark.
s

You must enter the passphrase each time you want to access the passphrase-protected wallet, else you will be in the default, or passphrase-free, wallet.

Installing Wasabi Wallet

We will need to download Wasabi Wallet in order to interact with the wallet our Coldcard has generated for us.

  1. Download Wasabi Wallet from wasabiwallet.io
  2. Launch the Wasabi app on your desktop.
  3. Accept Terms of Conditions

Optionally, you may elect to use Blue Wallet to interact with your Cold Card.

Now all that’s left is to connect the Coldcard to your computer so that you can interact with it.

Z
With PGP signatures you can verify that the software package you download is actually the one by the developers. This protects you against malicious man in the middle attacks where bad guys give you a fake version of Wasabi with malicious code.
Every release of Wasabi is signed by zkSNACKs, the company behind Wasabi.
  • You can verify that the PGP public key 6FB3 872B 5D42 292F 5992 0797 8563 4832 8949 861E is actually the one of zkSNACKs. 
  • If the PGP key in your terminal matches the one above, then you are certain that the software is authentic.

Connecting with Wasabi Wallet

In this step, we will be connecting the Coldcard to Wasabi Wallet to view your wallet balance, send and receive Bitcoin.
Wasabi should automatically detect the hardware, and open the Hardware Wallet tab, else do the following:

  1. Open the wallet manager by selecting “File” and then “Load Wallet”.
  2. In the left hand menu, select “Hardware Wallet”.
  3. Select “Search Hardware Wallet” from the bottom right hand corner.
  4. “Coldcard” should appear, select it.
  5. It will load in the right-hand menu.

 

Air-Gapped Coldcard (optional)

You can also interact with the wallet generated by the Coldcard without ever connecting the device to a computer. In this case, your Coldcard is air-gapped.

In this step, we will be connecting the wallet generated in your Coldcard to Wasabi wallet to view your wallet balance, send and receive Bitcoin, without ever directly connecting your Coldcard to the Wasabi Wallet software.

Prerequisites:

  • You use a power-only cable to power up your Coldcard (you can use your computer as a power source since there is no data transfer between the devices);
  • You power up your Coldcard by using a wall outlet or battery pack.
  • A microSD card (32GB or less)

Steps for exporting the wallet file:

We will be uploading the wallet file using the microSD card as to ensure that there is no direct connection between the Coldcard and other devices connected to the Internet.

  1. Insert the MicroSD card into your Coldcard
  2. With the Coldcard unlocked, select Advanced
  3. Select MircroSD card
  4. Select Export Wallet
  5. Select Wasabi Wallet
  6. The wallet file named “new-wallet.json” will be written on the MicroSD card.

Steps for connecting to Wasabi:

  1. Insert the MicroSD card in your computer
  2. Open the Wasabi Wallet application on your computer
  3. Select the Hardware Wallet tab in Wasabi wallet in the left-hand menu
  4. Click the Import Coldcard button
  5. Select the “new-wallet.json”file from the MicroSD card

Coldcard with Bluewallet – Using Dropbox or Google Drive

Using Blue Wallet, we can use PSBT and a watch-only wallet. We can send transactions offline with your Coldcard and Bluewallet, using Dropbox or another cloud file-sharing software/app.

  1. Start the Coldcard device, go to Advanced ➤ MicroSD Card ➤ Export Wallet ➤ Electrum Wallet.
  2. Put the SD card into Coldcard. Choose Native Segwit. It should create wallet skeleton file on SD card.
  3. Put the SD card into the PC and move the created wallet skeleton file onto the Dropbox folder.
  4. Grab the iPhone, launch BlueWallet, tap Create a wallet ➤ Import wallet ➤ scan QR or import from file ➤ tap file icon and choose your wallet skeleton file. It should import your Coldcard wallet as watch-only.
  5. Create a transaction from this watch-only wallet, when prompted – export it to a file and save it in Dropbox folder.
  6. Put the SD card back into the PC, and move the file from Dropbox folder to the SD card.
  7. Put the SD card into the Coldcard, go to Ready To Sign and proceed with signing the transaction.
  8. Put the SD card into the PC. There should be 2 new files: a file with the transaction hex that is ready to broadcast (*-final.txn), and a signed transaction file (*-signed.psbt). Let us finish the transaction on mobile, so move signed transaction file to Dropbox.
  9. On the mobile phone, tap Open Signed Transaction, and choose the signed transaction file from your Dropbox.
  10. Tap Send now!
p

Take in consideration that we used dropbox on this example, but anything will work, File system, iCloud, Bluetooth, AirDrop, box.com, direct lightning to sd card adapter, etc

Steps for Receiving Bitcoin Payments on Wasabi

  1. Go to the Receive tab.
  2. Generate a Bitcoin address
  3. Wasabi Wallet will ask you for a label. You should write what the payment is for or who it is from to keep track of your transactions.
  4. Once generated, the address is automatically copied to your clipboard.
    1. You can use the dropdown menu to see the QR code and other address details.
    2. Right click on the address to save the QR code, copy the address, hide the address or edit the label.
  5. Share this Bitcoin address with whoever you want to receive a payment from.
  6. Once the payment is received, it will appear in the “History” tab and will also appear in your available balance on the “Send” tab.

Steps for Sending Bitcoin Payments on Wasabi

To send Bitcoin using Wasabi, all you need is the Bitcoin address of the recipient, and your signing device (Cold Card).

  • Wasabi implements a technique called Coin Control by default. When you are sending transactions, you must select the individual coins available in your wallet, also known as Unspent Transaction Outputs (UTXO), that you wish to send.
  • You can select several at a time if the balance you wish to send exceeds the balance of any one coin.
  • Think of bitcoins as actual physical coins of different amounts in your pocket. When you spend them, you will combine the change, and you will get some new change back.

Steps for Sending Bitcoin Payments on Wasabi

  1. Select the coins you want to spend.
  2. Paste the bitcoin address of the recipient in the address field.
  3. Write a label for this transaction, so you know what the transaction was for or who you sent it to.
  4. Enter the amount to send. It must be lower than the total value of the coins that were selected for spending.
  5. Press the “Max” button to send the whole selected amount (if you want to move the funds to another wallet you control).
  6. The amount you enter must be in Bitcoin. Wasabi provides an estimated value in fiat currencies.
  7. Select a mining fee. You have a sliding bar to adjust the fee amount depending on how quickly you want this transaction to be accepted by the network. You can enter a custom amount as well. There are several methods of looking up the current fee rate, one being mempool.space.
  8. To enter a custom amount, you have to enable “Manual Fee Entry”. Go to “Tools” > “Settings”.
  9. Enter the password.
  10. Click “Send Transaction”.
  11. Confirm the transaction on your Coldcard.
  12. The outbound transaction will appear in the “History” tab and the coins will be deducted from the available balance in the “Send” tab.
  13. If you did not send the full amount available to spend, you will receive some new coins that you will see in the “Send” tab. That is the change that is sent back to you after you sent the payment.