This was a great write up on Coinkite who make the Coldcard wallets. A lot of Bitcoin maximalists treat their wallets as the gold standard, being mesmerized by it working via air-gap. You still have to interface it with another computer to sign transactions, and vulnerabilities can exist in that hardware, especially if you didn’t write or test the firmware. And when so many means of interfacing the device exist, you have to wonder how well they vetted each one. And their change from opensource along with no refund policy leaves a lot to be desired. And selling your email address and identity after buying a Bitcoin hardware wallet is pretty bad for the security of the buyer, but I suppose that could be their payment processor which would still fall in their lap. Consequently, I’ve posted about the company with an interview of the CEO who was too profane for my tastes. And below the screen copy from my Redlib privacy proxy for Reddit, I’ve pasted the full comment thread if you’re on a smaller screen.
https://www.reddit.com/r/Bitcoin/comments/185mvtz/do_you_guys_trust_coldcard/
Coldcard’s source code used to be fully open source until another hardware wallet company used their source code. Now the current implementation on the Coldcard is source available. You can still view and verify Coldcard’s source code but you cannot legally use it in other commercial products. Coldcard’s source code remains accessible and verifiable as any open source project. It’s only the license to use in other commercial products that they changed.
21u/mutinomonemNov 28 ’23 edited Nov 28 ’23
I like how politically correct your response was. It doesn’t paint the real picture though does it? They changed from open source because some one else was using the open source code? That’s exactly the idea of open source code. They didn’t like that? Boohoo. You should expect flack for changing this.
-They also continue to use code from actual Open source projects. Simultaneously blocking bitcoin developments in the space by dropping lawsuits on anyone that has code to similar to “their code”. If you’re buying a coldcard instead of true open source bitcoin projects, don’t complain if progress is slower.
-Being pretend open source, like this also reduces the chance of anyone who actually knows what they’re doing reading the code. The incentives to read code come from developing on top of the code. If you own a cold card and haven’t verified the code, slim chance any professionals are checking it.
-They have a “no refunds” policy. Please remember your nations own consumer protection policies over-ride their bullshit “no refunds” so you can still claim a chargeback from the bank with proof of their “sorry no refunds” policy in the form of their shitty emails when you have an issue.
-They also sell your email address etc before “deleting” it from their website. I tested this by purchasing a cold card with completely fresh contact details. A week or so after purchase, spammed with phishing emails.
-Many claim they’re “airgapping” this device. If you haven’t disabled some of optional onboard features out the box you’re not airgapped. Plugging an SD card into and infected computer to your HWW is really no more secure than a USB setup. Once you’ve broadcast a transaction from PC, you’ve broken airgap. Ultimately, still trusting CC code to save your funds.
-Let’s not forget who profited most from the ledger debacle. Interesting really how that was blown out of all proportion and so many rushed to buy a coldcard.
-CC has a larger attack surface than majority of wallets for these 2 reasons. 1. It seems to be the most popular rn. 2. It has capability for USB, NFC, QR(newer models) and SD. Some of these, like NFC are auto connect features. Best disabled. But having all of this on one board is more surface for attack. It’s like a house with many doors/entrances. Ideally you want one door per device.
-anyone aware of a security and penetration testing budget for this wallet? Or is it just a case of “well you can look at it guys, tell us if it’s bad”
These are the red flags. Until they change, I’d probably not recommend this product for a singlesig, protecting someone’s life savings.
3u/CyanFreedomFighterNov 28 ’23
You could pick apart any HW wallet I’m sure, there’s always a trade off between utility/security and accessibility. Depends on what the person wants and the stage in their Bitcoin life they are in. I’m sure someone would argue the seed signer is “bad” if said person generate and encrypt their keys themselves. Just saying “I never recommend (Coldcard)” then propose ledger (I own a nano x) just seems like you have a serious distain the for the users and not the company itself.
Yes. I pick apart every wallet before deciding what to use for myself or others. The points above are specific to coldcard (coinkite). Most other hardware wallets have good points and bad points but no other wallet has so many potential red flags.
Accusing someone of having distain for the users when they are shining a light on bad actors in the space is absolute shit. If I didn’t care about real people and their safety I wouldn’t even bother.
1u/CyanFreedomFighterNov 28 ’23
Potential red flags and bad actors. Hmmm. I’m not going to argue your theories but I will touch on air gapped. Coldcard has air-gapped accessibility but yes, if your sd card is infected, the Coldcard could be infiltrated. That’s always been the case with air-gapped networks and physical attack vectors.
I agree with you and I’m glad you point that out. It’s why so many bitcoiners ditched glacier protocol, realising the difficulty of truly air-gapping anything.
All hardware wallets effectively airgap by default. They’re purpose built hardware with only one task and this keeps the code small and threats low. However you connect to them, you have to trust the devices you’re using will protect your seed. This is why I don’t like the “it’s airgapped bro” reasoning.
You buy a hardware wallet because you want to benefit from the protection of a team of industry professionals following best practices to secure the seed. You have to trust them to do their job. You use a CC, you are trusting Coinkite.
It’s defo not a beginners wallet and for me, not a singlesig option. If anyone reading my comments thinks I’m just picking fault with CC, consider this; there shouldn’t be so many faults. Would you bank with a questionable bank?