The COLDCARD Mk4 is one of the most refined and hardened bitcoin hardware wallets out there. Coinkite’s long history combined with a border line paranoid obsession with security makes it one of our top hardware wallets to recommend to people. Proudly made in Canada, there’s no other hardware wallet with so many security features!
Contents
Introducing The COLDCARD Mk4 Hardware Wallet
The COLDCARD Mk4 is made by Coinkite and is, obviously, the 4th iteration of COLDCARD to date. Coinkite, a Canadian company, has been a leader in Bitcoin only hardware wallets since the company started back in 2012.
Over those many years they’ve been relentless in improving and upgrading the security features in the COLDCARD resulting in what’s now a very mature and very secure device architecture.
What Cryptocurrencies Does COLDCARD Support?
The COLDCARD Mk4, like all of Coinkite’s products, only supports bitcoin. This is one key thing we fully support them on as they have precisely zero chill for altcoins. Even ignoring all the scams and complete nonsense that 99.99% of altcoins represent, supporting them requires extra code which increases attack vectors and reduces the security of the hardware wallet.
If you’re wanting support for other crypto holdings, you can stop reading this review right now as Coinkite never has and never will support them. We’d probably suggest the BitBox02 Multi instead.
COLDCARD Mk3 Vs Mk4
Released in 2022, the Mk4 version of the COLDCARD improved on the Mk3 in a number of key ways. These included usability improvements like a USB C connector, expanded memory that removed the bitcoin transaction size restrictions as well as additional multisig capabilities.
The Mk4 also added other security upgrades like a second Secure Element, protective sliding cover, USB Virtual Disk Mode, faster processor and the inclusion of an NFC chip, Trick PINs and a much faster firmware upgrade time.
Product Specifications
What’s In The Bag?
- COLDCARD Mk4
- Tamper Proof Bag
- ID Tag
- Wallet Backup Card
- 2 x Stickers
Quick COLDCARD Mk4 Review
Design & Hardware
Our first impressions of the COLDCARD Mk4 when we unwrapped it was that it’s just super cute. There’s no other way to describe it and although this is a very serious and secure hardware wallet, it’s just so tiny it’s adorable.
It looks like it’s a toy calculator from a fancy Christmas Bonbon or from a McDonald’s happy meal. Well, the happy meals from long ago when they used to actually give out cool toys.
The see-through black plastic is also super cool (there are 10 different colors including glow in the dark!) and all the internal components accented in gold makes it clear that a lot of love and hard work has gone into it.
Inspecting the device in more detail though we did notice some less than premium traits. On our unit up the top right area, there were some very light scuff marks next to the screen. Also there’s a number of points around the case edges that have excess plastic sticking out.
Are we being picky? Absolutely. This doesn’t affect the operation of the device in any way and given how small it is, it’s barely visible. But compared to other leaders in the field such as the Foundation Passport, BitBox02 or even the much cheaper Blockstream Jade, it’s build quality or perhaps QC are a bit lower.
Most of the issues seem to be around the edges of the device where their ultrasonic welding occurs, so maybe it’s just our unit or perhaps this process needs some more fine tuning. Regardless, you can judge yourself from our pictures.
Overall these slight imperfections gave us a feeling of it being more “hand made” rather than being built with precision machine manufacturing. For some this will be a pro and others a con. Just be aware that it’s not quite as premium as some other hardware wallets out there if that’s your thing.
Overall we’d still say build quality is solid and quite top tier, just not the best we’ve ever seen.
Display
The 128 x 64 px, 0.80″ black and white OLED display is the smallest screen we’ve seen on any hardware wallet period. Even overall smaller devices like the Jade or BitBox02 have slightly larger and higher resolution screens on them.
Despite this small size, Coinkite’s firmware uses it exceptionally well. In 99.9% of use cases everything is bright, clear and easily readable which is great to see. We did notice one area where text was all but illegible due to its incredibly small size.
This was when sub text is occasionally shown underneath with instructions like “press x to cancel”. As these instructions aren’t the main focus it’s not too much of an issue.
Once again we want to encourage hardware wallet manufacturers to allow users to increase the font size so verifying addresses on their device is easily legible with minimal mistakes. We know the screen being small helps prevent shoulder surfers, but at a minimum it should be the users choice.
LEDs
Just next to the display is a small LED that provides a visual security check each time you turn your COLDCARD Mk4 on. The light is connected directly to the COLDCARD’s secure element and will turn red if the contents of the flash storage has been changed due to tampering or the loading of an evil firmware.
Almost immediately after you turn on the device it will show “Verifying…” as it validates the firmware on itself. On the COLDCARD Mk4 this process takes about half a second and you’ll likely miss it most times it’s that fast, but afterwards the LED turns green to let you know it’s safe to enter in your PIN.
We’ve seen this security LED feature before on other hardware wallets like the Passport, but it’s great to see again here. The simple green/red go/no go signal is just one of the many security layers Coinkite has built in at a hardware level on the COLDCARD.
Buttons
The number pad is durable and solid, almost to the point of being too much so. We found that if you’re using the COLDCARD wallet for an extended period of time, say a few minutes during setup, it can actually be a bit tiring to press as it requires so much force.
It’s possible that this is just stiffness which will reduce over time, but in the week plus of use it’s still just as tight and hard to press. This is excellent at preventing incorrect button presses, but we also noticed that buttons wouldn’t activate even when pressed quite hard.
This non-responsiveness was also quite frequent too, happening around 5-20% of the times a button is pressed depending on which button we tested and how it was pressed. To test this we pressed multiple different buttons 50 times in the center repeatedly, trying to press it with the same force and in the same way each time as best possible.
While we admit that this testing isn’t particularly scientific, we did find that no matter how we pressed various buttons there was always multiple times out of the 50 attempts that wouldn’t register a press. This mainly resulted in the use being slightly frustrating. Again this could just be our device and was only minor in nature.
Connectivity
While the COLDCARD Mk3 and earlier COLDCARD’s could only sign transactions using either the microSD card or its USB connection, the Mk4 introduced a new NFC capability. This allows you to sign a transaction by simply tapping the main button area of the COLDCARD Mk4.
It does raise the question of whether or not the COLDCARD Mk4 is truly “air gapped” given it now has not just wired but also wireless communications capabilities built in. As per the strict meaning of air gapped, it’s not. But as we’ve noted in the past, most manufactures of hardware wallets have long since butchered the true meaning of air gapped.
It’s great that Coinkite is giving its users full control over this though as they can choose to use it like most other hardware wallets with a USB cable, use it with the NFC chip or use it in what is actually a legitimate “air gapped” mode where you never have to connect it up to any internet connected computer ever.
From setup, to everyday viewing and signing addresses right through to upgrading the firmware COLDCARD wallets don’t need to be connected to anything if you don’t want them to which is the best of both worlds we think.
The COLDCARD Mk4’s microSD card has a handy push to eject system, however we would have preferred to see them include a microSD card and also USB C cable in the box. The COLDCARD can also display receive addresses using a QR code, but it cannot sign using it like other devices. Scanning the QR codes isn’t optimal given the small screen size, but it still works fine in our experience.
The USB C connector is located on the top of the device which we quite like as it makes using the device comfortable. Coinkite recommends that it only be plugged into USB power banks or their other COLDPOWER adapter product rather than a PC. It would have been handy we think for it to have a removable, user replaceable battery inside it so you don’t have a cable hanging off all the time.
Perhaps this is too bulky to do in such a small form factor, but something like a small, rechargeable button cell (or two?) could potentially work assuming they could hold enough power.
Finally the COLDCARD Mk4 also introduced another way to sign transactions by using their Virtual Disk mode. This makes the COLDCARD act just like a USB stick where you drag and drop the Partially Signed Bitcoin Transactions (PSBT) file onto it, then sign it using the device.
Advanced Features For Power Users
While we’ll get into the advanced software security in a minute, there’s a ton of hardware level security going on with the COLDCARD Mk4 that should definitely be pointed out. You can physically cut traces on the board to disable its NFC. There’s the caution LED. The whole case is fully transparent to ensure you can clearly inspect it for internal changes or tampering.
But we’re still not done! There’s notes on the PCB to tell you exactly where the two secure element chips are located so you can destroy the device more effectively. They have multiple secure element chips from different manufactures which can also be permanently destroyed using a special “Brick Me PIN” that you define.
This COLDCARD review is already long enough, so we won’t dive into each and every one, but there’s just… a lot! The fact that this is the forth iteration is unmistakable with so much security included.
COLDCARD Warranty
As best we can tell from their website, Coinkite doesn’t offer any official warranty on the COLDCARD wallet.
We cannot and do not warrant that the Products will meet your requirements or expectations, will operate without interruptions, that they will be error-free, virus-free, that the results obtained from their use will be timely, accurate, reliable or current or that any or all deficiencies can be found or corrected.
Coinkite’s Terms Of Sale
While we’ve seen examples where they’ve done limited warranty repairs for defects and Coinkite has let us know that they do work with customers to ensure they’re satisfied, we’ve also seen other examples from random users online where they’ve been refused. We’d like to see them offer at least a 1 year or more warranty as this seems to be the norm among hardware wallet manufacturers.
Security & Privacy
As noted above, there’s an absolute boat load of security and privacy features both at the software and hardware level with the COLDCARD wallet. Besides from one small point, covered below in Code Openness, the COLDCARD Mk4 gets top marks for all of our security and privacy tests.
From anti-phishing words to multiple different trick PINs to their amazing commitment to properly treating and disposing of user data during and after the shipping process, it’s not surprising that they’re known as one of the most secure hardware wallets out there.
They not only accept purchases using Bitcoin to help protect your real world identity, they give you a 5% discount too. Their website is also easily accessible via Tor, although we’d like to also see them support payments via the Lightning Network in the future.
Code Openness & Reproducibility
The firmware and hardware designs for the COLDCARD are publicly available, but not open source.
Their license for it, which you can view on their GitHub, starts out like an open source license, but then has a Commons Clause section at the end which limits things. It also contradicts itself a bit as in the first paragraph it states:
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software…
But then in the common clause section immediately below it revokes this “selling” right:
Without limiting other conditions in the License, the grant of rights under the License will not include, and the License does not grant to you, the right to Sell the Software.
The reason for this seems to be because their firmware was fully open source a few years ago, but then had this commons clause section added to it to protect their code from being copied and sold by other hardware wallet competitors.
Coinkite is of course in their full right to do this as it’s their code and their business. They’ve also ensured that their website is accurate, unlike many other vendors, and now states that their source code is “verifiable”.
We consider fully open source to be the gold standard, so the COLDCARD Mk4 looses a point for this only having verifiable source code. That being said it’s still hugely ahead of most other hardware wallets that don’t even have any of their code available. All of COLDCARD’s firmware builds are also fully reproducible too which is excellent and means they score near perfect marks for this section.
Seed Generation
Paramount to a bitcoin wallets security is precisely how it generates your private keys as this is what everything is derived from. There’s really nothing else to say except that it’s absolutely done perfectly with the COLDCARD Mk4.
You can read the exact process in their FAQ for entropy generation or their blog post here, but Coinkite offers multiple options including having the COLDCARD Mk4 generate the seed using entropy from the MCU as well as both secure elements which also accesses real world analog noise via a special transistor.
If this isn’t enough for you then you can add in further entropy by rolling dice yourself or just bypass it completely and use their excellent Dice Roll Math guide to roll and verify your own entropy. This, together with the multiple unpredictable physical processes used to generate the seed words ensures excellent security for your new wallet.
Seed Storage
A securely generated seed means nothing if it’s not managed and stored properly. Again the COLDCARD Mk4 does this fantastically by leveraging both its Secure Element chips that are built to withstand physical attacks and tampering with, whilst at the same time not actually trusting their closed source code execution.
Coinkite states that the private key is encrypted with AES-256-CTR, using a 256-bit key which is then stored on the SE1 (a Microchip’s ATECC608B):
Once the private key is determined, it is it is encrypted, then stored in SE1 and remains protected by your PIN
Coinkite
As the private key is encrypted before it’s stored on this SE1, the MCU, SE1 and SE2 (a Maxim’s DS28C36B) are all needed in combination to decrypt it. This means that even if somehow one or both of the Secure Elements were fully compromised, the attacker still wouldn’t be able to get your private key.
The overall result is that the COLDCARD wallet gets to use the physical protection capabilities of a secure element without having to trust it at all with your seed phrase. This means your private keys are protected excellently.
Secure Supply Chain
To help mitigate any supply chain issues, Coinkite assigns a unique serial number ID to each Bitcoin hardware wallet that it not only prints on the tamper-proof bag, but also inside the bag on a printed ID tag. That same serial number is then also displayed on the screen when you first boot up the device.
This is because the ID is recorded into the OTP (One-Time-Programmable) flash memory on the device, meaning that it’s unchangeable once programmed in at the Coinkite factory.
You will then be faced with the bag number. As mentioned above, it’s stored in a secure area of the flash memory at the Coinkite factory and approved by a verifiable cryptographic signature used to identify themselves as the original source of this information.
Coinkite
It’s only after you’ve confirmed this ID number matches and that the device hasn’t been tampered with that it lets you begin the setup process. The COLDCARD Mk4 isn’t the only hardware wallet we’ve seen to have this type of supply chain verification process, but it’s excellent to see and all adds to give you top confidence in the security of the device.
Even More Security Features
But once again, we’re not even close to being done covering all the various security aspects. There’s a duress PIN that covertly generates a separate private key, there’s the Brick PIN or countdown to Brick PIN options that will quite literally destroy the entire device permanently when entered.
You can even enable a login countdown where by you must wait a user configurable time delay of minutes, hours or even days before the device will allow use. This is all on top of other things like their encrypted microSD card backup, duress wallet, anti-phishing words which we’ll get into below and countless other software checks during the devices general operation.
To say that the makers of the COLDCARD Mk4 are slightly paranoid is quite the understatement and it’s great to see that incredible attention to detail aimed squarely at helping the world properly protect their digital assets.
Interface & Ease Of Use
As mentioned in the hardware section, the COLDCARD wallet uses a durable number pad with a nice clicking sound as its main input. The display is bright and it’s quite straight forward navigating through the various menus.
While the more technical nature of the COLDCARD Mk4 might scare some more novice users away, we wouldn’t worry too much as the interface is so simple it only takes a few minutes to get used to it. This simplicity stems from their obsession over security as the simpler the software is, the easier it is to maintain and keep free from bugs.
While the number pad is obviously used to enter in numbers for things like your PIN, it also uses the 5, 7, 8 and 9 numbers for navigating up, down, left and right with a cross and tick button for confirming or denying various things.
Startup, not including PIN entry, takes around 14 seconds so it’s clear the new faster processing is helping lots here.
COLDCARD Mk4 Setup
When you first turn it on there is a super simple setup process that it takes you through:
- Agree to terms of service
- Verify the unique serial number ID matches
- Option to upgrade the firmware
- Setup your two PINs and write down your anti-phishing words
- Create a new wallet or import an existing one
After your wallet is created you are dropped into the main menu area with all the various options like the address explorer, advanced tools and settings. If you’re not too technical you can just leave it at that and go use your newly generated wallet.
Advanced users that are more comfortable can continue on and explore the many other deeper features like passphrase and multisig support, maximum allowed network fee settings, idle timeout, menu wrapping, export wallet options, file management, BIP-0085 seed derivation, offline signing, temporary seed mode and more to enable maximum security.
Anti-Phishing Words
Coming back to the anti-phishing words, these are two words that are generated from the first PIN you enter into the COLDCARD wallet on setup. These are unique for each COLDCARD, even if you use the same PIN, and will change if the device has been tampered with without your knowledge.
This provides the user with additional physical security as even if they suffer from an evil maid attack where someone switches out their COLDCARD Mk4 or tampers with it without their knowledge, as soon as they turn it on and enter their PIN it’ll be clear as day that something is wrong as the words won’t match.
Air Gapped Usability
Once you’ve gone through the setup process (which can be done in air gapped mode) and are in the main screen you have the choice of how you can use the COLDCARD Mk4. Connecting it to your chosen wallet software via its USB C connector is identical to most other wallets while using it in its fully air gapped mode is more technical, but still very easy.
You can also export a huge list of your receive or change addresses (250) to a CSV file. This is saved to the microSD card which you can then keep on your computer and use without having to retrieve your COLDCARD
We’d still recommend confirming the receive address on the devices screen each time you receive funds though, as this helps to prevent malware swapping out addresses. If hackers can compromise your computer, they could obviously also compromise that CSV list of receive addresses as well.
Exporting the COLDCARD Mk4 wallet files to Sparrow via the microSD card all worked perfectly and importing it was super easy too.
Firmware Upgrade Process
Upgrading firmware was also quick, easy and completely flawless. They have an in depth and straight forward guide for you to follow and it’s also a very straight forward process. The process also encourages and clearly shows how to verify the firmware hash and signature which is great to see too.
The simple upgrade process paired with their continued and very well supported software releases shows that Coinkite is serious about long term support here. In the just over 1 year that the COLDCARD Mk4 has been out they’ve released 7 updates each with heaps of new features and bug fixes.
Documentation
Coinkite have some of the most in depth, comprehensive documentation for users to read and follow we’ve seen. Everything from how to use their many various security features to how to migrate from a Ledger or Trezor Model T
This combined with the huge array of user guides over the years means you’ll have no issues getting information on how to use it to its fullest.
COLDCARD Mk4 Alternatives
Who Is This Wallet For?
- Users who want the highest level of privacy, security and features
- Users who are super paranoid and security obsessed
- Users who want a Bitcoin only wallet
- Users who insist on using publicly available software and hardware
- Users who want great Multisig wallet support
- Users who really like calculators
COLDCARD Mk4 Competitors
While there’s a number of top competitors that stand out, the COLDCARD Mk4 is definitely one of the best hardware wallets we’ve tested so far. For those looking for something with a more premium build quality or that can’t be connected to an internet connected device at all, there’s the Foundation Passport.
The BitBox02 can’t do air gapped mode, but is also a fantastic device that is fully open source and has great multisig support for future options. If you’re looking for something cheaper then the Jade is also a great device that can do stateless multisig and much more very well.
COLDCARD Mk4 Vs Ledger
If you’re trying to decide between the COLDCARD Mk4 and a Ledger Nano X device (or any Ledger) let us stop you right now. There’s no competition. The COLDCARD Mk4 and its specialized Bitcoin security wipes the floor with all of them enabling far superior security and privacy even before we consider their atrocious “Ledger Recover” program.
Is the COLDCARD wallet a bit more technical? Sure. But it’s also incredibly simple due to its super refined and cut down software meaning it takes only a few minutes to get used to using it. It can be used in USB mode, fully air gapped mode or NFC mode making it more flexible and better on every level.
Should You Buy The COLDCARD Mk4 Hardware Wallet?
Absolutely yes. While the COLDCARD Mk4 might look like a basic calculator, it’s packed to the gills with security that few hardware wallets can compete with. Their use of not just one secure element chip, but two also allows them to have top tier level security that ensures your bitcoin is safe and sound in cold storage.
From the numerous physical security measures to stop physical tampering to their extremely refined software, it all ensures this bitcoin only hardware wallet will keep your life savings safe for years. That being said there are still a few things we think Coinkite can focus on for their Mk5 (or Q?) version.
This includes things like better build quality or quality controls, slightly easier to press and more reliable physical buttons and ensuring all font is big enough to be easily legible in all parts of the software.
While the price of the COLDCARD Mk4 isn’t as cheap as some other wallets out there, it’s clear that this is a bitcoin wallet that means business and will grow with you, no matter how paranoid you become.
FAQ
Is COLDCARD Hard To Use?
No. You can use the COLDCARD Mk4 via a USB cable, NFC tapping or in its fully air gapped mode. In any of these modes operation is super simple because its menu structure is logical, straight forward and helpfully hides away much of the complexity for non-technical users.
Which Wallets Work With COLDCARD?
COLDCARD Mk4 doesn’t have a companion app that Coinkite produces as it uses widely adopted standards like BIP-0174 that makes it compatible with virtually all software wallets that use this binary file format. This includes desktop ones like Sparrow, Specter Desktop, Bitcoin Core as well as mobile wallets like Nunchuk.
What Is The Difference Between COLDCARD And Ledger?
One of the main differences between the COLDCARD Mk4 and any Ledger hardware wallet is that COLDCARD only supports bitcoin. As Ledger supports thousands of altcoins, this means their software is much more complicated with a much bigger attack surface area. COLDCARD also gives you the option to operate the COLDCARD in fully air gapped mode for its entire life.
Is COLDCARD Wallet Safe?
Yes. The COLDCARD Mk4 scores almost top marks in our Security & Privacy test as it generates and stores your private key exceptionally well. It also has dozens of software and hardware security enhancements to take this storing bitcoin capability even further.
Why You Can Trust Us
Our comprehensive review process rigorously researches and tests all aspects of the products we review. If you buy through our links, we may get a commission, but opinions are always our own. Review our full Crypto Wallet Rating Methodology.