The comedian Dennis Miller once joked about computer viruses, “When you link up to another computer, you’re linking up to every computer that that computer has ever linked up to.” If so, CoinKite, maker of the Coldcard hardware wallet, has invented an extra-strength prophylactic for bitcoin investors.
The startup just released Coldpower, which allows users to charge their hardware wallets by connecting the USB plug to a 9-volt battery, rather than, say, plugging it into a laptop. Comparing it to a popular gizmo that prevents accidental data exchange when one device is plugged into another to charge, CoinKite says Coldpower is “like a ‘USB condom,’ but self-powered.”
“We want to help protect people from ‘bad USB’ attacks by facilitating air-gap use of their Coldcard,” CoinKite CEO Rodolfo Novak said. “Air-gapped” use means not connecting a device to the internet.
Simultaneously, CoinKite rolled out Seedplate, a metal plate for engraving a recovery seed, which is like an emergency password for accessing bitcoin. Since the phrase is carved in metal, there’s less risk of it being lost or damaged than if written on a piece of paper. Novak called it a “backup of last resort.”
Taken together, these products underscore the idiosyncratic risks of cryptocurrency, which, although digital, is arguably a bearer asset like physical cash. Once a private key for cryptocurrency is stolen, the coins are likely gone for good. The holder of the private key is responsible for keeping it secure, and the required precautionary mindset often borders on paranoia.
Hardware wallets like Coldcard, Opendime, Ledger, or Trezor are considered one of the most secure ways of storing bitcoin private keys since they are devices that are stored offline and are less susceptible to hacks. But even when using them, there are obscure ways bitcoins can be hacked or lost.
“Our ultimate goal at Coinkite is to make all aspects of HODLing safer,” Novak said, referencing the “hodl” meme, a misspelling of “hold,” used as a shorthand for the act of storing bitcoin and waiting to see how the novel digital currency fares over the years.
In April, Novak gave a talk spotlighting his “disdain” for the USB standard for connections between hardware jacks at a virtual reality meetup. The standard is centralized, he said, and thousands of pages long, so “no one can get through them.” He listed many attacks that can be used with the connection tool.
Not even a simple power adapter can be trusted, according to Novak. “There are many USB hacks and someone could make an evil power adapter/bank or an evil cable,” he said.
Coldpower, on the other hand, is “a verifiable ‘dumb,’ no-smart-electronics-to-be-hacked power supply.” The next best thing to abstinence, perhaps.
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.