Table of Contents
- Open-Source Decision to Ease Ledger-Related Concerns
- CoolWallet’s Public Statement: Supporting Open Source, Forever In The Open
- If CoolBitX is required by regulatory agencies to disclose user assets, is there a possibility of them being accessed without user consent?
- How Secure is CoolWallet?
- Open Source Firmware: FAQ
CoolWallet To Make Public Its Open-Source Secure Element Chip Code of Hardware Wallet Series
Leading global hardware wallet brand CoolWallet has unveiled plans to open-source its secure element chip’s code in order to alleviate users’ security concerns and provide greater transparency in the wake of rival Ledger’s recent privacy blunder. The decision by CoolWallet, known for its pioneering security and innovation in the crypto cold storage sector, has garnered widespread support from the global cryptocurrency community.
CoolWallet ensures asset security through its unique card-like design, offering the same level of protection as a credit card. Its tamper-proof exterior military-grade encrypted Bluetooth significantly reduces the risk of external threats and attack vectors.
Moreover, CoolWallet’s sophisticated CC EAL6+ secure element chip, rigorously tested to prevent tampering and unauthorized access, demonstrates the commitment to user security by the cold storage brand, which will celebrate its 10th birthday in 2024.
By opening its source code, CoolWallet aims to increase global community trust in its product. The company will continue providing secure and reliable cold wallet solutions, ensuring true peace of mind for users in the cryptocurrency world.
This tweet by CoolBitX Technical Director Wesley Wen explains more:
Open-Source Decision to Ease Ledger-Related Concerns
A large public backlash to market leader Ledger’s recent launch of their “Ledger Recover” private key recovery service has created some inaccurate and damaging misconceptions through news outlets and social media platforms on the general safety of secure elements in hardware wallets.
In response, Michael Ou, CEO and founder of CoolBitX, the maker of CoolWallet, publicly voiced his concerns unequivocally on Twitter:
“The Ledger Recover service goes against the core principles of cryptography, concentrating asset security risks in a few centralized entities.”
Ou further emphasized, “CoolWallet firmly believes in self-custody, advocating user autonomy and asset security, and is committed to providing the safest wallet solutions. The blockchain industry requires constant improvement in understanding and commitment to digital asset security.”
CoolWallet’s Public Statement: Supporting Open Source, Forever In The Open
CoolWallet understands the importance users place on asset security and takes the highest standards to protect user funds. CoolWallet has already open-sourced the SDK code for wallet integration, and now, underscoring its commitment to full transparency, it is actively working on the open source documentation of the SE chip code, which will enable the blockchain community to review and verify its security measures independently. CoolWallet’s open approach aims to imbue users with increased confidence and a renewed promise that their assets are fully protected at all times.
If CoolBitX is required by regulatory agencies to disclose user assets, is there a possibility of them being accessed without user consent?
No, CoolWallet does not have a third-party recovery service. Best efforts are made to protect the user’s key in CoolWallet, as the mechanism employed ensures that exporting private key information is not feasible. The secure chip used in CoolWallet allows for write-in functionality, but it strictly prohibits export-out capability. This means that private key information remains securely stored within the chip, offering enhanced protection. Even CoolBitX is unable to access the private key once it is stored, further reinforcing the security measures in place.
CoolWallet adheres strongly to the original ethos of cryptocurrency self-custody, which holds that a wallet owner should have sole custody and control over their digital assets in order to eliminate intermediaries and safekeep them as effectively as possible. With this comes the mutual understanding that the user is responsible to safely manage and store their private information.
This social contract is mutual in nature:
1) the wallet provider empowers the user to self-custody their own assets
2) the user trusts the wallet provider to ensure that their private keys or recovery seed cannot be extracted through any method
Therefore, governments cannot obtain users’ private keys and assets through CoolBitX or any third-party institution, as no such data can ever be collected. Additionally, by gaining access to its open-source firmware code, the community can further verify that CoolWallet does not have a backdoor to extract private keys, ensuring the security of stored private keys.
How Secure is CoolWallet?
- Design of the Cold Wallet: Private key generation and transaction signing take place in an offline environment to mitigate the risk of network attacks.
- Physical Security: CoolWallet’s unique card design prevents disassembly, thereby ensuring that users’ private keys are not exposed to external devices and reducing the risk of key compromise.
- Secure Element Protection: Equipped with a military-grade CC EAL6+ secure element chip, CoolWallet undergoes strict testing to prevent tampering and unauthorized access, thereby safeguarding the security of private keys. The specialized hardware encryption module and secure storage protect private keys and execute cryptographic operations.
- Open Source Code: CoolWallet has demonstrated its commitment to openness and transparency by actively working on open sourcing the secure element chip code, allowing the community to review the absolute security of its private key storage.
As the cryptocurrency market witnesses an increasing number of hacking and scam attempts, CoolWallet stands as the preferred choice for cold wallet security. Whether you are a newcomer to the cryptocurrency space or an experienced crypto enthusiast seeking advanced security performance, CoolWallet offers an absolutely secure solution with its outstanding technology and reliable security commitment.
Open Source Firmware: FAQ
Why did CoolWallet decide to open-source the SE chip?
The CoolWallet team has always been committed to an open-source approach in product design, as evident from our publicly available SDK documentation for Bluetooth connections. To further uphold our commitment to openness and transparency, the CoolWallet technical team is actively working on open-sourcing the SE chip code, allowing the community to review it for any potential backdoors and ensuring the security of stored private keys.
Once the CoolWallet firmware code is open source, will my assets still be secure?
Absolutely! Your private keys will not be exposed due to the open-source nature of the firmware code. Your assets remain secure because your private keys are stored in the secure chip of the CoolWallet. The open-source firmware code does not allow anyone to extract your private keys from the secure chip. No one, not even the CoolWallet team, can access your private keys.
If CoolBitX is requested by regulatory authorities to disclose user asset information, will my asset information be monitored?
No, it won’t be monitored. CoolWallet does not have a third-party custodial recovery service. The private key information is stored only on the secure chip, and once the private key information is stored, even CoolBitX cannot retrieve it. Therefore, the government cannot obtain users’ private keys or related asset information through CoolBitX or any third-party institution. Additionally, through open-source firmware code, the community can further review for any backdoors that would allow extraction of private keys, ensuring the security of storing private keys.
Does open-source firmware code pose a supply chain attack risk, allowing malicious individuals to install backdoors in CoolWallet?
CoolWallet strictly requires official authorization for firmware updates, preventing external malicious actors from installing backdoors in CoolWallet hardware on their own. The security of users and the system is protected through the robust security mechanisms of the industry-leading OpenPlatform, which includes various security measures such as user authentication, permission management, access control, data encryption and transmission, security monitoring, and log recording. OpenPlatform has a solid reputation in the field of information security, regularly conducting security assessments and promptly patching any vulnerabilities or weaknesses discovered. Therefore, the use of open-source firmware code does not increase the risk of supply chain attacks.
How do we ensure the security of CoolWallet’s hardware and prevent any malicious modifications to its internal chip?
CoolWallet is manufactured using a special cold-pressing technique, creating a thin and lightweight card. Once the card is disassembled, the cold wallet becomes unusable, eliminating concerns about chip tampering, unlike other brands of cold wallets. That’s why if any issues arise with CoolWallet, it cannot be repaired and a new card must be replaced. However, there are still many counterfeit products on the market. To ensure you get a genuinely secure CoolWallet, we recommend purchasing from the official website or authorized dealers.
When using the CoolWallet cold wallet, which interacts with mobile devices using Bluetooth technology, will my private keys be transmitted to the connected mobile device?
No, your private key will not be transmitted to the connected mobile device when using the CoolWallet cold wallet with Bluetooth technology. The private key is securely stored within the cold wallet’s secure chip, which has a CC EAL 6+ security level. When you initiate the advanced recovery function with the cold wallet, the private key is generated within the wallet itself. Furthermore, the information transfer between the CoolWallet cold wallet and the CoolWallet App is protected by encrypted Bluetooth technology. When you need to sign a transaction, the cold wallet only transmits the transaction signature computed by the chip, without sending any private key-related information. Therefore, your private key will never be exposed during the Bluetooth connection process.