Wallet Logo

Cold Storage Coins

Latest release: ?? ( 31st January 2022 ) 🔍 Last analysed 23rd March 2022 . Provided private keys
28th December 2017

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Cold Storage Coins  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

What is a bearer token?

Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens require these attributes:

  • Secure initial setup
  • Tamper evidence
  • Balance check without revealing private keys
  • Small size
  • Low unit price
and either of these applies:
  • Somebody has a backup and needs to be trusted.
  • Nobody has a backup and funds are destroyed if the token is lost or damaged.

The Analysis 

Singapore based Rearden Metals Pte Ltd touts what it calls its Blockchain Mint service along with its Cold Storage Coins. It is uncanny in its resemblance to the original:

Casascius Coins Leaks Keys! Defunct!

The Casascius coins series was discontinued on the 27th of November, 2013 due to regulatory concerns. The earliest date we could find for Cold Storage Coins was on December 28, 2017. This date is significant because 2017 marked a year for one of Bitcoin’s most notable price increase to $20,000. At the time, $20,000 was the all-time high. 2017 was also the year of the Initial Coin Offering (ICO) when a lot of mainstream investors delved into fundraising projects related to cryptocurrencies.

Cold Storage Coins comes in Bitcoin (BTC), Ethereum, Dogecoin and others. Rearden Metals also offers a customized service for other cryptocurrencies. The Singaporean website Opengovsg.com lists Rearden Metals Pte Ltd’s incorporation date on December 27, 2017

Product Description

Rearden Metals’ Cold Storage Coins come with the following features:

  • unique Bitcoin wallet ID
  • laser-etched private key QR code
  • tamper-resistant holographic film
  • fire and flood resistant
  • available in 1 oz (28.35 g) 999 Fine Copper or 1 oz 999 Fine Silver

Cold Storage Coins come with a companion app.

How to transfer cryptocurrencies to Cold Storage Coins

  1. Scan the public key found on the back.
  2. Enter any amount of cryptocurrency – big or small.
  3. Authorize the transfer to complete.
    • You can use any hot wallet with a ‘paper to wallet sweep’ function to scan the key or download the Cold Storage Coins app.

How to transfer cryptocurrencies to another wallet

  1. Peel off the tamper-resistant film at the back.
  2. Use ordinary household solvents like WD-40 to remove excess security adhesive.
  3. Scan the private QR code to transfer crypto to your desired hot wallet.

Analysis

Similar to Casascius Coins , Cold Storage Coins etches the private keys on the coins and thus allows them to make copies of it. The users would have to trust that they won’t.

They did offer a Security Statement, but again, users would just have to take their word for it that the Managing Director won’t make copies of the private keys on each coin they sell.

What happens to the private key once the coin is engraved?

Creating secure Cold Storage Coins is a very complex process that involves laser etching of a private key & private key QR code on every coin’s surface. The integrity of this process is paramount to our product’s success, and this production process is strictly overseen by our Managing Director. The keypair is generated on an offline computer, the lasers are run by computers that have never been online. Each computer is wiped clean using USA Department of Defense quality destruction methods. You can learn more about the steps we take to secure the sensitive information in our Security Statment.

(dg)

Verdict Explained

The device gets delivered with private keys as defined by the provider!

As part of our Methodology, we ask:

Provided Keys!

Are the keys never shared with the provider?

If the answer is "no", we mark it as "Provided private keys".

The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.

There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.