Security Fix (Multisig Users)

This release fixes a multisig PSBT-tampering issue, that could allow a MitM to steal funds. Please upgrade ASAP.

This issue can only affect multisig wallet users, and we strongly recommend immediate upgrade. There is no evidence any malicious actor ever exploited this bug, but to give users a head start, we plan to talk about this in more detail in 90 days.

Download the latest firmware here

New Features

This is primarily a maintence release, but we could not resist adding some new features too:

  1. You can now select a one-line text file from the MicroSD card to be signed by your private key. This can be useful to prove identity, or control over a key. More details are available in the updated online docs for the MicroSD submenu.

  2. The Coldcard can now accept PSBT files encoded in Base64 or hex, which can be helpful to programers and other system integrators. In the past, all PSBT files had to raw binary which is more difficult to work with. The ouput PSBT (signed version) will be written in the same encoding as the input PSBT file. This does not affect the USB interface, which still requires binary values.

  3. All change outputs are now shown during the approval process (on screen). We’re not sure if it’s worthwhile to verify all the change outputs, since the Coldcard has already worked hard to check they come back to your wallet. But they are part of the transaction being approved, so it makes sense to show them, so they can be inspected if desired.

This release also has a number of bug fixes.

Change List

  • Enhancement: Sign a text file from MicroSD. Input file must have extension .TXT and contain a single line of text. Signing key subpath can also provided on the second line.
  • Enhancement: Now shows the change outputs of the transaction during signing process. This additional data can be ignored, but it is useful for those who wish to verify all parts of the new transaction.
  • Enhancement: PSBT files on MicroSD can now be provided in base64 or hex encodings. Resulting signed PSBT will be written in same encoding as the input PSBT.
  • Bugfix: crashed on entry into the Address Explorer (some users, sometimes).
  • Bugfix: add blank line between addresses shown if sending to multiple destinations.
  • Bugfix: multisig outputs were not checked to see if they are change (would have been shown as regular outputs), if the PSBT did not have XPUB data in globals section.

Get Coldcard Mark 3