Project rundown interview with Kai, Project Manager of Card Wallet.
Project Rundown interview on The Capital.
Hello Kai. Thanks for taking the time to make this interview. Let me start right away with my first question: What unseen opportunities did you see that may result in making your startup a success and what is Coinfinity doing today?
Back in 2014, when Coinfinity was founded, it was a tough time for Bitcoin. Mt. Gox was hacked for 700.000 BTC and went bankrupt. The Bitcoin price crashed by 80%. Most people thought Bitcoin was dead and quit. Max and Stefan founded a company. They chose “Bringing Bitcoin to the people” as Coinfinity’s slogan because they believed in Bitcoin values, not Bitcoin price. To this day, the entire company structure and philosophy is built on these values.
Today, Coinfinity operates a crypto-fiat gateway and a lot of Bitcoin ATMs through its subsidiary Kurant. Our digital voucher product “Bitcoinbon” is available at practically every corner in Austria. We offer B2B solutions for companies that want to use crypto in any way, shape or form and together with OSD have created the Card Wallet, an extremely secure, easy to use cold storage wallet.
When you try to “bring Bitcoin to the people”, what is the biggest problem you face?
Usability. It is still too difficult to use crypto and to keep it safe. The complexity scares people. We need easy tools that my grandma could use. “Be your own bank” is a lot easier said than done. That’s why most newbies just open an account on centralized exchanges and leave their funds on it. Or they put their funds at risk because of their lack of knowledge. For example, a few weeks ago we had a customer in our front office who was carrying around almost 7 BTC on his smartphone without any idea of how risky that is.
Aren’t hardware wallets a good solution for this?
In theory hardware, wallets offer pretty good security, but users need quite a bit of technical and security knowledge to use them safely in the long term. For experienced crypto users like you and me, that’s not a problem, but Coinfinity operates a support hotline and we get calls every week from users who cannot access their coins anymore. They lost their seed or forgot their passphrase. Of course, you can write down your seed, but then you basically have a hardware wallet and a paper wallet at the same time, adding up both of their weaknesses. To me personally, hardware wallets aren’t real cold storage either, since I have to connect them with my computer. They use firmware updates, where data gets written on the device and changes its behavior. Hackers could exploit this or a manufacturer could even do an exit scam.
So what’s the solution?
Ease of use. The biggest security risk is the user himself, so simplicity is the most important security feature. That’s what we want to achieve with the Card Wallet.
Digital security is very hard, but everyone knows how to keep a gold coin safe. With the Card Wallet, it’s the same thing. As long as you keep the card safe, your coins will be safe. Even my grandma can do that! So you already know everything you need to keep crypto safe with the Card Wallet.
What’s the Card Wallet and how does it work?
The Card Wallet is the easiest way to store Bitcoin for a long time and the safest cold storage retail customers can get.
It’s a durable, water and heat resistant card with a public address and QR Code on one side and a private key and seed phrase on the other, protected by the security seal.
Once you get your Card Wallet, you import it in the Chainlock app or just copy the address. After that, lock the Card Wallet away in a safe place. Bitcoins can be deposited to the address at any time. Only once you want to spend the coins, you need the Card Wallet again to import the seed phrase in a digital wallet.
That sounds a lot like a paper wallet.
Of course the Card Wallet is way more durable than paper, but yes, the basic process is similar. The card, however, is just the medium on which the keys are stored. The real value of the Card Wallet is its high-security key generation.
But shouldn’t everyone generate their own keys?
Everyone who is able to create secure keys should, of course, do so. But creating really secure keys is really hard. Viruses, bugs, and vulnerabilities make it difficult. Just pushing a button in an app doesn’t cut it. To audit the source code or to make sure the operating systems and devices are really secure, clean and offline, you have to be a real expert. I’m in crypto for six years now, but to be honest, I couldn’t do that. You probably couldn’t do that. I would be surprised if more than a few thousand people on the planet could do that. Luckily, two of them work for us. That’s why we offer this service to customers as a trusted third party.
Why should I trust Coinfinity?
For a start because we have been a trustworthy, reliable player in the crypto space since 2014. But that, of course, is not enough.
That’s why we designed the production process to minimize trust and maximize accountability
The Card Wallet is produced by the Austrian State Printing House under tight control by Coinfinity…
The Austrian *State* Printing House?
Yes, but despite its name, the Austrian State Printing House (or OSD for short) is not state-owned. It’s a publicly-traded company that has been producing secure documents for 200 years and probably will be for the next 200 years to come. They are a world leader in physical high-security features, which is why the Card Wallet has top-notch security against forgery and supply chain attacks.
As I stated before, the Card Wallet manufacturing process has been designed so that Coinfinity can control and monitor OSD at every step to create a safe product for our customers.
This starts with the way keys are generated. For key generation, we use our own patented Secure Entropy Technology or SET. Through SET, multiple parties can deliver random seeds that are combined with a master seed in the production machine. Nobody knows this combined master seed, so nobody can recreate the keys, but every party can verify that their random seed has in fact been part of key generation by doing mathematical checks on randomly selected cards.
For Card Wallet production, three random seeds from different sources are combined: One generated with a high number of dice rolls by Coinfinity employees, one generated by the OSD by means we don’t even know and one generated with a certified hardware random number generator.
After the master seed is combined, keys are generated, burned into the cards by laser, automatically scanned and verified to ensure that they are working and immediately sealed before the cards leave the production machine. All of this happens in a single production step inside the production machine, no employee ever sees the private keys
The production machine is completely offline (air-gapped) and in a special high-security room that only a selected few OSD employees are able to enter in pairs only to ensure the four-eyes principle. These employees are continuously subjected to security and background checks and we know which employees were in the room during the production of every card.
The production room is video surveilled by OSD and also monitored through glass walls by Coinfinity employees who surveil the entire production cycle. After each production, all critical data is destroyed as specified in military standards.
Of course, some degree of trust remains. But then you also have to trust hardware wallet manufacturers or wallet app developers. With the Card Wallet, at least you only have to trust us once, since you’re totally independent from us once you hold your wallet in your hands. With digital wallets, you continuously have to trust the company every time they push an update.
How do I know there’s a working private key under the seal?
The production machine scans and tests each key pair before it seals the private key, to ensure that they are readable and working. Should a card fail this test, production would be stopped. Additionally, we do random spot checks to verify that the automated process works correctly.
As a customer looks at the backside of your Card Wallet. Besides the security seal, you will see a QR-Code (the Chainlock code), a currency logo, a version number as well as some more information. Since all data is lasered onto the Card Wallet in one step, you can assume that if these items are present, the private key has also been successfully burned into the card.
If this is not enough for you to trust your Card Wallet, you could, of course, scratch off the security seal, look at the private key and then cover it again. If you do not film or import the private key, it is still offline and cold storage. However, manipulation attempts can of course no longer be detected on the security seal.
Where can I get a Card Wallet, should I want one?
The Card Wallet can be purchased at cardwallet.com.
Is it possible to pay with Bitcoin?
Of course! Besides usual payment methods like credit cards or bank transfer, we offer Bitcoin payments and as Bitcoin enthusiasts love to receive them. We even offer Lightning payments with a 10% discount, but remember that Lightning is still under development, so it’s not always possible to find a working payment route.
Who are your partners and who would you like to partner with in the future?
We have a variety of business partners, from the aforementioned OSD to multinational corporations like chip manufacturer Infineon.
We also pay special attention to partnerships with other Austrian start-ups from the crypto industry and companies that have a similar philosophy to us. Blockpit, for example, is a start-up from Austria that has dedicated itself to make tax declarations on cryptocurrencies easy.
We are very interested in creating a healthy and trustworthy crypto environment in Austria. That’s why we are actively involved in different institutions like Bitcoin Austria or the Austrian Blockchain Center. We also sponsor some good people in the crypto space like the amazing Anita Posch, whose Bitcoin & Co podcast we can wholeheartedly recommend to any crypto enthusiast.
As for future partners, we love to work with crypto companies that share our values and we want to bring companies into the crypto space that weren’t involved before and accompany them on their journey. All honest actors are welcome!
Thank you for your time.
Card Wallet Link: https://www.cardwallet.com/en/home/
Coinfinity Link: https://coinfinity.co/
Discount Code 10% : Discount code