# Cold-Wasabi Hardware Wallet Mode
- Using hardware wallet step-by-step
- What is Cold Storage
- Hardware Wallet with Wasabi
- Cold-Wasabi protocol
- GUI tutorial
- Daemon tutorial
# Using hardware wallet step-by-step
- Start your Wasabi Wallet and connect your hardware wallet with USB. Alternatively, you can import a Coldcard skeleton file via SD card.
Hardware Wallettab will open, and there you can search all connected hardware wallets.
Load Wallet, then you can receive bitcoin to addresses controlled by the hardware wallet.
- You can spend these coins in the
Sendtab, though the hardware wallet must be connected via USB to confirm before signing the transaction. Alternatively, you can build a PSBT, export this via SD card to your Coldcard wallet for signing, then import the final transaction to Wasabi for broadcasting.
Unfortunately, as of now you cannot CoinJoin with just the private keys on your hardware wallet. The keys need to be on the internet connected computer to be able to CoinJoin.
# What is Cold Storage
Cold storage refers to keeping a reserve of bitcoin protected by private keys which are generated and stored completely offline. This is an often-used security precaution, especially dealing with large amounts of bitcoin. Because the private keys are not on a computer which is connected to the internet, many remote attack vectors are nullified.
Methods of cold storage include keeping private keys:
- On a USB drive or other data storage medium
- On a paper wallet
- On a bearer item such as a physical bitcoin
- On a hardware wallet
# Hardware Wallet with Wasabi
You can use Wasabi Wallet with almost any hardware wallet out there, because Wasabi utilizes Bitcoin Core Hardware Wallet Interface [HWI]. The setup is thoroughly tested for Trezor model One and T, Ledger Nano S, Coldcard.
# Connecting via USB
# Import the wallet
When Wasabi is running, the hardware wallet can be connected via USB to the same computer.
Wasabi should automatically detect the hardware, and open the
Hardware Wallet tab where you can load the wallet.
This wallet will be used as a watch-only wallet when the hardware wallet device is not connected.
# Receiving bitcoin
After the first time you loaded a new device, the public keys will be stored locally on the computer, and you can use Wasabi to receive bitcoin to the hardware wallet without connecting it again.
# Sending bitcoin
Only when you want to send bitcoin you need to connect the device over USB again.
Send tab, select your coins, specify the destination address and the payment amount and the fee, then click the
Send Transaction button.
The private keys are not on the computer, thus the transaction is signed on the hardware wallet, after you confirm with a physical button click.
The final transaction is automatically broadcast over Tor with Wasabi Wallet.
# Connecting Coldcard via SD card
You can use Wasabi Wallet together with Coldcard without ever connecting it via USB, further reducing possible attack vectors. For more details see the Coldcard documentation.
# Import the skeleton wallet
Power your Coldcard on a power bank or electricity socket, then unlock it with your pin.
Put in a Micro SD card and go to
Advanced > MicroSD Card > Export Wallet > Wasabi Wallet.
This will write the public keys, wallet fingerprint, derivation path and other metadata to a skeleton file
Protect your public keys!
This file does not include your private keys, so an attacker cannot use it to spend your bitcoin. However, he can use it to derive a full transaction history, thus it is a potential privacy leak.
Now plug in the SD card to your computer, and open Wasabi Wallet.
Go to the
Hardware Wallet tab, and click the button
Import Coldcard, browse to the SD card and select the
Wasabi will automatically import and modify this skeleton file and store it in your
# Receiving bitcoin
After the skeleton wallet is imported, you can open the wallet in the
Load Wallet tab without using your Coldcard.
Generate a receiving address as usual.
The private key corresponding to this address is on the hardware wallet.
# Sending bitcoin
In the right-side Wallet explorer, click on
This shows you a tab similar to the
You select coins, specify the destination address, payment amount and mining fee.
Then you click the
Build Transaction button, and it will generate an unsigned Bitcoin transaction.
Export Binary PSBT, select the SD card and click
Unplug your SD card from the computer and put it into your Coldcard.
Then, in the Coldcard main menu click on
Ready to Sign.
Verify the transaction details shown on the Coldcard, and approve the transaction for signing.
After this, unplug the micro SD card from Coldcard and plug it into the computer.
In Wasabi, click on the top menu
Tools and then
In this tab, select
Import Transaction, lookup the SD card with the final signed transaction, and click
Broadcast Transaction, and Wasabi will privately announce it to the Bitcoin network.
# Cold-Wasabi protocol
This is how you can safely eat cold Wasabi, or store your coins on a hardware wallet after one or more rounds of CoinJoin using Wasabi Wallet. Because you cannot do CoinJoin with the private keys on the hardware wallet, you will need to generate and load two different Wasabi Wallets. A 'Hot' (CoinJoin) and a 'Cold' (Storage) Wasabi Wallet instances will both be running side-by-side, label them accordingly so you don't mix them up.
There are two different ways of following the Cold-Wasabi Protocol, one using the GUI (Graphical User Interface) and one using the daemon.
At the moment, only the latter allows to CoinJoin to a different wallet.
# GUI tutorial
# CoinJoin on the hot Wasabi
You should make your existing coins private. It is useful to generate a complete new hot wallet for this, so as to keep the CoinJoin transaction history separate from other wallets.
- Generate a new Hot-Wasabi Wallet.
- Open the Receive tab to get a new address.
- From a pre-existing wallet, send bitcoin into this Hot-Wasabi Wallet.
- In the CoinJoin tab, select the relevant coins, enqueue them, and wait for the CoinJoin to be done. Remix often to gain a high anonymity set.
# Setup your cold Wasabi
In order to separate these new private coins, you should generate a fresh wallet on your hardware device.
- Generate and back up a new set of keys on your hardware wallet.
- Load your hardware wallet device to Wasabi, either via USB or SD card.
- Label and generate a receive address for the hardware wallet. For the first setup you need to connect the hardware wallet to the computer that runs Wasabi, afterwards you can generate receive addresses without the device being connected.
- Copy the receiving address from the cold-Wasabi.
# Send bitcoins from hot to cold Wasabi
In order to keep the mixed coins separate and without revealing that you own all of them, send the coins without consolidating them. Wait some time in-between sending them, so that timing analysis becomes more difficult.
- Go to the hot-Wasabi
Sendtab, and select the coins with high anonymity set. Do not consolidate your coins, but send them in small, time-staggered batches.
- Paste the cold-Wasabi address.
- Click the
MAXbutton to send the whole mixed coin.
# Send bitcoins from cold Wasabi
You can at any time spend the bitcoin from the cold Wasabi.
- Connect your hardware wallet to the computer.
- Load the cold Wasabi wallet.
- Go to the
Send, select the coins and destination, then sign the transaction with the hardware wallet. Alternatively go to the
Build Transactiontab and do the Coldcard SD card workflow.
# Daemon tutorial
# Mix to Another Wallet
Use the daemon and run
dotnet run -- mix --wallet:MyWallet1 --destination:MyWallet2, where
MyWallet1 is the name of your hot Wasabi Wallet and
MyWallet2 is your cold Wallet from Coldcard.
The software stops when it finishes the mix or if you press
CMD+C on macOS) to stop it.
Wasabi coinjoins normally until your target anonymity set is reached (default 50).
This number can be changed by editing your
Wallet1.json file, located inside Wasabi data folder.
After that it starts registering outputs from the CoinJoin to your destination wallet, thus you are slowly and privately coinjoining your money to your cold wallet.
You are now eating Cold Wasabi!
The anonymity set is tied to the wallet that you used to CoinJoin, if you send a mixed coin to another Wasabi Wallet (in this case your hardware wallet), it will have an anonymity set 1 (red) because this wallet doesn't know that the coin was coinjoined.
You should use a meaningful label when you generate a receive address in your hardware wallet, e.g. "My hot Wasabi 100 anonset" (something that reminds you that you got this utxo from your Wasabi Wallet and it was coinjoined).