Keycard Shell Pre-Sale Live: Reserve Your Radically Open, Uniquely Secure Hardware Wallet Now

Tired of hardware wallets that operate like black boxes? Worried about hidden vulnerabilities or insecure hardware? We believe traditional hardware wallets have blind spots worth eliminating.

That's why we built Keycard Shell: a new, 100% open-source hardware wallet designed from the ground up for verifiable security and user control.

And the best part? You can secure yours today during our exclusive pre-sale and benefit from exclusive discounts and community perks!

👉 Join the Keycard Shell pre-sale now: https://keycard.tech/

#What Makes Keycard Shell Different? A Foundation Built on Proven Security

We didn’t build Shell as just another hardware wallet. We built it to fill a gap in the crypto security space, using the power of Keycard, our Java Card-based hardware wallet. This approach is fundamentally different – and we believe, fundamentally more secure:

1. 1
   Dedicated secure chip (Java Card): Transactions are signed on a dedicated, non-upgradable secure chip housed within one or multiple Keycard smart cards. This is the same battle-tested technology securing bank cards since the 1990s.
2. 2
   Radical openness: Shell is 100% open source. And we're not just talking about elements of the software. From the hardware schematics, board layout, case design, and bill of materials (BOM) to the chip's Java Card applet and the device firmware – everything is under a permissive MIT license. This allows anyone – from security researchers to curious community members – to audit, verify, and even build upon our work. No hidden components, no closed-source secrets.

#Why Does This Matter? Addressing the Weakness of Existing Wallets

Our open and unique architecture directly tackles common hardware wallet vulnerabilities:

#Enhanced Security Through Signing on the Secure Element 

The problem 

Hardware wallets usually rely on a dual-chip design with one microcontroller and a secure element. The microcontroller is designed for general purposes and is not good at protecting sensitive data against any kind of attack. 

On the contrary, the secure element is very secure (and most of the time formally verified with EAL levels EAL5+/6+). The problem is that, most often, the secure element only stores the private keys and exports them to the microcontroller when it’s time to perform a signature. 

Examples 

• OneKey Mini has twice suffered hacks (2023, 2024) that allow it to extract the user’s seed from a device if a hacker gets their hands on it. This is a direct consequence of the product architecture. If the signer is the microcontroller, then the private keys must be able to leave their secure element and are thus at risk of being stolen. 
• Ledger team unveiled that the Trezor Safe 3 microcontroller could be fooled to run malicious software. As Ledger’s CTO puts it, the fact that it is the microcontroller receives the private keys in order to sign things makes this hack particularly dangerous.

The TLDR is that in a good hardware wallet architecture, it should be a rule of thumb that private keys should never leave the secure element, and thus signing should be done in the secure element. 

The Shell solution 

With Shell, signing is performed within the secure element. Our open-source Java Card software performs the signing, and thus private keys never leave the enclave of the secure element.

#Immutable Security Through Non-Upgradability

The problem

If the microcontroller where you sign transactions uses upgradable software, you can not be sure that your private keys will never be at risk at some point. You need to trust the manufacturer that they will never introduce for any reason (insider attack, coercion by a government, change of policy of the manufacturer) a way for the private keys to leave the secure element. 

Example 

In May 2023, Ledger introduced a new feature called Ledger Recover, which allowed the secure element to split your secrets into parts and share them securely over the internet with custodial third parties. Introducing the idea of untrusted third parties into Ledger's ecosystem caused significant controversy.

The Shell solution

Keycard, the secure element used by Shell, is non-upgradable (no applets can be added or changed on the card). This design means you don’t need to rely on us, and even in the odd case where we'd be subpoenaed to change the behaviour of Shell or Keycard, we wouldn’t be able to have your private keys exit Keycard – not even part of them.

#Preventing Loss of Access and Ensuring Longevity

The problem

Integrated, non-replaceable batteries limit a device’s lifespan. In the worst case, your hardware wallets stop turning on – as some Ledger devices do – leaving you dependent on a paper backup. Even if the device remains powered, new cryptographic standards might require entirely new hardware.

The Shell solution 

Shell uses a standard, easily replaceable battery. More importantly, you can use multiple Keycards with the same Shell device (for backup or for different seeds). Need support for a future crypto standard? A new Keycard can potentially be added without replacing the Shell device itself.

#Protection From Compromise Through Air Gap and Clearer Signing

The problem 

If your computer is infected with malware (as in a recent incident involving ByBit), it might try to trick your hardware wallet into signing a malicious transaction.

The Shell solutions 

1. 1
   Shell has no radio technology on-board. Being air-gapped, it receives information using QR codes. And its USB port can be turned off entirely.
2. 2
   You clearly see transaction details (for BTC, ETH, ERC20, and ERC712, including approvals) directly on Shell's display, allowing you to verify exactly what you are signing, regardless of what your potentially compromised computer shows.

#Defence Against Coercion (“Wrench Attacks”)

The problem 

An attacker who knows you hold cryptocurrency could demand access to your holdings by threatening violence or other means of extortion.

The Shell solution 

Shell includes a Duress PIN feature, which reveals a predefined, separate "plausible deniability" wallet (which could be empty or hold minimal funds) when entered under duress, protecting your main wallet (and the assets within it) from compromise.

#Truly Open: See for Yourself

We mean it when we say Keycard Shell is 100% open source:

• Open hardware: Schematics, PCB layouts, bill of materials – all public under MIT license. Build it, inspect it, modify it. One community member already 3D-printed a custom case! Compare this to competitors who often keep hardware details proprietary.
• Open software: From the low-level Java Card applet on the secure chip to the STM32H573 microcontroller firmware, all parts are MIT licensed and available for audit.
• Open ecosystem: We provide open-source libraries and tools (supporting ERC-4527, Bitcoin UR) to make integrating Keycard and Shell into wallets seamless. Use it out-of-the-box with MetaMask, Rabby, Backpack, imToken, UniSat, BlueWallet, and others.

#Join the Pre-sale: Get Your Keycard Shell First!

Be among the first to experience the next generation of open, secure hardware wallets. By joining the pre-sale, you get:

• Exclusive discounts: Secure your Shell at a special introductory price
• Community perks: Receive Status Network KARMA points and other community benefits
• Early access: Get your hands on Shell before the general public

Don't compromise on the security and transparency of your crypto assets.

👇 Secure your Keycard Shell and exclusive perks today! 👇

https://keycard.tech/