A cross-platform cold storage and spending wallet for IOTA. At its core, IOTAcooler uses standard IOTA multisig addresses to split the signing process over two devices, one online (hot signer) and the other offline (cold signer). In this way, the offline signing seed is never exposed to the internet, securing your funds against popular attack vectors exploited by malware. For best security, consider running IOTAcooler from a live linux image while cold signing a transaction. Please check out our user guide for additional security considerations and a quick software tour.
IOTAcooler is designed with security and speed in mind. All sensitive steps are done completely offline, including the wallet recovery feature. IOTAcooler is really fast because the wallet is stateful, meaning that all past transactions, addresses and other states are saved into the wallet file, also because it uses light IOTA API requests for checking current transfers on the Tangle, which is very practical in case numerous or big transactions are part of the wallet history. The downside of this is that some specific information for incoming transactions is only visible on a tangle explorer.
The multisig signing is handled by iotacooler-smidgen, based on smidgen. Smidgen is a nodejs command line multisig utility, created by Bitfinex, which uses the official IOTA javascript library.
- Wallet encryption (AES-256) with password. Wallet file never stores the offline signing key.
- Multiple receiving addresses per transaction (batching)
- Address reuse detection when sending to addresses with outgoing transfers, even after snapshots
- Snapshot proof wallet recovery from seeds with offline signing process (recovery seeds remain safe)
- Two step transaction signing, online and offline
- Clipboard guard to warn about possible unwanted changes (malware) to copied addresses
- Support for custom generated seeds
- Built-in promote and reattach utility
- Fast transaction history retrieval, even with big bundles (DevIOTA Field donations :)
- Remote proof-of-work: fast transactions and less power usage
- Detect and warn if an old wallet version is opened
- Only one receiving address a time. A new address is generated automatically on transfers. You can use traditional spending wallets with small amounts which then are periodically refilled from secure cold storage wallets.
- Requires to always backup the wallet file after each transfer. Store and sync it in the cloud to be safe (wallet is encrypted and doesn't hold the offline signing key). If an old version is opened by mistake, IOTAcooler will detect this and show a warning.
- Some information, like source addresses for incoming transfers, is only visible with a tangle explorer due to light API requests usage.
Click here for a short YouTube demo
IOTAcooler works on Windows, macOS and Linux. Visit the releases page and download the appropriate executable/installer for your OS. For Arch Linux based distributions, there's also an AUR package for building from source, this is also the most secure option, since you don't have to trust the precompiled binaries.
Clone the source repository and compile with
git clone --recurse-submodules https://github.com/joshirio/iota-cooler.git
cd iota-cooler
qmake -config release
make
To run, iotacooler-smidgen is required. iotacooler-smidgen is a fork of smidgen with added functionality like promoting, address reuse checking on multisig transfers, custom recovery commands and changes to allow building nodejs binaries with pkg.
See deployment for building and packaging steps.
Please also check out the PKGBUILD script as an example.
The project wiki includes an user guide and other useful information.
MIT, see LICENSE file.