Coinplus Wallets
  • $0.00 0
    Cart review

    No products in the cart.

Last updated: September 7, 2025

Security
by Design

Offline-first hardware. Tamper-evident. Dual-entity key generation. Your key is yours—by design.
Coinplus card in a sleeve with a holographic seal

Why Coinplus is Secure

U.S. Pat. No. 11,463,252
U.S. Pat. No. 11,824,983

01

Patented address generation

Dual-entity, secrets sealed by independent parties. Neither party can reconstruct your private key.

02

Tamper-evident
by design

Sealed surfaces and inspection steps make interdiction visible before you fund.

03

Local
key derivation

Your private key is derived on your device only and never stored by Coinplus.

04

Offline
by design

No battery, no firmware updates, no radios — drastically fewer remote attack paths.

Patents protect our inventions; they’re not a security guarantee. Always inspect before funding and verify prompts.

See patent jurisdictions (11)
  • United States — 11,463,252 B2; 11,824,983 B2 (granted)
  • China — CN111480172B (granted)
  • India — 546224 (granted)
  • United Arab Emirates — P6000607/2020 (accepted; publication pending)
  • Nigeria — NG/PT/C/2020/4509 (granted)
  • Switzerland — EP3701462 (granted)
  • Germany — EP3701462 (granted)
  • France — EP3701462 (granted)
  • United Kingdom — EP3701462 (granted)
  • Spain — EP3701462 (granted)
  • Brazil — BR1120200083682 A2 (pending)

How Your Address is Generated

Coinplus uses a dual-entity process so no single party can create or reconstruct your wallet on their own.
Coinplus address generation diagram
  • Secret 1 is generated, laser-engraved, and concealed under a tamper-evident seal by our independent secure manufacturing partner (Intergraf 14298 & ISO/IEC 27001 certified).
  • Secret 2 is generated, laser-engraved, and concealed under a tamper-evident seal by Coinplus, Inc.
  • No entity ever sees the other party’s secret. Both travel to you sealed.
  • When you reveal both seals and combine the two secrets in the Coinplus app, your wallet’s private key is derived locally for the first time.
  • The derived key is never accessible to Coinplus or any third party and never leaves your control.

What “Tamper-evident” Means

No security device is “tamper-proof.” Coinplus uses tamper-evident seals so you can see if the product has been opened or altered before you fund it.

Inspect before funding (takes < 1 minute)

1. Check the outer sleeve — it should be clean, flat, and uncut. No tears, dents through the seal area, or tape over seams.

2. Examine the seals closely — the seals on the card covering the secrets should sit flush with edges intact and micro-details crisp. No lifting, bubbles, residue, or signs of re-application.

3. Open only when you’re ready — once the seal is broken, the product becomes customer-controlled.

What to look for:

<strong>Lifted corner</strong> — peeling or raised edges.

Lifted corner — peeling or raised edges.

<strong>Air bubbles</strong> — pockets trapped beneath the seal.

Air bubbles — pockets trapped beneath the seal.

<strong>Adhesive residue</strong>— sticky marks or ghost patterns.

Adhesive residue— sticky marks or ghost patterns.

<strong>Pattern mismatch</strong>— misaligned print or tamper text.

Pattern mismatch— misaligned print or tamper text.

If a seal is broken or looks re‑applied, do not use the card. Email [email protected]. See Returns & Refunds.

Contact Support
Coinplus card tamper inspection
What if I’m unsure about the seal?

Don’t fund it. Send photos to [email protected] and we’ll verify.

Why not say “tamper-proof”?

Because no product is. We make tampering visible so you stay in control.

Manufacturing Safeguards

Your card is built through a dual-entity process. Our independent secure manufacturing partner (Intergraf ISO 14298 & ISO/IEC 27001) generates and seals Secret 1, while Coinplus, Inc. generates and seals Secret 2—with strict separation so no one can reconstruct your key.

  • Certified facility: Intergraf ISO 14298 (security printing) & ISO/IEC 27001 (info security).

  • Separation of duties: Partner handles Secret 1; Coinplus handles Secret 2. Secrets are never co-located.

  • Tamper-evident at both steps: Each secret is engraved and sealed before it ever leaves the facility.

  • Chain of custody: Serialized units, sealed cartons, dual sign-off on transfers.

  • Scrap & remnants control: Destruction logs prevent any leftover material from leaving production.

  • Lot QA: Randomized destructive seal tests and visual QA per lot.

  • No key on servers—ever: The private key is derived only on your device when you combine the two secrets.

Controls at a Glance

Intergraf ISO 14298

High-security print controls for seals & personalization.

ISO/IEC 27001

Access, logging, change control around sensitive steps.

Separation of duties

No single party can recreate your key.

Tamper-evident seals

You can detect interference before funding.

LOT & serial tracking

Traceability and recall capability if needed.

Intergraf ISO 14298 & ISO/IEC 27001 certifications apply to our independent secure manufacturing partner. Coinplus operates parallel process controls for Secret 2 and end-to-end chain-of-custody.

Threat Model

What We Consider & How We Mitigate

We protect safe self-custody by splitting your wallet secret across two sealed parts, deriving the private key only on your device, and making tampering visible before you use your wallet.

Top threats & mitigations at a glance

Each card shows the attacker’s goal, what we do, and what you do.

Package intercepted & resealed

Goal: Access before you receive.

  • We: Tamper-evident seals; serial/lot tracking; replace if any doubt.
  • You: Inspect sleeve & seals before funding; contact support if anything looks off.

Phishing & fake apps

Goal: Imitate Coinplus to capture secrets.

  • We: Official links via coinplus.com; authenticity checks; Help Center.
  • You: Install only from our links; never share secrets; verify domain/email.

Lost or stolen card

Goal: Control changes with possession.

  • We: Guidance to move funds; compatible with backup/second factor.
  • You: Treat as bearer; move funds immediately if control is lost.

Malicious NFC readers

Goal: Trick you into signing or revealing.

  • We: Read-only by default; explicit user action; clear prompts.
  • You: Use official app; ignore unfamiliar prompts; verify approvals.

Seed/secret capture during setup

Goal: Record your backup at reveal time.

  • We: No printed seed; local derivation; private offline backup guidance.
  • You: Back up privately; never photograph/type online; keep secrets apart.

Residual risk (out of scope)

  • Coercion or highly resourced attackers capable of perfect resealing.
  • A compromised device at the exact moment you reveal/combine secrets.
  • User disclosure of secrets, or loss of both secrets.

Use Safely — Best Practices

A few simple habits keep you in control. Dive deeper only when you need to.

Before funding

Do a quick pre-funding inspection. Use the inspection checklist. If anything looks off, don’t fund—contact support with photos.

Inspection Checklist

Ongoing control

Keep the card sealed and intact; store it securely. If a funded card is lost or you suspect exposure, choose a path below.

Why This Matters
Backup was set up

Open the official appSettingsLost my card. Funds auto-transfer to the backup address. No unsealing needed.

No backup set up

Previously unsealed (you have the key/backup): create a new wallet and transfer all funds to the new address.
Never unsealed: funds can’t be moved (private key never derived).

If the lost card was never funded, just replace it — no funds are at risk.

When combining secrets

Use the official app only. Combine in private (no cameras/screen recording). Keep your phone updated; verify prompts.

Get Official App

We publish authenticity and safety guidance in our Help Center. If you’re unsure, don’t fund—contact support with photos.

Security Contacts & Responsible Disclosure

If you see something suspicious or find a vulnerability, here’s how to reach the right team—fast and safely.

For Customers

Suspicious product, phishing, or account issue?
Email [email protected] with photos and purchase info. For a lost/compromised card, open the app → Settings → Lost my card.

Report suspicious item

For Security Researchers

We welcome reports under coordinated disclosure.
Contact [email protected]. Please include steps to reproduce, impact, affected versions, and a minimal PoC.

Email [email protected]

Response targets: Critical ≤24h, High ≤48h, Others ≤3 days.

Security FAQ

Can I return an opened item?

No — opened items are customer-controlled. See our Returns & Refunds

Can Coinplus recover my funds if I lose the card?

No. The private key is derived on your device only. Coinplus can’t access your private key. Use the backup options we provide to protect against loss.

Is there any firmware to update?

No. The system is offline-first and maintenance-free by design.

Do I need an account?

No account is required to hold or use the wallet.

What if seals look altered?

Don’t fund. Use the inspection steps and contact [email protected] with photos and purchase info.

Lost card—what should I do?

If funded and you set a backup: App → Settings → Lost my card to auto-transfer. No backup: if previously unsealed and private key derived in the app, move funds to a new wallet; if never unsealed, funds can’t be moved.

Where should I buy?

From coinplus.com, its official shop on Amazon, or our authorized partners only. Avoid random marketplace listings.

Is the QR safe to share?

Yes—the QR is your public receive address.