How to use those awesome new Bolt Cards without a CoinCorner account \ stacker news ~bitcoin

How to use those awesome new Bolt Cards without a CoinCorner account

2390 sats \ 17 comments \ @nullama 19 May 2022 bitcoin

CoinCorner just announced The Bolt Card, great looking NFC cards that you can use to tap to pay using lightning.

I really like this concept because it means that you can pay exactly in the same way that you would pay with a credit card, but only using Bitcoin. There's no legacy financial institution in between you and the goods and services you're paying for. And if you get paid in Bitcoin then you would be living completely in a Bitcoin standard!

Now, in theory they made this card to be used with their CoinCorner exchange (and they provide free lightning deposits and withdrawals so the service is basically free), but you don't have to because it's simply a NFC card that stores a LNURL.

Here's what you'll need to pay with this card without using a CoinCorner account:

One of these awesome Bolt Cards (a blank NFC card works as well but it's not as cool)
A phone with NFC (Tried this in Android but iPhone should work as well)
Either your own lightning node or an external service like ln.cash
An app to write NFC like NFC Tools. This one is free and works great. There should be similar ones for iPhone as well.

Now, the idea is that basically you setup access to your Bitcoin through LNURL, in particular you create a LNURL-Widthdraw link. You can do this with your own lightning node, or simply using a third party service like ln.cash. Once you have that link, you simply write that as a lightning url in the NFC card. Here's a video that shows how to set up a card with ln.cash.

And that's pretty much it!, you can now use the card to pay with lightning with a simple tap.

This card works great with BTCPayServer so any store that has that should accept it. You just need to click on "Pay by NFC & LNURL-Widthdraw" in the checkout and then it's ready to receive the tap of the card. Here's a video of that in action

With this card and BTCPayServer you basically can connect two people exchanging goods and services directly through lightning with just a tap of a card, no need for credit card companies and their fees!

view all related items

8 sats \ 2 replies \ @cryptocoin 19 May 2022

I don't know enough about LNURL to understand how this is secure.

Are there limits as to how much is paid, and if so is that configurable? e.g., can I set a limit of N sats per tap, and N taps per hour?
Another scenario: The terminal shows 5,000 sats. I tap. Later, I find 100,000 sats deducted. The merchant was dishonest. My "tap" authorized it though.
There is protection against a replay attack (single use token), but not against someone stealing my card (or finding it after I dropped it) and draining funds either at other merchants, or the thief manually sucking everything out.

20 sats \ 0 replies \ @nullama OP 19 May 2022

I read a bit more about LNURL-Widthraw and it is indeed possible to configure it to have limits.

With LNURL withdraw, you have the ability to give someone the right to spend a range, once or multiple times

In the case of dishonest merchants, you'll have to trust them, because by tapping with the card you can't see how much you're approving(they could create an app with a fake amount displayed while sending a larger invoice). That's basically the same as tapping with a credit card though(you could have a chargeback eventually though).

And yes, card stealing will mean you lost your money. Also similar to having a fiat card stolen and having the person tap away your money.

20 sats \ 0 replies \ @nullama OP 19 May 2022

You have full control of it really because you can make it connect to your own node.

Most probably there's going to be a few issues, so I wouldn't put too many sats in that node, but this is just the first iteration of the technology. I'm sure it will get only better over time. Here are the lightning specifications that this is built upon: https://github.com/fiatjaf/lnurl-rfc

Under services you can see that ln.cash for example uses LUD-01: Base LNURL encoding and decoding and LUD-03: withdrawRequest base spec. You can read those to see how the transaction is actually performed under the hood.

Under self hosted there's some projects that use the same LUDs, like these ones for example:

100 sats \ 1 reply \ @el_zonte 23 Jun 2022

Here is how you can make your own self-sovereign payment card with replay protection using NXP SUN authentication.

https://www.whitewolftech.com/articles/payment-card/

10 sats \ 0 replies \ @el_zonte 14 Aug 2022

an update - there are now..

numerous documents
open source bolt card server code
an open source android app to program the cards
a support group

https://github.com/boltcard https://t.me/bolt_card https://twitter.com/bolt_card

2 sats \ 0 replies \ @TheBTCManual 19 May 2022

This is proper man, I love it, glad that it can be interoperable with different services like btcpay server, I ordered a few for myself, can't wait to get them and test them out

2 sats \ 3 replies \ @bitcoinpleb_b 19 May 2022

Very, very cool!

How would someone get a Bolt card without an a CoinCorner account? And is this possible anywhere or just in the UK?

13 sats \ 0 replies \ @nout 19 May 2022

You can probably just get any other NFC card, e.g. https://nfctagify.com .

12 sats \ 1 reply \ @btcgandalf 19 May 2022 freebie

You don't need a coincorner account to purchase them. I believe they ship worldwide.

2 sats \ 0 replies \ @bitcoinpleb_b 19 May 2022

Oh. Awesome

10 sats \ 2 replies \ @03182e07e0 19 May 2022 freebie

It's better than that.

It's specifically using the "NXP NTAG 424 DNA"

This gives you the ability to use it's cryptographic features to add a deterministic but unique hash on every LNURL which your server will be able to verify with a secret key.

With this, you can prevent replay attacks, so it's safer to use our in the public.

You can buy these cards elsewhere, but you'd have to buy them in bulk to get a good price.

0 sats \ 0 replies \ @nullama OP 19 May 2022

That's actually great to hear, I had no idea about that. It makes these cards much better than any random NFC card, and not just by the design but because of the features it has in the NFC chip. Thanks for pointing it out!

0 sats \ 0 replies \ @03182e07e0 19 May 2022 freebie

If you want to see an example of what could be done with it, check out the following apps:

https://play.google.com/store/apps/details?id=com.nxp.nfc.tagwriter

https://play.google.com/store/apps/details?id=com.nfcdeveloperapp

The first app can read and write tags and show if and how any of the advanced features were written and modify them. But it won't let you write to the secure area afaik.

The second app write to the secure storage (where you keep a secret key) but is very limited in configuration.

3 sats \ 1 reply \ @kilianbuhn 19 May 2022

Sorry if this is a dumb question: what is the advantage if everyone has a phone in their pockets anyway?

4 sats \ 0 replies \ @ln123 19 May 2022 freebie

Cards don't require battery (or signal)
Many privacy conscious consumers prefer dumb phones
Can be faster to use a card than to unlock a phone (and find the relevant app)
Harder to steal a card from your hand (and less impact) than a phone
I would lend someone my card to make a payment but not so convenient to lend a phone
Cards are cheaper than phones

0 sats \ 0 replies \ @pi 19 Jul 2022

I am glad to read this because I was shocked by the amount of personal information you have to give away to CoinCorner before using the cards. It's like setting up a new bank account, and I bet it also introduces counterparty risk, i.e., you lose custody of your sats.

It doesn't feel right that people try to build legacy systems on top of Bitcoin. It's like trying to fit a square peg in a round hole.

0 sats \ 0 replies \ @DarthCoin 19 May 2022

Great guide! Have my sats. Also works really nice with LNbits.