Old smartphone, new safe: Cake Wallet’s Cupcake challenges hardware wallets with free “air-gapped” cold storage

A hardware wallet costs on average between 70 and 250 euros, as highlighted by updated price lists of solutions such as Ledger and Trezor; it requires shipping and may expose to supply chain risks.

In September 2025, in this context, Cupcake proposes an alternative: using an unused phone as an air-gapped device to store private keys offline, with signing flow via QR and open-source code, as described by the official team of Cake Wallet and reported by the specialized press Bitcoin.com News.

According to the data collected by our editorial team, informal tests on discarded phones show that QR signing is stable for standard transactions, with signing times on the order of a few seconds per frame under typical conditions; very large PSBT transactions may require more frames and a slightly slower scan.

Industry analysts note that the air-gapped approach significantly reduces exposure to supply chain risks and physical tampering, while requiring greater operational discipline from the user.

What is Cupcake and how it operates in air-gapped mode

Cupcake is the “companion” app of Cake Wallet designed for offline key storage, kept exclusively on the isolated device.

The online app (Cake Wallet) prepares the transaction in read-only mode, sends it to Cupcake via QR for signing, and once signed, publishes the result on the network. For Bitcoin, the typical flow is based on PSBT (Partially Signed Bitcoin Transactions, BIP‑174), a standard that facilitates signing on isolated devices.

For Monero, the approach follows the practice of offline signing with unsigned transactions and out-of-band transfer, as explained in the official Monero documentation.

Current Support: Bitcoin and Monero

Currently, Cupcake manages Bitcoin and Monero, keeping the keys locally and not exposing them to the network, with a flow that balances privacy and operational convenience.

Why it matters: costs, transparency, and reduced supply chain risks

• No shipping or waiting times: reuse a device you already own.
• No account or identifying data required for use.
• Physical isolation of keys: signing occurs offline.
• Open-source code: greater transparency and the possibility of independent verification.
• Plausible deniability: configurations that minimize traces and visibility of funds on the device.

The fundamental advantage lies in the reduction of exposure to attack vectors – such as tampering during shipment or pre-compromised firmware – although this requires greater operational responsibility on the part of the user.

Setup: 7 Essential Steps for a “Cold” Phone

1. Perform a factory reset of the dedicated phone and proceed with a clean basic setup.
2. Activate airplane mode; manually disable Wi‑Fi, Bluetooth, NFC, and remove SIM and microSD.
3. Install Cupcake from the official store before isolating the device, or via a verified APK (with hash/firmware) available on GitHub. After installation, keep the device offline.
4. Generate or restore the seed exclusively offline and store the backup on a durable medium, such as steel or paper, in a secure location.
5. Set a PIN, screen lock, and if possible, enable device encryption.
6. Set up read-only addresses on your Cake Wallet (online version) to monitor balances and create transactions without exposing the keys.
7. Keep the phone in a secure physical location, turned off when not in use; it is preferable to opt for a device with a removable battery or place it in a shielded case.

A careful setup maximizes the benefits of the air-gap and limits errors such as unverified installations or accidental network reactivations.

Signature and Transfer via QR: Operational Flow

1. On the online app, prepare an unsigned transaction (for both BTC and Monero).
2. View the related QR or the sequence of “animated” QR codes.
3. Scan the QR with the offline device: Cupcake performs the signature locally.
4. Return the signed transaction to the online app via QR for subsequent publication on the network.

This optical transition eliminates the need for cables and file exchanges, reducing the attack surface and keeping the keys completely disconnected from the network.

Security Level: Strengths and Limitations

Strengths

• Key isolation and minimization of permissions.
• Reduction of supply chain risks inherent to dedicated hardware wallets.
• Verifiability of the code thanks to its open-source nature.

Known Limits

• A generic smartphone usually does not integrate a secure element or tamper-proof mechanisms comparable to those offered by some hardware wallets.
• The mobile operating system presents a larger attack surface and updates that are not always controllable.
• The overall security depends on the correct configuration and the security of the physical storage of the device.

Quick Comparison (offline phone vs hardware wallet)

• Cost: using a reused phone involves marginal costs, while dedicated devices have prices that vary, for example, from about €79 to €279 for Ledger and from €79 to €229 for Trezor.
• Supply chain: no shipping if using a device already in your possession, versus shipments that may involve tampering risks for dedicated devices.
• Security components: a generic smartphone offers limited protections compared to hardware equipped with a secure element and attestation.
• User experience: greater configurability with the phone offline can result in increased operational complexity, while hardware wallets offer more guided and established solutions.

Good Practices and Recommendations

• Use a device dedicated exclusively to offline storage, avoiding reuse for other activities.
• Verify the hashes and signatures of the builds, where available, and carefully check the permissions requested by the store.
• Make backups of the seed on fire and moisture-resistant media.
• Keep the device turned off and stored in secure places, such as a safe or safety deposit box.
• Simulate a recovery to test the entire process before using it with real funds.

Resources, Standards, and Documentation

• Cupcake on Google Play and App Store (check the permissions and data section).
• Code and releases of Cake Wallet (GitHub); organization: cake‑tech.
• BIP‑174 PSBT (partially signed Bitcoin transaction standard).
• Official Monero Guides on cold wallets and offline signing.
• Introduction article on Bitcoin.com News.

Who Can Benefit

• Users who prioritize the control and transparency offered by open-source.
• Bitcoin and Monero holders interested in an air-gapped solution without dedicated hardware.
• Those who operate in contexts with logistical or customs frictions related to shipments.

For those who require hardware certification requirements, secure element, and advanced physical protections, hardware wallets continue to represent a benchmark solution.

Conclusion

Cupcake implements a practical approach to offline custody by utilizing unused phones, integrating QR signing, isolated keys, and open-source code.

In fact, it is an accessible and potentially robust solution if configured carefully, while presenting limitations due to the absence of dedicated security components typical of hardware wallets. The choice depends on the risk profile and the level of operational discipline that the user is willing to maintain.

Notes and sources

• As of September 2025, no independent audits specific to Cupcake have been published; any third-party verifications should be considered for a comprehensive evaluation.
• The phrase “no network permission” should be verified by consulting the official store pages and release notes, as configurations and permissions may vary depending on the platform and version.
• The prices indicated for hardware wallets are based on the manufacturers’ public price lists as of the current date (September 2025).