The Kaspa Frost Card

Why fully open source hardware is the competitive advantage

Tangem's Open Source Problem

Tangem claims transparency. Here's the reality:

Card firmware — Closed source. Nobody outside Tangem has seen the code running on your card. You trust their employees wrote it correctly. You trust there's no backdoor. You can't verify any of this.
SDK (Android/iOS) — Open source. But this is just the communication layer between the phone and card. It doesn't handle keys or signing. Publishing this is like publishing the envelope but not the letter.
App — Partially open. The companion app code is available but the core card operating system is not.

The most critical code — the firmware that generates your keys, stores them, and signs your transactions — is the one thing Tangem keeps closed.

That's like a bank saying "our vault door design is proprietary, just trust us."

FrostCard: Fully Open Source

Every line of code that touches your money is public:

JavaCard applet — the code running on the secure element. Key generation, signing, hot key export. Fully auditable.
Flutter app — the entire mobile application. Every screen, every provider, every API call.
Covenant scripts — the SilverScript covenants deployed on-chain.
Build instructions — how to compile and verify everything yourself.

The hardware secure element (NXP J3R200) is the only closed piece, and that's independently certified EAL5+ by third-party labs. The chip is trusted. The code running on it is verified by the community.

Does Open Source Hurt Security?

No. The opposite. It makes it stronger.

The card's security comes from the hardware — the NXP secure element physically cannot export private keys. That's what EAL5+ certification means. Independent labs verified the silicon is tamper-resistant. No amount of code reading changes that.

The applet running on the chip does three things: generate keys, store keys, sign hashes. These are standard cryptographic operations. There's no secret sauce. Hiding the code doesn't make them more secure — it just makes it impossible to verify they're done correctly.

Code is public Code is hidden

Bugs found by

Everyone, before exploits

Hackers, after exploits

RNG quality

Independently verified

Trust the company

Backdoors

Can't survive scrutiny

Impossible to rule out

Security model

Don't trust, verify

"Trust me bro"

Every serious cryptographic system in history is public: AES, RSA, SHA-256, Bitcoin, TLS. The algorithms are known. The security comes from the math, not the secrecy.

This is called Kerckhoffs's principle — a system should be secure even if everything about it is public except the key.

Your private key is the only secret. The code that handles it should not be.

DIY Users Are Your Best Marketing

Here's what Tangem doesn't understand about open source hardware.

Anyone can buy blank J3R200 cards for $8 and flash the FrostCard applet themselves. They don't need to buy from us. And that's exactly the point.

The people who flash their own cards are:

Security researchers who audit the code for free
Developers who find and fix bugs
Crypto influencers who tell their audience "I verified every line, it's legit"
The most credible voices in the space — the ones who won't shill a closed-source product

When these people say "I built my own FrostCard card from source and it works exactly as claimed" — that carries more weight than any marketing campaign. That's unimpeachable trust.

Then they tell normal users: "Just buy the pre-flashed card for $25, I've already verified the code for you."

The DIY community becomes your unpaid sales force. They don't cost you revenue — the people who flash their own cards were never going to buy a pre-made one anyway. But their endorsement converts thousands of people who will.

Tangem can never have this. Their firmware is closed. Nobody can independently verify what's running on a Tangem card. In crypto, that's a liability.

Full transparency is the moat. The code is the proof. The community is the marketing team.