Ellipal X Card Cold Wallet Guide: Overview, Security, and Setup

ELLIPAL X Card Cold Wallet is a hardware wallet in the form of a bank card. It stores your seed phrase in its secure chip. To sign transactions, simply tap the card to your smartphone (NFC), providing both convenience and a high level of security. This eliminates the transmission of private keys to an online environment.

The card wallet is fully managed through the Ellipal mobile app (for iOS and Android), which allows you to buy, sell, swap, send, receive, and stake crypto.

However, it is not compatible with PCs, iPads, or laptops due to their lack of NFC support.

The card supports 40 blockchains and more than 10,000 tokens on those networks. The major ones are definitely included: BTC, ETH, SOL and the ERC20, BSC, TRX networks, among others.

Included in the package – a starter for offline generation and writing of the seed phrase to the card, the XCard itself with NFC, an RFID-blocking sleeve, a USB-C cable and charger, a recovery seed phrase card, and a user manual.

The starter is equipped with a screen and buttons and operates completely offline. It is used only for the initial setup and does not support transaction verification.

Now lets move on to the most important aspect of any wallet – asset protection.

Security, Drawbacks, and Feature Overview

In terms of security, there are both positives and negatives here.

These three points describe the fundamental hardware security measures: from physical defenses to isolating keys within a certified secure chip.

Its good that the starter still allows us to write down the seed phrase. Not all card wallets provide this.

Additionally:

• RFID-blocking sleeve – the included sleeve blocks unintended taps of the card.
• PIN code as protection – a PIN (6–16 digits) is required to access the card.

Now lets move on to the drawbacks.

Now lets move on to the economic aspect. Through the app, you have access to the following:

Now its time to test all these features and security in practice. To do this, lets set up a new wallet.

Creating a New Wallet

First, remove all stickers from the starter, then power it on and insert the X card so that the chip is positioned as shown in the image.

After that, select Create Wallet (do not remove the card until the process is complete). You can choose a 12, 18, or 24-word seed phrase.

Of course, its better to choose a longer phrase.

For experts: in the options, you can enable a passphrase. It can only be set during the initial setup of the card. See the passphrase section below to understand what it is and how it works.

Next, set a PIN code – interestingly, the PIN length can be any number of digits. Once it reaches six digits, a checkmark appears, but you can continue entering to create an even longer PIN.

It is important to note that the PIN code on the card cannot be changed! If you forget it, the only option is to enter the wrong PIN 10 times to wipe the data, then go through the full recovery process – re-enter the seed phrase and write it to the card with the starter.

Now the wallet will start being created. This takes about 30 seconds, after which it asks whether you have a backup card.

Since we dont have one, choose No and continue with backing up the seed phrase.

Backup

When the warning appears: the recovery phrase is the only key to your assets.

Store it securely, otherwise access will be lost forever. Write down the seed phrase on the recovery card exactly as shown.

However, note that the word order on the card does not match the order on the screen, which can be confusing.

After all the words are written down, the starter asks to confirm only three of them. The starter has done its job, and you can safely hide your seed phrase and power off the starter.

After confirmation, a message appears that the card has been created and you can link it to the mobile app.

Linking to the App

Find the Ellipal app in the App Store or Google Play.

Unfortunately, Ellipal did not print a QR code for downloading in the included manual.

Install the app, open it, tap Cold Wallet. Then select your new X card. The app will warn that you should only connect the card after initializing it with the starter, which we have already done. So tap Connect X card.

Enter the PIN code and tap Submit. The app will then ask you to place the NFC area of your phone near the card (approximately where the chip is located).

Now select which coins to display in the interface.

Congratulations. You have successfully created your card wallet!

How to Use

Now you have a combination of a card wallet and the mobile app. Only the keys are stored on the card, and all operations are performed in the app. However, without the card, you cannot do anything in the app if your wallet type is Cold Wallet.

After successfully linking to the app, you can send and receive crypto as usual, swap assets directly in the app, buy and sell via integrated services, and also stake supported tokens – ADA (3.9% APY), ATOM, XTZ, DOT, and KSM.

The app also has a built-in dApp browser for interacting with decentralized applications, although for serious dApp activity we recommend using a separate wallet.

How to Create an Address

To receive an address, select a coin and tap Receive. The app will show the BTC address and a QR code.

However, XCard has no screen, so you cannot verify on the card itself that this address was indeed generated by the card. This is one of the drawbacks of using a smart card.

How to Deposit

Depositing to the wallet is done in the standard way: obtain the address in the app and send crypto to that address from another wallet or exchange.

Once the funds arrive, the balance will appear in the app even before the transaction is confirmed, because the wallet sees on the blockchain that the transaction has been broadcast to the network.

How to Withdraw

To withdraw crypto from the card:

1. Select a coin and tap Send.
2. Grant the app permission to use the camera.
3. Scan the recipients address using the camera.
4. Enter the amount and, if desired, manually lower the fee (but not below the minimum threshold).
5. Review the transaction details.
6. Tap Next.
7. Enter the PIN and tap the X card to the phone.

Thats all. Wait for confirmation that the transfer was successful.

The main point is that XCard does not actually verify any transaction details on the card itself. It fully trusts whatever comes from the app. This is why we call such devices blind signers.

Advanced Settings

In the card settings, you can personalize it by giving it a name through the wallet interface (for example, demo), and manage multiple cards linked to a single starter.

The card itself has limited functionality, but the app offers the full feature set: asset management (assets), market tracking (markets), swaps (swaps), and DeFi integration (Discover).

There are also profile settings such as address book and local currency balance display settings.

For all important and hidden app capabilities, see the full guide on the Ellipal mobile app.

And now we will return specifically to the card, the starter, and everything related to them.

Passphrase

A passphrase (passphrase) is an additional secret word or set of words that is added to the main seed phrase (12 or 24 words) to create an extra layer of protection for your crypto wallet.

Without this passphrase, even knowing the seed phrase, you cannot access the funds. Passphrases allow you to create different wallets based on the same seed phrase, significantly enhancing the security of your crypto holdings.

This feature is hidden in the Options menu and is turned off by default, reflecting its advanced nature.

The card supports passphrase, but it works differently than on other hardware wallets. For smart cards, the passphrase must be set at the very beginning during device initialization, because the card does not have the computing power to combine your seed phrase and passphrase in real time to open the wallet.

As a result, with wallets that use a passphrase, each additional word creates new wallets based on the base phrase with unique addresses and balances.

This is in line with how other Ellipal devices operate, such as the Titan series.

It should be understood that enabling a passphrase makes it part of your seed phrase, so it absolutely must be written down. Losing the passphrase means permanent loss of funds.

Import and Recovery

To recover the card:

1. Turn on the starter.
2. Insert a new, blank X Card. Choose the seed phrase length and enter it.
3. The starter will recover your private key offline and write it to the new card.
4. Done. Youve regained access to your assets.

Also, after 10 incorrect PIN entries, the card automatically wipes and resets, after which you need to repeat the recovery process with the starter.

Whats Inside the Starter and the About Menu

Inside the starter is an MH2101 chip. This single-chip controller handles everything, including the card interface. If you attempt to tamper with the microcontroller, the tamper protection triggers, preventing unauthorized interference and the creation of insecure seed phrases.

The only option we havent looked at in the starter menu is About, which simply displays the firmware version running on the device. Theres also a reminder here that the starter is only needed to set up your cards. It never stores any information and remains 100% offline. Essentially, this device is responsible for generating the seed phrase.

Conclusion: Critique and Should You Use It?

In the end, on one hand, the card tries to combine the simplicity of a hot wallet with some of the security features of a cold wallet.

Downside

First, the card has no screen, making it a blind signer – you cannot verify transaction details (e.g., recipient address or amount) directly on the device. This creates the risk of signing malicious transactions if an attacker tampers with the data in the app.

The second drawback is that the starter is closed-source – you cannot verify how seed phrases are generated and whether cryptographic security is ensured. This forces you to rely on trust in the manufacturer, which contradicts the principles of decentralization and transparency important to the crypto community.

Additionally, the card suffers from limited flexibility. The PIN code cannot be changed after being set without a full device reset, and passphrase support only works during initialization, preventing dynamic use.

The recovery process also raises concerns – resetting the card via the starter does not require entering the PIN, making the device somewhat vulnerable to physical access attacks.

There are also design weaknesses. The exposed chip on the card is susceptible to moisture and physical damage, and the lack of an IP68 rating (unlike competitors) reduces its reliability in everyday use.

All of this, combined with the closed nature of the Ellipal ecosystem as a whole, calls into question positioning the XCard as a universal solution for those seeking a balance between convenience and security.

Comparison with Tangem Card and Competitors

Criterion	Ellipal X Card	Tangem
Seed Phrase Generation	Uses an offline device (starter), eliminating internet-related risks.	Generated through the app (requires internet connection).
Security	Closed-source, EAL6+ chip	Partially open-source, regular audits, IP68 rating (water/dust resistance).
Durability	Exposed chip, less protected against damage.	Sealed casing, high durability.
Price	Cheaper ($69), but requires additional cards for backup.	More expensive ($54), but includes 2 or 3 cards.
Features	Long PIN (up to 16 digits), no Seedless option to operate without a seed phrase.	Has a seedless option, focusing on simplicity and reliability.

Other competitors include cards from DCENT and Arculus, each with their own pros and cons.

Whether to use this wallet or choose one from the comparison ranking is ultimately up to you.

Support:

• User support page.
• Contact email: [email protected].
• Contact us page.