🏦

One vault,on purpose.

Most wallets hand you a fresh address every time, and call it privacy. On a transparent chain like Kaspa, that promise quietly breaks — and it makes covenant protection harder to keep honest. FrostCard made a deliberate choice: one covenant vault address, protected from the very first coin. Here is the decision, and the reasoning behind it.

See why
The Core Problem
Two things people want — that pull against each other

Privacy — give each sender a unique address, so no one can link your transactions together or see your total balance.

Covenant protection — lock funds behind on-chain rules (a whitelist of where money can go, an inheritance heir, a freeze switch) that are baked directly into the address itself.

What a covenant isA normal address is just a destination. A covenant address is a destination with rules attached — the chain itself will only release the coins if the spend obeys those rules. FrostCard uses one to enforce your whitelist, your heir, and your freeze.
⚔️
Why the two fight
A covenant script contains the owner's public key. A different address means a different public key, which means a different script, which means a different P2SH covenant vault. So "a fresh address per sender" isn't free — every new address would need its own covenant deployment to stay protected.
P2SH covenant vault, in plain words"Pay-to-Script-Hash" — the address is really the fingerprint of a little rulebook. Coins sent there can only be moved by a spend that satisfies that rulebook. One vault = one rulebook. A hundred addresses = a hundred rulebooks to build, fund, and keep in sync.
The Honest Part
Rotated addresses aren't real privacy here

Kaspa is a transparent UTXO chain. Every coin and every movement is public, forever. Handing out fresh addresses feels private — but the moment you ever spend two of them together, or sweep them into one place, chain analysis links them right back to you.

UTXO, in plain wordsThink of your balance not as one bank number but as a wallet full of individual bills ("unspent transaction outputs"). To pay someone you hand over specific bills. Which bills you combine is public — and that's exactly what gives you away.
The co-spend heuristicAlso called common-input-ownership. When a single transaction spends coins from several addresses at once, analysts assume one person owns all of them — because almost always, one person does. So the instant you combine "private" addresses to make a payment, they collapse into one identity.
🔗
Watch the rotation un-rotate
You receive into five fresh addresses, feeling unlinkable. Tap below to spend them — the way you eventually must — and watch chain analysis stitch them back into a single owner. On a transparent chain, address rotation buys delay, not secrecy.
Five "private" receive addresses
The Mental Model
A vault, not a checking account

A checking account churns addresses because its job is everyday flow. FrostCard's job is the opposite: hold a lot, safely, for a long time, under rules you can prove. That's a vault. A vault has one heavy door, not a hundred mailboxes.

🏦
One door you can inspect
With one covenant vault, there is exactly one rulebook to audit, one heir setting, one whitelist, one freeze switch. Anyone — including you — can look it up and verify it on-chain. Spread across a hundred rotating vaults, "is my inheritance actually set everywhere?" becomes a question you can't easily answer. Verifiability is the product.
HD wallet, in plain wordsA "hierarchical-deterministic" wallet grows an endless tree of addresses from one seed. Great for spending wallets. But every branch you fund is another covenant to deploy and another thing to keep in sync — which is why a vault doesn't want a tree, it wants a door.
The Options We Weighed
Three honest designs — and their real costs

A · Single Address, Single Covenant

Simplest FrostCard's choice

One address forever. One covenant. No rotation. This is what Tangem does.

Simplest possible design — one covenant deployment, one tap, done

Rule changes affect one address only — one sweep, one tap

Recovery is instant — derive index 0, done

Zero confusion for the user

Tangem does this with millions of users

Smallest attack surface — less code, fewer bugs

Zero privacy — every sender sees the same address

Anyone can look up your full balance and entire history

Address reuse is a known weakness on UTXO chains

For: "We're a cold vault. Privacy is not our job. We protect funds. Simple, auditable, one address."

Against: "Everyone who pays you knows your full balance and entire transaction history."

B · Pre-Covenanted 84 Addresses, Sweep on Rule Change

Gold standard

84 addresses deployed with covenants before any funds arrive. A fresh address per receive. When rules change, rebuild all 84 and sweep funds 1-to-1 (old address 1 → new address 1) to preserve distribution.

Real privacy — each sender gets a unique address

Covenant protection from the first receive — no timing gap

Rule changes preserve privacy — 1-to-1 sweep, no consolidation

All 84 deployed in one card tap via batch signing

Rule changes require sweeping all funded addresses — more taps

More complex recovery — gap scan + covenant decode for all addresses

If a user accumulates 500+ addresses, rule changes take many taps

More code = more surface area for bugs

The 1-to-1 sweep pattern is itself detectable by chain analysis

Rule Change · 200 Funded Addresses

A user changes their heir. The app rebuilds 200 covenant scripts and signs them in 3 batches (84 + 84 + 32 = 3 taps). 200 sweep transactions broadcast. Privacy is preserved (1-to-1, not consolidated) — but the 1-to-1 pattern is still detectable by chain analysis.

For: "Privacy AND covenants. No compromises. The complexity is in the code, not the UX."

Against: "Complexity kills in security products. A bug in the sweep logic could lose funds. We're building for billions — simplicity is safety."

C · Privacy Addresses + Single Vault + Sweep

Balanced

Rotating receive addresses with no covenants. One vault address that does have the covenant. The app prompts you to sweep from the receive addresses into the vault.

Privacy on the receive side — fresh address per sender

Simple covenant management — one address, one script

Rule changes only affect one address — simple and cheap

Recovery is simple

Privacy destroyed at sweep time — all addresses converge to one

Funds at receive addresses are UNPROTECTED until swept

A timing gap between receiving and sweeping

The user must remember to sweep

For: "Honest design. Privacy when receiving, security in the vault, sweep when ready."

Against: "The sweep destroys the privacy. Funds sit unprotected in the gap. Worst of both worlds."

Side by Side
The same three options, every axis at once
A · SingleB · Pre-84 SweepC · Rotate + Vault
PrivacyNoneFullUntil sweep
Covenant on receiveAlwaysAlwaysAfter sweep
Initial deploy fee~0.00002 KAS~0.002 KAS~0.00002 KAS
Rule change fee~0.00005 KAS~0.004 KAS (84 addr)~0.00005 KAS
Rule change taps12–121
Rule change safetyImmediateImmediateImmediate
Simple send fee~0.00002 KAS~0.00002 KAS~0.00002 KAS
KRC-20 send fee~0.0001 KAS~0.0001 KAS~0.0001 KAS
Code complexityLowHighMedium
RecoveryTrivialComplexMedium
Miner-friendlyYesMany taps on rule changeYes
Address reuse, in plain wordsSending to the same address over and over is flagged as a UTXO-chain weakness — column "Privacy: None" for Option A is honest about that. FrostCard's answer isn't to pretend rotation fixes it (it doesn't, on a transparent chain) but to make the one vault radically simple to audit and protect.
Real-World Fit
Who each design actually serves
Normal User — 50,000 KAS holder

Receives from exchanges and friends. Rarely changes rules. Wants it simple.

Best fit: A. Doesn't need privacy. Needs funds safe and the app simple.

Privacy-Conscious Holder — 500,000 KAS

Doesn't want anyone knowing their balance. Does OTC deals where counterparties shouldn't see each other.

Best fit: B. Pre-covenanted addresses give unique receive addresses with protection from the start.

Miner — 100+ block rewards per day

Thousands of UTXOs across many addresses. Needs low maintenance.

Best fit: A. Too many UTXOs for multi-address rule changes. A single address is simplest.

Business — Unique address per invoice

A merchant receiving KAS payments. Needs a unique address per customer for accounting.

Best fit: B or C. Unique addresses with protection (B), or privacy receive plus vault (C).

The takeawayFor the holder a cold vault is built for — store a lot, change rules rarely, prove protection at a glance — the math points at A. FrostCard chose the design where every covenant, every heir, every freeze lives at one verifiable address, and refused to dress up rotation as a privacy guarantee it can't keep.
Don't Trust — Verify
Look it up yourself

The whole point of one vault is that there's nothing to take on faith. One covenant address means one thing to check — and FrostCard is built so you can check it. The rules, the heir, the whitelist, the freeze state: all public, all on-chain, all readable.

One address, one rulebook
Because your funds live behind a single P2SH covenant vault, verifying your protection is a single lookup — not a gap-scan across a hundred rotating scripts hoping each one was deployed correctly. Simplicity is what makes verifiability honest.
Simplicity is a security property
Less code is less attack surface. The sweep logic that multi-address designs need is exactly the kind of place a bug could lose funds. We're building for billions — and at that scale, the simplest correct design is the safest one.
1
vault · one rulebook · zero ambiguity
One door you can inspect — instead of a hundred you have to trust.
FrostCard — the first fully open-source NFC cold wallet for Kaspa