Why Fully Open Source

Every line of code that touches your money is public. Here's why that matters.

Tangem's Open Source Problem

Tangem claims transparency. Here's the reality:

Card firmware — Closed source. Nobody outside Tangem has seen the code running on your card. You trust their employees wrote it correctly. You trust there's no backdoor. You can't verify any of this.
SDK (Android/iOS) — Open source. But this is just the communication layer between the phone and card. It doesn't handle keys or signing. Publishing this is like publishing the envelope but not the letter.
App — Partially open. The companion app code is available but the core card operating system is not.

The most critical code — the firmware that generates your keys, stores them, and signs your transactions — is the one thing Tangem keeps closed.

That's like a bank saying "our vault door design is proprietary, just trust us."

FrostCard: Fully Open Source

Every line of code that touches your money is public:

JavaCard applet — the code running on the secure element. Key generation, signing, backup locking. Fully auditable.
Flutter app — the entire mobile application. Every screen, every provider, every API call.
Covenant scripts — the on-chain spending rules deployed to the Kaspa network.
Build instructions — how to compile and verify everything yourself.

The hardware secure element (NXP J3R200) is the only closed piece, and that's independently certified EAL6+ by third-party labs — same grade as Tangem's Samsung chip. The chip is trusted. The code running on it is verified by the community.

Does Open Source Hurt Security?

No. The opposite.

The card's security comes from the hardware — the NXP secure element physically cannot export private keys. That's what EAL6+ certification means. Independent labs verified the silicon is tamper-resistant. No amount of code reading changes that.

The applet running on the chip does three things: generate keys, store keys, sign hashes. These are standard cryptographic operations. There's no secret sauce. Hiding the code doesn't make them more secure — it just makes it impossible to verify they're done correctly.

Code is public Code is hidden

Bugs found by

Everyone, before exploits

Hackers, after exploits

RNG quality

Independently verified

Trust the company

Backdoors

Can't survive scrutiny

Impossible to rule out

Security model

Don't trust, verify

"Trust me bro"

Every serious cryptographic system in history is public: AES, RSA, SHA-256, TLS. The algorithms are known. The security comes from the math, not the secrecy.

This is called Kerckhoffs's principle — a system should be secure even if everything about it is public except the key.

Your private key is the only secret. The code that handles it should not be.

DIY Users Are Your Best Marketing

Anyone can buy blank NXP J3R200 cards, compile the FrostCard applet from source, and flash them themselves. They don't need to buy from us. And that's exactly the point.

The people who flash their own cards are:

Security researchers who audit the code for free
Developers who find and fix bugs
Crypto influencers who tell their audience "I verified every line, it's legit"
The most credible voices in the space — the ones who won't shill a closed-source product

When these people say "I built my own FrostCard from source and it works exactly as claimed" — that carries more weight than any marketing campaign. That's unimpeachable trust.

Then they tell normal users: "Just buy the pre-flashed card, I've already verified the code for you."

Tangem can never have this. Their firmware is closed. Nobody can independently verify what's running on a Tangem card. In crypto, that's a liability.

Full transparency is the moat. The code is the proof. The community is the marketing team.

FrostCard — The first fully open-source NFC cold wallet for Kaspa