MercadoBitcoin's review was removed due to a DMCA takedown notice and I had forgotten to put it back up until the Foxbit takedown notice.

Today the latter just had its deadline to take court action expired, so I will re-instantiate it, too.

Back then this was right but Electrum for Android turned reproducible meanwhile.

There is only one wallet so far that donates to WalletScrutiny and that is Unstoppable. We made that transparent.

We are considering to add affiliate links wherever applicable - hardware wallets mostly - but it's problematic as it might color our judgement. Regarding the importance of hardware wallets as a whole for example. Not all agree that they are beneficial to users' security and prefer commodity hardware, preferably from before 2009.


Smoke and mirrors. The upside of keeping the keys around for a rainy day is gigantic and as any magician can explain to you, it's trivial to convince people there was no rabbit in the hat until you pulled it out. No matter how complex the ceremony of key generation, the designer can make sure to keep a copy.

#metoo

That didn't pan out as planned did it I would appreciate some first-hand information. Is this Razor defunct or still good? I see it's out of stock and successfully tested the firmware for reproducibility.

Well, that's probably worth mentioning in my review.


How not? last commits were 23 days ago.

OP presents SEs as green/good and lack thereof as red/bad. I agree that there is certain situations where a SE can save the day but equally does the SE with their NDA-requirement and secrecy lead to a situation where we trust a black box a whole lot for being our own bank and throw "don't trust - verify" too easily over board.

Especially hardware wallets that use their SE's TRNG as sole source of entropy should be called out! Nobody can prove the TRNG to be truly random and in the worst case it just creates hash("you won't guess this", serialNumber, sequenceNumber) "random" numbers that the inventor can trivially guess. Such a hardware wallet would allow the provider to know all the private keys generated by all the users, putting him in the position of being able to pull the rug at any time.

Please add in the OP:

• Is a single TRNG the sole source of entropy?
• Can the used entropy be audited or does the chip that mungs together all entropy spit out a master seed without accountability?
• Does the MCU trust the SE? To my understanding, BitBox02 does not entrust the SE even to hold the master seed. It only holds a symmetric key to decrypt the master seed stored outside the SE.

As you can see in my footer, I work on WalletScrutiny where my primary goal is to prevent rug pulls as I see them as a systemic risk if we get another MtGox situation where half the community is affected. Reliance on a compromised TRNG is one of my big concerns.

Cringy :/ I used the term "open source" in a sloppy way, too but once somebody complained, I replaced it everywhere with "public source", as that is what I need to reproduce binaries.


WalletScrutiny is certainly not created to advertise any specific products. I did work for Mycelium before but I quit because of this conflict of interest and I'm pretty open about my disagreements in direction when it comes to shitcoins. Ideally WS would be easy to fork though but I don't dare yet to make the reviews themselves creative commons or something. The framework and tools are open source already though.

There is not much information on the product and I try to make a review for WalletScrutiny but am right now in the dilemma that the firmware binary is reproducible but the companion app appears to be going south, with mostly scam accusations recently.

Also on https://bithd.com there is no social media links or links to bitpie, while bitpie has broken links to Play Store and the relation of the two ... well, it gets explained in a medium post.

Are they still around? Is this just user errors and poor communication? Maybe a language issue?

I can't find the Razor on sale neither. At least not in English. And hardware wallets should probably always be bought from the manufacturer anyway but they never sold it on their website, right?

I feel like bitcoinbinary was launched as a reaction to WalletScrutiny's review of ColdCard. It's @NVK's project.

We look at claims about the functionality of the device to see if it falls into any of the k.o. criteria like not having a screen to verify what you approve. Then we look for the source code and the binary. If the source code compiles into the binary, the wallet is reproducible. Check out our full methodolgy.


I think we have all the products you list. We have to review most of them still.

Hi dkbit98,

WalletScrutiny is a ton of work and we are a small team, only.

In our Methodology you can read our priorities:


Today I tested the latest releases of AirGap Vault and Green Wallet. Today, Green was a bit more work than usual.


We really hope to see more reproducible products, so we always have an eye on the dozens of open issues.


That is the a catch-all for improving scripts, design and often just investigations. It's probably the bulk of the work.


For Android we have a good proxy for relevance - downloads. For iPhone we don't and neither for hardware wallets.

Unfortunately we are not progressing in the top category as fast as I wish we would but that has to do with severe lack of people to work with code. The k.o. criteria (custodial, bad interface, defunct, ...) are verdicts relatively inexperienced Bitcoiners can come to but when it comes to reproducing a wallet, it's mostly on me. Emanuel also does play with code and does a ton of work but refuses to open merge requests, so writing the difficult reviews is all on one person that also looks into all the other stuff.

So ... if you want to help, there is a ton to do from simple triage to compilation to design to spreading the word.

Two years later, the thread had no replies, the website is down but ... the wallet has 1000 downloads on Google Play. Whats up? Is this project still alive? On GitHub there was also a long silence since 2019.

I'm poking around for inclusion in WalletScrutiny: https://walletscrutiny.com/android/tech.hodler.core/

LN Blue wallet is by default custodial and does not warn the user.

I see your point for LN-only wallets like Phoenix but else, the protocol not being as good as Bitcoin in the presence of an actual non-custodial Bitcoin account doesn't make the wallet custodial. Maybe Phoenix is "not a BTC wallet" but certainly not custodial.

Sure, you can but nothing tells the user he should and the website and wallet description claim self-custody while the default LN account is not self-custodial and "- This wallet is
hosted by BlueWallet." does not convey the fact that they can do whatever with the user's funds.


I personally would not touch Liquid Bitcoins as the current setup is not self-custodial to my own standards but I do not dig deep into all the shitcoins and protocols and personally draw the line around BTC. So if 8(?) federation members collude, they can steal your coins? There are bugs where the federation collapses and Blockstream can single-handedly spend the bitcoins? Yes, not something I would want to get tangled up with but it's not deceptive on the wallet level. It's only deceptive on the protocol level. The wallet does nothing wrong. If I would categorize it as custodial, I would have to do the same with all that support any shitcoin.

Please read the verdict explanation on all the non-verifiable wallets including the custodial ones:


WalletScrutiny is about providers of binaries, currently on the Play Store and the App Store, not about the protocol maintainers/developers.

First time I hear about Tangem.

https://tangem.com/apps/ looks like a companion app  which would not be reviewed by us but in the case of Ballet I made an exception as the private keys are handled by that "companion" app but in the case of tangem ... as the card has no display it can only blindly sign and surrender data it's been asked to do, so while it might not surrender the private keys, the "wallet" might empty the full account while the user thinks to be paying a coffee. Not funny. Not sure how to add it to walletscrutiny.

The "audited" section is to avoid confusion of what we do. We do check reproducibility. That is we test if reviewing the code has any relevance for the binary the provider released. We do not audit wallets. Others might have audited wallets and certainly wallet providers make that claim.

If you find any factual errors, please let us know, ideally via our gitlab. The verdicts are very objective and follow the "methodology" linked in the top of the site.

We are exploring what to do about hardware wallets. Those work very differently and need a very different methodology. We will first expand to other software wallets.

The fact that you thought BlueWallet was self-custodial while implying to know the product tells me everything about why we have to keep the verdict as is for the time being. The provider added a pathetic "This wallet is hosted by BlueWallet" in the LN account creation and calls that a disclaimer.

So again, please show me one wrong categorization!

Uhm ... I suppose that button works on that tropical island, too. During Covid-home-office, he can pretend from the beach. I didn't mean to say that going to work normally would be a good idea although there is ways, too. If Dave is the release manager, he could "catch a backdoor" that conveniently deleted all its traces of infection. He'd just have to make sure to mix well that stash.


The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.


People trust non-reproducible wallets provided by anonymous developers. They trust custodial wallets that make no statement about using cold storage. Yesterday I reviewed a Ballet, a wallet that uses provider-generated BIP38 paper wallets and calls those "hardware wallets" and the app "companion app" and it's ok because Charlie Lee is running this shop. Unfortunately most people in the space are not at all literate about cryptography.

I agree. My approach on that (not sure if I shared it here in this thread) is a monitoring app that can pull the plug (switch phone offline). This feature could maybe be added to the wallet itself with less than 100 lines of code, to make sure the wallet becomes less of a target for hackers as pulling the plug would happen for all users, not only those that run an extra app if something weird is detected but for a start it also works as a separate app. That app would detect every install of a relevant app (enlisted Bitcoin wallets) and check the fingerprint with ideally more than one independent server. If the hash is unknown, upload the apk and go offline. If the server finds the apk to be a non-white-listed release, signed with the provider's keys, it triggers an alert. All that run the app get their phones switched offline (or otherwise updates disabled) and a notification shown. For this to work, the provider has to publish their soon to be releases, reproducible binaries (maybe without signature if they don't want users to update to it just yet) for white-listing.


The machine or the machine's administrator. Under duress, who knows what would happen?


Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.


Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.


It signals but the open source community also helps fix issues at times. Mycelium got several issues fixed thanks to outside contributions.


Public Source doesn't proof security. It only can make it painfully obvious if the app lacks security. Any app that cannot be deterministically built cannot avoid a single point of failure. A closed source app skips that scrutiny and has less of an incentive do do things right. Without really technical people demanding it, managers let it slip down in priority until "Dave" actually pulls it off and goes on prolonged vacation. (You actually got your cast wrong. It's Eve who goes on vacation )

I agree with many of your concerns. I'm not a contributor to YetiCold and only had a lengthy call with the main contributor @JWWeatherman_ which probably is worth nothing if in the end people lose funds but it might have skewed my confidence. I edited my comment above.

Your comment sounds like I was part of YetiCold. I am not. I just see this project is addressing many things in a very good way although I have not audited it very carefully. Many concerns can be mitigated the way they step through the whole process but one of my criticisms was also that there is no concise instructions one could read from start to finish. You actually have to do it to know how it goes. @JWWeatherman_ counters this with the videos that show the whole process.