Author

Topic: New software wallet: SecureBTCWallet.com (feedback appreciated) (Read 333 times)

legendary
Activity: 2730
Merit: 7065
What are those reputable parties, or at least give us a party that reviewed the wallet code, if not, are you willing to send the code to someone here to review it?
OP hasn't responded back in his thread since 15 November. I don't think he likes the direction this discussion has taken, and we might not here back from him again.

Technically if they took and open source project they really can't close source it after that.
Technicalities aside, people can do all kinds of things. Isn't the code for ColdCard hardware wallets based on open-source projects that they took, modified, and later changed the license to one that no longer allows the code to be distributed further and used by others?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
It surprises me you were even able to code this while not having any understanding of wallet types.
Who knows who did the coding. It might even be based on a codebase of a perfectly fine and open-source project that was just modified and became closed-source after that. None of the claims made in the OP can be independently verified or confirmed. And because they are brand-new, no one is going to take their word for it.

Technically if they took and open source project they really can't close source it after that.
But beyond that since I actually just read this line from the OP

Quote
"For maximum safety and anonymity, we recommend our users to use localbitcoins to buy & sell Bitcoins" states the company.

That's right for maximum safety and anonymity use a KYC exchange that has been hacked.

1) The wallet cannot be verified.
2) Even if it is legit (which I doubt) as far as I can see you can't change what server it connects to so it's not private
3) The recommended a bad mediocre at best exchange.
4) From what Husires posted only support legacy addresses.

Time to just mark this as either a scam or a total waste of time.

-Dave
legendary
Activity: 1596
Merit: 1288
I read this from your site: https://www.securebtcwallet.com/

Quote
Security by Obscurity: SecureBTCWallet is closed-source to keep it off of preying eyes. It is audited internally, and it's open to outside audit by reputable parties
What are those reputable parties, or at least give us a party that reviewed the wallet code, if not, are you willing to send the code to someone here to review it?

Quote
With only three HTTPS calls, SecureBTCWallet is the safest go-to-address for HODLers.
How to be safe while you are based on an online wallet?

From the image in the wallet, it appears that your wallet lacks criteria:

  • Possibility of sending to several addresses.
  • Possibility to change the address.
  • Possibility of writing the number in dollars.
  • No support for any new bitcoin addess (SegWit  or bc1 address) or you only support Bitcoin Legacy.

legendary
Activity: 2730
Merit: 7065
It surprises me you were even able to code this while not having any understanding of wallet types.
Who knows who did the coding. It might even be based on a codebase of a perfectly fine and open-source project that was just modified and became closed-source after that. None of the claims made in the OP can be independently verified or confirmed. And because they are brand-new, no one is going to take their word for it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I understand the appeal of security by obscurity.
I don't. What's obscure isn't necessarily secure, especially in software engineering. Besides the point pooya made, that we need to trust some complete stranger's coding skills as well as his intentions, there's no indication that something being closed-source is something secure. Just because you're taking away the ability for legitimate people to question security, it doesn't mean that you're getting rid of attackers as well.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Has there been any decent legitimate BTC wallet in recent memory that is closed source?
Technically being closed source contradicts being decent and legitimate.
This is why the only reason a super shady wallet such as Coinomi has any userbase is because they offer a service that most people are looking for and can't find elsewhere (having multiple shitcoins in one light client).


True, but there are still a few that I would I don't want to say trust, but more like 'not loose sleep over' to have some funds in them for a bit.
The problem is that with all the open source ones out there, there is no reason to use them except for very limited circumstances.

i.e. coinomi, no I don't have any real crypto in there, but since I due play with alts [note play, not use, not invest in, **play with**] it's easy enough to have it on my phone to see what is what.
I use the bitpay wallet to access my bitpay card. Many people think BitPay is evil and whatever. Not going to get into that here. They still have one of the better crypto debit cards out there.
And so on.

But, the wallet that the OP posted about.....
https://www.youtube.com/watch?v=_Uvcra0Gnus

-Dave
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
With only three HTTPS calls (one to check balance, another to check the network fees, and the final one to submit *signed* transactions), no personally identifiable information is ever submitted, and it is designed to be very secure and easy-to-use. In a sense, it is similar to hardware wallets. Like Electrum but without the whistles and bells.
If it's a restricted version of Electrum, why should users use your wallet instead of it?
And how is a literal simple software wallet 'similar to hardware wallets'?

It surprises me you were even able to code this while not having any understanding of wallet types.

Thank you. Looks simple and amazing!
Why do I have a suspicion that nobody creates a fresh account just to write this comment, after all other comments by knowledgeable users who've 'been around' explain how it is a bad idea to try this?
legendary
Activity: 3472
Merit: 10611
Has there been any decent legitimate BTC wallet in recent memory that is closed source?
Technically being closed source contradicts being decent and legitimate.
This is why the only reason a super shady wallet such as Coinomi has any userbase is because they offer a service that most people are looking for and can't find elsewhere (having multiple shitcoins in one light client).
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Has there been any decent legitimate BTC wallet in recent memory that is closed source?

I know coinomi and some other multicoin ones are closed source, or at least don't have the current versions out there but I can't find any BTC only that don't have their code available to poke around.

Granted I only looked at the top 10 or so. But a new account, and closed source, probably not legit.

-Dave
 
legendary
Activity: 2212
Merit: 7064
With only three HTTPS calls (one to check balance, another to check the network fees, and the final one to submit *signed* transactions), no personally identifiable information is ever submitted, and it is designed to be very secure and easy-to-use. In a sense, it is similar to hardware wallets. Like Electrum but without the whistles and bells.
This is in no way similar to any hardware wallets that are intended to keep secrets offline and never connected to internet.
I suppose your wallet is closed source because you didn't posted any github link, and nobody can verify your wallet is doing anything you say.
Electrum wallet doesn't have any bells and whistles, but it has years of work from developers and contributors, and it is open source software.
There is little information on your website and I am really not ready to take any risk installing and testing this software with real BTC.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Thank you. Looks simple and amazing!

Thanks!

Even if I wouldn't have downloaded that software for my use (for the already said reasons), after seeing this new account only created for making this post (hence most probably by yourself), I would be even more wary.
Plus, as the others have shown, your posts show that you lack certain crucial knowledge...
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I believe in security by obscurity

I understand the appeal of security by obscurity. So i'll just say commonly used phrase "Don't Trust, Verify".

Most importantly, never ever put all your Bitcoins on a single wallet! Always use 24-letter BIP39 seeds (do not rely on proprietary seed protocols, like Electrum’s) — preferably pick it yourself instead of having the software generate it for you, because the software may be compromised.

1. Making user choose their own words could lead to lower entropy. And since BIP39 seed has checksum, they have limited option for last words.
2. If you think the software may be comprised or generate not-random BIP39 seed, IMO you should look for different software.
legendary
Activity: 2268
Merit: 18771
-snip-
That's all well and good, but does absolutely nothing to address the fact that a brand new account with no reputation is asking people to download and install closed source software. (And also appears to have registered a second newbie account to "vouch" for himself.) Sorry, but that's a scam in my books until proven otherwise.

(do not rely on proprietary seed protocols, like Electrum’s)
Electrum's seed system is not proprietary. It is free and open source. There is absolutely nothing wrong with using Electrum seed phrases, and indeed, their system has some advantages over BIP39 seed phrases.

preferably pick it yourself instead of having the software generate it for you, because the software may be compromised.
This is awful advice. Manually picking a seed phrase is a recipe for disaster. Instead, use open source software (such as Bitcoin Core or Electrum) which you can personally verify to be securely generating entropy.

legendary
Activity: 2730
Merit: 7065
We know Trezor and Ledger are safer options and we recommend people to use them. But this one is free and I think it's best if one diversifies their crypto holding on multiple wallets, so if one gets hacked, you have the other ones available.
Many other reputable and recommended software wallets are also free (for desktop or mobile), so that's not really an argument.

As a best practice, the users would have to choose a cold-wallet such as a hardware wallet that they would need to pay for, or use a desktop based software like SecureBTCWallet. While software cold-wallets are available on both mobile and desktop, mobile wallets are known to be prone to misuse, because they're too accessible. Thus, the desktop is the only viable option if the user is not willing to pay for a hardware wallet.
You don't need a hardware wallet or the SecureBTCWallet at all. Paper wallets exist for truly cold solutions, Airgapped systems can be set up for those that want it, Electrum can be used as either a hot or cold client, or a Live OS can be used over DVD or USB.   

Exchanges are good for buying & selling Bitcoins conveniently. You may also use them to keep some small quantity of Bitcoins readily available for purchasing goods, withdrawing or sending.
There is no benefit in using exchanges in order to purchase goods or sending crypto to another person when you can do all of that from your own private wallet. And you don't need to worry that your coins could be frozen, you could be asked for KYC or source of funds, or be treated like a criminal because your bitcoin has been "tainted" due to its history with gambling platforms or services that particular exchange doesn't like. Some CEXs like Binance provide P2P trading, which is free. That's a plus, but considering how cheap it is to transact with bitcoin, it's not worth risking your coins and having Binance hold on to them. 

  • Keep 0.5 BTC in Coinbase
  • Keep 0.5 BTC in Binance
  • Keep 1 BTC in a Trezor wallet
  • Keep 1 BTC in a Ledger wallet
  • Keep 0.5 BTC in an Electrum wallet
  • Keep 0.5 BTC in a SecureBTCWallet
First you speak out against keeping coins on exchanges and then you suggest holding 1/4 of your bitcoin on centralized exchanges. It can't be both. Unless you are a day-trader who is aware of the risks of using CEXs, no one else should be storing their coins there and using an exchange as a wallet. They are not wallets. They are places you go to if you want to purchase or sell digital assets.
legendary
Activity: 3472
Merit: 10611
I believe in security by obscurity
If you really believe that then I'm not sure if you are competent enough to develop an actually secure software wallet.
You basically want people to first trust a closed source software from an anonymous person that can be malicious, then they have to hope that when malicious people found the bugs and exploits in it they don't lost their money.
newbie
Activity: 3
Merit: 0
Thank you. Looks simple and amazing!

Thanks!

Sorry, but no one in their right mind is going to download a random closed source executable from a brand new account, a domain registered 2 weeks ago, with absolutely no reviews, reputation, or trust. Just asking to end up with malware on your device.

In regards to securitys risks, if anything, do not hold your Bitcoins in exchanges like Coinbase, Binance, OKX, or Gemini. Exchanges are good for buying & selling Bitcoins conveniently. While you have more anonymous alternatives like localbitcoins.com, exchanges are far more easier to use. So yes, they’re preferable. You may also use them to keep some small quantity of Bitcoins readily available for purchasing goods, withdrawing or sending. But that’s about it.

If you’re hodling, or if some portion of your life savings are in Bitcoin, then keep them out of exchanges. SecureBTCwallet.com is not the only option there, you have ample alternatives, and I recommend you to look at them. Including Wasabi which I saw just below this thread on this very forum.

But ideally, spare 80 Euros to store your crypto in hardware wallets. Trezor and Ledger are good examples. Then store in cold wallets like Electrum.org and SecureBTCWallet.com too. This is one step below hardware in security, but it’s definitely more convenient, and free to use.
More importantly, don’t put all your eggs in a single basket. So let’s say you own 4 BTC.

  • Keep 0.5 BTC in Coinbase
  • Keep 0.5 BTC in Binance
  • Keep 1 BTC in a Trezor wallet
  • Keep 1 BTC in a Ledger wallet
  • Keep 0.5 BTC in an Electrum wallet
  • Keep 0.5 BTC in a SecureBTCWallet

As for mobile wallets… Call me paranoid, but I wouldn’t recommend them because you always have them in your pockets, anyone can steal them or you may lose them. And mobile phones are 24/7  connected to the internet.

Most importantly, never ever put all your Bitcoins on a single wallet! Always use 24-letter BIP39 seeds (do not rely on proprietary seed protocols, like Electrum’s) — preferably pick it yourself instead of having the software generate it for you, because the software may be compromised.

Also, at least for the wallets where you store most of your Bitcoins, write down the seed phrase on a metal plate like Blockplate.com.

Last but not least, stay away from shitcoins or tokens. Bitcoin is your safest bet in the crypto world.
newbie
Activity: 1
Merit: 0
Thank you. Looks simple and amazing!
newbie
Activity: 3
Merit: 0
I believe in security by obscurity, but thanks for the feedback, I understand the rationale.

Is there any third party reputable software auditing firm you could recommend?
legendary
Activity: 2268
Merit: 18771
Sorry, but no one in their right mind is going to download a random closed source executable from a brand new account, a domain registered 2 weeks ago, with absolutely no reviews, reputation, or trust. Just asking to end up with malware on your device.

If you are serious and not a scammer, then share your source code and make sure the wallet can be built directly from that source code. Then people will at least take a look.
newbie
Activity: 3
Merit: 0
Hi folks,

Please check out our new software wallet https://www.securebtcwallet.com

With only three HTTPS calls (one to check balance, another to check the network fees, and the final one to submit *signed* transactions), no personally identifiable information is ever submitted, and it is designed to be very secure and easy-to-use. In a sense, it is similar to hardware wallets. Like Electrum but without the whistles and bells.

We know Trezor and Ledger are safer options and we recommend people to use them. But this one is free and I think it's best if one diversifies their crypto holding on multiple wallets, so if one gets hacked, you have the other ones available.

Please check it out and let me know what you think. Your feedback will be appreciated.

Cheers,



Below you can find our press release:



SecureBTCWallet launches to protect Bitcoin owners from custodial risks

Following the FTX scandal, Bitcoiners have been running away from well-known exchanges like Binance and Coinbase in leaps and bounds. Non-custodial solutions like SecureBTCWallet provide a safe shelter.

Nov. 15, 2022 -- SecureBTCWallet (https://www.securebtcwallet.com) is a secure non-custodial Bitcoin wallet that lets you store, send and receive your digital assets safely, available on Linux, MacOS and Windows computers.

The security of SecureBTCWallets comes from its simple architecture that relies on a well-known Bitcoin standard, BIP-39. With BIP-39, one can create a unique wallet with 24 keywords. Plus, SecureBTCWallet is designed to minimize its users network exposure. The app is offline in all its critical functions, and makes three HTTPS calls only, to check the user's balance, fetch the latest network fees, and submit the signed & encrypted transaction to the Bitcoin network.

The best way to ensure security is to hold on to your Bitcoins, and not give it to some third party exchange, the app creators suggest. As a best practice, the users would have to choose a cold-wallet such as a hardware wallet that they would need to pay for, or use a desktop based software like SecureBTCWallet. While software cold-wallets are available on both mobile and desktop, mobile wallets are known to be prone to misuse, because they're too accessible. Thus, the desktop is the only viable option if the user is not willing to pay for a hardware wallet.

That said, one can increase the security of their funds by splitting them in multiple wallets. "We do not recommend our users to put all their Bitcoins on SecureBTCWalllet. The user will be safer if they divide their Bitcoins into multiple wallets because no matter how secure the Bitcoin architecture is, one may steal your seed phrase and access your funds. So choose your seed phrase wisely, and  do not put all your eggs in a single basket" says the founder of the company that goes by the pseudonym Satoshi.

SecureBTCWallet does not require PII (Personally Identifiable Information) to open an account. One can open an account without entering any personal information such as their name, email address or credit card info. Also, SecureBTCWallet is intentionally kept limited in functionality, to establish a smaller and safer choice. For example, the software does not provide any exchange functionality, so you can't buy or sell Bitcoins, but you can accept payments, move assets from existing exchanges, or transfer to other wallets. "For maximum safety and anonymity, we recommend our users to use localbitcoins to buy & sell Bitcoins" states the company.

For more information and to download, please check out https://www.securebtcwallet.com



Original Link to the release: https://www.prlog.org/12940369-securebtcwallet-launches-to-protect-bitcoin-owners-from-custodial-risks.html

🙏
Jump to: