Author

Topic: walletscrutiny: the majority of "wallets" are either custodial or closed source (Read 1676 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
There are:

- 2790 in Cryptocurrency apps in Google Play
- 651 in the Apple Store
- 288 hardware wallets
- 44 bearer tokens
Roughly 3,770 ways, to HODL.

The fact that there are 4x the number of Android wallets than iOS wallets indicate that a large percentage of them are either counterfeits or outright malicious apps. Same for the App Store, but at a smaller scale. So I wouldn't include all those apps as legitimate wallets if I were you.

Make some leeway and put the headcount at about 70% of them being malicious, and then we'd be at a more accurate count.

It's an old post but I just wanted to point that out. Also you left out desktop wallets.

Either I missed this earlier or I just forgot to comment.

It's more likely also about cost. Apple wants $99 a YEAR + a cut of the sales at a minimum to keep your app in their store. And getting the account setup is a lot more work. Google wants a $25 fee once and a lot smaller cut of the sales if they even take a cut. So for smaller / hobby projects it just might be that. Also, in poorer parts of the world Android phones due to their lower cost tend to be more popular.

And Android has a much larger market share as in 70% vs 28%

https://www.bankmycell.com/blog/android-vs-apple-market-share/

So a higher cost for less then 1/2 the userbase.
Oh, and IMO writing for IOS is a bigger pain then Android, but YMMV on that depending on what you know and how good a programmer you are.

-Dave
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
In theory that is not what they are looking for.
Is it open source and is it reproducible. Beyond that, I see it as 'out of scope' as to tell people good idea / bad idea to use it.
I do agree; I'm also totally fine with them showing which mobile wallets are reproducible, as they definitely have their place and use case.
WalletScrutiny themselves write in their FAQ that reproducibility and open-source is only one part of the puzzle.

It's just that having Square as a sponsor raises slight concerns e.g. whether Bitkey code will be checked more frequently than other wallets, or maybe even promoted on the front page; just some things that could happen and make the site less objective. But it's all hypothetical.

Let's hope that they just put the money to good use and continue doing a great job. Smiley
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? [1] The Bitkey / Square / Block [2] hardware wallet guys?
I hope this won't have any negative effects (bias) on WalletScrutiny.. Roll Eyes
Yeah this could be problematic, thanks for noticing this connection n0nce.
This probably means that Bitkey/Square/Block wallet will be reproducible and supported, but let's wait and see what happens after they release it.
I would like to hear what Walletscrutiny has to say about this, unless they changed ownership in this process.

In theory that is not what they are looking for.
Is it open source and is it reproducible. Beyond that, I see it as 'out of scope' as to tell people good idea / bad idea to use it.

Not to go to far OT, but it's also amounts stored. A hot wallet on a phone with under $100 in it for me becomes more about convenience then anything else.
Long term larger amount cold storage is a different story.
If you don't care about the privacy hit and a few other things, if Bitkey works for someone in their use case then they should use it.
Knowing the code is good is all that should matter to them, not having our or anyone else's opinion about if it is a privacy nightmare should matter.



I still think having a place like walletscrutiny is good, but as I ranted a page or 2 ago in this thread is the simple fact that being able to reprodue builds is just one piece of the puzzle. There are a lot more places for compromise then just can I duplicate it.

-Dave
legendary
Activity: 2212
Merit: 7064
It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? [1] The Bitkey / Square / Block [2] hardware wallet guys?
I hope this won't have any negative effects (bias) on WalletScrutiny.. Roll Eyes
Yeah this could be problematic, thanks for noticing this connection n0nce.
This probably means that Bitkey/Square/Block wallet will be reproducible and supported, but let's wait and see what happens after they release it.
I would like to hear what Walletscrutiny has to say about this, unless they changed ownership in this process.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Suprised to not see a direct date indicating when the wallet was tested.
Under Application build you can see "xy time ago" notice, though, and they also show previous test dates on the bottom of each wallet's page (Previous application build tests).
That does seem like an odd design choice, but the last tested version is given, which is what ultimately counts.

I personally prefer the old design, but I am glad to hear that they found some sponsors. This is a highly important project that needs to stay alive!
It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? [1] The Bitkey / Square / Block [2] hardware wallet device guys?
I hope this won't have any negative effects (bias) on WalletScrutiny.. Roll Eyes


[1] https://spiral.xyz/blog/we-were-square-crypto-now-were-spiral/
[2] https://bitcointalksearch.org/topic/m.62555325
legendary
Activity: 2114
Merit: 1403
Disobey.
I see there was a cool new re-design and new logo for WalletScrutiny website, they now have a dog like logo and new sponsors.
This looks much better than older version, it feels faster and it's easier to find what you are looking for, maybe because they hired a dog this time Wink


https://walletscrutiny.com/

PS
If guys from WalletScrutiny are reading this, can you tell us when was the last time you checked CoolWallet Pro SE and other open source hardware wallets?
Agreed, new website really does look slick.

Suprised to not see a direct date indicating when the wallet was tested.
Under Application build you can see "xy time ago" notice, though, and they also show previous test dates on the bottom of each wallet's page (Previous application build tests).
legendary
Activity: 2212
Merit: 7064
I see there was a cool new re-design and new logo for WalletScrutiny website, they now have a dog like logo and new sponsors.
This looks much better than older version, it feels faster and it's easier to find what you are looking for, maybe because they hired a dog this time Wink


https://walletscrutiny.com/

PS
If guys from WalletScrutiny are reading this, can you tell us when was the last time you checked CoolWallet Pro SE and other open source hardware wallets?
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Quote
We are back!

We received funding by a donor who so far chose to remain anonymous. Our work should be secured for another year thanks to  ...

A lot was left undone in the recent months. Many reviews are outdated and not all are marked as such.

https://twitter.com/WalletScrutiny/status/1587545123067498497?cxt=HHwWgsC81Zr4i4gsAAAA

Thanks for continuing this project.
Thanks for the link, I didn't even know they were underfunded since June!

Sadly the donation drive crossing the two weeks mark could not achieve significant funding to continue WalletScrutiny in its current form.

If you have any idea how to change this project such that it could fund several full time engineers, please let us know.
I'm happy to see that they got enough donations to continue; I wore an avatar that I made to promote their service in the hope to give them visibility and donations for a few months actually.

If anyone's interested in it, I can send a link to it later.
legendary
Activity: 2212
Merit: 7064
Thanks for continuing this project.
Good to see them coming back!
Many reviews are really outdated and I was starting to think they totally retired, but I understand why they did it.
It takes a lot of time to review wallets and monitor changes all the time, it's not simple task that is done once and than forgotten.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
There are:

- 2790 in Cryptocurrency apps in Google Play
- 651 in the Apple Store
- 288 hardware wallets
- 44 bearer tokens
Roughly 3,770 ways, to HODL.

The fact that there are 4x the number of Android wallets than iOS wallets indicate that a large percentage of them are either counterfeits or outright malicious apps. Same for the App Store, but at a smaller scale. So I wouldn't include all those apps as legitimate wallets if I were you.

Make some leeway and put the headcount at about 70% of them being malicious, and then we'd be at a more accurate count.

It's an old post but I just wanted to point that out. Also you left out desktop wallets.
JL0
full member
Activity: 817
Merit: 158
Bitcoin the Digital Gold
Quote
We are back! 🚀🚀

We received funding by a donor who so far chose to remain anonymous. Our work should be secured for another year thanks to 🤫 ...

A lot was left undone in the recent months. Many reviews are outdated and not all are marked as such.

https://twitter.com/WalletScrutiny/status/1587545123067498497?cxt=HHwWgsC81Zr4i4gsAAAA

Thanks for continuing this project.
copper member
Activity: 40
Merit: 19
WalletScrutiny provides a great service for those who aren't technical and self custody is on the rise. Also, delete coinbase Cheesy


It doesn't end with that as well. WalletScrutiny is currently running a donation campaign.

>> Bare URL = https://walletscrutiny.com/donate

There are:

- 2790 in Cryptocurrency apps in Google Play
- 651 in the Apple Store
- 288 hardware wallets
- 44 bearer tokens
Roughly 3,770 ways, to HODL.

Proceeds go to manpower.

newbie
Activity: 3
Merit: 0
WalletScrutiny provides a great service for those who aren't technical and self custody is on the rise. Also, delete coinbase Cheesy
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Good luck collecting donations, and I am hoping this won't mean that you will close one eye if let's say ColdCard, Trezor or someone else donates to you for good code review of their wallet
I know it's a lot of work tracking all those wallets, so I would suggest that you keep everything related with donations public as much as possible.
It's in the best interest of both users and wallet creators that something independent like Walletscrutiny exist.

There is only one wallet so far that donates to WalletScrutiny and that is Unstoppable. We made that transparent.

We are considering to add affiliate links wherever applicable - hardware wallets mostly - but it's problematic as it might color our judgement. Regarding the importance of hardware wallets as a whole for example. Not all agree that they are beneficial to users' security and prefer commodity hardware, preferably from before 2009.

... But I will say that if you're in the business of selling very valueable physical coins to people, you'd be quite mad to *not* have such a precautionary setup. Even better would be to have two geogeaphically distant locations where a "split-key" is generated at each of them and then combined at a 3rd location for final processing. This prevents any one person from knowing the exact PK.

Few people would consent to such an added expense of buildings, though.

Smoke and mirrors. The upside of keeping the keys around for a rainy day is gigantic and as any magician can explain to you, it's trivial to convince people there was no rabbit in the hat until you pulled it out. No matter how complex the ceremony of key generation, the designer can make sure to keep a copy.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
IMO, it still goes back to what I have been saying. Code is only part of the battle. The procedures and processes are the other part. Everyone looking at the code today does not matter if one person with the ability to sign it goes evil tomorrow.

In addition to the code review an audit of the process and procedures done to run everything is also needed.

I agree with you, but without a considerable public uproar (for example, at random internet company A selling your personal data to 3rd parties), it's quite difficult to get people to listen to review bodies for processes and methods, because it usually interferes with their budgets and cash flow, unfortunately.

Quote
Kind of like a conversation I had with someone making collectable coins that had pre-generated private keys:

Them: "All keys are generated from a secure offline computer"

Me: "So it's BIOS password protected, boots from a read only device like a DVD that you verify the checksum on every boot, and nobody else has access to the room where it is, and you you verify the printer that it prints to has not been modified tampered with, and the cables are good and you are sure they have not been compromised by anything like this: https://hak5.org/products/omg-adapter

Me some more: And you have custom made holograms so if someone else gets a hold of the coin they just can't peel copy and stick on another hologram that looks the same?

Them: No, are you paranoid or just an ass?

Me: Both....

... But I will say that if you're in the business of selling very valueable physical coins to people, you'd be quite mad to *not* have such a precautionary setup. Even better would be to have two geogeaphically distant locations where a "split-key" is generated at each of them and then combined at a 3rd location for final processing. This prevents any one person from knowing the exact PK.

Few people would consent to such an added expense of buildings, though.
legendary
Activity: 3472
Merit: 10611
Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).
This could turn into a dangerous thing because there is always a chance that the centralized "committee" could get corrupted very easily. We saw this in other centralized authorities when money was involved for example the ICO benchmarks that all ended up advertising the biggest scams that paid them the most amount of money.

Since it would be centralized, they could be pressured by the government too. Lets say there is a privacy wallet implementing CoinJoin without the shadiness that Wasabi has. The government could force this "committee" to remove it from their list or give it a negative rate.
legendary
Activity: 2212
Merit: 7064
We're trying to raise funds to keep the project going. There are thousands of wallets and hundreds of devices.
Visit http://walletscrutiny.com for more info.
Good luck collecting donations, and I am hoping this won't mean that you will close one eye if let's say ColdCard, Trezor or someone else donates to you for good code review of their wallet
I know it's a lot of work tracking all those wallets, so I would suggest that you keep everything related with donations public as much as possible.
It's in the best interest of both users and wallet creators that something independent like Walletscrutiny exist.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.
The issue is with the funding. You cannot possibly get enough funding to fund such an organization. The security professionals, or really any developers don't have that much time or money to audit codes all the time. The current system as it stands doesn't really have much problem; you have contributors auditing and several with commit access to push the changes. Wallets are generally not advertised because they rely on donations, except those that run some sort of services. If all the wallets were to come under the purview of some organization, then you would find tons of bureaucratic red-tape surrounding it. I'm sure most would rather not have this sort of stuff.

Code-signing doesn't do anything but provide a false sense of security. There has been instances where certs were stolen and used to sign fake versions of certain wallets (Electrum) for example. Making them untrustworthy based on this alone sounds quite unfair. Anyways, isn't Electrum code-signed?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Bump, with a radical security idea. There is no point in using a wallet if you can't feel secure updating it, as you will then be exposed to security vulnerabilities.


Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.

Quote
Unfortunately most people in the space are not at all literate about cryptography.
That's not going to help someone against a rouge wallet.


IMO, it still goes back to what I have been saying. Code is only part of the battle. The procedures and processes are the other part. Everyone looking at the code today does not matter if one person with the ability to sign it goes evil tomorrow.

In addition to the code review an audit of the process and procedures done to run everything is also needed.

Kind of like a conversation I had with someone making collectable coins that had pre-generated private keys:

Them: "All keys are generated from a secure offline computer"

Me: "So it's BIOS password protected, boots from a read only device like a DVD that you verify the checksum on every boot, and nobody else has access to the room where it is, and you you verify the printer that it prints to has not been modified tampered with, and the cables are good and you are sure they have not been compromised by anything like this: https://hak5.org/products/omg-adapter

Me some more: And you have custom made holograms so if someone else gets a hold of the coin they just can't peel copy and stick on another hologram that looks the same?

Them: No, are you paranoid or just an ass?

Me: Both....



At a guess, I have no proof but it just looks like it from what I see here. Bad wallets, that were not deliberately malware / stealing from the start, have caused such a small percentage of loss vs user error, malware in general. I could be wrong but it really seems like although this is a good battle, there are bigger more important ones out there.

-Dave
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump, with a radical security idea. There is no point in using a wallet if you can't feel secure updating it, as you will then be exposed to security vulnerabilities.


Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.

Quote
Unfortunately most people in the space are not at all literate about cryptography.
That's not going to help someone against a rouge wallet.
copper member
Activity: 40
Merit: 19
We need your help.

Our #opensource #bitcoin project critically examines wallets - by looking into code reproducibility.

We're trying to raise funds to keep the project going. There are thousands of wallets and hundreds of devices.
Visit http://walletscrutiny.com for more info.

legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Have you been able to find anything on the Tangem software?

First time I hear about Tangem.

https://tangem.com/apps/ looks like a companion app  which would not be reviewed by us but in the case of Ballet I made an exception as the private keys are handled by that "companion" app but in the case of tangem ... as the card has no display it can only blindly sign and surrender data it's been asked to do, so while it might not surrender the private keys, the "wallet" might empty the full account while the user thinks to be paying a coffee. Not funny. Not sure how to add it to walletscrutiny.

Edit: What a shitty product Cheesy All recent reviews claim it doesn't work at all. And as it has 1k downloads on GPlay, it meets the criteria to get a review. I need a pause ...
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
People trust non-reproducible wallets provided by anonymous developers. They trust custodial wallets that make no statement about using cold storage. Yesterday I reviewed a Ballet, a wallet that uses provider-generated BIP38 paper wallets and calls those "hardware wallets" and the app "companion app" and it's ok because Charlie Lee is running this shop. Unfortunately most people in the space are not at all literate about cryptography.

I have been going on rants about collectibles things like the ballet that are funded in general.
Too many issues with potential vulnerabilities all around. But I don't think that is going to stop anyone.

Have you been able to find anything on the Tangem software?  I did not find anything last time I looked.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
....
Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.

Because if you leave Friday and don't come back Monday people are going to start looking.
IF someone does notice the code change and they come looking for you it's good to be someplace else.
Might as well be a beach on a tropical island with no extradition.

Uhm ... I suppose that button works on that tropical island, too. During Covid-home-office, he can pretend from the beach. I didn't mean to say that going to work normally would be a good idea although there is ways, too. If Dave is the release manager, he could "catch a backdoor" that conveniently deleted all its traces of infection. He'd just have to make sure to mix well that stash.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.

Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

But, Mycelium, Electrum, etc. If they do they don't talk about it.

I would love for one of them to actually do some epic security measures and be somewhat upfront about it.

People trust non-reproducible wallets provided by anonymous developers. They trust custodial wallets that make no statement about using cold storage. Yesterday I reviewed a Ballet, a wallet that uses provider-generated BIP38 paper wallets and calls those "hardware wallets" and the app "companion app" and it's ok because Charlie Lee is running this shop. Unfortunately most people in the space are not at all literate about cryptography.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
....
Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.

Because if you leave Friday and don't come back Monday people are going to start looking.
IF someone does notice the code change and they come looking for you it's good to be someplace else.
Might as well be a beach on a tropical island with no extradition.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.

Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]
But, Mycelium, Electrum, etc. If they do they don't talk about it.

I would love for one of them to actually do some epic security measures and be somewhat upfront about it.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I know I have said it before and will keep saying it about open source wallets or anything. Unless you compile it yourself OR make sure that any auto-updating is turned off you are probably getting a false sense of security. Unless they can prove an audit of their update security.

I agree. My approach on that (not sure if I shared it here in this thread) is a monitoring app that can pull the plug (switch phone offline). This feature could maybe be added to the wallet itself with less than 100 lines of code, to make sure the wallet becomes less of a target for hackers as pulling the plug would happen for all users, not only those that run an extra app if something weird is detected but for a start it also works as a separate app. That app would detect every install of a relevant app (enlisted Bitcoin wallets) and check the fingerprint with ideally more than one independent server. If the hash is unknown, upload the apk and go offline. If the server finds the apk to be a non-white-listed release, signed with the provider's keys, it triggers an alert. All that run the app get their phones switched offline (or otherwise updates disabled) and a notification shown. For this to work, the provider has to publish their soon to be releases, reproducible binaries (maybe without signature if they don't want users to update to it just yet) for white-listing.

Having a code audit and being open source is good. But it the machine that uploads the files to the play store / itunes is not secure then it all goes out the window.

The machine or the machine's administrator. Under duress, who knows what would happen?

Employee "Dave" goes evil. Owner / programmer "giszmo" does everything properly, open source, code audits, etc.
3:30 PM on Friday Dave uploads the bad wallets to the online stores. They have nothing to do with the GitHub code. Says to giszmo "See you Monday" as always and walks out the door.
3:45 PM stores start pushing out bad version
4:00 PM Dave arrives at airport
10:30 PM Dave lands in some tropical island
11:45 PM Dave checks and 500 copies of the wallet have been downloaded and have ~ 35BTC in total.
6:00AM Sat 7200 copies have been downloaded and have ~90BTC in total.
Dave sits and wait's till there are 100+ BTC in the compromised wallets. And then hits the "Send to Dave" button.
Will probably get some more BTC till everyone figures out what is wrong and happening.

Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.

I like open source, I use open source, unless everything has multiple separate checks in the process it's not any better some times.

It signals but the open source community also helps fix issues at times. Mycelium got several issues fixed thanks to outside contributions.

Sorry, but I am going to keep saying that. And that the above rant or a similar one should be on every page that discussed the benefits of open source.

Public Source doesn't proof security. It only can make it painfully obvious if the app lacks security. Any app that cannot be deterministically built cannot avoid a single point of failure. A closed source app skips that scrutiny and has less of an incentive do do things right. Without really technical people demanding it, managers let it slip down in priority until "Dave" actually pulls it off and goes on prolonged vacation. (You actually got your cast wrong. It's Eve who goes on vacation Wink)
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Seriously?Huh
You talk about security then you send people to an unknown github to download software?

I agree with many of your concerns. I'm not a contributor to YetiCold and only had a lengthy call with the main contributor @JWWeatherman_ which probably is worth nothing if in the end people lose funds but it might have skewed my confidence. I edited my comment above.

Your comment sounds like I was part of YetiCold. I am not. I just see this project is addressing many things in a very good way although I have not audited it very carefully. Many concerns can be mitigated the way they step through the whole process but one of my criticisms was also that there is no concise instructions one could read from start to finish. You actually have to do it to know how it goes. @JWWeatherman_ counters this with the videos that show the whole process.

Sorry about that, from the way I read it you were part of them. My fault, owe you an apology.

I know I have said it before and will keep saying it about open source wallets or anything. Unless you compile it yourself OR make sure that any auto-updating is turned off you are probably getting a false sense of security. Unless they can prove an audit of their update security.

Having a code audit and being open source is good. But it the machine that uploads the files to the play store / itunes is not secure then it all goes out the window.

Employee "Dave" goes evil. Owner / programmer "giszmo" does everything properly, open source, code audits, etc.
3:30 PM on Friday Dave uploads the bad wallets to the online stores. They have nothing to do with the GitHub code. Says to giszmo "See you Monday" as always and walks out the door.
3:45 PM stores start pushing out bad version
4:00 PM Dave arrives at airport
10:30 PM Dave lands in some tropical island
11:45 PM Dave checks and 500 copies of the wallet have been downloaded and have ~ 35BTC in total.
6:00AM Sat 7200 copies have been downloaded and have ~90BTC in total.
Dave sits and wait's till there are 100+ BTC in the compromised wallets. And then hits the "Send to Dave" button.
Will probably get some more BTC till everyone figures out what is wrong and happening.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

I like open source, I use open source, unless everything has multiple separate checks in the process it's not any better some times.

Sorry, but I am going to keep saying that. And that the above rant or a similar one should be on every page that discussed the benefits of open source.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Seriously?Huh
You talk about security then you send people to an unknown github to download software?

I agree with many of your concerns. I'm not a contributor to YetiCold and only had a lengthy call with the main contributor @JWWeatherman_ which probably is worth nothing if in the end people lose funds but it might have skewed my confidence. I edited my comment above.

Your comment sounds like I was part of YetiCold. I am not. I just see this project is addressing many things in a very good way although I have not audited it very carefully. Many concerns can be mitigated the way they step through the whole process but one of my criticisms was also that there is no concise instructions one could read from start to finish. You actually have to do it to know how it goes. @JWWeatherman_ counters this with the videos that show the whole process.
legendary
Activity: 2310
Merit: 1422
Let's admit I wouldn't probably use Yeti Cold Smiley
As far as I am concerned after November, in which I wrote that last post, many things have changed I do have a set-up which I find reasonable now. Of course, I'm not going to disclose it because it is better to keep it private where sharing it on a public forum may always be a problem.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Thanks for spreading the word. Much appreciated!

I won't go into detail about my personal setup for my own security but you should generally not have easy access to your savings and you should make sure that if something happens to you, your loved ones will get your bitcoins. Google and you will find instructions. YetiCold tries to make this secure setup fool proof, for non- to semi-technical users for example.

Seriously?Huh
You talk about security then you send people to an unknown github to download software?

You pick amounts to tell people which version to use without even commenting on the fact that for some $5000 might be a years worth of savings and for others it's what they made last Tuesday.

You have statements like this in your readme.md (bold mine):
Quote
For example hardware wallets should never be used with a daily use laptop, but because this requires about an hour of work it is not part of the instructions
Are hardware wallets perfect? No, but telling people not to use one for daily spending?

And you have such other great quotes as:
Quote
The most time consuming part of Yeti is waiting for Bitcoin Core to sync with the network. With an SSD drive this can be done overnight, but if you have an HDD (old style) drive it could take up to a week.
That does not take into account internet speed, how high you can set dbcache in the bitcoin.conf file due to laptop ram, and other things. There are discussions popping up here from time to time about how long it can take. But seriously go to any of the download calculators out there and figure out how long its going to take with some slow ass DSL or 1M line that large portions of the world have. Not to mention the people with capped download amounts.

Oh and this:

Quote
However for smaller amounts it is cheaper, safer, and easier to use a single purpose phone using bluewallet.io than to use a hardware wallet so there is really no circumstance where a hardware wallet is appropriate.
Go search for the amount of cheap phones that come out of the factory compromised and how many crap noname phones are pre-infected. Tons of discussions about this too. Not even a mention about that.

Don't see a signing key / pgp signature for you / this project but didn't look that hard.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
The most important for mobile crypto wallet is to be non-custodial. I use both open source wallets like Samourai and BRD and closed source like Ownr. And I notice any differences.

The problem is that you might not notice any difference because it's a long con. The provider might be collecting backups of all the users' wallets an carefully watch if the BTC are getting more or less. He would have some staff to provide a good product etc. Then at some point he cashes out. He might even sell the product and then, a week later pull the rug and put blame on the buyer who paid him already on top of the loot.

I'm 100% confident that there are are project out there that are highly regarded by their users but ultimately the providers are psychopaths with no regards for the damage they will do when they pull the rug.
Hey giszmo, thanks a lot for your work. I am not a tech guy otherwise I would be helping you more. I am sharing your site with my closest friends to let them abandon everything which is not (reproducible) open source.
Listen, I have a question for you, if you would like to answer it: what is your current bitcoin storing set up? how do you make your coins secure? how about your keys and passphrases? etc.
I am all ears if you wish.

Thanks for spreading the word. Much appreciated!

I won't go into detail about my personal setup for my own security but you should generally not have easy access to your savings and you should make sure that if something happens to you, your loved ones will get your bitcoins. Google and you will find instructions. YetiCold tries to make this secure setup fool proof, for non- to semi-technical users for example.

Edit: I personally kind of trust before mentioned project as I voiped with a contributor about security concerns and he's certainly very knowledgeable although quite opinionated but strictly speaking I don't absolutely trust the website and share many of Dave's concerns below. When it comes to multi signature, I don't have anything better to point to neither though. Certainly not Casa, Specter maybe? Haven't investigated Unchained or other options. Electrum with multiple hardware wallets is an option but no fun for the non-technical user neither.
legendary
Activity: 2310
Merit: 1422
The most important for mobile crypto wallet is to be non-custodial. I use both open source wallets like Samourai and BRD and closed source like Ownr. And I notice any differences.

The problem is that you might not notice any difference because it's a long con. The provider might be collecting backups of all the users' wallets an carefully watch if the BTC are getting more or less. He would have some staff to provide a good product etc. Then at some point he cashes out. He might even sell the product and then, a week later pull the rug and put blame on the buyer who paid him already on top of the loot.

I'm 100% confident that there are are project out there that are highly regarded by their users but ultimately the providers are psychopaths with no regards for the damage they will do when they pull the rug.
Hey giszmo, thanks a lot for your work. I am not a tech guy otherwise I would be helping you more. I am sharing your site with my closest friends to let them abandon everything which is not (reproducible) open source.
Listen, I have a question for you, if you would like to answer it: what is your current bitcoin storing set up? how do you make your coins secure? how about your keys and passphrases? etc.
I am all ears if you wish.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
The most important for mobile crypto wallet is to be non-custodial. I use both open source wallets like Samourai and BRD and closed source like Ownr. And I notice any differences.

The problem is that you might not notice any difference because it's a long con. The provider might be collecting backups of all the users' wallets an carefully watch if the BTC are getting more or less. He would have some staff to provide a good product etc. Then at some point he cashes out. He might even sell the product and then, a week later pull the rug and put blame on the buyer who paid him already on top of the loot.

I'm 100% confident that there are are project out there that are highly regarded by their users but ultimately the providers are psychopaths with no regards for the damage they will do when they pull the rug.
newbie
Activity: 48
Merit: 0
The most important for mobile crypto wallet is to be non-custodial. I use both open source wallets like Samourai and BRD and closed source like Ownr. And I notice any differences.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Trust wallet can also be used to store BTC. It is possible to say a few more wallets on security.
Eidoo and lunes wallet are among the important wallets that are trusted.

We list

  • Trust as closed source
  • Eidoo as closed source
  • Lunes as not reproducible (there is some code but who knows if it's behind the Google Play release).

Is there any mistakes?

Edit: Why the hack did you mention "Lunes" of all wallets? That one did not get updated in 2 years and looks like a dead project.
full member
Activity: 798
Merit: 106
👉bit.ly/3QXp3oh | 🔥 Ultimate Launc
Trust wallet can also be used to store BTC. It is possible to say a few more wallets on security.
Eidoo and lunes wallet are among the important wallets that are trusted.
legendary
Activity: 3472
Merit: 10611
you may also want to look into how many people are actually checking the hash versus the one devs release to actually verify reproducibility of the released binaries.
for example a while ago i asked about Electrum and whether people were checking the hashes, not that many were interested in that poll and the handful of those who replied hadn't checked the hashes.
in contrast bitcoin core has many individuals who are not only checking the hashes but also release it independently.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
WalletScrutiny is expanding to Linux and could use your help.

For Android the take was that there is basically just one binary distributed via Google and Google defines an appId for every app that we go by.

On Linux this gets a liiitle bit more complicated. Projects like bitcoin core distribute not only via bitcoincore.org but also via bitcoin.org, a bunch of mirrors and different binary packages via the different Linux distributions and then there is the snap store.

My initial take was to track each distributor but that will massively delay listing Linux wallets at all.

Now I lean towards tracking the best every project has to offer in terms of reproducible binaries and warn the user that the verdict "reproducible" doesn't imply reproducibility via alternative providers.

Any volunteers interested in helping with this, please chime in via https://gitlab.com/walletscrutiny/walletScrutinyCom/-/merge_requests/68
legendary
Activity: 2310
Merit: 1422
Wallet Scrutiny changed look with a brand new website. A few wallet verdicts have been update and some new ones were added; the new search bar to find your preferred wallet is quite handy.
https://walletscrutiny.com/
legendary
Activity: 2310
Merit: 1422
Thanks for these insights. I will handle Samourai with care.

And ask them when they will provide reproducible builds. But be warned: They won't handle critics with care Wink
Yep, you are right on this one giszmo. We are the sort of Don't trust verify people and the Sammy guys seem to avoid such topics as you said.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Thanks for these insights. I will handle Samourai with care.

And ask them when they will provide reproducible builds. But be warned: They won't handle critics with care Wink
legendary
Activity: 2310
Merit: 1422
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?
Thanks for these insights. I will handle Samourai with care.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
BTC spikes to $25000 tomorrow and you want to sell. The Mycelium server gets overloaded and stops responding, or they don't want people moving the coins so it responds
but never broadcasts it anyplace. There are ways around it, but some you either have to install another app and import your seed or do some other things. Both of which take some time and knowledge.

Samourai / coinomi same thing but all you have to do is pick a different server which IMO is a lot quicker. I run my own and I know a lot of people here run their own and are more then willing to help out and say connect here.

Your scenario of Mycelium turning evil is precisely the purpose of WalletScrutiny:

  • If Mycelium turns evil (and security researchers verified the client isn't doing evil stuff, which is relevant as the client 99.99% of users are using matches the public source code, they can deny service and share information about your wallet. The privacy leak has indeed no other fix than to allow connecting to your own server. The service denial can be worked around by importing the backup to a different wallet.
  • If Samourai turns evil, security researchers have no way of detecting it, as the code 99.99% of their client's users are running is closed. They can steal all users' funds.

I supposed Coinomi went closed source because people were cloning their wallet,

That's Coinomi's claim but if you want to empty all wallets at some point, any claim that is believable works. Doesn't convince me they don't want to steal your funds.

hero member
Activity: 2520
Merit: 952
I love Coinomi and this makes me sad Sad
I supposed Coinomi went closed source because people were cloning their wallet, but it was only my assumption.

I have heard that too, and iirc it was from their rep.

Quote
I'm not worried about their security

Why not?
jr. member
Activity: 147
Merit: 6
I love Coinomi and this makes me sad Sad
I use Coinomi and Ownr wallet. Both of them are non-custodial and closed source. I'm not worried about their security. I supposed Coinomi went closed source because people were cloning their wallet, but it was only my assumption.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?

You can run your own Dojo and Whirlpool servers.
Still does not stop the wallet itself from becoming evil.

And I have said it before and I'll say it again. Open source is only good if you follow all the rules. No auto update, don't install an upgrade until you and / or other trusted people have verified the executable download matches what you get when you compile yourself. And you know what, most people still don't do either. Just download and go.

There is also the question of how some of these wallets operate.
You can choose my own server in Samourai. You cannot in Mycelium

BTC spikes to $25000 tomorrow and you want to sell. The Mycelium server gets overloaded and stops responding, or they don't want people moving the coins so it responds
but never broadcasts it anyplace. There are ways around it, but some you either have to install another app and import your seed or do some other things. Both of which take some time and knowledge.

Samourai / coinomi same thing but all you have to do is pick a different server which IMO is a lot quicker. I run my own and I know a lot of people here run their own and are more then willing to help out and say connect here.

Not to mention the privacy aspect.

There are many things in play, but just talking about opensource builds is just part of the issue.

As I have said, just my view. I don't expect to change yours but I do think it should be out there.

Stay safe.

-Dave
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.

If I had to bet which of the wallets in the second category will pull an exit scam, my bet would be on Samourai.

  • The wallet on Google Play has little to do with their open source
  • They hide in secrecy about who is behind the wallet
  • They invite people to put as much money into the mixer at the same time as possible

There would be no recourse for an exit scam if they are really as private as they pretend to be. Of course there is Keonne Rodriguez who keeps defending Samourai but maybe he sold it to some anonymous entity. Who knows?
legendary
Activity: 2310
Merit: 1422
Samourai Wallet is pretty damn good for a bitcoiner who needs some nice add-ons.
I can connect my node to it, I can mix my coins easily with Whirlpool and I like PayNyms too.
Give it a try.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I will add soon. Their wallets is running test before completely publishing on the market. But if you want to get involved Unifyre test process, I may arrange something to you.
Please let me know if you interest test Ferrum's Unifyre Wallet beta test.

I'm not exactly eager to put much effort into adding more wallets Cheesy In fact, I do not really analyze wallets that have not at least 1000 downloads. Just drop a link to the playstore listing once it's live.
legendary
Activity: 2128
Merit: 1073
Awesome resource. Thanks for posting the images with links on your website!

Edit: Oops, looks like my send-able merit had decayed, I'm sending you whatever I have left over.
hero member
Activity: 1204
Merit: 630
I hope Unifyre is reviewed here soon.

If you share the Google Play link (or the appId), I will add it to WalletScrutiny.com but it will only be reviewed once it reaches 1000 downloads and if time allows. The priority is to provide timely evaluation of new releases of verifiable wallets and it's a side project, so ...

I will add soon. Their wallets is running test before completely publishing on the market. But if you want to get involved Unifyre test process, I may arrange something to you.
Please let me know if you interest test Ferrum's Unifyre Wallet beta test.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I hope Unifyre is reviewed here soon.

If you share the Google Play link (or the appId), I will add it to WalletScrutiny.com but it will only be reviewed once it reaches 1000 downloads and if time allows. The priority is to provide timely evaluation of new releases of verifiable wallets and it's a side project, so ...
hero member
Activity: 1204
Merit: 630
A topic with very useful posts. I take care to try every crypto wallet I find, but I have never seen a platform that examines so many wallets together. I think I can access some information here without having to experiment with wallets.

I also want to talk about a non-custodial wallet that Ferrum Network, which I am working on behalf of, is preparing to publish these days. The wallet, which will be released soon, will be easy for anyone to use and will be very useful with LinkDrop. This wallet is called Unifyre. Those who want can get more information from Unifyre.io. I hope Unifyre is reviewed here soon.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
In this study which classified many wallets

WalletScrutiny is not just a study. It's an ongoing project which closely monitors updates of verifiable wallets. Check it out. The charts are now more informative and there are many more wallets covered now.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I've been using the Bitcoin Wallet GooglePlay link here: https://play.google.com/store/apps/details?id=de.schildbach.wallet

I wish it had a few more features like adjustable fees.

~snip~

That's the only problem of using the old school Bitcoin wallet and it only supports Bitcoin but there are still some people use this wallet.

Why don't you just switch to another wallet like Electrum or Mycelium they have more features than the old school Android Bitcoin wallet.
You can get your private keys on the data folder /data/data/de.schildbach.wallet/files/wallet-protobuf
or on the other path posted from here https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.md

If you don't want to switch and you would like to adjust the transaction fees you can edit this /data/data/de.schildbach.wallet/files/fees.txt just find this under the internal data of your phone.
member
Activity: 66
Merit: 27
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
A user of open source software (just include green and mycelium), though I'm using coins.ph too, well, needed for crypto to fiat transactions.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I do use Coinomi on android (since last 5 years), thing is it's closed source, and like article said:

Quote
The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

Yeah, your right closed source is one of their problems we don't know if the latest one could be safe or not.

How about switching to Edge wallet instead they support most of the major coins this is one of my alternative multi-crypto wallets.

I don't save most of my coins in coinomi I just use it for holding a small amount but if you care about your assets and if it is a big amount well I think the official wallet or hardware wallet is the best option nowadays.
hero member
Activity: 2520
Merit: 952
I love Coinomi and this makes me sad Sad

The security issue is only in the Desktop version of Coinomi I don't have a bad experience in using their wallet for a long time with their android version.

Since their Desktop version is new there are still many bugs you can experience in Desktop version unlike on mobile version.

I heard that they already fix the vulnerability issue of their desktop version I heard it from someone here on the forum I just can't find the thread.

If you are planning to use coinomi better use their Android version which is fine.

I do use Coinomi on android (since last 5 years), thing is it's closed source, and like article said:

Quote
The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I love Coinomi and this makes me sad Sad

The security issue is only in the Desktop version of Coinomi I don't have a bad experience in using their wallet for a long time with their android version.

Since their Desktop version is new there are still many bugs you can experience in Desktop version unlike on mobile version.

I heard that they already fix the vulnerability issue of their desktop version I heard it from someone here on the forum I just can't find the thread.

If you are planning to use coinomi better use their Android version which is fine.
hero member
Activity: 2520
Merit: 952
I love Coinomi and this makes me sad Sad
legendary
Activity: 2702
Merit: 4002
In this study which classified many wallets, they discovered that the vast majority of wallets are either custodial or a closed source. Be Your Bank:

recently cracked the 10 million downloads and overall the vast majority of "wallets" are either custodial like Coinbase or closed source. "be your own bank" Sad

Grid with links at http://walletscrutiny.com
Check it here:


I hope everyone takes into account the risks it incurs when it loads unsecured wallets and therefore it is worse than the banks.
This does not mean that all other wallets are scammers, but you must take these risks into account.
Jump to: