Topic: Why not to buy inexpensive "exotic" open source hardware wallets? (Read 271 times)

Yet in the same time materials and microchips needed for production are not easy to find and they are getting more expensive due to this manmade global crisis, so it's not all black & white like you say
That is why we can see almost all hardware wallet increasing prices, and global inflation is probably highest we had since WWII, not by accident.
Yeah ledger is holding the monopole but they also invested most money in marketing...

Well, answer is clear.
Market leaders such Ledger got the monopol. They can do what they want and have a huge marketing power.
Newcomers and game changers might try to attrack customers with good price. And there is no trick. Producing a hardware wallet now is way cheaper than 10 years back.

If they establish their is a problem with the device based on the information you gave them, you will get a free replacement as we saw in Maus0728's case that m2017 linked to in this thread. Maus0728 wasn't required to return the faulty product and he still got a new one.

But there are surely situations in which the customer doesn't provide the necessary information, their support team can't be certain of what happened, or the problems with the device might not be covered by the warranty agreement because of the way the HW was used. That's when you might be asked to have it returned and pay the shipping costs. After they inspect the device and find out what happened, you will either get a new one and shipping costs refunded (if you have a valid claim) or you won't.

People often lie or don't tell the whole truth to get what they want.
My HW just stopped working all of a sudden. This is unbelievable. I had it less than a month. What they don't mention is they dropped it in their soft drink and that's why it's dead.   

I don't believe any reputable hardware wallet manufacturer would dare to steal your coins; my concern (that is still valid whether you wipe the whole wallet or not), is privacy. Using your old seed phrase, they can not only extract your past Bitcoin transactions, but potentially even figure out your sweep to new wallet and continue tracking your coins.

Why is it obvious that the customer needs to pay for shipping back a defective product / shipping a replacement product? To me, that's not obvious; if it's a hardware fault, the manufacturer better send a replacement including shipping for free, such that customers don't pay a single extra dime over someone who got sent a good product in the first place.

Ledger works with native apps (I assume those are built in-house by their team) and 3rd-party apps built by the development communities of those digital assets. No idea if the creators need to pay a fee to get their coin supported by Ledger, but there is an official listing process that people can fill out and request for their tokens to be supported. After that, they should eventually check the requests and add those they agree with with the next Ledger Live update.

I spoke with Ledger's customer service on this topic a long time ago. If your device breaks, they will ask you to test out a few things and make videos of the whole process. If you can't fix the problem, they might offer you a free replacement immediately or you will be asked to return the HW. Obviously, you have to pay for the shipping if that happens. It's hard to tell in which cases the device needs to go back to them and when it doesn't. That's something that needs to be discussed with the support. If you are asked to send the HW back, you should get a refund if they determine it's defective.   

If you break the wallet physically, then you may be denied a guarantee.
Sending a broken wallet with your SEED phrase that has coins is not safe. Before sending, you need to withdraw all coins by entering the SEED phrase of the broken wallet into another working wallet.
How to transfer coins to a new SEED using one wallet you can see in this video.

I have a better idea: rip out the circuit board and put it on an electric stove (outside) until all the solder melts (don't worry if you overdo it and burn the PCB a little in the process) and remove the chips. Then put the circuit board back in and reassemble.
If you can spot / make out the individual chips, make sure to remove any memory chips in particular, as well as microcontroller and secure chip (if it has any).

This is semi-serious, as it is possible to rip a memory chip off an otherwise (from outside look) destroyed hardware wallet, solder it into a new hardware wallet of same make & model and restore funds. Not on all of them, granted.

If you really have to send the defective HW back, just get a hammer and beat the crap out of it ^{[e.g. like this or this]} and as a finishing touch, use a microwave ^{[be careful]}.

Manufacturers (at least not all) don't always require the return of a defective device back. Below I will insert a post from the discussion in topic Any vulnerabilities in changing OLED screen of Ledger Nano S?, which describes the case with Ledger (one of the hardware wallet manufacturers), when the manufacturer sent a new device to the buyer to replace the broken one, asking only to send a video recording confirming the fact of the device’s malfunction (if I’m not mistaken).

Thank you very much for your replies!

After I made my research and after I read and thought about your replies,

Here are my own conclusions about disadvantages of buying exotic hardware wallets even if they are cheap and even if they are open source:

1. Too few users means too few feed backs about how well it works. You just cannot rely on other people experience when choosing this wallet because there is too little of such experience to find on the internet.
Does the wallet have bugs? Is it assembled on high quality level? Are the chips inside it good? You don't know and often cannot find out. So you run the risk that the model itself is "bad". Not just your device but the model itself.

2. There are manufacturers who replace defective wallets only if you send them the defective wallet first.
I don't have answers to the questions like:
- Who pays for sending out defective wallet?
- What happens if you discovered it is defective AFTER you set it up with your seed, and cannot wipe/reset it?
- How long does it take to send it to manufacturer and get replacement?

But these questions must be answered BEFORE you buy the wallet.

3. There are some wallets which you can order solely from Asia. If you don't live in Asia yourself, it may happen that customs in your country is suspisious concerning parcels from Asia (I have heard it is so in some contries). Then they may unpack your wallet to check what is inside the package. And you may never feel secure if you receive the wallet that was unpacked.

4. Some wallets may have features which are not known to users and which are something really unusual and at the same time dangerous if you treat your wallet just like you used to from your past experience with other wallets.
An example that I found on reddit:

https://www.reddit.com/r/CryptoCurrency/comments/snryqo/warning_flaw_in_blockstream_jade_hardware_wallet/

5. Some companies manufacturing hardware wallets are very young, small and have indefinite future. You never know how long their support will dure. May be the company will  disappear tomorrow?
And yes, some manufacturers websites look like if the company were dieing and didn't care much about its product anymore. Though it continue selling it.

6. Some well promoted and great looking hardware wallets are not so good devices as they seem to be.
According to users experience if you succeed to find it on the intermet.
They still may be inconvenient and dangerous due to lack of proper support of their software.

7. A small manufacturer may not have enough financial resources which are necessary for spending them on creating proper security updates of device. So the device may be insecure just because manufacturer has no money to constantly make updates.

8. Well known open source brands are constantly checked by many independent checkers. Little known brands may be not checked at all. And if the first one who checks it is a hacker it could be very bad for users.

So an advice which I would give to myself:
I you want a toy and can afford it, then buy whatever exotic hardware wallet you like and play with it.
If you want a real thing and are serious about safety of your funds, then buy a well known  and well tested model from a manufacturer whose business feel great.


What do you think guys?

For me, the choice is obvious and I would not buy "exotic" devices when it comes to finances. When it comes to money, the "exotic" is contraindicated. These are not the gadgets that can be treated like toys (like latest apple phone) and it is better to prefer proven, well-known brands with a good reputation, which are also time-tested and value their users. At this point, my choice is outweighed in favor of Trezor.

Price is not the deciding factor in such an industry, as people often buy hardware wallets to store wealth, and then $30 or $90 is considered one.
Otherwise, Open-source Desktop wallets are free and offer reasonable protection if you know what to do.

Also, the marketing policies and how to pull the rug out of Trezor & Ledger is the way that can make a wallet with good security, financial capabilities and acceptance price competitive with them.
In general, the increase in demand and the multiplicity of companies will make prices lower in the future.

If I were to choose a new HW now, it wouldn't be the former... I did that mistake in the past and had an unpleasant experience that led me to go back after a certain time to purchase one of the latter HWs ^{[refer to this post]}.
^{- If money is an issue, then it's always best not to spend or rather waste the little money someone has for a product that might not always work in the way that it intended to (I'm not implying that all of them have issues, but I prefer to go with a reliable brand to save myself from potentially getting headaches in the future)!}

... which is highly discouraged (by me) in the first place, by the way. At least with default server settings.

I don't consider server responsiveness at all when considering a hardware wallet, since those should at most be used for testing purposes. I'd always recommend to spin up a node with electrs on it and connect to that. If you think it's too expensive: is your privacy worth less than $50 to you? If so, maybe at least find someone you trust and ask them to share their Electrum server's Tor URL.

When you buy a wallet, you are buying more than just a device, you are also essentially buying access to the servers it connects to. Servers can sometimes "slow down", incorrectly calculate commissions, etc.
In my experience, Trezor's servers are more responsive than Ledger's. If you are going to use your wallet with a native application, you should pay attention to this aspect.

I think the catch of those cheap devices is that they're often built from off-the-shelf hardware, closed-source and insecure. There were 'hardware wallets' in the past that were literally outdated, dumbed-down smartphones.

But what makes them bad is not the fact that they're exotic / new / unpopular, it's the fact that there is no serious team behind it and security is not their main focus.
One could honestly label Foundation Devices as 'exotic'; after all, until a couple months ago, they had only sold and shipped 1000 devices (their Passport 'Founders Edition' - it was limited to 1000 units).
While it's not cheap, it's pretty secure. So I do think price and security+quality are conflicting goals.

I wouldn't buy anything that's not reproducible, for instance. Because that means the device runs code that is not available to the public.

As you can see though, as of right now, the reviews are marked 'outdated' since the latest release has not yet been verified. I encourage anyone who benefitted from their service to give them a small donation (Lightning accepted) at least, as a motivation to update those verdicts..

I'm not sure what you mean by Ledger being focused only on shitcoins--I get what you're trying to say, but 1) they're only offering support for various altcoins and tokens because there's a big market for them and a lot of demand.  It's just a smart business move on their part.  And 2) if you consider altcoins as being coins with their own blockchains, Ledger only supports a small fraction of them. 

I kind of wonder what it takes for an altcoin to get Ledger support, whether the devs have to pay for the "privilege" or what.  I assume that's probably the case.

OP, I tried the Bitbox and though it's open-source and all that, I find its user interface to be inferior to Ledger Live, and for some reason the app runs much slower on my PC than LL.  I'd definitely recommend it, though I like my Nano X much better--and that's despite everything dkbit98's mentioned, all of which I pay attention to BTW.  He was the one who recommended the Bitbox.

If you look on Amazon (as an example), there are so many HW wallets out that it's overwhelming if you don't know what to look for.  Most of them are crap, overpriced, and/or totally unsafe.  I'd stay away from the really exotic ones you might come across in the wild, like the Arculus and similar ones.

I feel safer with a Trezor due to its open source nature and the fact that it’s made by a reputable company, but if more attractive options are available, I would not hesitate to buy one. But I would look more at features than aesthetics. In the end, no one wants a hard-to-use or uncomfortable wallet, regardless of how polished or pretty it might look. The most important thing in a hardware wallet is that it is secure. Trezor is the most well-known hardware wallet, it is been around for a while, has a reputation for quality and security, and is endorsed by many cryptocurrency experts.

As long as you buy from reputable shops, or, even better, from those companies' official shops, there's no catch.
Some HW have no screen, some HW work with NFC only, and those go even lower than 39$. Some are Bitcoin only.
Make sure you know what you're buying. There's a topic that compares most HW very good, search it up., here it is: https://bitcointalksearch.org/topic/50-hardware-wallets-compared-feature-by-feature-5416497


I have a Ledger Nano S. When it's going to die, I will most probably not buy Ledger, unless they do something so great I'll forgive them for their many late mistakes.
One device I'm eyeing is SeedSigner. Pretty cheap, smart and I like it. Everything is open source there (OK, excepting the RasPi itself). I like the idea of using images to transfer the information.

All this things you mentioned are not important at all, unless you like to have hardware wallets as collection units.

There is no catch.
Trezor is the first ever hardware wallet, it is open source and people trust their code, plus they are the only one actually working and improving Bitcoin code.
Ledger on the other hand collected a bunch of money from various investors and they spend a ton on advertising marketing , that is probably why they sold most devices.
I would never buy closed source device like ledger, and some of their devices like model nono X are worst piece of crap ever, and ledger is focused only only of shitcoins.
 
My number one choice would be Passport batch2 by Foundation Devices.
Keystone, Botbox and Trezor and next on the line, but I also like making my own signing devices with Raspberry Pi Zero and ESP32 devices, as SeedSigner and Krux.