Bitcoin Forum

I am new to crypto and I have been looking for a safe and simple to use cold wallet.
I have observed cold wallets of various brands for a long time, but I think common wallet brands such as Ledger and Trezor are more complicated to use.
Recently, My friend recommended a cold wallet for me called SafePal. Please help me take a look at it. How about this wallet?
This is  SafePal Official Website (https://safepal.io/?utm_source=forum&utm_medium=Bitcoin%20Forum&utm_campaign=Daily), which is said to be invested by Binance.
I learn about from their official website that this product features include:

Security lies in every detail
True random generator
Embedded with Germany AIS31 standard true random generator, keeping the uniqueness of your private key.

Independent crypto chip
Dual-chip architect, with an EAL5+ crypto chip, protecting your crypto asset from malicious attacks.

100% off-line
SafePal S1 only interacts with SafePal App via encrypted QRcode in isolated environment, rather than Bluetooth, NFC, Wifi, USB or any other connections, keeping the asset 100% off-line.
Anti-tampering technology
Anti-tampering technology Self-destroy and data-erasing mechanism embedded, protecting your crypto asset from both software and physical attacks.

PIN code protection
• Disrupted order of digits
• Hidden digits of the PIN
• Self-destroy during brutal attack

Smooth and seamless user experience
1.3' high-resolution screen
Accessible and friendly, showing every detail of your asset

Mobile-friendly
Send money anytime, anywhere as you like!

Scan and send
Send money with a simple scan at your fingertips

Simple back-up and recovery
Supporting all BIP39/BIP44 standard with fast and easy recovery mechanism. Don't worry, we've got your back.

SafePal App
Manage 1000+currencies in one App, easy to take full control
Keep every transaction detail in record
All records trackable in real-time

This is their help center. The content is very detailed and looks good. There are quite a lot of descriptions of security.
I also follow their Twitter (https://twitter.com/iSafePal?utm_source=forum&utm_medium=Bitcoin%20Forum&utm_campaign=Daily), they are very active in interacting with users, and often post product activity.
Meanwhile, I also joined their Telegram group (https://t.me/SafePalwallet?utm_source=forum&utm_medium=Bitcoin%20Forum&utm_campaign=Daily).
Currently, there are hundreds of users in the group. The interaction is very active.
They have 3 administrators who are responsible for responding to user inquiries.
I see the group user feedback and they are very satisfied with the product.
The most important thing is that they only sell for $ 39.99, which is the cheapest cold wallet I have seen, and Binance Investment feels very reliable.

So please help me identify whether such a cold wallet is worth buying?

When it comes to hardware wallets track record and established competence is far more important to me than who's endorsing it.

We can point to years of use with Trezor and Ledger. I don't like the way Ledger operate so would favour Trezor.

Safepal might be wonderful. I'd rather let other people prove it to me over several years.

I am sure this post can be considered as promotional attempt by SafePal. However,  I am not making a judge on who is posting here but what is being posted. As the first hardware wallet invested and backed by Binance, there must be something good and forward-looking with this product provider. Let's see if it can be able to compete well with Trezor and Ledger, the two most popular brands in this business. In case, Binance will decide to flex its marketing muscle to help SafePal then I am sure it can easily capture a good slice of the available market. Good luck to this project.

This.

Why are going to risk your money in this new wallet?
Buy a ledger or trevor for your savings. If you want to have an exotic wallet , just try this safe pal for small amounts.


No they are not complicated to use. They are simple


Nothing new here.
Trezor and ledger do all that.

I think you are not new in crypto, and that you are promoting this wallet - even if you think that hyperlinks can hide your links, it's more than obvious what it's really about. Personally, I find these promotions very insidious, since they assume that the forum members are stupid people who click on all the links and do not check them before.

---

I am with Ledger for now, and the other option would definitely be the Trezor. There is currently no third option worth the risk, so in my opinion, every air gapped wallet is safer than a hardware wallet without any reputation.

When it comes to security of funds then im too paranoid with that and the thing you said was right.It would take for several years and a bunch of positive feedbacks before i do consider on using up a new wallet.

Other than that- i dont tend nor plan to try it out just for the sake of curiosity.Always stick to the known ones and you'll be safe but it doesnt mean that new players doesnt have a chance.
They do just need time to prove out.

The fewer people try out new hardware wallets, the less likely it will be that new hardware wallets will be exposed for having bugs or backdoors. It basically means that even after the few people who used their wallets without any problems for a couple of years straight, the vulnerabilities can and probably will show up when the mass is stress testing it.

It's hardware and software combined, so there is a lot that can go wrong. The best hardware and software engineers work for the biggest companies in the world, and even they don't manage to design a perfect product in terms of safety/security. In that regard, we should expect less 'perfect' products from the companies behind the most popular hardware wallet brands.

I still hold about 70% of my cold wallet funds in simple paper/metal wallets. Easy to hide and transfer and it gives me a peace of mind. The other 30% sits in Ledger Nano S's.

It's name might be 'safepal' but it seems not to most. It has been said that when it comes to the reputation nothing beats Ledger and Trezor. Although there's keepkey and other competitors but that's what we always hear from the people of the community.

It will take time for safepal to prove themselves but it doesn't guarantee users to jump off to them quickly.

Ah, seems a promotional post and a paid one. Well, above answers are enough for you to understand, that competition is good for hardware wallet market, but the reputation of the company and the product is the priority when buying a hardware wallet.
Introduce us a HW that ledger and trezor doesn't have with of course, a secured, open source, budget-friendly, simple and user-friendly designs.

I also noticed this thing immediately after I opened this link. OP pretends that he is just random guy, when in reality he is an employee of that company. It's not good way of promotion, because people will definitely will notice these tracking tags in link. You had to come straight as company employee as all professional business do here.

---

There is quite many hardware wallets in market, not just Ledger and Trezor. So, I just ask you one question which I usually ask in such cases when someone promote new hardware wallet. Can you tell few strong reasons why people should pick your hardware wallet, instead of these trusted and most popular wallets?
P.S. You should move your topic to Hardware wallets child board.

If it is covered by Binance, why is it not being officially announced on that platform, I think you will find more acceptance if the sale is through Binance.com.
I followed the links on the site and all refer to Binance.com, but there are no links from Binance to safepal.io.

Generally, if you find enough confidence, I think the price of $ 40 is very cheap compared to the ingredients.

They did include some references to this wallet.

https://docs.binance.org/wallets/safepal.html
https://medium.com/binance-labs/buidlers-season-1-project-3-of-8-safepal-1b8fb1e9c974
https://www.youtube.com/watch?v=8olCNqR_2wY

If anyone wants to look at a video to see the device in action here (https://www.youtube.com/watch?v=7MGlcmQTCfs&feature=emb_logo). I like it with the screen  ;D 1"3 perfect for me.

You can store a lot more cryptocurrencies compared to Ledger (I don't know with Trezor) and they plan to add 2-5 chains per month. Their architecture seems to be a lot more different compared to Ledger, hence the device could support an unlimited number of altcoins as they say.

I know some people think, anything new isn't to be trusted, it needs track record, etc but they all have to start somewhere, they can't become well know and get their reputation in 1 month. And if we follow this logic the HD wallet ecosystem will never evolve. I agree with @1Referee too

I think  I'm going to buy it to play with, they sell it for $40 currently.


It's backed by BinanceLab if I'm correct.
 

Binance invested and backed SafePal so something partnership.
Since they also enabled the SafePal hardware wallet to the Binance Dex (https://medium.com/safepal/binance-dex-now-live-in-safepal-614cf2d8437a).
https://m.safepal.io/
https://i.imgflip.com/3kti9v.jpg (https://imgflip.com/i/3kti9v)

It caught my eye with the headline that it is "100% offline" and only communicates via QR codes. I assumed the USB port on the bottom was power pins only for charging and no data transfer. That was until I saw on their website that it does indeed have a data connection which you have to use to flash the firmware, meaning it is just as vulnerable to this attack vector as any other hardware wallet.

Beyond that, I don't see what it is offering that other wallets don't already? It seems to boast a lot of coins/tokens, but given that >99% of those 2000 assets are completely trash, that really doesn't appeal to me either. I think more competition in this space is always a good thing, but unfortunately there's not enough here for me to risk my funds on a new and untested product for essentially no new features.

No new features and what is more important no reason to stop using the already trusted hardware vendors because with proper care they do the job they were built to do. Protect your seed words, don't enter them anywhere online or in a bogus software, use a strong passphrase and you are good to go.

Closed source, no plans provided how to build your own clone from scratch, no secure element, can't find anything whether it has been professionally audited by anyone of competence.

It's nice that there's more competition, and I'd trust Binance more than a new random no-name startup, but the above make it a deal breaker for me.

I hate to bump this thread, but I did see this SafePal wallet on Amazon and did a search here to see if anyone had reviewed it.  I agree with you that OP is/was a shill for SafePal and that really puts a bad taste in my mouth, because it's just a flat-out lie that he's a noob looking for a hardware wallet.  Obviously OP hasn't made any more posts on bitcointalk, so he's busted.

I was wondering why there aren't more hardware wallets being discussed in this section, because there are quite a few on Amazon that look pretty but are really expensive.  Seems like the older, more well-established ones are the most popular and I totally understand why.  I'd be tempted to buy something like a SafePal wallet if I knew it worked well, but with no track record....it's tough to justify.

Ah.  Then the only reason to buy it is as a collectible (lookin' at you, gentlemand, with an eye toward crypto history).

Same as Bitcoin vs alts? Why would you take the risk on something that isn't battle tested and subject to the obsessive scrutiny of thousands of its users?

I'll be the first to admit I'm clueless about this stuff. I'll stick with the gear that has the most clued up people keeping it honest.

It's kind of an endless loop.
If you are new how to you gain traction in this sector.
Design / build / implement. That's simple.
Now you have to prove its safe. (open source hardware / software) but then what?
How do you get a foot in the door with the big players?

-Dave

I don't have any problem in testing new hardware wallets.
We don't live in stone age that we have to use one wallet all life, and for sure something new and better will show up.

I think Safepal is still cheapest hardware wallets, and it is better than regular mobile wallets for sure.
Ledger is better for sure, but Safepal have some advantages, and nothing wrong with having several hardware wallets.

Sure, but be aware that if you are mirroring the same wallet(s) across multiple hardware wallets, then your coins are only as secure as the least secure of all the wallets.

Lets say you buy a handful of different hardware wallets, and restore from the same seed on each one. One of them turns out to be either a deliberate fraud or simply poorly designed. The next time you use it, it leaks your private keys to an attacker somewhere. All your other hardware wallets are moot at that point. It would be like importing your seed from your Ledger device to a web wallet. You've essentially negated the entire point of the hardware wallet.

Both gentlemand and DaveF are correct. I'm also never going to buy a brand new hardware wallet like this, or at least, if I did it would be for experimenting only for very small amounts of bitcoin, and never as a main hardware wallet. What's the point in taking the risk on an untried and untested device? But at the same time, it makes it very difficult for new providers to enter the space, which is a bad thing. Catch-22 situation.

Why would anyone do that?
People should know to NOT reuse addresses or use it only in rear situations, and importing private keys/seeds should NEVER be done, except if you need to recover wallet.
New wallet - New seed words.
How can anything 'leak' from Safepal when it has no internet connection (that could not be said for Ledger or Trezor) and it is 100% offline?

I would also not use it as main hardware wallet now, but I would not say it is not tested, as Binance exchange is using it and sponsoring it.

Because people are dumb and/or careless.

Correct, but people also frequently lose their coins from inputting their seed phrases in to random websites or storing them online.

It has a USB data connection to flash the firmware, so the claim that it is completely disconnected from everything is false. We also have no idea what security it has against physical attacks since that hasn't been tested yet, unlike Ledger and Trezor devices.

Well, that depends on how much you trust Binance. I trust any centralized exchange only marginally more than I trust Craig Wright, so I'm afraid that endorsement doesn't mean much to me.

So you 'trust' Ledger and Trezor because somebody unknown tested it, and it is connected to internet each time you plug USB in your PC ?
That means you trust people who tested it.
Some say that LedgerLive is maybe reporting your total balance and who knows what more each time you open it.

I could say that I don't trust any wallet manufacturer or any exchange, not just Binance or Safepal.
Hackers did hack both Ledger, Trezor and Binance (in specific situations)

Show us examples of someone hacking a hardware wallet (Ledger&Trezor) that resulted in the loss of funds from that wallet? You will certainly not find something like that because it has always been about theoretical vulnerabilities that required physical access to the device, sophisticated equipment and a certain degree of knowledge in order to carry out the attack. When it comes to remote attacks that would involve hacking devices and successfully extracting seed/private keys, this is still in the realm of science fiction.

I personally do not have 100% confidence in Ledger or Trezor, but I have a lot more than in some completely unknown hardware wallet that is closed source. The only people successfully hacked while they used hardware wallets are the ones who have somehow exposed their seed, but that's another story.

Never said that. What I did say was that Ledger and Trezor devices have been extensively attacked and penetration tested by a variety of different third parties, researchers, companies, etc., and by definition, any new wallet has not had that.

The hardware wallet itself is not connected to the internet, and the keys do not leave the device during normal operation anyway. If you are still concerned about it, then you could just use it with an offline computer.

Good thing I don't use it then. ;)

Absolutely. There is no security set up which is 100% safe, but there's a big difference between needing to physical steal a Ledger wallet and have access to a scanning electron microscope to interrogate the secure element, and hacking in to a Binance account with a simple phishing email.

Can you show me examples of hacking Safepal and losing funds also?
There is nothing theoretical about fact that Trezor wallet was hacked
https://steemit.com/bitcoin/@tomshwom/lessons-from-the-trezor-hack

Similar hack happened with Keepkey wallet recently.

If you hold devices, you can do wonders.



You don't use it but 99% of people do use it.


Well Binance hold funds in cold wallets, so it is not 'simple phishing email' hack.
If it is so simple please hack it and hire hacker .... just for fun, you can return funds later, and get bounty from them  ;D

Why are you pointing out that something was hacked and not stating how it was done? Once again, this is something that requires physical access to the device, and the whole article actually comes down to one sentence: "The TREZOR hack should be a stark reminder that physical security is still extremely important."

You completely ignore the Trezor reputation and the fact that it is open-source, with something completely unknown and closed source. I consider this a significant difference, everything else is a matter of choice.

I also disagree that 99% of people who own Ledger S / X use Ledger Live, I use Electrum. As far as privacy is concerned, even Electrum does not offer protection against someone finding out your coin addresses, IP address and the amount of coin you have in your wallet. Of course, this can be achieved by using Tor or VPN, but from the wallet creation itself onwards.

Binance holds coins in cold wallets, but also in hot wallets - just like any other crypto exchange. Do you think it would be possible to do business if all the funds were in a real cold wallet? I can't say what percentage of coins  Binance (https://www.binance.vision/blockchain/crypto-wallet-types-explained) holds in a hot wallet, but with Coinbase it is 2%.

So what if trezor software is open-source?
Open source is not holy grail, it just means that anyone can read and fork the code.
I am waiting for you to also show me hack for Safepal wallet.

Maybe you are not in 99% of people, but if you don't trust me you can contact Ledger support, and ask them for statistic to see how many people use LedgerLive. You will be amazed.
You can disagee as much as you want.

Disclaimer:
I don NOT have Safepal.

Sure, an open source wallet isn't automatically better than a closed source one, but at least with an open source one you are able to evaluate it and decide, rather than just trusting.

Of course no one is going to be able to provide that yet. It's only just been released, and according to their website, there is currently a shipping delay until at least February 3rd. No one is going to be able to security test a device without having the device.

Trezor have been around for over 5 years. I'm absolutely certain that at some point in the next 5 years, someone will discover a vulnerability in SafePal, because as I said above, no device or set up is 100% safe.

I agree, but as far as I know Ledger is NOT open source software, and even for open-source you need to trust other people if you can't read the code.


Let me give you one info.
Every shipping from China/Hk is delayed due to Chinese New Year and outbreak of new virus.

I agree with you - no device is 100% safe.
Every wallet can be hacked if hacker have it in his hands.

I use this wallet and I have not had any problems. This hardware wallet might be my favorite out of all of my hardware wallets. I do not own a Ledger or Trezor though, as I prefer all of my hardware wallets to never be connected to a device while the device is connected to the internet.

There is no requirement for a Ledger or Trezor to be connected to an internet enabled device. You can use your hardware wallet to set up a wallet using a client such as Electrum on a permanently airgapped device, and then also use Electrum to create a "watch only" wallet on an internet enabled device. Create a transaction on the internet enabled device, transfer it the airgapped device, plug in your hardware wallet to sign it, and then transfer it back to your internet enabled device to broadcast it.

Having said all that, it kind of defeats the point. Half of the point of a hardware wallet is that you can use it on any internet enabled device, even one bursting with malware, and your private keys are not at risk and no transaction can be made without your approval. And if you are going through the effort of setting up an airgapped wallet anyway, then why not just encrypt the wallet? What does adding a hardware wallet in to that set up achieve?

Yeah, I know. I just wanted to make it easier for the non-tech people around me. It is a pretty slick little device and I did update the firmware only once when I got it. I used an online device to download the firmware and then I copied the file to a airgapped device and then connected the wallet to the airgapped device to copy the file to the wallet. Then I installed the update via the wallet interface after disconnecting from the airgapped device. This might be a little overkill, but it was fun.

Shoot, I didn't even let the device create the wallet for me since I restored an existing wallet, all while offline. I do have one disclaimer though, I have only sent bitcoin to it and I have not used the wallet to send any bitcoin. I guess if all of my bitcoin disappears after I send some, then I'll know this wallet isn't any good. The only way that I could think that could happen though, is when I'm am scanning the QR code on the wallet with the Safepal app on my phone and it somehow transmits my seedphrase/private keys through the QR code to the app and sends it to hacker.

But shouldn't I be able to scan the QR code with a different device to see what it is transmitting and be able to see if it is transmitting my seedphrase?

You could. You can decode QR codes easily to see what information is being communicated. However, being able to understand what the string of letter means is a whole other issue altogether. The seeds could be discretely obfuscated and you wouldn't be able to tell without close inspection.

Being extra careful with your wallet is sometimes not enough; addresses/seeds being generated could still be intentionally weakened for others to steal. Doubt it would happen very often but it has happened before.

I sent some bitcoin out of my Safepal wallet last weekend and everything went fine. I did notice the QR codes it creates is encrypted, so only the Safepal app knows what I'm transmitting. Also, since I didn't use the wallet for 5 months, I had to recharge it before using it. I also upgraded the firmware from an offline device before sending some bitcoin out of it.

According to the Safepal app, the remaining bitcoin in the wallet is still there. So everything is still good. I'll come back here in the future and post anything suspicious from using the wallet.