 Show Posts
|
|
Pages: « 1 [2] 3 »
|
Cypherock X1 now ships with a Hard Case - https://twitter.com/CypherockWallet/status/1719697106984972728- Comes FREE as part of the packaging
- Is a Faraday Cage to protect against unintended EM waves
- Use it to keep other hardware wallets along with your Cypherock X1 safe against scratches
- It is Dust & Water Resistant
|
|
|
|
Cypherock X1 now ships with a Hard Case - https://twitter.com/CypherockWallet/status/1719697106984972728- Comes FREE as part of the packaging
- Is a Faraday Cage to protect against unintended EM waves
- Use it to keep other hardware wallets along with your Cypherock X1 safe against scratches
- It is Dust & Water Resistant
|
|
|
|
Is there any evidence to prove this claim because I checked for company details, and it says it's Singapore based company. This is the only proof I have - https://www.forbesindia.com/article/take-one-big-story-of-the-day/india-can-lead-the-web3-revolution-but-lack-of-regulations-can-be-a-businesskiller/84997/1Not sure if this works. We are a Singapore company but the product is manufactured and shipped from India. You will not incur any customs duty when we ship. We were earlier an Indian company before 2021 when we had to restructure the company into a Singapore entity. And It's not really hardware wallet, it's more of a crypto card that eliminated the need of backup seeds, which is not really recommended procedure for long term holding. Not true. If you read it correctly, there is a screen-based device called the X1 Vault that comes with the 4 cards. The seed phrase is never permanently stored anywhere, neither on the device nor on the cards. You verify the transaction details on the device, then enter the PIN and finally tap a card to authorize a transaction. Here is the video demo - https://youtu.be/vO8ajyhNfTQ |
|
|
|
Cypherock is a company founded in 2019 to build India's 1st Hardware Wallet. Cypherock X1 is the 1st product released by the company. Cypherock comes with 5 hardware components - 1 X1 Vault and 4 X1 Cards. The X1 Vault is the main computational device used to perform transaction signing and verification. It comes with a screen, 5-way joystick and connects through USB-C. The X1 Cards are same secure hardware used in the banking industry to make your debit cards and communicate with the X1 Vault through encrypted NFC. In order to perform a transaction, you need the X1 Vault and you just need to tap any X1 Card to authorize it. Features1. Unlike other hardware wallets, Cypherock X1 allows you to secure upto 4 seed phrases in the same product. You can protect each with a different PIN. Hence you can use one wallet for storing NFTs and maybe another wallet just for securing your valuable coins. 2. There is inherent protection against loss. As along as you have access to 2 out of the 5 components (either 2 X1 Cards, or 1 X1 Card and the X1 Vault), your assets are accessible. You can lose upto 3 components at the same time and still be sure that your assets are recoverable. 3. There is inherent protection against theft. For a hacker to compromise the assets, he will have to find the locations of atleast 2 out of the 5 components physically and then buypass the PIN protection on top of them individually, which is extremely difficult. 4. There are no seed phrase vulnerabilities. You are not required to backup your seed phrases on a piece of paper or a metal backup. 5. It supports more than 3000 digital assets. 6. It is the World's first sufficiently trustless wallet. Today, you have to trust your wallet provider that they will not push a malicious software update to your wallet that extracts out the private keys. In Cypherock X1, even if a developer pushes a malicious software update to the X1 Vault, they will not be able to compromise your private keys since your private keys are never stored as a whole on X1 Vault permanently. X1 cards are not upgradable once shipped to the users. 7. It is going to support a non-KYC inheritance service that will allow your assets to be recoverable by your loved ones without Cypherock ever in a position to compromise user's assets. More on this soon! 8. It is BIP39 compliant. Hence it is interoperable with your existing wallets. 9. It is made and shipped from India. Hence you don't need to pay customs for the product and you get local customer support. Use Cases1. Use it as a hardware wallet without needing to backup the seed phrase. You can read more here - https://cypherock.com2. Use it as a seed phrase backup manager to secure the seed phrases of your other hardware and software wallets. You can always view the seed phrase of a particular wallet by tapping an X1 card on an X1 Vault and entering the PIN. You can read more here - https://cypherock.com/wallet-backup3. You can view and manage all your other wallets' portfolio through a single app. You can read more here - https://cypherock.com/portfolio-managementSecurity1. It is open-source - https://github.com/cypherock. 2. It is audited by Keylabs that have found vulnerabilities in Ledger and Trezor hardware wallets before - https://cypherock.com/keylabs. 3. X1 Cards have EAL 6+ certified secure elements. You can set a PIN protection on top of them. 4. X1 Vault have a dual chip architecture and uses ATECC608A secure element, the same secure chip used by Coldcard. 5. It is one of the few hardware wallets with a reproducible builds as verified by WalletScrutiny - https://walletscrutiny.com/hardware/cypherockx1. For technical understanding of the working of the product, you can refer this thread - https://bitcointalk.org/index.php?topic=5459720.0I would love to get the community's feedback on the same. Here is a coupon code for 10% off if someone wants to try it out - bitcointalk10 |
|
|
|
Here is what I don't like at Cypherock X1 wallet, other than lack of support for Electrum (Sparrow wallet and other third party wallets) and multisig setup. This is coming soon. Probably in the next couple of months I will announce it here itself. Price is a bit more expensive than other alternative hardware wallets, I would say it equivalent to Foundation devices. But we will try to reduce the price even further as we scale up the manufacturing. there is no support for full Bitcoin node Electrum support will enable this automatically. no signing messages We are releasing the SDK soon. That will solve this as well. Expect it to be supported by August. one account for coin This is already supported multiple accounts for a single seed phrase. We already support passphrase as well. no coin control. Electrum support will enable this also automatically. ATECC608A secure element is a bit outdated and it has some security issues, so it probably should be updated with newer model. This will get upgraded soon as well. [/quote] |
|
|
|
No problem, but I am not supporting anything, I just tried to help with answering a question you asked me in private about old ANN topic and inactive member Nmnsth  I meant that only. Otherwise, I have seen here people marking spams for similar posts. I just wanted to be sure what I am doing is right. However, at this point I think Cypherock X1 is not fully ready to be used as main hardware wallet, unless you made some significant improvements from last time I checked.
Lack of support for Electrum and other third party wallets was one of the main deal breakers for me. Can you list down features/support requests you would love to see on Cypherock X1 that would convince you to purchase it? Here is what I could infer - - Electrum, PSBT support
- Multisig support
|
|
|
|
Which remains a single point of failure, so to claim there is no single point of failure is incorrect. Ok makes sense. Technically you are right. Updated the original post with the correct statement. A multi-sig option at least has the option to use the wallets at different times in different places. SSS does not. I agree. Though in our product, we can make some changes to enable sharing of the Shamir shares remotely from different places securely which solves the different places problem. Though it does not solve the different times problem, you can always couple the product with a multisig setup if you want that for yourself. Additionally, since with Cypherock X1 you don't need to maintain a seed phrase backup separately, it makes it easier for new users to create their multisig setups. A noble cause, but you should at least be honest in your marketing and not make factually incorrect statements to appeal to users who don't know any better. I don't think I made any factually incorrect statement apart from the nuanced take on the single point of failure. Since you mentioned statements, can you point me to others which you feel are factually incorrect? That's good to hear. What's the time frame for these being released? 3-4 months is what we are seeing right now because we have requests for other other priority features by the current users. You can check our public roadmap here - https://cypherock.com/roadmapIf an attacker compromises the device with malicious firmware, then they just need to wait for the next time you want to make a transaction and tap one of your cards. Hence, a single point of failure. As clarified above, the single point of failure is in the context of seed storage. If the hacker attacks any other hardware wallet physically, your assets could be compromised. But not with Cypherock X1, since the hacker will also need to physically find another card, compromise its security and only then he may be able to access the complete seed to compromise the assets. Even in your example, the card authenticates whether it is communicating with a genuine device. If you have not already, I would recommend you to read the audit report to understand the security threat model of Cypherock X1 - https://cypherock.com/keylabsThe lack of standardization is a real problem with all SSS schemes. If your codebase disappears, there is a real risk users are unable to recover their coins. To be safe the user needs to personally download and store copies of your codebase, which is a significant hurdle for most average users. As I said even if the codebase disappears, you can always view the BIP39 seed phrase and back it up separately if you think this is a risk for you on a personal level. You can argue the same risk for any other open source hardware wallet. |
|
|
|
Agreed, despite the fact that basic procedure for SSSS is well-defined, AFAIK, there is no standard for its algo/protocol. Consequently, implementation can vary across different systems, potentially leading inconsistencies. That is why any specific device-based or software wallet employing SSSS presents a single point of failure resulted from lack of standardization. I agree, this is definitely one of the things we realize the industry needs badly. Our implementation is open source and we hope it gets adopted and standardized further. When we started building Cypherock X1, we looked into Trezor's implementation of Shamir backups but concluded that any implementation that is going to scale, needs to be BIP39 compatible to be adopted. Hence we had to develop our own implementation. Though I don't think the lack of standardization is going to result in single point of failure. The code is always open source and BIP39 compatibility makes your seed interoperable with other wallets. Regardless, you can always pair it with Multisig to standardize your key custody if that helps. |
|
|
|
If only 2 cards can access my coins then I need to protect the cards too, so if I lose 2 cards that means I lose my coins, and if I need X1 Vault with one of the cards then there is a central point of failure which is X1 Vault. There is a PIN protection on card also individually if set which protects against cases of collusion. You can lose upto 3 hardware components and still be fine since you can recover the assets from device + card or 2 cards. So no, you don't lose your coins if you lose 2 cards. Answering along the similar lines as I answered before, the only point of failure comes when you are actually transacting with the X1 Vault and the card. Even in that case, the private key only exists in the temporary memory during transaction signing and the private key as a whole never touches the permanent storage. If you are comparing to multisig, in most multisig wallet cases, if a single user is operating it, whether we like it or not, the user is using 2 wallets at the same time at the same place which defeats the purpose of multisig. And again, we are trying to build the best possible wallet for securing a single seed. You are free to use Cypherock X1 as part of a multisig wallet setup as well. In addition, NFC is a short-range wireless connectivity which adds more problems because of wireless connection. There is encrypted NFC communication session established between the device and the cards before any sensitive message is exchanged. Not sure what the concerns are then. Also, I personally don't get the point of rallying against wireless connectivity. A hardware wallet is built keeping a threat model in mind. Atleast for Cypherock X1, we assume your PC and its communication medium with the wallet both are compromised and still the hacker should not be able to compromise the assets until you physically authorize a particular transaction. Can I extract wallet seed from the X1 Vault? No. The wallet seed is never permanently stored on the X1 Vault. Does this mean that it is similar to Ledger Recovery but is non-KYC? I advise any HW service to stay away from the complications of inheritance or the possibility of the user recovering his seed because it means that a third party will keep part of encrypted seed, which contradicts all the concept of hardware wallets. No. The seed will NEVER leave the secure hardware environment in our case ever. More on this soon when we release the specs on the same. |
|
|
|
This is just factually incorrect. One of the main weaknesses of every Shamir's secret sharing scheme is that they all have a single point of failure - the device which creates the shares in the first place and the device on which the shares are brought back together in order to recover the original secret. This is one of the biggest disadvantages of SSS over multi-sig, which (when used properly) truly has no single point of failure. It means no single point of failure in private key storage. The only point of failure comes when the user is actually transacting with the X1 Vault and the card. Even in that case, the private key only exists in the temporary memory during transaction signing and the private key as a whole never touches the permanent storage. Also in most multisig wallet cases, if a single user is operating it, whether we like it or not, the user is using 2 wallets at the same time at the same place which defeats the purpose of multisig. And again, we are trying to build the best possible wallet for securing a single seed. You are free to use Cypherock X1 as part of a multisig wallet setup as well. Rather than comparing us with multisig wallets, a fair comparison is actually other hardware wallets. How? Let's say I am an average user, lose my vault, and you have gone out of business so I cannot purchase another vault. How do I recover my seed phrase from two or more cards? Bear in mind I am an average user who is unable to manually extract data from NFC cards, unable to clone and compile github repos, and so on. How do I recover my coins? We are building an open source Android and IOS apps that will do this. Here is a sample prototype for the same. Regardless, if you have the X1 Vault, you can always view the seed phrase with the help of another card. Also, we have answered this question on our FAQ page - https://cypherock.com/faqYou or an attacker doesn't need to be able to compromise the cards. I have to use the device to recreate my seed phrase in order to sign transactions. Compromising the device is sufficient to compromise my wallets. Never did we say that this was enough. Compromising the device to steal the assets is not enough since the user will still need to use the cards along with the device atleast once. The PIN protection on the card is separately enforced on the card itself and the card have end-to-end encrypted session-based communication with the device. Which means, it also authenticates the device during communication. By no means this is perfect but we think it adds a barrier against an insider attack. Additionally, we are open source and the firmware builds have been verified by Wallet Scrutiny - https://walletscrutiny.com/hardware/cypherockx1/ |
|
|
|
I honestly find it frustrating that I cannot find a solution to this. Google/any search engine literally gives results like "how to create your eth wallet" when I ask this. (and I've tried multiple searches)
I need a wallet that I can input multiple mnemonic phrases and/or recovery keys and see all balances at once in a single app. Hopefully for all major coins like btc, eth, ltc atom .. etc but I cannot find a single wallet that offers this. All the mainstream wallets like exodus/atomic only allow for one mnemonic import then you can only sweep private keys into your wallet (like exodus) and even metamask only allows one mnemonic per google profile, after that its only private keys. I don't care if its some sort of api based system or a cli in linux I would prefer that actually but at this point (a cli) I'm so lost. If anyone uses the safepal app on android/iphone its honestly the best you can use it for mnemonic imports its not only a cold storage app, and when you load up the app all your balances refresh. The closest thing I found was Coinomi but the only bummer about this app on windows or linux is that you have to click each wallet to view the balances it doesn't show like a dashboard with all balances.
Am I the only one with this issue???
Has anyone found a wallet that allows multiple mnemonic recovery phrases to be inputted and view all balances at the same time?
multiple crypto wallet apps on windows linux
Yes, check out Cypherock X1. Secure multiple seed phrases - https://cypherock.com/wallet-backupView balances of all wallets in one place - https://cypherock.com/portfolio-management |
|
|
|
Apologies, I am not that used to Bitcointalk and hence forgot about the pagination. You don't store it yourself, but does that mean that someone else might store it for you? Like other wallets, there are services like Analytics and others we use currently that require collection of data. You don't mention in your Privacy Policy for how long the data is stored and after how long it gets deleted or anonymized: Yes, the privacy policy is going to be updated soon. We intend to delete the geographical addresses and contact info within 30 days from the date of delivery. We intend to keep the name and email to communicate important announcements like security patches or major feature releases. How much time needs to pass before a customer can request to have all its data removed from your servers and offline copies (if they exist)? What does the local law require you do in terms of how long the data needs to be stored? We are a Singapore incorporated company. As far as I know, like every other company, we would need to maintain the invoices for company compliance for atleast 5 years. Read - https://www.iras.gov.sg/taxes/corporate-income-tax/basics-of-corporate-income-tax/record-keeping-requirements |
|
|
|
Hello everyone, I am the cofounder of Cypherock wallet. I am moving this thread to a new post as the current OP is no longer working with the company. Please continue the discussion here - https://bitcointalk.org/index.php?topic=5459720Thanks @dkbit98 for supporting this. |
|
|
|
Cypherock X1 is a new kind of hardware wallet that never stores the master seed as a whole anywhere permanently eliminating most of the attack vectors associated with the current hardware wallets. Cypherock comes with 5 hardware components - 1 X1 Vault and 4 X1 Cards. The X1 Vault is the main computational device used to perform transaction signing and verification. It comes with a screen, 5-way joystick and connects through USB-C. The X1 Cards are Smartcards and communicate with the X1 Vault through encrypted NFC. Each of the 5 components store the 5 Shamir Shares individually. In order to construct back the master seed, you need the X1 Vault and any one of the X1 Card along with the PIN if set (2-of-5 Shamir's Secret Sharing). https://imgur.com/a/HnYMQ7XProduct Features- It is BIP39 compliant wallet. Unlike other wallets, there is no need for the user to write the 24 recovery words or the seed phrase anywhere. Although there is still an option on the device to view the seed phrase through the device + card + PIN (if set)
- No Single Point of Failure in private key storage as the private keys are never stored permanently in a single place giving it 10x more security than other hardware wallets.
- Most of the hardware wallets today only allow the user to store one seed phrase per hardware. Cypherock X1 allows the user to store upto 4 different wallet seed phrases on a single Cypherock X1. Generate new wallets or use any of these 4 slots to backup your existing hardware and software wallets, thereby using the Cypherock X1 also as a seed phrase backup manager. You can protect each with a different PIN for each seed phrase. I have discussed about this use-case on this thread - https://bitcointalk.org/index.php?topic=5457147.0.
- It is going to support a non-KYC inheritance service that will allow your assets to be recoverable by your loved ones without Cypherock ever in a position to compromise user's assets. More on this soon!
- There is inherent protection against loss. As along as you have access to 2 out of the 5 components (either 2 X1 Cards, or 1 X1 Card and the X1 Vault), your assets are accessible. You can lose upto 3 components at the same time and still be sure that your assets are recoverable.
- It is the most trust minimal wallet compared to the rest of the options today. Unlike the other popular wallets where the user needs to trust the manufacturer that they will not push a malicious software update. With Cypherock X1, there is an additional protection against this problem since the X1 Cards once shipped cannot be updated by us. Hence even if there is a malicious software update hypothetically, it could only compromise the device but never the cards.
Security1. It is open-source - https://github.com/cypherock. 2. It is audited by Keylabs that have found vulnerabilities in Ledger and Trezor hardware wallets before - https://cypherock.com/keylabs. 3. X1 Cards have EAL 6+ certified secure elements. You can set a PIN protection on top of them individually. 4. X1 Vault have a dual chip architecture and uses ATECC608A secure element, the same secure chip used by Coldcard. 5. It is one of the few hardware wallets with a reproducible builds as verified by WalletScrutiny - https://walletscrutiny.com/hardware/cypherockx1. Website - https://cypherock.comThis is in continuation to the thread - https://bitcointalk.org/index.php?topic=5429275.0. The OP of the thread has left the company. Thanks @dkbit98 for supporting this. |
|
|
|
|
