BC Vault hardware wallet - is this a reasonable answer to a question?

[davewho]

Hi, I recently asked BC Vault a question about recovery:

Hi, if I purchase a BC Vault, and later it breaks or is stolen and I need to restore my backups (sd card/paper), presumably I can ONLY restore to another BC Vault, unlike with BIP39 seed words where I could restore to any device? I'm thinking of a situation where BC Vault goes out of business. Am I correct here or have I misunderstood the backups?

They replied and this is their response:

You are correct. We have considered this exact scenario and have prepared a decryption application for backups which can extract raw private keys from backups provided you have all the necessary information (global pin, global password, wallet pin, wallet password). We will release this application as an open source project on GitHub in the event of the business shutting down.

After quite a bit of research BC Vault would be my preferred choice for several reasons (storage types, security, volume of crytocoin types it will hold, non-deterministic wallets, family members can use it also etc), but this backup and recovery option feels risky to me.

Thoughts?

[Rath_]

[...] but this backup and recovery option feels risky to me.

It is risky. Other hardware wallets allow you or even force you to back up the mnemonic phrase they generate which is supported by many software wallets. There is no guarantee that they will release that application. How are you supposed to enter a wallet and account password on that device? Doing it on a computer is completely unsafe.

After quite a bit of research BC Vault would be my preferred choice for several reasons (storage types, security, volume of crytocoin types it will hold, non-deterministic wallets, family members can use it also etc) [...]

Can you elaborate on that a little bit? We might be able to recommend you a different hardware wallet.

[mocacinno]

My first tought: are you the owner of bc vault or being payed to promote them? I mean, did you really register an account on bitcointalk to give an answer to a question nobody has asked (AFAIK)

My second tought: i'd never jump in and buy an unknown hardware wallet, when there are several community-vetted existing alternatives that do the job quite well.

I used google to research this wallet, and other than the fact they claim to be the only one that offers secure backups, i don't see anything worth risking my coins over. And i wonder: why would you even make backups... Other wallets use a seed phrase which can be extended with a custom password in case your seed phrase gets discovered, this seed can be used to restore your wallet... usually you can just use a compatible software wallet in case the company goes out of business. At first sight it seems bc vault does not use this existing, community vetted, technology, so it actually needs you to make backups. To me, it seems they fixed a problem they created themselfs, then brag about the fact they fixed the problem...

[davewho]

Yeah, that's a shame, I liked that wallet a lot. No, I'm not the owner or in any way affiliated with them, just a regular Joe.

My first tought: are you the owner of bc vault or being payed to promote them? I mean, did you really register an account on bitcointalk to give an answer to a question nobody has asked (AFAIK)

Does it seem likely that I would promote this company in some way by posting about what I found to be a negative? I don't think so. Yes, I really did create an account here to post a response to a question that I asked them... I don't get why you would think there's anything dishonest about this? Why would you create an account other than to ask a question or contribute? I'm relatively new to this and after googling and researching as best I could, I could find no definitive answer as to whether this was a deal breaker or whether I was misunderstanding, so figured there would be someone here that was far more knowledgable than me. Reasonable?

There is no guarantee that they will release that application.

Yes, my thought exactly!

How are you supposed to enter a wallet and account password on that device? Doing it on a computer is completely unsafe.

Think you can enter it on the device itself, there's a screen and a Dpad thing.

I didn't go into detail as it seems already Mocacinno thinks I'm promoting the device... I'm not. I think the key thing for me was the anonymity/privacy of non-deterministic wallets. My understanding of the other typical wallets is that they're deterministic meaning that it is possible to relate the wallets held on the physical hardware back to one another somehow. I watched a video where Andreas Antonopoulos explained it. The other thing I liked was that you can have multiple accounts (vaults?) on it to kinda segregate the wallets, allowing other people (in my case family members) to store their coins on it also.

I think of the other two viable (large companies, well known) options to my knowledge, are Ledger and Trezor, I think the option I'll likely opt for is Trezor, I get a warmer feeling from its open source nature than I do from Ledger.

If you have other recommendations, I'm all ears.

Thanks for responding :-)

[PrimeNumber7]

We will release this application as an open source project on GitHub in the event of the business shutting down.[/i]

I have never heard of BC Vault, and by default, I recommend not buying HW wallets from unknown companies.

They are promising to release a tool to recover your private keys if they go out of business. There is no guarantee they will follow through on their promise, and they will receive no reputational harm if they fail to do so because they will be out of business. Unless they currently have a means of recovering your private keys, I would assume a tool will never exist.

[bitmover]

There are so many good hardware wallets out there. Why buy this shitty one?

Don't have even bip39 seed ? They will maybe release an application so that I can get my keys? Is this a joke?

Would you trust your savings in a device made by people who can't do something so simple that every other wallet out here does?
Is that wallet really secure? I mean , can we be sure that the private keys will never leave the device?

I trusted ledger and trezor because they have been tested a lot. Community trusts them, and they are on the market for years.

The idea to maybe receive my keys is just ridiculous.
Stay away and buy a real hardware wallet: trezor or ledger.

If you already have one bc vault, just remove your coins from it and buy another wallet. Ledger is very cheap, and you will have peace that you will never lose your coins.

[Rath_]

The other thing I liked was that you can have multiple accounts (vaults?) on it to kinda segregate the wallets, allowing other people (in my case family members) to store their coins on it also.

You can do exactly the same on Trezor and Ledger. If you don't want your family members to see your coins then you can use a passphrase which acts as a 13th or 25th word of your seed. Each family member can use their own passphrase in order to have multiple accounts separated from others. Consider buying a Trezor T. It has a big screen and allows you to enter PIN, passphrase and recover the device without having to worry whether or not your computer is infected.

[bitmover]

Consider buying a Trezor T. It has a big screen and allows you to enter PIN, passphrase and recover the device without having to worry whether or not your computer is infected.

Ledger nano s has that exact same feature and passphrase is entered  on the device (ofc, if it wasn't it wouldn't be a hardware wallet)

Personally, I don't understand why is trezor T so expensive 149 euros, while ledger nano s is only 50-60 USD

But both are excellent options and are worth the price. I don't trust any other wallet.

[Rath_]

Personally, I don't understand why is trezor T so expensive 149 euros, while ledger nano s is only 50-60 USD

Convenience comes at a huge cost here. Trezor T has a big touchscreen which is certainly the most expensive part (and a microSD card slot which still doesn't have any use). Ledger is also a good choice if OP likes their security policy. It's worth pointing out that Trezor is vulnerable to seed extraction which is dangerous if one doesn't use a long passphrase.

[bob123]

I think the key thing for me was the anonymity/privacy of non-deterministic wallets.

You don't gain any advantage in anonymity/privacy when using non-deterministic wallets compared to deterministic ones.

My understanding of the other typical wallets is that they're deterministic meaning that it is possible to relate the wallets held on the physical hardware back to one another somehow.

You'd either need the device itself or the master public key to do that.
If you never enter your xpub into a software or post it online, the only way would be to have access to the device.

And if you have access to the device, it doesn't matter whether it is a deterministic or non-deterministic wallet. All private keys stored can be linked to one identity.

The other thing I liked was that you can have multiple accounts (vaults?)

That should be possible with all hardware wallets (thanks to bip32 / bip44).

I think of the other two viable (large companies, well known) options to my knowledge, are Ledger and Trezor, I think the option I'll likely opt for is Trezor, I get a warmer feeling from its open source nature than I do from Ledger.

While trezor definitely is a good choice, i'd personally prefer a ledger device. Ledger's software is open-source.
The only part which is not open source is the firmware of the secure element due to NDA's.

[bitmover]

It's worth pointing out that Trezor is vulnerable to seed extraction which is dangerous if one doesn't use a long passphrase.

One of those "only in the movies" attack. The chances, for now, that someone break into my house, find my hardware wallet and knows how to do this attack are minimum. But anyway, anyone with a Trezor should really be using a passphrase...

Maybe in future we should be more worried about these kind of attacks. As adoption grow, common thieves (and not only hackers) will discover that stealing hardware wallets is lucrative.

Certainly when that time comes we will all need to replace our hardware wallets for new ones which would be more robust against physical attacks, which are not something to worry right now.

[bob123]

It's worth pointing out that Trezor is vulnerable to seed extraction which is dangerous if one doesn't use a long passphrase.

One of those "only in the movies" attack.

I wouldn't regard THIS as a 'only in the movie' attack.


The recent extraction of sensitive information via sidechannel attack on the power consumption on the screen seems like a very improbable ('move'-) attack.
But stealing a hardware wallet and simply extracting the seed with a tool isn't too 'movie-like'.

When in possession of the tool, that's even more easy to accomplish than a 5$ wrench attack. All you need is physical access to the hardware wallet.

[The Sceptical Chymist]

Does it seem likely that I would promote this company in some way by posting about what I found to be a negative?

Not to me, no.  What you wrote would be an awful way to promote a hardware wallet.

I never heard of the BC Vault, so I'll have to google it or something, but it certainly doesn't sound secure at all if you're relying on the manufacturer to implement an upgrade in order to have complete control of your keys if they go out of business.  That's a huge red flag in my eyes, and since there are already very good hardware wallets on the market I'm not sure why you'd go with one that sketchy.  Yikes.

But both are excellent options and are worth the price. I don't trust any other wallet.

Never used a Trezor, but I definitely agree with you about the Ledger.  I'd go with that over the thing OP mentioned any day.

[HCP]

They replied and this is their response:

You are correct. We have considered this exact scenario and have prepared a decryption application for backups which can extract raw private keys from backups provided you have all the necessary information (global pin, global password, wallet pin, wallet password). We will release this application as an open source project on GitHub in the event of the business shutting down.

Honestly... in my opinion, that is unacceptable.

That recovery application needs to be released now... so that users can actually test it and make sure it works and feel comfortable knowing that they can retrieve their keys should something happen. Rather than relying on some vague promise. As it stands now, if your device gets lost/stolen/damaged, then currently your only option is to purchase another BC Vault, wait for it to be delivered, then restore your backup.

I would not feel comfortable with that arrangement. One of the great things about Ledger and Trezor using BIP39 standards is that, in an emergency situation, you can quickly restore your wallet into another wallet and access your funds. It's also easy to verify that this all works by creating a test seed and testing it when you first receive the device etc.

One wonders if their reluctance to release the recovery application is to generate extra sales in the event of lost/damaged/stolen devices... or if they are concerned that there is some sort of flaw in the design that would be revealed by the app?

[davewho]

Great responses, thanks all. Much appreciated. Lots of info and terms here that are new to me, so much to google and read up on.

BC Vault is definitely a no-go.

Thanks.

[alien2108]

I have carefully read your comments on BC Vault and while I see your concerns, I would like to offer further explanation and paint the whole picture.

DISCLAIMER: I am the CTO of BC Vault. Everything written below is not a “promotion” as some assume immediately when one talks about anything else but Ledger or Trezor. This is my personal view on reservations some users voiced in the forum, and also an invitation to further discussion.

As always, everything is a two-edged sword and I would like to start off by addressing your doubts.
You can be absolutely sure we can release a decoding app for private keys if needed, as it is obviously encoded in the product and it works. We haven’t released it yet as it would be a shortcut for hackers to understand how our encryption and everything else works. This is a drawback to open-source that many vendors acknowledge (Ledger is NOT open-source) and others suffer from (Trezor counterfeits). Shortcuts are bad in security.

Let me give you a real-world example of what we have been dealing with for nearly two decades. REAL security www.real-sec.com is a 17-year old company that only works in the field of IT security. In this period, we have amassed experience and knowledge needed for the creation of BC Vault. We deal with the biggest IT security projects in the region of Central/South/East Europe. Our clients are banks, telcos, governments, state agencies, etc. and thus we have also been dealing with something called HSM (Hardware Security Module) for a long time. HSM is a predecessor of crypto wallets. It is usually used to securely store private key of certificates (PKI) and it “spits out” signed data. We are talking about equipment used by practically all banks, all PKI issuing agencies.

One can hardly find any HSM vendor releasing decoding apps, source code. A crypto currency hardware wallet is essentially an HSM (explained in simple terms). Does one have access to the source of banking software? No. Can the banks be trusted they will not take your money? No, as many that lost money in 2008 can confirm. But does our company have ANY reason not to release decoding utility for BC Vault private keys if needed? No, it does not. As I mentioned, we are a company that has been doing other things in the field of IT security for 17 years (as compared to almost all crypto wallet startups that have ZERO company history in the said field). We cannot simply “shut down” the BC Vault operation and disappear into thin air. Our reputation in the primary field of business would be irreversibly damaged and we have much to lose. What I am trying to say is that we are not a startup that simply played a card and can give up at a certain point and say “we tried”. Even if we had to shut down the project, we would have to do it properly.

On the other hand, by using BIP39 you have a huge security issue: all wallets are linked. Once somebody acquires your 24 words, ALL your wallets (even the future ones) are compromised and you might not even know. The attacker will strike only after there is a substantial amount on the wallets. You will never know what hit you. Also, BIP39 only caters for private key and nothing else. You lose everything else, such as wallet names, etc. Those words are all the attacker needs, and wallets using BIP39 come with the additional cost of seed recovery phrase protection.

With BC Vault, the attacker needs global pin + global password, and each wallet’s pin + wallet password AND BACKUP! The last AND is VERY important. If the attacker remotely compromises all your systems and steals all pins and passwords, they still can do nothing without the backup of your BC Vault. The backup must be physically confirmed on the device, so there is no way for them to make it without you confirming it.

In regards to being “anonymous” in crypto world, with BC Vault you can generate practically unlimited number of wallets and delete them whenever you wish to do so. This is something BIP39 prevents you to do. Furthermore, not many people expressed concerns of Ledger using unique certificate on their devices. Each Ledger device uses its own signed certificate in secure element to authenticate towards central server. You do know what that means or at least has the potential to do.
Besides security, we have not neglected and have strongly emphasized anonymity. The word “crypto” means hidden and it was the one aspect where we were not willing to make compromises.

To come back to the HSM story and again draw the parallels, most of the HSM installations DO NOT allow the export of private keys. This also means one cannot replace the device without a lot of hassle. But since the primary mission of HSM is secure storage of private keys without means of extracting them from the device, this is what customers actually look and pay a lot of money for. All they want is assurance that they have a secure means of backup/redundancy in case a device fault occurs.

Basically, it all comes down to what is your priority and belief. If you have decided that we are the "bad guys", well it's your right, but rethink your position and try to come up with a reason why you think so.

BC Vault has been made to be DIFFERENT and BETTER. We did not just take Trezor’s open-source code, designed a new housing, changed a few minor bits and called it the greatest thing since bread came sliced. We did everything different from ground up with a reason because we believe it can be done better for the benefit of the user, based on our experience in the field of IT security. We dared to take another path (contrary to BIP39) and we still strongly believe in it.

We might even release "export private key" per wallet functionality at some point in the future (and then mark any such wallet insecure), but that needs a lot of rethinking and considering every security implication. There is absolutely nothing that would prevent us from doing something like that, but the care for the security of the user and their funds.

There are three ways of making money in this cynical business: one can be first, one can be better, or one can cheat. We respect those that were first, we strive to be better, and we certainly don’t like cheating and shortcuts.


I encourage everyone to read our latest review:
https://pheeva.com/bitcoin/wallets/bc-vault-comparison/
…and join the conversation.

[o_e_l_e_o]

TL;DR: Trust me.

No thanks.

You can be absolutely sure we can release a decoding app for private keys if needed, as it is obviously encoded in the product and it works.

We don't know that it works, because you won't release it, so it can't be tested. So we have to trust you on that. Also, just because it exists (if we trust you on that), doesn't mean you will release it. So you are asking for trust again.

We haven’t released it yet as it would be a shortcut for hackers to understand how our encryption and everything else works.

So are you saying you are using your own encryption method which is vulnerable to attack?

We cannot simply “shut down” the BC Vault operation and disappear into thin air. Our reputation in the primary field of business would be irreversibly damaged and we have much to lose.

Having "much to lose" doesn't mean you can't do it. Much bigger projects than you in the crypto space have "shut down", disappeared, exit scammed, and so forth. Again, asking for us to trust you on your word.

On the other hand, by using BIP39 you have a huge security issue: all wallets are linked. Once somebody acquires your 24 words, ALL your wallets (even the future ones) are compromised and you might not even know.

So use a couple of passphrases. Problem solved.

In regards to being “anonymous” in crypto world, with BC Vault you can generate practically unlimited number of wallets and delete them whenever you wish to do so. This is something BIP39 prevents you to do.

What are you talking about? BIP39 can generate as many wallets or addresses as you want, and I can delete my wallet files just as well as you can.

The whole point of "being your own bank" is so you don't have to trust a third party. Your wallet, as it stands, requires a lot of trust. You also don't seem to understand BIP39, and have tried to address problems which don't exist.

No thanks.

[alien2108]

TL;DR: Trust me.

No thanks.

You completely ignored every single bit of provided information.

We don't know that it works, because you won't release it, so it can't be tested. So we have to trust you on that. Also, just because it exists (if we trust you on that), doesn't mean you will release it. So you are asking for trust again.

Any kind of HW/SW device involves trust on some layer. I assume you do not use ATM's since somebody did not give you source code and HW walkthrough.
Obviously 17 years old company that works in IT security means nothing to you.

So are you saying you are using your own encryption method which is vulnerable to attack?

No. We use different methods that make it much more difficult for potential attacker, why would we provide any shortcut.

Having "much to lose" doesn't mean you can't do it. Much bigger projects than you in the crypto space have "shut down", disappeared, exit scammed, and so forth. Again, asking for us to trust you on your word.

You are completely denying the truth. Do not mix companies that tried with one single product and failed with us please. I already explained who/what we are.

So use a couple of passphrases. Problem solved.

Nobody said you do not have to use BIP39. Whatever you feel like.

What are you talking about? BIP39 can generate as many wallets or addresses as you want, and I can delete my wallet files just as well as you can.

Not true. You can NEVER delete a wallet from BIP39 tree, you can only "hide" it. It will always be restored once you use your words and it will forever be linked to that words.

The whole point of "being your own bank" is so you don't have to trust a third party. Your wallet, as it stands, requires a lot of trust. You also don't seem to understand BIP39, and have tried to address problems which don't exist.

You are not your own bank and you will always have to trust 3rd party. The one that made your computer, your OS, your apps, disk drive, ram,  the firmware in all mentioned GW, the chips in all of mentioned HW, the crypto exchange, the person you are buying/selling to something....I/We have our fair share of knowledge about things with proven record.

It's your right to choose whatever you want to use, but please stop making accusations and assumptions that are simply wrong. There is quite a lot of reviews out there about our wallet including very reputable sites, that prove you wrong on all aspects.

[o_e_l_e_o]

Any kind of HW/SW device involves trust on some layer. I assume you do not use ATM's since somebody did not give you source code and HW walkthrough.

Fiat isn't designed to be trustless. Bitcoin is. Why would I want to introduce unnecessary trust in to bitcoin?

Obviously 17 years old company that works in IT security means nothing to you.

Companies go bust, scam, fold, shut down, disappear, all the time. An awful lot of people trusted Lehman Brothers with their money. They had been around for 150+ years. Didn't stop them collapsing.

We use different methods that make it much more difficult for potential attacker

So again, we will just have to take on your word on that one?

Not true. You can NEVER delete a wallet from BIP39 tree, you can only "hide" it. It will always be restored once you use your words and it will forever be linked to that words.

Ok, so I delete my wallet file and burn the words. It can never be restored. It is deleted.

You are not your own bank and you will always have to trust 3rd party.

There is quite a big different between trusting an open source program which you can review and compile the code yourself and a program that the developer promises exists but won't actually release.

[alien2108]

I see your point, but I am not sure I agree. Open-source can be perceived as an affirmation, but sadly it can be a liability that turns out to be a fatal flaw.

I suppose you prefer Trezor, since Ledger is not open-source.
Trezor’s vulnerabilities were exposed by “wallet.fail” (without responsible disclosure) and later by the competitor: Ledger. Even before that Trezor had to deal with non-genuine devices. A lot of trouble arose not exclusively but also because of open-source. Had anyone been able to do the same with the BC Vault, they would at least walk away with the 1 BTC Bounty Wallet.

Let’s leave sophisticated "evil maid" attacks aside and focus on the undeniably biggest danger when dealing with cryptocurrency hardware wallets: irrevocable user mistake. BC Vault displays all the important transaction details on the screen: full from & to addresses, sent amount and fees. The device also shows warnings about unusually high fees. That should save users most of the trouble and prevent many irreversible mistakes.

Again, obviously we know how to decrypt data, otherwise the product would not work at all. Internal development, test tools used for debugging already do everything needed to manually extract private keys and therefore "can it be done" discussion is entirely redundant.

You are entitled to and can always choose not to believe that we would release such a tool, if needed. Had it come to the point where BC Vault would shut down, we certainly would not want to be evil and would do the right thing to prevent possible losses of users' funds.

I already mentioned we might release the export private key function in the software after thorough consideration of all the implications of such action. Right now a potential attacker has no means of remotely extracting private keys in any way. It is simply not doable.

Besides, you can use our API and submit a transaction prepared for signing and get the signed transaction back if you want to have total control over everything else. This is exactly how HSM works and you can do that with our device connected to a computer without needing an Internet connection.

I appreciate the Lehman Brothers example, but I hope we at least agree that their clients and their savings were not high on Lehmans’ priority list and the advent of cryptocurrencies coincides with the loathing of the banking establishment and their modus operandi. We are in the same boat here.

I believe you might be focusing too much on something you may never need (export of private keys) and by that you are putting yourself in a greater danger as you would be by using BC Vault.