Ballet wallet

[gentlemand]

Bobby Lee, the former fella who ran BTCC, has just launched this - https://www.balletcrypto.com/en-US/

https://www.coindesk.com/early-bitcoin-entrepreneur-returns-with-a-crypto-hardware-wallet-for-the-masses

Which wants to be the wallet to bring crypto to the masses.

Keys are generated in advance and printed on the thingy and you, um, scratch the top off to access the private key that you access with the app which I presume is where some security happens.

So it looks like a paper wallet with a few extra problems.

Will you be taking the plunge?

[mocacinno]

a bip38 encrypted pre-generated key... I wouldn't even apply to get one for free... There's no guarantee whatsoever the company didn't keep logs of every private key they generated.

[gentlemand]

a bip38 encrypted pre-generated key... I wouldn't even apply to get one for free... There's no guarantee whatsoever the company didn't keep logs of every private key they generated.

Well, this is the same bloke who ran BTCC who sold physical coins that they mined directly to and no one's had any issues with those but it's still a long way from ideal.

He's pitching it as the way to bring crypto to the masses but starting off by centralising when it doesn't need to be smells a bit off. If it is 'for the masses' then I suppose private key logging is quite possible.

Weird how someone in crypto for such a long time can come up with something that has glaring turns offs to most.

[mocacinno]

--snip--
Well, this is the same bloke who ran BTCC who sold physical coins that they mined directly to and no one's had any issues with those but it's still a long way from ideal.
--snip--

Eventough i have never voiced my opinion about this in the past, i can only say that i've never been a fan of those pre-funded physical coins... DIY coins are perfectly fine, but the pre-funded ones are a big risk IMHO.
I've seen one of those coin creators that lost his list of private keys, and a lot of clients of him lost their funds (i can't remember his name tough... I have bad memory).

For me "Be your own bank" means that you, and you alone, should be the only one in complete controll of your private keys. Offcourse, you can share keys with your spouse or children, but as far as i'm concerned, nobody else should ever have any access to your private keys.

[gentlemand]

Eventough i have never voiced my opinion about this in the past, i can only say that i've never been a fan of those pre-funded physical coins... DIY coins are perfectly fine, but the pre-funded ones are a big risk IMHO.
I've seen one of those coin creators that lost his list of private keys, and a lot of clients of him lost their funds (i can't remember his name tough... I have bad memory).

For me "Be your own bank" means that you, and you alone, should be the only one in complete controll of your private keys. Offcourse, you can share keys with your spouse or children, but as far as i'm concerned, nobody else should ever have any access to your private keys.

I think you'd be nuts to trust any coin creator these days. There've been enough who've ravaged their customers now. Casascius was in more innocent times. Then there are the coins with 2FA like Titan which is a horrific idea. If their site goes down, or they disappear or lose interest and Titan have gradually been fading away, then goodbye money.

Since even the crummiest wallet usually gives you the option of your own seed, or creates one, this system isn't an encouraging start.

[The Sceptical Chymist]

a bip38 encrypted pre-generated key... I wouldn't even apply to get one for free... There's no guarantee whatsoever the company didn't keep logs of every private key they generated.

Yeah, that would be my concern--especially from a company that I never heard of.  On the other hand, if everything they said was true, it does look like a decent product.  But no, I won't be buying one of these since I'm not up to be a guinea pig for an untested product (and I don't have any crypto that I need to store that I can't do on my Ledger.

This quote under the product section:

We dislike cumbersome setup and KYC procedures. We believe there should be no boundaries or limitations in accessing and managing your crypto assets. That’s why we designed Ballet - to make it easy to use, and accessible to anyone, anywhere.

is surrounded on the sides by a bunch of pictures of people, and I'm not sure if that's the developers or just a generic bunch of photos.  Since it looks like every race, gender, and probably even a few different religions are represented in those pics, I'm hoping they're not trying to pass them off as the devs.  Not because diversity is bad but because I'd find it highly unlikely to have a team like that.  In fact it seems more like those scammy ICOs with fake team pics....but maybe I'm seeing it wrong.

[bitmover]

a bip38 encrypted pre-generated key... I wouldn't even apply to get one for free... There's no guarantee whatsoever the company didn't keep logs of every private key they generated.

Weird how someone in crypto for such a long time can come up with something that has glaring turns offs to most.

It is very confortable to have your QR code to receive cryptocurrency, and this could really be good for the "masses" and adoption.

However this can be done in your phone without any pre generated private key. There are many wallets doing that already, such as coinomi (without any pre generated keys).

Everyone carry a phone nowadays, and it is much better and safer than this new hardware wallet, imo.

[o_e_l_e_o]

The rest of the site is filled with a bunch of red flags:

For the private key generation and production of our physical hardware wallets, Ballet adopts an industry-first 2-Factor Key Generation (2FKG) process. To access the funds in your wallet, you would need both the encrypted private key (EPK) and the corresponding wallet passphrase. However, both the EPK and wallet passphrase are engraved on the Ballet cryptocurrency wallet itself. The proven BIP 38 industry standard powers this time-tested and secure technology.

So, the complete opposite of 2 factors, then? If both pieces of information needed to steal your coins are stored on the same medium or can be compromised by stealing the same physical thing or log in, then it's not 2 factors. It's 1 factor. This would be like keeping an encrypted Electrum wallet on a USB stick, along with a text file of the decryption key. There's no point to have two factors if you store them side by side.

During the manufacturing and production process, these two vital components are generated separately, on different devices located in different geographic locations (different countries and jurisdictions, thousands of miles apart). This data is never transferred electronically, and never copied, duplicated, or backed up onto any other storage device. This also means that our employees will never come into contact with all of the necessary cryptographic key information. Thus the capability of others decrypting or stealing funds from the Ballet hardware wallets is eliminated.

Eliminated? I hardly think so. Reduced maybe, but not eliminated by any means. Do your employees not know how to email or message each other?

It is a multinational, double-blind, bifurcated key generation process that ensures the highest safety standards for private key generation and encryption. This is the ultimate level of safety for the complete offline and cold storage of your cryptocurrency assets.

That's great and all, but the design of this wallet is such that to spend the coins you have to rip open the physical card. Therefore, it is essentially single use only. How do you know that the company in question have combined the right public key, private key, and passphrase until it is too late? You can't make a test transaction without destroying the wallet.

I am also generally concerned with their advertising of "No passwords" like that's a good thing. I'm sorry, but I want passwords. Everyone wants passwords. Everyone has to remember and use multiple passwords and PINs all the time. Why is a password or PIN for a hardware wallet a stumbling block to adoption, when people use passwords or PINs for online banking, credit/debit cards, online shopping, email accounts, even social media.

It's a no from me.

[DaveF]

I just kept looking at the website and scratching my head.
Outside of the app and some fancy stickers and graphics it's not really different then the different types of cards that you can get in the collectibles section all the time.

Going to have to pass on this other then for the collectible value down the road, but as a storage method. Nope, not going to happen.

-Dave

[DireWolfM14]

This would be like keeping an encrypted Electrum wallet on a USB stick, along with a text file of the decryption key. There's no point to have two factors if you store them side by side.

That sounds more secure than this wallet, in my opinion.  At least you wouldn't have a wallet that has (potentially) been viewed by others. 

I'm not calling Bobby Lee a scammer and no matter how ethical he's been up until now, if you use this wallet you NEED to trust that will not become one.  You must also trust that all his employees are ethical, and won't collude to log and steal the keys.  Way too much trust and risk involved.

[Tibu]

Bbbrrrr... uuurrrggh 

Cold storage will never gain mass adoption - hardware wallet will !
Pre-generated keys ... OMG, I feel like we're going back ten years before.

And combining with an phone App increase the attack surface...

Maybe the ease of use will lead to the Ballet wallet mass adoption, with good marketing ... 




Not your keys : not your coins
NyK-NyC