walletscrutiny: the majority of "wallets" are either custodial or closed source

[giszmo]

Have you been able to find anything on the Tangem software?

First time I hear about Tangem.

https://tangem.com/apps/ looks like a companion app  which would not be reviewed by us but in the case of Ballet I made an exception as the private keys are handled by that "companion" app but in the case of tangem ... as the card has no display it can only blindly sign and surrender data it's been asked to do, so while it might not surrender the private keys, the "wallet" might empty the full account while the user thinks to be paying a coffee. Not funny. Not sure how to add it to walletscrutiny.

Edit: What a shitty product All recent reviews claim it doesn't work at all. And as it has 1k downloads on GPlay, it meets the criteria to get a review. I need a pause ...

[1714929335]

1714929335

[1714929335]

1714929335

[sir_danny]

We need your help.

Our #opensource #bitcoin project critically examines wallets - by looking into code reproducibility.

We're trying to raise funds to keep the project going. There are thousands of wallets and hundreds of devices.
Visit http://walletscrutiny.com for more info.

[NotATether]

Bump, with a radical security idea. There is no point in using a wallet if you can't feel secure updating it, as you will then be exposed to security vulnerabilities.

Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.

Unfortunately most people in the space are not at all literate about cryptography.

That's not going to help someone against a rouge wallet.

[DaveF]

Bump, with a radical security idea. There is no point in using a wallet if you can't feel secure updating it, as you will then be exposed to security vulnerabilities.

Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.

Unfortunately most people in the space are not at all literate about cryptography.

That's not going to help someone against a rouge wallet.

IMO, it still goes back to what I have been saying. Code is only part of the battle. The procedures and processes are the other part. Everyone looking at the code today does not matter if one person with the ability to sign it goes evil tomorrow.

In addition to the code review an audit of the process and procedures done to run everything is also needed.

Kind of like a conversation I had with someone making collectable coins that had pre-generated private keys:

Them: "All keys are generated from a secure offline computer"

Me: "So it's BIOS password protected, boots from a read only device like a DVD that you verify the checksum on every boot, and nobody else has access to the room where it is, and you you verify the printer that it prints to has not been modified tampered with, and the cables are good and you are sure they have not been compromised by anything like this: https://hak5.org/products/omg-adapter

Me some more: And you have custom made holograms so if someone else gets a hold of the coin they just can't peel copy and stick on another hologram that looks the same?

Them: No, are you paranoid or just an ass?

Me: Both....


At a guess, I have no proof but it just looks like it from what I see here. Bad wallets, that were not deliberately malware / stealing from the start, have caused such a small percentage of loss vs user error, malware in general. I could be wrong but it really seems like although this is a good battle, there are bigger more important ones out there.

-Dave

[ranochigo]

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

The rating would be the only benchmark you are allowed to advertise in your wallet.

It worked with UL Benchmarks I don't see why it wouldnt work wih code & software.

The issue is with the funding. You cannot possibly get enough funding to fund such an organization. The security professionals, or really any developers don't have that much time or money to audit codes all the time. The current system as it stands doesn't really have much problem; you have contributors auditing and several with commit access to push the changes. Wallets are generally not advertised because they rely on donations, except those that run some sort of services. If all the wallets were to come under the purview of some organization, then you would find tons of bureaucratic red-tape surrounding it. I'm sure most would rather not have this sort of stuff.

Code-signing doesn't do anything but provide a false sense of security. There has been instances where certs were stolen and used to sign fake versions of certain wallets (Electrum) for example. Making them untrustworthy based on this alone sounds quite unfair. Anyways, isn't Electrum code-signed?

[dkbit98]

We're trying to raise funds to keep the project going. There are thousands of wallets and hundreds of devices.
Visit http://walletscrutiny.com for more info.

Good luck collecting donations, and I am hoping this won't mean that you will close one eye if let's say ColdCard, Trezor or someone else donates to you for good code review of their wallet
I know it's a lot of work tracking all those wallets, so I would suggest that you keep everything related with donations public as much as possible.
It's in the best interest of both users and wallet creators that something independent like Walletscrutiny exist.

[pooya87]

Specifically so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed.

Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies.

Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually).

This could turn into a dangerous thing because there is always a chance that the centralized "committee" could get corrupted very easily. We saw this in other centralized authorities when money was involved for example the ICO benchmarks that all ended up advertising the biggest scams that paid them the most amount of money.

Since it would be centralized, they could be pressured by the government too. Lets say there is a privacy wallet implementing CoinJoin without the shadiness that Wasabi has. The government could force this "committee" to remove it from their list or give it a negative rate.

[NotATether]

IMO, it still goes back to what I have been saying. Code is only part of the battle. The procedures and processes are the other part. Everyone looking at the code today does not matter if one person with the ability to sign it goes evil tomorrow.

In addition to the code review an audit of the process and procedures done to run everything is also needed.

I agree with you, but without a considerable public uproar (for example, at random internet company A selling your personal data to 3rd parties), it's quite difficult to get people to listen to review bodies for processes and methods, because it usually interferes with their budgets and cash flow, unfortunately.

Kind of like a conversation I had with someone making collectable coins that had pre-generated private keys:

Them: "All keys are generated from a secure offline computer"

Me: "So it's BIOS password protected, boots from a read only device like a DVD that you verify the checksum on every boot, and nobody else has access to the room where it is, and you you verify the printer that it prints to has not been modified tampered with, and the cables are good and you are sure they have not been compromised by anything like this: https://hak5.org/products/omg-adapter

Me some more: And you have custom made holograms so if someone else gets a hold of the coin they just can't peel copy and stick on another hologram that looks the same?

Them: No, are you paranoid or just an ass?

Me: Both....

... But I will say that if you're in the business of selling very valueable physical coins to people, you'd be quite mad to *not* have such a precautionary setup. Even better would be to have two geogeaphically distant locations where a "split-key" is generated at each of them and then combined at a 3rd location for final processing. This prevents any one person from knowing the exact PK.

Few people would consent to such an added expense of buildings, though.

[giszmo]

Good luck collecting donations, and I am hoping this won't mean that you will close one eye if let's say ColdCard, Trezor or someone else donates to you for good code review of their wallet
I know it's a lot of work tracking all those wallets, so I would suggest that you keep everything related with donations public as much as possible.
It's in the best interest of both users and wallet creators that something independent like Walletscrutiny exist.

There is only one wallet so far that donates to WalletScrutiny and that is Unstoppable. We made that transparent.

We are considering to add affiliate links wherever applicable - hardware wallets mostly - but it's problematic as it might color our judgement. Regarding the importance of hardware wallets as a whole for example. Not all agree that they are beneficial to users' security and prefer commodity hardware, preferably from before 2009.

... But I will say that if you're in the business of selling very valueable physical coins to people, you'd be quite mad to *not* have such a precautionary setup. Even better would be to have two geogeaphically distant locations where a "split-key" is generated at each of them and then combined at a 3rd location for final processing. This prevents any one person from knowing the exact PK.

Few people would consent to such an added expense of buildings, though.

Smoke and mirrors. The upside of keeping the keys around for a rainy day is gigantic and as any magician can explain to you, it's trivial to convince people there was no rabbit in the hat until you pulled it out. No matter how complex the ceremony of key generation, the designer can make sure to keep a copy.

[sparky1000101]

WalletScrutiny provides a great service for those who aren't technical and self custody is on the rise. Also, delete coinbase

[sir_danny]

WalletScrutiny provides a great service for those who aren't technical and self custody is on the rise. Also, delete coinbase

It doesn't end with that as well. WalletScrutiny is currently running a donation campaign.

>> Bare URL = https://walletscrutiny.com/donate

There are:

- 2790 in Cryptocurrency apps in Google Play
- 651 in the Apple Store
- 288 hardware wallets
- 44 bearer tokens
Roughly 3,770 ways, to HODL.

Proceeds go to manpower.

[JL0]

We are back! 🚀🚀

We received funding by a donor who so far chose to remain anonymous. Our work should be secured for another year thanks to 🤫 ...

A lot was left undone in the recent months. Many reviews are outdated and not all are marked as such.

https://twitter.com/WalletScrutiny/status/1587545123067498497?cxt=HHwWgsC81Zr4i4gsAAAA

Thanks for continuing this project.

[NotATether]

There are:

- 2790 in Cryptocurrency apps in Google Play
- 651 in the Apple Store
- 288 hardware wallets
- 44 bearer tokens
Roughly 3,770 ways, to HODL.

The fact that there are 4x the number of Android wallets than iOS wallets indicate that a large percentage of them are either counterfeits or outright malicious apps. Same for the App Store, but at a smaller scale. So I wouldn't include all those apps as legitimate wallets if I were you.

Make some leeway and put the headcount at about 70% of them being malicious, and then we'd be at a more accurate count.

It's an old post but I just wanted to point that out. Also you left out desktop wallets.

[dkbit98]

Thanks for continuing this project.

Good to see them coming back!
Many reviews are really outdated and I was starting to think they totally retired, but I understand why they did it.
It takes a lot of time to review wallets and monitor changes all the time, it's not simple task that is done once and than forgotten.

[n0nce]

We are back!

We received funding by a donor who so far chose to remain anonymous. Our work should be secured for another year thanks to  ...

A lot was left undone in the recent months. Many reviews are outdated and not all are marked as such.

https://twitter.com/WalletScrutiny/status/1587545123067498497?cxt=HHwWgsC81Zr4i4gsAAAA

Thanks for continuing this project.

Thanks for the link, I didn't even know they were underfunded since June!

Sadly the donation drive crossing the two weeks mark could not achieve significant funding to continue WalletScrutiny in its current form.

If you have any idea how to change this project such that it could fund several full time engineers, please let us know.

I'm happy to see that they got enough donations to continue; I wore an avatar that I made to promote their service in the hope to give them visibility and donations for a few months actually.

If anyone's interested in it, I can send a link to it later.

[dkbit98]

I see there was a cool new re-design and new logo for WalletScrutiny website, they now have a dog like logo and new sponsors.
This looks much better than older version, it feels faster and it's easier to find what you are looking for, maybe because they hired a dog this time


https://walletscrutiny.com/

PS
If guys from WalletScrutiny are reading this, can you tell us when was the last time you checked CoolWallet Pro SE and other open source hardware wallets?

[Kryptowerk]

I see there was a cool new re-design and new logo for WalletScrutiny website, they now have a dog like logo and new sponsors.
This looks much better than older version, it feels faster and it's easier to find what you are looking for, maybe because they hired a dog this time


https://walletscrutiny.com/

PS
If guys from WalletScrutiny are reading this, can you tell us when was the last time you checked CoolWallet Pro SE and other open source hardware wallets?

Agreed, new website really does look slick.

Suprised to not see a direct date indicating when the wallet was tested.
Under Application build you can see "xy time ago" notice, though, and they also show previous test dates on the bottom of each wallet's page (Previous application build tests).

[n0nce]

Suprised to not see a direct date indicating when the wallet was tested.
Under Application build you can see "xy time ago" notice, though, and they also show previous test dates on the bottom of each wallet's page (Previous application build tests).

That does seem like an odd design choice, but the last tested version is given, which is what ultimately counts.

I personally prefer the old design, but I am glad to hear that they found some sponsors. This is a highly important project that needs to stay alive!
It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? ^[1] The Bitkey / Square / Block ^[2] hardware wallet device guys?
I hope this won't have any negative effects (bias) on WalletScrutiny..


[1] https://spiral.xyz/blog/we-were-square-crypto-now-were-spiral/
[2] https://bitcointalk.org/index.php?topic=5341906.msg62555325#msg62555325

[dkbit98]

It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? ^[1] The Bitkey / Square / Block ^[2] hardware wallet guys?
I hope this won't have any negative effects (bias) on WalletScrutiny..

Yeah this could be problematic, thanks for noticing this connection n0nce.
This probably means that Bitkey/Square/Block wallet will be reproducible and supported, but let's wait and see what happens after they release it.
I would like to hear what Walletscrutiny has to say about this, unless they changed ownership in this process.

[DaveF]

It seems to me like 'the sponsors' is just Spiral BTC, aka. Square? ^[1] The Bitkey / Square / Block ^[2] hardware wallet guys?
I hope this won't have any negative effects (bias) on WalletScrutiny..

Yeah this could be problematic, thanks for noticing this connection n0nce.
This probably means that Bitkey/Square/Block wallet will be reproducible and supported, but let's wait and see what happens after they release it.
I would like to hear what Walletscrutiny has to say about this, unless they changed ownership in this process.

In theory that is not what they are looking for.
Is it open source and is it reproducible. Beyond that, I see it as 'out of scope' as to tell people good idea / bad idea to use it.

Not to go to far OT, but it's also amounts stored. A hot wallet on a phone with under $100 in it for me becomes more about convenience then anything else.
Long term larger amount cold storage is a different story.
If you don't care about the privacy hit and a few other things, if Bitkey works for someone in their use case then they should use it.
Knowing the code is good is all that should matter to them, not having our or anyone else's opinion about if it is a privacy nightmare should matter.


I still think having a place like walletscrutiny is good, but as I ranted a page or 2 ago in this thread is the simple fact that being able to reprodue builds is just one piece of the puzzle. There are a lot more places for compromise then just can I duplicate it.

-Dave