Onekey Classic or Bitbox

[andy.arden]

Hello mates,

I wanted to check upon your experiences with these two devices. I already ordered the Onekey Classic so i guess will use that for a while. But was more interested on your thoughts about these, will use them for BTC and to crosschain swap between BTC and USDT on different times, instead on dealing with CEX's.

[1714605565]

1714605565

[thebitcoinhole]

You can compare them on our website: https://thebitcoinhole.com/hardware-wallets/bitbox02-multi-vs-onekey-classic

[Yamane_Keto]

You are now not comparing hardware wallets, but rather between decentralized cross-chain swap aka bridge, and these bridges have a bad reputation, as most of the hackers in recent years were from these bridges, so I do not advise you to use them if you intend to exchange thousands of dollars for the high fees, limited liquidity, and the possibility of hacking the bridge and lose your money.

Onekey use swftbridge If you download the application from https://www.swft.pro/#Download and use it with any wallet, you will get the same results, but Onekey provides a built-in interface as shown here https://help.onekey.so/hc/en-us/articles/4910514476303-Use-App-to-swap-and-DeFi.

you can compare Onekey and Bitbox in other things related to hardware wallets.

[Pmalek]

It would have been better if you asked these questions before ordering your OneKey, but it doesn't matter now.

The positive thing is that both wallets are open-source. I also remember that the OneKey is one of those wallets that is based on Trezor's codebase with an added secure element. However, WalletScrutiny couldn't match the binary with the published source code. Compared to that, they managed to do it with the BitBox02.

[dkbit98]

I wanted to check upon your experiences with these two devices. I already ordered the Onekey Classic so i guess will use that for a while. But was more interested on your thoughts about these, will use them for BTC and to crosschain swap between BTC and USDT on different times, instead on dealing with CEX's.

OneKey is biggest hardware wallet manufacturer from China and they are very popular there, but they mostly cloned code from Trezor.
From my own experience after talking with them about working together on one project, I can say they are semi-amateurs and liars.
I can't seak much about quality of Onekey wallets, but I know they had serious bug connected with secure element, and I wouldn't really use any Onekey device as a main hardware wallet.
Bitbox is Swiss made and they are more professional but small team so don't expect miracles from them, and I think they also started with Trezor code.

I would rather choose Trezor 3 Safe original wallet, instead of both options you mentioned.

[lyw123]

The positive thing is that both wallets are open-source. ...However, WalletScrutiny couldn't match the binary with the published source code.

I want to buy three different brands of hardware wallets to diversify my altcoin storage. Currently I have TREZOR ONE and BITBOX02, both were purchased directly from the official website. It's hard to choose the third one, as both onekey and keystone do not passed the open source testing of WalletScrutiny. Is there any problem with the open source nature of OneKey at present? Can I trust that it is completely open source?
Is it better that buying a new Trezor safe 3 (only using trezor safe 3 and bitbox02), instead of onekey or keystone (using trezor one, bitbox02, onekey/keystone)? Thank you!

I can't seak much about quality of Onekey wallets, but I know they had serious bug connected with secure element...

Using a passphrase, I am not very worried about being stolen after physical acquisition. Two worried things: 1. It cannot be hacked remotely. 2. It must be sufficiently open source to allow the community to fully review it.

[Pmalek]

I want to buy three different brands of hardware wallets to diversify my altcoin storage. Currently I have TREZOR ONE and BITBOX02, both were purchased directly from the official website.

Since you are working with altcoins, I don't see the point in adding a 3rd hardware wallet to the mix. I don't have a a lot of positive things to say about most altcoins anyway. The Trezor One is a decent unit. I have never used a BitBox, so I don't feel like saying anything about it.

It's hard to choose the third one, as both onekey and keystone do not passed the open source testing of WalletScrutiny. Is there any problem with the open source nature of OneKey at present? Can I trust that it is completely open source?

I haven't done any research or read their explanations (if they gave any) why WalletScrutiny wasn't able to verify the binaries. Looking at if from far away, it's not a good sign if you call yourself open-source but those claims can't be verified.

Is it better that buying a new Trezor safe 3 (only using trezor safe 3 and bitbox02), instead of onekey or keystone (using trezor one, bitbox02, onekey/keystone)? Thank you!

The Trezor Safe 3 is a younger, stronger, and more modern version of the Trezor One. It's probably going to replace Model One completely one day. But dkbit98 mentioned something interesting. OneKey had a serious vulnerability a few months ago where it was proven that the keys from its secure element weren't encrypted and thus could be intercepted. That's exactly what a security company did and made OneKey aware of that. Despite the existence of a SE chip, it didn't make the wallet safer because it was coded wrongly. Who knows what else they did wrong that is yet to be discovered.

[andy.arden]

Thank you all for the replies.

I will use Onekey with Sparrow for now, i dont think there is something that might go wrong, i use it on a mac i only use for basic stuff and i am quite obsessed with some security on it.

Anyway the vulnerability was on Onekey Mini and you actually needed to had the physical device and put some tool between the security chip and cpu?? I think. Anyway acording to them it was fixed but anyway…guess no company is 100% safe.

Btw i also have a Safepal S1 but i wont use that closed source and everything. I guess its worst than Onekey 🤣

[lyw123]

...I think. Anyway acording to them it was fixed but anyway…guess no company is 100% safe.

Originally, I only intended to use Trezor as it has the most users and the most open-source nature. I came across various user reviews of hardware wallets on the website https://www.trustpilot.com/review/ , and found that Trezor had the most stolen customers (= 12). Although it is widely believed that users' responsibility led to these thefts, but a single mistake could wipe me out. So I chose diversifying my altcoins in 3 different brand hardware wallets.

...But dkbit98 mentioned something interesting. OneKey had a serious vulnerability a few months ago where it was proven that the keys from its secure element weren't encrypted and thus could be intercepted. That's exactly what a security company did and made OneKey aware of that. Despite the existence of a SE chip, it didn't make the wallet safer because it was coded wrongly. Who knows what else they did wrong that is yet to be discovered.

Compared to OneKey, DKBit98 may prefer Keystone, perhaps because Keystone is air-gapped.
However, in terms of user base, OneKey (with 50k downloads on Google Play) is significantly larger than Keystone (with 5k downloads).

[Pmalek]

I came across various user reviews of hardware wallets on the website https://www.trustpilot.com/review/ , and found that Trezor had the most stolen customers (= 12).

Firstly, forget about trustpilot and review sites like that in general. Don't believe what it says as it can very easily be fake. Secondly, what do you mean with 'stolen customers'? I feel like you are using google translate or something like that. Perhaps you are referring to complaints by 12 customers who lost funds/had them stolen. Again, that doesn't mean much. Most problems that lead to loss of funds are a result of user mistakes so I wouldn't worry about it.  

Although it is widely believed that users' responsibility led to these thefts, but a single mistake could wipe me out.

That's true for any hardware wallet. So, think twice before you do something you might later regret. If in doubt, ask questions before, not after making a mistake.

[lyw123]

That's true for any hardware wallet. So, think twice before you do something you might later regret. If in doubt, ask questions before, not before making a mistake.

Thank your suggestions.
I placed an order for OneKey, now own three different brands of hardware wallets: Trezor One, Bitbox02, and OneKey Classic. I will pay attention to the OneKey's open source nature and reputation, and will immediately don't use it if anything bad happens.

[andy.arden]

Me too i have the Onekey classic, ordered it but found out of the vulnerability after (it was for onekey mini, the classic version was not affected as i know and you should of had the actual physical wallet to do some nasty things with it, not remote)

It is fixed, but what i do hope is that the wallet wont send any private key to their app. Is using the usb or bluetooth the same thing in terms of security? Or if the app/wallet has a bug it wont matter anyway?

[Pmalek]

It is fixed, but what i do hope is that the wallet wont send any private key to their app. Is using the usb or bluetooth the same thing in terms of security? Or if the app/wallet has a bug it wont matter anyway?

I would always go for the wired connection instead of Bluetooth. Bluetooth connection can in theory be intercepted, but that's really not something the average person should worry about, unless someone targets you personally. The attacker would have to be close to you. 5, 10, 50 meters... It all depends on the type of Bluetooth device and connection. You are out of luck if the wallet has other vulnerabilities besides the faulty secure element implementation.