Storage Crypto Wallet USB

[bestcoin_59]

Hello,

I came accross this wallet;
https://www.ebay.com/itm/156239220852
Does anyone know if it is legit and if it can be used
with Electrum software?

Thanks

[Synchronice]

Hello,

I came accross this wallet;
https://www.ebay.com/itm/156239220852
Does anyone know if it is legit and if it can be used
with Electrum software?

Thanks

I do not suggest you to use that wallet because that's not an official wallet of any company, that wallet is made by someone and sells them on eBay and other platforms. It also uses Coinomi, which is a closed-source wallet. I wouldn't buy this wallet if I were you and I also wouldn't buy any wallet from eBay. I suggest you to buy wallets like ColdCard and The Passport Foundation, which are air-gapped Bitcoin wallets. If you want a wallet that support altcoins, then maybe Trezor can be a good option, but never buy Ledger because they've lied about their security.

Remember, always buy Bitcoin or Crypto wallets from official sellers or in another case, from official resellers. Always verify the info, do not trust blindly!

[ABCbits]

I would avoid it for these reasons,
1. Unknown brand or company behind it.
2. Seller is not willing to mention capacity, brand and type of the USB storage drive.
3. No mention which OS and wallet software used on that product.
4. You can buy regular USB storage drive and install Tails (or other Linux live distro) by yourself.

[bestcoin_59]

Ok. Thanks for confirming my doubts. At the beginning
I thought it might me a new brand. I'm also serious when trust is involved.

[satscraper]

Despite its name this is not a true cryptocurrency wallet.

What you're looking at is essentially a flash drive with added encryption capabilities similar to devices made by reputable manufacturers like Kingston. However, unlike Kingston ^{which has a solid track record of producing reliable encrypted USB drives} that vault on ebay is unknown quantity thus it's better to avoid it. That being said, these types of devices are primarily designed for securely storing sensitive information like SEED phrases or private keys, rather for cryptographic operations like transactions signing.

 

[bestcoin_59]

Despite its name this is not a true cryptocurrency wallet.

What you're looking at is essentially a flash drive with added encryption capabilities similar to devices made by reputable manufacturers like Kingston. However, unlike Kingston ^{which has a solid track record of producing reliable encrypted USB drives} that vault on ebay is unknown quantity thus it's better to avoid it. That being said, these types of devices are primarily designed for securely storing sensitive information like SEED phrases or private keys, rather for cryptographic operations like transactions signing. 

Yes, i though that too, but because Coinomi is mentionned i had a doubt. Anyway i gave up the idea of buying such "thing"...
However i'm still curious to know if it is just a usuall UBS driver with software inside or if this stick hide special hardware.

[Forsyth Jones]

I wouldn't buy it for several reasons besides those mentioned by other members above, for some reason the seller shows Coinomi desktop software, doesn't mention details of the encryption used... just a generic pen-drive like any other.

Never buy products like this, the chances of it being a blatant scam are 99% (very high risk) or someone trying to make a quick buck eBay, even so, would you trust your coins (or your life savings) to a total stranger with a mediocre description?

Buy a Trezor, Bitbox02, Coldcard or Passport (these two are fully air-gapped) and you will at least be following the standard security models of the market.

As mentioned, you can make a bootable pen-drive with TailsOS and electrum built in and have security comparable to a hardware wallet (if you use it offline on an air-gapped device), there are several tutorials out there.

[bestcoin_59]

Hello,
Thanks for your contribution and explanations.

I wouldn't buy it for several reasons besides those mentioned by other members above, for some reason the seller shows Coinomi desktop software, doesn't mention details of the encryption used... just a generic pen-drive like any other.

Never buy products like this, the chances of it being a blatant scam are 99% (very high risk) or someone trying to make a quick buck eBay, even so, would you trust your coins (or your life savings) to a total stranger with a mediocre description?

I am now convinced.

Buy a Trezor, Bitbox02, Coldcard or Passport (these two are fully air-gapped) and you will at least be following the standard security models of the market.

I checked, but it seems that the last two only support BTC. What about SecuX bio? I probably won't buy one since it can be use on mobile devices only, but still...

As mentioned, you can make a bootable pen-drive with TailsOS and electrum built in and have security comparable to a hardware wallet (if you use it offline on an air-gapped device), there are several tutorials out there.

I already do that, but on a live USB (Ubuntu).
1) Installation of Electrum
2) Enter the master public key
3) Initiate a transaction
4) Get the partially signed bitcoin transaction
5) Disable Wifi, remove Ethernet cable and enable Air plane mode
6) Enter the seed phrase
7) Sign the transaction
8 ) copy the signed transaction on a memory card
9) reboot the computer
10) enable wifi or plug the Ethernet cable
11) Reinstall Electrum
12) Brodcast the signed transaction

I admit, it is not very convenient, but it might be quite safe: i mean, although i always
check the gpg signature, even if i download a fake Electrum, i should still be safe, shouldn't I?

What is the benefit of using TailsOS vs Live Ubuntu, i guess the nodes don't get my IP so
it is better for privacy, but does it improve security?

Also, check my other post;
https://bitcointalk.org/index.php?topic=5541786.0

Have a great day! Thanks.

[bitbollo]

follow "glacier protocol" guide for having an explanation on how and what to do for your state-of-the-art cold wallet.
Otherwise you're just getting trouble by buying such items from "random people". If you cannot verify the software / hardware I would definitely avoid any external system. It0s not an option it's a no-no situation

[satscraper]

However i'm still curious to know if it is just a usuall UBS driver with software inside or if this stick hide special hardware.

No one can say for certain.

I have a Kingston IronKey Vault Privacy 50 which includes a dedicated hardware chip for encryption/decryption operations. However, the device you're referring to is significantly cheaper than the IronKey, so it's reasonable to assume that its encryption is primarily handled at the software level rather than through dedicated hardware.

[ABCbits]

However i'm still curious to know if it is just a usuall UBS driver with software inside or if this stick hide special hardware.

Nobody can know without spending their money and reviewing it. But i wouldn't recommend anyone to do it, since it's likely to be regular USB storage with certain live linux/windows and several cryptocurrency apps.

What is the benefit of using TailsOS vs Live Ubuntu, i guess the nodes don't get my IP so
it is better for privacy, but does it improve security?

Tails OS also take security seriously. It also have built-in Electrum (although usually it's somewhat outdated) and provide encrypted persistent storage, which make thing more convenient.

[bestcoin_59]

follow "glacier protocol" guide for having an explanation on how and what to do for your state-of-the-art cold wallet.
Otherwise you're just getting trouble by buying such items from "random people". If you cannot verify the software / hardware I would definitely avoid any external system. It0s not an option it's a no-no situation

In theory i totally agree, but in practice it is another story. This implies to avoid every non open source software. And even for open source software, very few people are able and have time to understand thousand lines of codes. For hardware it is even more difficult to analyze...

This may not be ideal but i will stick with well known and reputable name/brand

[bitbollo]

...
 This implies to avoid every non open source software.
...

Yes I would definitely agree with this. If you are storing a "decent" sum would you trust someone that doesn't explain how they have built their software?
It is correct that not all people could make this check by them, but hiding could be already a negative sign.

There are dozens of methods for key generation (even that doesn't implies software like with dices and so on).
I know that these are not methods for everyone but meanwhile it's something boring that people would just rely in a third part solution WHEN they have already EVERYTHING to be totally indipendent.

[Lucius]

@bestcoin_59, for starters, don't even think about buying such devices through various platforms, always try to buy directly from the manufacturer or an authorized reseller. It's even better if you can make a cold wallet yourself by using an old computer, because in that case you have one less thing to worry about.

I have several HWs, some of which are air-gapped, but do I have 100% confidence in them? Of course not, although I have more confidence in some than others.

[bestcoin_59]

There are dozens of methods for key generation (even that doesn't implies software like with dices and so on).
I know that these are not methods for everyone but meanwhile it's something boring that people would just rely in a third part solution WHEN they have already EVERYTHING to be totally indipendent.

Regarding key generation. I used this:
https://github.com/trezor/python-mnemonic
on a live USB in air plane mode after installing the Python package.

Indeed this package rely on secrets which CSPRNG and it seems that Trezor use this to generate the mnemonic
on their devices. Moreover, since a computer should have more entropy than a Trezor, i though, but i may be
wrong, that this method is one of the most secure.

That being said, i'm aware of malicious PyPI packages:
https://www.scworld.com/brief/malicious-pypi-packages-set-sights-on-crypto-wallet-recovery-passwords
but i think i'm safe with the one i used.

[m2017]

I would avoid it for these reasons,
1. Unknown brand or company behind it.
2. Seller is not willing to mention capacity, brand and type of the USB storage drive.
3. No mention which OS and wallet software used on that product.
4. You can buy regular USB storage drive and install Tails (or other Linux live distro) by yourself.

It should be noted that Tails OS doesn't save data by default after the user's session (in principle, like any Live USB), unless permanent data storage is enabled. Therefore, seed phrases of wallets that the user works with should be saved separately, so as not to lose access to the wallet contents.

And if you save data in storage, should not forget about the "fragility" of USB as a data carrier. Simply put, it can fail at any time and the data will be lost. Therefore, need to make backups.

[Forsyth Jones]

I checked, but it seems that the last two only support BTC. What about SecuX bio? I probably won't buy one since it can be use on mobile devices only, but still...

SecuX is a closed-source hardware wallet, and while they did an 'acceptable' job with W20 and V20 models (it isn't compatible with electrum and other bitcoin clients, hence the 'acceptable'), the company's recent products are crap, and to me, if you're going to use an 'offline' signing device that's closed-source, you're better off setting up cold storage on an old air-gapped deevice with a privacy-focused Linux distro like TailsOS.

I already do that, but on a live USB (Ubuntu).

Wait, I didn't fully understand your cold storage implementation, but some items weren't very clear:

2) Enter the master public key

Do you insert your public key into the online or offline device? Remember that the privkeys must be stored on the offline device, so importing the public key into the offline device is useless, it can remain on the online device to create transactions and sign them on the offline device.

Are steps 3 and 4 being done on the offline device?

Step 5: Oops! Something's wrong here, you disabled your internet connection, does this mean that you're doing both the procedures of creating the transaction, signing and transmitting on the same machine?

Step 6: Why do you need to enter your seed phrase every time you make a transaction?

Step 8: Copy the signed transaction to where? - I see in step 9 you're transferring it back to the same device after rebooting with internet disabled.

This implementation makes no sense. There is still a risk of malware stealing all your coins, since the entire procedure is being done on the same device. If there is malware on that machine, what guarantee is isn't recording everything and waiting for the right moment to steal your funds?

[bestcoin_59]

And if you save data in storage, should not forget about the "fragility" of USB as a data carrier. Simply put, it can fail at any time and the data will be lost. Therefore, need to make backups.

I never store plain seed phrase on USB storage. However, i used VeraCrypt to save the seed phrase, but just in case. This VeraCrypt file is just a backup of others backups made otherwise.

Wait, I didn't fully understand your cold storage implementation, but some items weren't very clear:

2) Enter the master public key

Do you insert your public key into the online or offline device? Remember that the privkeys must be stored on the offline device, so importing the public key into the offline device is useless, it can remain on the online device to create transactions and sign them on the offline device.

Are steps 3 and 4 being done on the offline device?

Step 5: Oops! Something's wrong here, you disabled your internet connection, does this mean that you're doing both the procedures of creating the transaction, signing and transmitting on the same machine?

Step 6: Why do you need to enter your seed phrase every time you make a transaction?

Step 8: Copy the signed transaction to where? - I see in step 9 you're transferring it back to the same device after rebooting with internet disabled.

This implementation makes no sense. There is still a risk of malware stealing all your coins, since the entire procedure is being done on the same device. If there is malware on that machine, what guarantee is isn't recording everything and waiting for the right moment to steal your funds?

As you mentioned the idea is to type the seed phrase only on a offline computer. Moreover, i only use LIVE sessions.
In fact i follow this:
https://electrum.readthedocs.io/en/latest/coldstorage.html
Except that i only have ONE machine, hence the reboot of the live session. The drawback is that i have to reinstall Electrum
(hence the suggestion of ABCbits since Electrum is already install on tails OS).
Hope it is more clear.
Thanks

[SecuX is a closed-source hardware wallet, and while they did an 'acceptable' job with W20 and V20 models (it isn't compatible with electrum and other bitcoin clients, hence the 'acceptable'), the company's recent products are crap, and to me, if you're going to use an 'offline' signing device that's closed-source, you're better off setting up cold storage on an old air-gapped deevice with a privacy-focused Linux distro like TailsOS.

Thanks for your feedback. It looks as if the perfect hardware wallet has not yet been invented

[moderator's note: consecutive posts merged]

[ABCbits]

--snip--
4. You can buy regular USB storage drive and install Tails (or other Linux live distro) by yourself.

It should be noted that Tails OS doesn't save data by default after the user's session (in principle, like any Live USB), unless permanent data storage is enabled. Therefore, seed phrases of wallets that the user works with should be saved separately, so as not to lose access to the wallet contents.

And if you save data in storage, should not forget about the "fragility" of USB as a data carrier. Simply put, it can fail at any time and the data will be lost. Therefore, need to make backups.

Good point. Although i expect people who decide to use Tails would bother their documentation or at least read short explanation of how it works[1]. Electrum advice you to backup 12 recovery words, so most people should already make at least 1 backup.

[bestcoin_59]

Just for curiosity, i finally got an answer from the seller. Indeed, i sent him a message some days ago, and forgot about it since i though i won't get any answer. I was wrong. Although i gave up the idea of buying from him, i'm puzzled regarding his answer: "We actually install Coinomi wallet onto the device as a default but the the USB can certainly work with electrum as well!"