Wallet Logo

Bitcoin Cold Wallet

latest release: 1.0.3.7 last analysed  4th June 2021
Obfuscated
4.4 ★★★★★
670 ratings
10thousand
19th January 2021

Jump to verdict 

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

We list the following apps of this provider:

As so far all others were obfuscated, we jump straight into jadx and sure enough:

public static final a.EnumC0487a c;
public static final a.EnumC0487a d;
public static final z e = z.i("https://wallet.schildbach.de/fees");

/* renamed from: f  reason: collision with root package name */
public static final String f254f = (Character.toString(8776) + (char) 8201);
public static final MonetaryFormat g = new MonetaryFormat().e().d(2).f(new int[0]);
public static final f.g.c.d.b h = f.g.c.d.b.c.e();
public static final Coin i;
public static final d0 j;
public static final y1.f.b k = c.c(o.class);

This app appears to be based on Bitcoin Wallet by Schildbach and it is clearly obfuscated. Obfuscation is a huge red flag and we urge you not to trust this app with your funds.

(lw)

Verdict Explained

Obfuscated  

The app's binary contains active obfuscation which makes it significantly harder to analyze what it is doing.

This verdict means that the app could not be decompiled. In benign cases code symbols are replaced by short strings to make the app smaller but for the sake of transparency this should not be done for non-reproducible Bitcoin wallets. (Reproducible wallets could obfuscate the app for size improvements as the reproducibility would assure the auditability.)

The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.