DreambitLatest release: 3.0.0-dreambit ( 29th December 2022 ) 🔍 Last analysed 22nd November 2021 . Custodial: The provider holds the keys
As the provider of this product holds the keys, verifiability of the product is not relevant to the security of the funds!
As part of our Methodology, we ask:
Is the product self-custodial?If the answer is "no", we mark it as "Custodial: The provider holds the keys".
A custodial service is a service where the funds are held by a third party like the provider. The custodial service can at any point steal all the funds of all the users at their discretion. Our investigations stop there.
Some services might claim their setup is super secure, that they don’t actually have access to the funds, or that the access is shared between multiple parties. For our evaluation of it being a wallet, these details are irrelevant. They might be a trustworthy Bitcoin bank and they might be a better fit for certain users than being your own bank but our investigation still stops there as we are only interested in wallets.
Products that claim to be non-custodial but feature custodial accounts without very clearly marking those as custodial are also considered “custodial” as a whole to avoid misguiding users that follow our assessment.
This verdict means that the provider might or might not publish source code and maybe it is even possible to reproduce the build from the source code but as it is custodial, the provider already has control over the funds, so it is not a wallet where you would be in exclusive control of your funds.
We have to acknowledge that a huge majority of Bitcoiners are currently using custodial Bitcoin banks. If you do, please:
- Do your own research if the provider is trust-worthy!
- Check if you know at least enough about them so you can sue them when you have to!
- Check if the provider is under a jurisdiction that will allow them to release your funds when you need them?
- Check if the provider is taking security measures proportional to the amount of funds secured? If they have a million users and don’t use cold storage, that hot wallet is a million times more valuable for hackers to attack. A million times more effort will be taken by hackers to infiltrate their security systems.
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
This app is from the same developer of:
The Google Play website links to dreambit.com, but that domain doesn’t seem to be active. We were able to find mydreambit.com which includes many of the logos and information that seems pertinent to the Dreambit app.
This wallet allows users to order a Visa Card. However, the Card Order feature is currently not available.
Store, buy, send and receive crypto with no effort and retain full control of your finances with freedom of withdrawing it.
The site mydreambit.com seems to refer to the possibility of backing up the private keys, but apart from the terms, we could not find this option on
§ 14 Termination In the event of termination concerning your license to use the Application, your obligations under these Terms will still continue. Your access to the funds in your Wallet after termination will depend on your access to your backup of your Wallet address and private key.
§ 15 Discontinuance of services We may, in our sole discretion and without cost to you, with or without prior notice, and at any time, modify or discontinue, temporarily or permanently, any portion of our Products. You are solely responsible for storing outside of the Products a backup of your Wallet address and private key pair that is associated with it. Maintaining an external backup of your Wallet address and private key pairs associated with your Wallet will allow you to access and fully restore your Wallet at any time without cost or loss of the user’s tokens. If you do not maintain a backup of your Wallet data and private key pair that is associated with it outside of the Products, you will not be able to access the tokens associated with your Wallet. We shall not be held responsible or liable for any loss of tokens in the event that we discontinue or depreciate the Products.
Despite mentions on mydreambit.com about the responsibility to backup the private key, we were not able to find any such option or how-to on the app. This was also not mentioned on the manual Dreambit provided.
Without the private key or the ability to import or backup a wallet, it is safe to assume that this service is custodial despite its claims. This means the app cannot be verified.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=android/com.dreambit&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=android/com.dreambit&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>