Ballet Crypto Bitcoin Block🔍 Last analysed 18th May 2022 . Provided private keys
Help spread awareness for build reproducibility
Please help us spread the word discussing build reproducibility with Ballet Crypto Bitcoin Block via their Twitter!
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
What is a bearer token?
Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens have these attributes:
- secure initial setup
- tamper evidence
- balance check without revealing private keys
- small size
- low unit price
- either of ...
- somebody has a backup and needs to be trusted
- nobody has a backup and funds are destroyed if the token is lost/damaged
The Analysis ¶
The Ballet Crypto Bitcoin Block is another product from Ballet Crypto
Bitcoin BLOCKs contain the entire coinbase reward of a newly-mined block. This includes both the base block reward of 6.25 BTC as well as all transaction fees mined in that block.
The bitcoins come straight from our mining pool partner, mined directly from the coinbase transaction in each block, straight to your physical Bitcoin BLOCK, with no intermediate hops. These bitcoins have no prior transaction history, and thus provide the highest level of privacy.
The concept the provider is getting at here is “taint” and goes back to a Case Law ruling in England of 1758 (Miller vs. Race). “Does the recipient have to care about the origin or history of a bank note?” Judges ruled “No!” as otherwise bank notes simply wouldn’t work as money. Bitcoin today has no such ruling in its favor and some actors already seize or reject Bitcoins that by their assumptions are the proceeds of illegal activities. The provider here is offering “virgin” as in “freshly minted” Bitcoins under the assumption that those are without any history attached.
The claim that these coins “provide the highest level of privacy” obviously is false as the provider knows the identity of the buyer. If those coins themselves now are used in a crime, law enforcement would have a name and address to go ask about it. That is the opposite of “privacy”.
Bitcoin BLOCKs are made using Ballet’s innovative Two-Factor Key Generation (2FKG) process, which utilizes the industry standard BIP38 process to split the private key into two components (the BIP38 passphrase and the encrypted private key). Bitcoin BLOCKs are manufactured in two separate steps in two different locations around the world. This provides what we consider to be the highest level of private key security for the customer.
Included in the block are the following:
- Block number
- Block reward
- Serial number
- Bitcoin address (QR code)
- Bitcoin address (text)
- Tamper-evident scratch-off
- BIP38 passphrase
- Encrypted private key (QR code)
- Encrypted private key (text)
- Honeycomb pattern indicating tampering
Unlike other Ballet Crypto products, potential buyers would have to contact Ballet if they are interested. This is not available in their online store.
Over $21,000 in bounty to hack my two @BalletCrypto wallets: #takebobbysbitcoin— Bobby Lee - Ballet: World's EASIEST wallet! (@bobbyclee) July 31, 2020
1) I show you the encrypted private key; you guess the passphrase!
2) I show you the BIP38 passphrase, you find the private key.https://t.co/K1AqgBlmCi
In the challenge, he displays 2cards. One with the encrypted private key in full display and the other with the passphrase displayed. Hackers would try to find the passphrase for the former, and the private key for the other.
The premise is that ‘collusion’ between two parties in the manufacturing process is in the realm of possibility. As to the BIP-38 encrypted passphrase, the $5 wrench attack does have the potential to coerce the owner to give up his passphrase under duress.
This leads us to a similar verdict about the dangers of having the private keys printed on the bearer token.
The device gets delivered with private keys as defined by the provider!
As part of our Methodology, we ask:Are the keys never shared with the provider? If not, we tag it Provided Keys!
The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.
There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=bearer/balletcrypto.bitcoinblock&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=bearer/balletcrypto.bitcoinblock&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>