Wallet Logo

Ballet Crypto Real

🔍 Last analysed 23rd March 2022 . Leaks Keys

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Ballet Crypto Real  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

What is a bearer token?

Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens have these attributes:

  • secure initial setup
  • tamper evidence
  • balance check without revealing private keys
  • small size
  • low unit price
  • either of ...
    • somebody has a backup and needs to be trusted
    • nobody has a backup and funds are destroyed if the token is lost/damaged

The Analysis 

Updated Analysis 2022-01-20

Ballet Crypto REAL is the original and first iteration of the Ballet Crypto Cards series. Subsequent items are:

Like the PRO and the PURE, the REAL’s private keys are printed on the item. It is encrypted and can be verified and decrypted through this process accessible via balletcrypto.org:

Step 1

Enter your wallet passphrase. Remove the tamper-evident scratch-off to get the wallet passphrase.

Step 2

Verify using BIP38 confirmation code. You can use the Ballet Crypto mobile app to get your wallet’s BIP38 confirmation code.


Decrypt using BIP38 encrypted private key. Peel off the top layer sticker and scan the encrypted private key QR code, which is set against a yellow sticker.


To ensure that the private keys are not copied by the manufacturer, Ballet Crypto has a manufacturing process called 2FKG (2-Factor Key Generation):

In the US

Using an offline computer, serial number, wallet passphrase, and intermediate code are generated in Ballet’s USA headquarters

Serial number and intermediate code are then electronically transmitted to Ballet’s office in China.

In China

Afterwards, the BIP38 process is used to randomly generate an encrypted private key (EPK) using the intermediate code data.

The corresponding public key and deposit addresses will be generated, along with a confirmation code, to be used for verification and additional checking afterwards. This encrypted private key is secure data, which is only stored once, on a hard disk drive.

In China, this two-layer QR code sticker is manufactured using an offline process in a secure printing facility The secure data is never transmitted to any external computers or system.

The secure data is transferred physically, on a hard disk drive.

Right after the printing process, the secure data is then deleted, overwritten, and physically destroyed.

The secure two-layer QR code sticker will then be securely applied to the physical wallets, without ever revealing the encrypted private keys.

Once finished, the partially assembled wallets are sent to the United States for final production. The confirmation codes are also electronically sent back to the United States.

This is for further verification to ensure that the encrypted private keys and decryption wallet passphrase does match up with the generated cryptocurrency deposit addresses.

Back in the US

The physical wallets and QR code stickers are verified and double checked in the United States according to their corresponding serial numbers.

The matching decryption wallet passphrase and serial number will then be laser etched onto the wallets. A strip of tamper evident scratch-off material is then applied on the wallet, to cover the wallet passphrase.

Companion app

It requires a companion app Ballet Crypto No Source!


Perhaps one of the main weaknesses of these cards is the lack of an interface and an input mechanism.

Previous Analysis 2021-08-08

This hardware device lacks a screen or a button, this device cannot provide basic security of hardware wallets.

(ml, dg)

Verdict Explained

This product requires sharing private key material!

As part of our Methodology, we ask:

Does the device hide your keys from other devices? If not, we tag it Leaks Keys!

Some people claim their paper wallet is a hardware wallet. Others use RFID chips with the private keys on them. A very crucial drawback of those systems is that in order to send a transaction, the private key has to be brought onto a different system that doesn’t necessarily share all the desired aspects of a hardware wallet.

Paper wallets need to be printed, exposing the keys to the PC and the printer even before sending funds to it.

Simple RFID based devices can’t sign transactions - they share the keys with whoever asked to use them for whatever they please.

There are even products that are perfectly capable of working in an air-gapped fashion but they still expose the keys to connected devices.

This verdict is reserved for key leakage under normal operation and does not apply to devices where a hack is known to be possible with special hardware.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.