Wallet Logo

Bit-Card.de

🔍 Last analysed 19th May 2022 . Provided private keys Not functioning anymore

Jump to verdict 

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

What is a bearer token?

Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens have these attributes:

  • secure initial setup
  • tamper evidence
  • balance check without revealing private keys
  • small size
  • low unit price
  • either of ...
    • somebody has a backup and needs to be trusted
    • nobody has a backup and funds are destroyed if the token is lost/damaged

The Analysis 

Background

The service has long ceased its operations. The archives are from 2014.

All cards are produced pursuant to ISO 7816 ID-1 standard in the size 86 x 54 mm (3⅜” × 2⅛”). The sandwich configuration with a black core and specially produced security hologram provide first-class protection against modification and counter fitting. In an effort to protect the card against wear and tear and environmental influences, we use the exceptional high-quality retransfer-procedure and cover the printed surface with a protective coating.

The cards come in different versions:

Encrypted cards

Encrypted-Cards are cards whose private key is encrypted in accordance with BIP 0038. They offer a particularly high level of protection since the private key has been generated in encrypted form and stored on the card that way, just so that it cannot become known to either us or any third parties. Decrypting your private key is only possible using your passphrase.

In order to create a passphrase-protected card, you will first of all have to generate an intermediate code. The intermediate code is transmitted to us during the ordering process.(You can, for example, do this on the website bit2factor.org. Further options are to use the programs provided by Casascius (The source code can be found on github) or our own tool (The source code can be found on github), which is based on Casascius’ program. (We recommend you to generate the intermediate code on a system without an Internet connection.) Make sure to store the passphrase used very carefully. Without your passphrase you will not be in a position to use the credit on the card! With the confirmation code, you can check, at any time, in the above-mentioned programs, whether the passphrase belongs to the card received. The security hologram does not have to be removed for that purpose.

Since the service is no longer online, we could not clarify this segment in the web form:

Intermediate Code (“begins with “passphrase”)

We are not sure if the service is asking the user to provide the passphrase to be encrypted. If yes, then the provider might have copies of the passphrase and the private key.

Wallet cards

Wallet-Cards are a safe and easy way to store Bitcoins via handy credit card format. Wallet-Cards are not topped up by us and are especially suitable as a replacement for the traditional paper wallet, or for conveying non-standard amounts.

Receive Cards

Receive-Cards make it easy to share your Bitcoin address with friends and customers and receive payments.

The user provides the public address via web form. The provider prints this on the card.

Analysis

Since the provider is no longer operating, we are not able to verify if our assumption is correct. From what we understand, the passphrase is sent to the provider via web form. Whether they make copies of it or not, we would not be able to know. What we do know is that the encrypted card variant does have a printout of the private key.

(dg)

Verdict Explained

The device gets delivered with private keys as defined by the provider!

As part of our Methodology, we ask:

Are the keys never shared with the provider? If not, we tag it Provided Keys!

The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.

There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.

But we also ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct!

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.