Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
Private keys can be created offline
Since we are talking about physical bitcoin notes, we’d have to assume that they are printed somewhere physically.
The Icynote process in printing involves the following:
Icynote physical note printing
work offline so any hacking must be performed physically. We print using a just-in-time process, so the cold wallets only exist 10 minutes from creation to deletion. Each new cold wallet file is erased by the next cold wallet. At the end of the process, a security company analyzes the printer hard drives and deletes any information related to the printing process. We not only delete the files, we also have the hard drive destroyed by a secure company.
We generate them in a clean room, under the supervision of a Swiss notary and an auditing company. Each Icynote is unique, the private key is printed only once and no copies are kept. If you lose your Icynote, you lose your assets. We respect the NIST SP800-22 Test Suite compliance standard for the random number generator which creates the cold wallet.
Private keys are not shared
The company claims that:
Every Icynote fabricated by us is unique, nobody can see it from creation to printing. The only way anyone can see the private key is by scratching-off the Icynote. This is an irreversible process. So, you can see and feel whether the banknote has been “opened” and is therefore compromised.
Physically transferring one Icynote to another is the whole gist of paper notes. Icynote asserts that there is no way to view the private key without destroying its tamper seal.
3.1 How can I be sure that the previous owner of the banknote has not read the private key?
It is your decision whether you accept the Icynote or not. If you accept it, you must check that the banknote is neither broken, scratched-off nor damaged and that you receive it from a secure source. This wallet is protected by two layers, one metallic and the other is a polymer, both of which reflect light, even from lasers, thus making it impossible to see what is printed inside. It is also impossible to scan it with a magnetic, X-ray or static scanner. Anyway, if your transaction is of a substantial nature, it is better to scratch-off the Icynote and transfer the assets from one Icynote to another Icynote, ensuring that your counterpart will transfer you the expected amount.
Code and Reproducibility
The private keys are generated by the provider and the user has to trust them to not keep a copy. Those “notes” come with private keys and thus are prefilled.
Tests performed by Daniel Andrei R. Garcia
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.