Wallet Logo

Icy Note

Latest release: 0.7 ( 11th July 2021 ) 🔍 Last analysed 23rd March 2022 . Provided private keys
27th April 2021

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Icy Note  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

What is a bearer token?

Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens have these attributes:

  • secure initial setup
  • tamper evidence
  • balance check without revealing private keys
  • small size
  • low unit price
  • either of ...
    • somebody has a backup and needs to be trusted
    • nobody has a backup and funds are destroyed if the token is lost/damaged

The Analysis 

Private keys can be created offline

Since we are talking about physical bitcoin notes, we’d have to assume that they are printed somewhere physically.

The Icynote process in printing involves the following:

Icynote physical note printing

work offline so any hacking must be performed physically. We print using a just-in-time process, so the cold wallets only exist 10 minutes from creation to deletion. Each new cold wallet file is erased by the next cold wallet. At the end of the process, a security company analyzes the printer hard drives and deletes any information related to the printing process. We not only delete the files, we also have the hard drive destroyed by a secure company.

We generate them in a clean room, under the supervision of a Swiss notary and an auditing company. Each Icynote is unique, the private key is printed only once and no copies are kept. If you lose your Icynote, you lose your assets. We respect the NIST SP800-22 Test Suite compliance standard for the random number generator which creates the cold wallet.

Private keys are not shared

The company claims that:

Every Icynote fabricated by us is unique, nobody can see it from creation to printing. The only way anyone can see the private key is by scratching-off the Icynote. This is an irreversible process. So, you can see and feel whether the banknote has been “opened” and is therefore compromised.

Physically transferring one Icynote to another is the whole gist of paper notes. Icynote asserts that there is no way to view the private key without destroying its tamper seal.

3.1 How can I be sure that the previous owner of the banknote has not read the private key?

It is your decision whether you accept the Icynote or not. If you accept it, you must check that the banknote is neither broken, scratched-off nor damaged and that you receive it from a secure source. This wallet is protected by two layers, one metallic and the other is a polymer, both of which reflect light, even from lasers, thus making it impossible to see what is printed inside. It is also impossible to scan it with a magnetic, X-ray or static scanner. Anyway, if your transaction is of a substantial nature, it is better to scratch-off the Icynote and transfer the assets from one Icynote to another Icynote, ensuring that your counterpart will transfer you the expected amount.

Code and Reproducibility

The private keys are generated by the provider and the user has to trust them to not keep a copy. Those “notes” come with private keys and thus are prefilled.

(dg)

Verdict Explained

The device gets delivered with private keys as defined by the provider!

As part of our Methodology, we ask:

Are the keys never shared with the provider? If not, we tag it Provided Keys!

The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.

There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.