Wallet Logo

BitExchange HardID Hardware Wallet

Latest release: ?? ( 18th April 2018 ) 🔍 Last analysed 29th April 2022 . Leaks Keys Not functioning anymore
15th November 2017

Jump to verdict 

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Background

We searched for Blockchain Labs and there was one in the UK, one in Malaysia, one in MIT, and many others. BitExchange is a common name as well with a defunct exchange found in archive.org. Normal text results for “BitExchange HardID” did not yield a lot of information neither. Our breakthrough came when we searched for the logo to the related GitHub page. The associated logo is linked to a Chinese company named LIGHTNINGASIC with a page that featured the BitExchange HardID Hardware Wallet. It retailed for $149 USD.

The discrepancy lies with the fact that the primary domain hardid.org did not link to purchase options which allowed users to buy the device. Lightningasic.com did.

Product Description

The code is based off archived Trezor firmware.

Product Features as described from LIGHTNINGASIC:

  • Easy and security to store the bitcoin.
  • Generate private key random , and signature independent.
  • PIN code and seeds. Double security .
  • Open source code.
  • Sapphire Glass
  • Touch screen
  • Super slim: 3.8mm only
  • CNC Aluminum case
  • Custom laser printing on backside

From the HardID.org documentation page:

Your bitcoin can be conveniently and safely managed through BitExchange HardID Hardware Wallet equipment. Private key’s generation, storage and signature calculation in BitExchange HardID Hardware Wallet can be finished. In the whole management process of bitcoin, private key is protected from the physical isolation,

HardID Hardware Wallet adopts OLED monochrome screen with 0.96 -inch and 128 * 64 resolution to display information, shell adopts stainless steel case with gorilla glass as protection screen, control button is touch button, update key,and it has these functions such as dust-proof and fall resistance.

How it works

As documented from the homepage and the documentation page:

  1. Install Offline Tool & initialize device
    After buying the hardware wallet, you need to download our Offline Tool to initialize the device. When initializing the device we recommend you choose a 24 word seed and store it on paper in a safe place. It is very important that you don’t lose this 24 word secret, otherwise you will lose your cryptocurrencies.
    picture

  2. Install Chrome extension
    Before you start using hardID, you also need to download our browser extension for Google Chrome. After installing this extension the browser will be able to communicate hardID.

Analysis

Firstly, the exchange is no longer in existence. The last capture for the domain bitexchange.com.hk on archive.org was in 2019. HardID.org is due to expire in 2022.

As the “Buy” button yields “This product doesn’t exist!”, we assume it is not for sale anymore.

(dg)

Verdict Explained

This product requires sharing private key material!

As part of our Methodology, we ask:

Does the device hide your keys from other devices? If not, we tag it Leaks Keys!

Some people claim their paper wallet is a hardware wallet. Others use RFID chips with the private keys on them. A very crucial drawback of those systems is that in order to send a transaction, the private key has to be brought onto a different system that doesn’t necessarily share all the desired aspects of a hardware wallet.

Paper wallets need to be printed, exposing the keys to the PC and the printer even before sending funds to it.

Simple RFID based devices can’t sign transactions - they share the keys with whoever asked to use them for whatever they please.

There are even products that are perfectly capable of working in an air-gapped fashion but they still expose the keys to connected devices.

This verdict is reserved for key leakage under normal operation and does not apply to devices where a hack is known to be possible with special hardware.

But we also ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct!

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.