Wallet Logo

Goldlinks ONE

🔍 Last analysed 19th May 2022 . Leaks Keys Not functioning anymore

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Goldlinks ONE  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Background

Splash announcement on Goldlinks.one’s homepage:

Recently, the trading of Goldlinks GGT on BitForex has been halted. To date, Bitforex has no any official explanation on the unilateral suspension. Goldlinks is requesting an official statement from BitForex and communicating with them. We will endeavor to resume the trading as soon as possible.

The whitepaper describes a token and a coin: GGT and GGC

By combining cutting-edge blockchain technology with physical gold, Goldlinks Platform is uniting gold producers, consumers, investors, and other gold stakeholders in a global blockchain community. Goldlinks Platform has transformed gold into a divisible, tokenized asset known as Global Gold Coins (GGC). This functions as a universal store of value and unlocks gold’s natural monetary properties in a digital world.

GGT

GGT is initially issued by the Distributor as ERC-20 standard compliant digital tokens on the Ethereum blockchain. The total circulation of GGT is 20 billion GGT. GGT is a non-refundable functional utility token which will be used as the unit of exchange between participants on the Goldlinks Platform. The goal of introducing GGT is to provide a convenient and secure mode of payment and settlement between participants who interact within the ecosystem on the Goldlinks Platform.

Product Description

The hardware wallet was announced on twitter on May 29, 2019.

This information can be found on this page:

  • Private keys are generated and stored in a Secure Element (SE).
  • Sensitive data is isolated on a chip operating system (COS), preventing storage and signature attacks.
  • A propriety design that combines hardware and software wallets offers an extra level of protection.
  • the hardware wallet directly connects to the software wallet on mobile devices via Bluetooth, eliminating the need to install PC software or drivers.

Analysis

The last tweet of the Goldlinks twitter account was made on November 12, 2019. The ‘Buy’ link for the hardware wallet is broken. The last Medium post was made on September 2, 2019. Goldlinks’ wallet app download is also broken.

This information together with the delisting of the GGT on BitForex plus the subsequent loss of value of GGT from a high of 20 cents to 0.000427 cents, lead us to come to the conclusion that this hardware wallet no longer exists.

Since the device connects to a mobile app via Bluetooth, we assume that the device has the possibility to leak the private keys.

(dg)

Verdict Explained

This product requires sharing private key material!

As part of our Methodology, we ask:

Does the device hide your keys from other devices? If not, we tag it Leaks Keys!

Some people claim their paper wallet is a hardware wallet. Others use RFID chips with the private keys on them. A very crucial drawback of those systems is that in order to send a transaction, the private key has to be brought onto a different system that doesn’t necessarily share all the desired aspects of a hardware wallet.

Paper wallets need to be printed, exposing the keys to the PC and the printer even before sending funds to it.

Simple RFID based devices can’t sign transactions - they share the keys with whoever asked to use them for whatever they please.

There are even products that are perfectly capable of working in an air-gapped fashion but they still expose the keys to connected devices.

This verdict is reserved for key leakage under normal operation and does not apply to devices where a hack is known to be possible with special hardware.

But we also ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct!

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.