iCoin Technology Hardware Wallet🔍 Last analysed 19th May 2022 . No source for current release found
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
From iCoin Technology’s News page.
U.S-based iCoin Technology today announced a first-of-its-kind iCoin Wallet System that includes a sleek hardware wallet which incorporates a 3-inch touchscreen display. It also incorporates a 13-megapixel camera that enables full Air Gap transaction security. An optional Bluetooth thermal printer allows for a convenient and error-free way to securely print and store a 24-word backup seed phrase, along with other important information such as account addresses and transaction receipts.
Touchscreen & Camera
- Capacitive touch color display (3″) & 13 mp. rear facing camera. View accounts, sign transactions, and more.
- No WiFi, no cellular antenna, no SD card slot, no microphone, no front facing camera.
- Enabled Bluetooth optional.
- Private Keys are encrypted in memory.
- iCoin uses hardened derivation paths for Private Key creation.
iCoin Mobile App
- Your iCoin Wallet’s gateway to Blockchain Networks.
- iCoin Mobile App available on Apple’s App Store (iOS) & Google Playstore (Android)
- Should you ever need to update your Hardware Wallet software, iCoin’s technique retains Private Key safety.
- iCoin’s Wallet uses a rear facing camera to import Blockchain data required to construct a transaction. Your iCoin Wallet never connects to a Network.
Seed Based Recovery
- BIP HD compatible. Wipe your iCoin Wallet, restore it in seconds.
Quick Start Guide
- The Quick Start Guide is still available in PDF
The guide describes how to create a transaction:
- Open the iCoin Mobile App, select the account you’d like to transact with, and press SEND
- Manually enter the To address, paste in a copied address, or press to activate camera and scan address QR
- Manually enter the amount or select to send all funds
- Toggle between USD & BTC/ETH
- Use to adjust Fee with slider, then press SEND
- Use the action wheel on your Hardware Wallet and press Air Gap then scan your mobile’s QR with Hardware Wallet camera
- Confirm transaction details on your hardware wallet and press NEXT
- Enter your Hardware Wallet’s PIN to sign the transaction and generate a signed transaction QR code
- On your iCoin Mobile App, select NEXT to open the mobile’s camera, then scan the hardware wallet’s QR
Note: - the iCoin Mobile App will automatically publish a transaction upon scanning the QR code from your Hardware Wallet
iCoinTechnology used to have their device on Verizon’s store.
Can the private keys be created offline? - ✔️
Yes. The Quick Start Guide describes the process:
Create a New Bitcoin Account
- Select BITCOIN on your wallet homescreen
- Use the symbol to create a new account
- Choose a name for your account and press CONFIRM
- View your account address & QR code
- PRINT to create a hard copy of your account address & QR code
✔️ - The provider claims the device is air gapped with Bluetooth as an option.
✔️ - Information is communicated between two devices using QR codes.
Are the private keys shared? - ✔️
No. Described above: when creating a transaction, the device scans a QR code generated by the hardware device or printed through.
Furthermore, it is described as:
Unlike a smartphone, the iCoin hardware wallet has no hardware or software support for Wi-Fi, cellular or GPS communication, which can threaten security. It uses a camera and displays QR codes to receive and send information to the iCoin Mobile App (air gap connection) which runs on iOS and Android smartphones. The iCoin Mobile App uses the smartphone Wi-Fi or cellular connection to relay the transaction information to the blockchain. iCoin also operates its own full node blockchain server for improved transaction security. An optional Bluetooth printer securely connects to the hardware wallet for seed phrase and other printouts.
Here, we should assume the qr does what it does in the many other such hardware wallets - display PSBTs.
Does the device display the receive address for confirmation? - ✔️
Yes. Step 6 of creating transactions is described:
Confirm transaction details on your hardware wallet and press NEXT
Does the interface have a display screen and buttons which allows the user to confirm transaction details? - ✔️
Is it reproducible? - ❌
There is no link to any source code from the provider’s website.
The project does not link to any source code.
Without public source of the reviewed release available, this product cannot be verified!
As part of our Methodology, we ask:
Is the source code publicly available?If the answer is "no", we mark it as "No source for current release found".
A wallet that claims to not give the provider the means to steal the users’ funds might actually be lying. In the spirit of “Don’t trust - verify!” you don’t want to take the provider at his word, but trust that people hunting for fame and bug bounties could actually find flaws and back-doors in the wallet so the provider doesn’t dare to put these in.
Back-doors and flaws are frequently found in closed source products but some remain hidden for years. And even in open source security software there might be catastrophic flaws undiscovered for years.
An evil wallet provider would certainly prefer not to publish the code, as hiding it makes audits orders of magnitude harder.
For your security, you thus want the code to be available for review.
If the wallet provider doesn’t share up to date code, our analysis stops there as the wallet could steal your funds at any time, and there is no protection except the provider’s word.
“Up to date” strictly means that any instance of the product being updated without the source code being updated counts as closed source. This puts the burden on the provider to always first release the source code before releasing the product’s update. This paragraph is a clarification to our rules following a little poll.
We are not concerned about the license as long as it allows us to perform our analysis. For a security audit, it is not necessary that the provider allows others to use their code for a competing wallet. You should still prefer actual open source licenses as a competing wallet won’t use the code without giving it careful scrutiny.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/icointechnology.hwallet&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/icointechnology.hwallet&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>