Wallet Logo

Memory BOX Pro 2.0

latest release: ?? last analysed  8th December 2021 Bad Interface
1st January 2019

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Memory BOX Pro 2.0  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Announced on twitter on May 17, 2020, it was difficult to find technical information, documentation, reviews and video reviews of the product. It does however have some Chinese language videos from its official YouTube channel:

From what we can see, the device does not have a display.

  • Multi-chain support - Maximum 500+ multi-chain wallet with safe storage
  • Double backup - Two-way backup stored in SD card, safe and stable
  • High-speed transmission - Bluetooth high-speed connection, one-click synchronization

It is also apparently paired with

Start Wallet(EOS, BTC, ETH, TRON…) No Source!

However, going over the StartEOS Memory Box 2 page, it would seem that the Start App is now supposed to be downloaded from their own servers.

Private keys can be created offline - ❓

From this video, it would seem that the Memory Box serves more as a BlueTooth enabled device to back up the StartEOS wallet.

The StartEOS help files redirect to another domain, yuque.com. It is a Chinese language site.

Private keys are not shared - ✔️

From Yuque.com, we have some clues on how the Memory Box handles private keys:

友情提示:Start开发的Memory Box硬件钱包,它将私钥单独存储在一个安全芯片中,与网络彻底隔离。因其不触网,从而杜绝了一切网络黑客入侵方式,是目前最安全的钱包之一。

Translated via Google Translate:

Friendly reminder: The Memory Box hardware wallet developed by Start stores the private key separately in a security chip, which is completely isolated from the network. Because it does not touch the Internet, it eliminates all methods of network hacking, and it is one of the most secure wallets at present.

Device displays receive address for confirmation - ❌

The device does not have a display.

Verdict

This device has no display from which the user can interface with. It can only be paired with an app with an APK downloadable through the StartEOS website.

(ml, dg)

Verdict Explained

The design of the device does not allow to verify what is being signed!

As part of our Methodology, we ask:

Can the user verify and approve transactions on the device? If not, we tag it Bad Interface

These are devices that might generate secure private key material, outside the reach of the provider but that do not have the means to let the user verify transactions on the device itself. This verdict includes screen-less smart cards or USB-dongles.

The wallet lacks either an output device such as a screen, an input device such as touch or physical buttons or both. In consequence, crucial elements of approving transactions is being delegated to other hardware such as a general purpose PC or phone which defeats the purpose of a hardware wallet.

The software of the device might be perfect but this device cannot be recommended due to this fundamental flaw.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.