Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
Nemanja Nikodijević is a security researcher who has managed to create an Open Source hardware wallet called hwallet that uses significantly less lines of code than ColdCard, Trezor, Ledger and KeepKey.
He elaborates in this video:
In the below video Nemanja Nikodijević claims that his Open Source Hardware Wallet is significantly less complex than the top competitors. By his count, the lines of code are:
- 2.5 million in
- 346 thousand in
- 162 thousand in
- 122 thousand in
- 4 thousand in his product
Huge part he blames on the lack of hardware acceleration - if the chip used can’t do fancy cryptography natively, the software has to do it. While this is true, it doesn’t mean that those features are not implemented somewhere. They are implemented in silicon. We won’t go into details here but a more feature-rich chip might be more complex in other areas and from that increase the attack surface again.
The other part where his claims are flawed is that his product doesn’t support all the features the other mentioned products do.
Lastly, as he counts license headers - that is code comments - as “lines of code”, what else did he count? Empty lines? Code documentation, which only improves security as it helps with audits while not being executable and thus not increase the attack surface.
The hwallet is not commercially available and is a DIY bitcoin hardware wallet. He built the project in order to prove that there is a simpler and safer way to build bitcoin hardware wallets compared to current commercially available solutions.
From his repository, the required components are:
- FRDM-K82F or FRDM-KL82Z
- Pmod OLED
This is an Open Source DIY project.
This project is not meant for non-technical end users.
As part of our Methodology, we ask:Is the product meant to be ready for use "out of the box"? If not, we tag it DIY
Many hardware wallet projects aim to be as transparent as possible by using only off-the-shelf hardware with an open design and open code. If the product reviewed is not available in an assembled form - if the user has to source his own hardware to then maybe solder and compile software to install on the device it falls into this category.
But we also ask:Was the product updated during the last two years? If not, we tag it Obsolete!
Bitcoin wallets are complex products and Bitcoin is a new, advancing technolgy. Projects that don’t get updated in a long time are probably not well maintained. It is questionable if the provider even has staff at hands that is familiar with the product, should issues arise.
This verdict may not get applied if the provider is active and expresses good reasons for not updating the product.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/nemanjan.hwallet&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/nemanjan.hwallet&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>