Wallet Logo

Vanguard Encrypto

🔍 Last analysed 4th April 2022 . Bad Interface

The design of the device does not allow to verify what is being signed!

As part of our Methodology, we ask:

Can the user verify and approve transactions on the device?

If the answer is "no", we mark it as "Bad Interface".

These are devices that might generate secure private key material, outside the reach of the provider but that do not have the means to let the user verify transactions on the device itself. This verdict includes screen-less smart cards or USB-dongles.

The wallet lacks either an output device such as a screen, an input device such as touch or physical buttons or both. In consequence, crucial elements of approving transactions is being delegated to other hardware such as a general purpose PC or phone which defeats the purpose of a hardware wallet.

Another consquence of a missing screen is that the user is faced with the dilemma of either not making a backup or having to pass the backup through an insecure device for display or storage.

The software of the device might be perfect but this device cannot be recommended due to this fundamental flaw.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Vanguard Encrypto  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

The Vanguard Encrypto also called “the world’s first functional Bitcoin watch” is our newly launched limited edition. The dial includes a laser-etched QR code for a public wallet address that can be used to deposit Bitcoins and check the balance of the account. To allow this secure process, a sealed USB stick is included with the watch to store the private key.

Vanguard Encrypto is a watch that is designed to hold bitcoin. The product is shipped with a sealed USB meant to contain the private key. A public address is laser-etched on its face.

From the FAQ page:

To be able to move the funds, you must push a pin through the hole marked on the back of the USB.
Once that is done, the private key will be revealed. Once unsealed, you will have access to your private key.
Then, you’ll need to link your private key to the live wallet.

Because the QR code is already etched on the watch and the USB needs to be “unsealed” to gain access to the private keys. However, to avoid having to trust the provider with the private key, users may order “an unused sealed USB” and submit a public address of their choice to have etched on the watch dial.

As for how the watch’s interface functions, there does not seem to be a way to verify or approve transactions on this device:

How to transfer bitcoins through my Franck Muller Watch dial?
Open any live wallet software or web-based wallet and send or receive funds from any live wallet to the public address shown on your watch dial.


Claiming the funds from the set happens at the USB or cold wallet level and is not related to your time piece, and this requires software. This software is usually referred to as a “live wallet”, which should not be confused with your off-line USB or cold wallet.

This product lacks the interface to be able to make or confirm its own transactions.