Wallet Logo

Rocket by Chiji14xchange

Latest release: 3.0.0 ( 1st March 2022 ) 🔍 Last analysed 1st October 2021 . Custodial: The provider holds the keys
3.7 ★★★★★
264 ratings
19th August 2019

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing the risks of centralized custodians with Rocket by Chiji14xchange  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

(Analysis from Android review)

Update 2022-01-05

We found new information to validate our verdict via Rocket’s Terms page:

Section 3. Hosted Digital Currency Wallet

Sub section 3.1 In General

The Hosted Digital Currency Wallet services allow you send supported Digital Currency to, and request, receive, and store supported Digital Currency from, third parties pursuant to instructions you provide through the Chiji14xchange Site (each such transaction is a “Digital Currency Transaction”). Chiji14xchange reserves the right to refuse to process or to cancel any pending Digital Currency Transaction as required by law or in response to a subpoena, court order, or other binding government order or to enforce transaction limits. Chiji14xchange cannot reverse a Digital Currency Transaction which has been broadcast to a Digital Currency network. The Hosted Digital Currency Wallet services are available only in connection with those Digital Currencies that Chiji14xchange, in its sole discretion, decides to support. Under no circumstances should you attempt to use your Hosted Digital Currency Wallet services to store, send, request, or receive digital currencies in any form that is not supported by Chiji14xchange. Chiji14xchange assumes no responsibility or liability in connection with any attempt to use Chiji14xchange Services for digital currencies that Chiji14xchange does not support.

Previous Analysis There is not that much information in the Play Store description:

Welcome to Chiji14xchange App, this App enables you to transact and exchange bitcoins and gift cards with adequate security features that guarantees safety for clients at all times.

Searching the website, we find that KYC verification is in use.

In order to meet regulatory standards and to aid in crime prevention and detection, Chiji14Xchange has taken steps to ensure proper customer identification through its Customer Due Diligence and Know Your Customer (KYC) procedure.

It is unknown where the keys are stored.

We find that this exchange uses Peer to Peer trading.

P2P trading system allows you to connect with any interested buyer/seller of crypto asset. Which means you can trade Bitcoin/USDT with other traders interested in buying or selling crypto assets.

Here is their word on Rocket’s involvement:

Rocket P2P platform serves as the gateway for the trade by providing a platform for buyers and sellers to broadcast their offers, and at the same time, serves as escrow services of online digital asset to ensure the safety and timely delivery of digital asset during trade execution.

Customers can add their bank account and use fiat to buy BTC from the listings of other users. The platform can also be used to pay bills.

From the terms & conditions:

Chiji14xchange securely stores all Digital Currency private keys in our control in a combination of online and offline storage.

This confirms that the provider is in control of the keys, making this app custodial. Thus, it is not verifiable.

(dg)

Verdict Explained

As the provider of this product holds the keys, verifiability of the product is not relevant to the security of the funds!

As part of our Methodology, we ask:

Is the product self-custodial? If not, we tag it Custodial!

A custodial service is a service where the funds are held by a third party like the provider. The custodial service can at any point steal all the funds of all the users at their discretion. Our investigations stop there.

Some services might claim their setup is super secure, that they don’t actually have access to the funds, or that the access is shared between multiple parties. For our evaluation of it being a wallet, these details are irrelevant. They might be a trustworthy Bitcoin bank and they might be a better fit for certain users than being your own bank but our investigation still stops there as we are only interested in wallets.

Products that claim to be non-custodial but feature custodial accounts without very clearly marking those as custodial are also considered “custodial” as a whole to avoid misguiding users that follow our assessment.

This verdict means that the provider might or might not publish source code and maybe it is even possible to reproduce the build from the source code but as it is custodial, the provider already has control over the funds, so it is not a wallet where you would be in exclusive control of your funds.

We have to acknowledge that a huge majority of Bitcoiners are currently using custodial Bitcoin banks. If you do, please:

  • Do your own research if the provider is trust-worthy!
  • Check if you know at least enough about them so you can sue them when you have to!
  • Check if the provider is under a jurisdiction that will allow them to release your funds when you need them?
  • Check if the provider is taking security measures proportional to the amount of funds secured? If they have a million users and don’t use cold storage, that hot wallet is a million times more valuable for hackers to attack. A million times more effort will be taken by hackers to infiltrate their security systems.
The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.