DelioLatest release: 1.3.10 ( 2nd May 2022 ) 🔍 Last analysed 21st October 2021 . Custodial: The provider holds the keys
Help spread awareness for build reproducibility
Please help us spread the word discussing the risks of centralized custodians with Delio via their Twitter!
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
(Analysis from Android review)
Delio Lending app claims to be in a partnership with Bithumb.
Delio’s services include: lending (cryptocurrency guaranteed loan), deposit and cloud mining.
Delio.Foundation does not link back to the Google Play app. The Google play app does link to Delio.Foundation.
We also tried using Google’s search parameter, but did not find links from delio.foundation to the Google Play app.
site: https://delio.foundation “play”
site: https://delio.foundation “play.google”
As described above, Delio.Foundation does link to @delio.io on Facebook. The Facebook page links to Delio.io. Delio.io links to the Google Play and ios apps.
We downloaded the app and registered on the service.
It is possible to log-in via a Bithumb account.
In addition, Delio has completed stronger security by adding its own ‘wallet owner authentication and direct withdrawal’ function to the wallet.
Unlike general wallet services, this feature authenticates the owner through a security token sent to the owner’s mobile phone when withdrawing cryptocurrency, and the owner withdraws cryptocurrency directly from the blockchain node.
Delio has many offerings and this includes Savings. To quote:
Any time you deposit Bitcoin(BTC), we will give you 12% of Bitcoin APR profit. You can deposit Bitcoin anytime you want, and the deposit will automatically end 90 days after the deposit approval date. Profits will be pain in Bitcoin on the day after the deposit ends. Bitcoin can be deposited from at least 0.01 BTC. You can check the Bitcoin deposit in your wallet.
Bitcoin Lending Basic
Bitcoin lending with Bitcoin as collateral
- Lending available up to 90% of the collateral amount
- Repayment based on the number of coins ex) Borrow 10 Bitcoins and repay the same amount of 10 Bitcoins
Delio Vault is a ‘private safe custody’ service that stores and manages large amounts of assets. The security of storing and managing assets was strengthened, and it can be linked to crypto-asset financial services such as lending, deposit, and payment, thereby increasing the convenience of users. Delio Vault has a personalized system but no storage fee, and it will provide 2% annual staking revenue to Vault users from August.
Delio Vault can be logged in only after complex authentication processes such as ‘cell phone customer authentication’ and ‘OTP authentication’, and a customer should proceed with the ‘owner authentication’ on the blockchain node after the process. It is possible to withdraw with the withdrawal address that a customer registered in advance, which is ‘white list address’ and the withdraw is suspended for 24 hours if the withdrawal address is modified or changed.
- Wallet service provider (Delio) does NOT proceed (sic) withdrawal
- When withdrawing, the wallet owner must authenticate at the wallet (blockchain) node
- Withdrawal directly from the wallet (blockchain) node
- Tokens are NOT directly managed or stored by Delio
However, Delio Wallet adopted a new ‘wallet owner authentication and direct withdrawal’ system in the withdrawal process of existing companies and introduced a safer process for wallet hacking.
The system verifies that the customer is the owner through a security code sent to the owner’s mobile phone when withdrawing a virtual asset, and in this process, Delio cannot participate in the withdrawal of virtual assets, so it has high security.
Delio wallet boasts stronger security than other wallets, even if Delio, a wallet service provider, attempts to withdraw money since withdrawal requires direct authentication of the wallet owner at the blockchain node. Even if Delio is hacked, it is designed so that withdrawals are impossible, so customer can rest assured.
The wallet also features insurance and multi-sig through Hexlant, and Ledger Vault.
Deciphering the nature of Delio’s service proved quite challenging and we would be humble enough to admit if there’s any misunderstanding. At its core, Delio is a lending service that requires users to “lock in” funds so that others may borrow. This entails custody.
What made our testing of the app more difficult was the SMS verification did not arrive. This disallowed us from properly seeing first-hand how the wallet works. We were able to access some portions of the wallet.
The way it describes its services is at times vague. But the presence of insurance, partnerships with other parties, the lack of specific instructions on the provision of the private keys and multi-sig may indeed point to Delio as a custodial service. This makes the app not verifiable.
As the provider of this product holds the keys, verifiability of the product is not relevant to the security of the funds!
As part of our Methodology, we ask:Is the product self-custodial? If not, we tag it Custodial!
A custodial service is a service where the funds are held by a third party like the provider. The custodial service can at any point steal all the funds of all the users at their discretion. Our investigations stop there.
Some services might claim their setup is super secure, that they don’t actually have access to the funds, or that the access is shared between multiple parties. For our evaluation of it being a wallet, these details are irrelevant. They might be a trustworthy Bitcoin bank and they might be a better fit for certain users than being your own bank but our investigation still stops there as we are only interested in wallets.
Products that claim to be non-custodial but feature custodial accounts without very clearly marking those as custodial are also considered “custodial” as a whole to avoid misguiding users that follow our assessment.
This verdict means that the provider might or might not publish source code and maybe it is even possible to reproduce the build from the source code but as it is custodial, the provider already has control over the funds, so it is not a wallet where you would be in exclusive control of your funds.
We have to acknowledge that a huge majority of Bitcoiners are currently using custodial Bitcoin banks. If you do, please:
- Do your own research if the provider is trust-worthy!
- Check if you know at least enough about them so you can sue them when you have to!
- Check if the provider is under a jurisdiction that will allow them to release your funds when you need them?
- Check if the provider is taking security measures proportional to the amount of funds secured? If they have a million users and don’t use cold storage, that hot wallet is a million times more valuable for hackers to attack. A million times more effort will be taken by hackers to infiltrate their security systems.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=iphone/io.DelioHybrid&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=iphone/io.DelioHybrid&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>