Don’t bother with hardware wallets in card format

Hardly a Bitcoin conference goes by without a new credit card-sized “hardware wallet” being thrust into your hand. A proud €100 equivalent is said to have been given to attendees of the Bitcoin 2022 conference in Miami in the form of a card wallet.

At first glance, the format seems obvious: Most people are already familiar with how to use a card, it’s incredibly easy to use, and it’s cheap to produce. So why has it taken so long for us to see these types of wallets on the market?

Quite simply, because on closer inspection they offer no advantage whatsoever over a software wallet. I will explain why this is so in the following:

Blind signing

Card wallets do not have an integrated display in most cases. Any information the wallet receives is merely verified via the host device (e.g., the smartphone) and then bluntly signed. Since the Wallet does not have its own display, the user cannot verify what transaction the smartphone is forwarding to the Wallet. If the smartphone creates a transaction, the wallet relies on it to be correct and then signs it.

The wallet cannot distinguish between correct and incorrect address

It should be reiterated here that the host device display is not to be trusted, as the information shown on the phone display may be different from that passed to the Wallet in the background. For this to happen, the host device does not even have to have a virus. Using a fake app is perfectly sufficient.

Blind addresses

Another, even more important issue is address verification. How does the user actually know that the address shown to him in the app is his? With regular hardware wallets, the receiving address can always be verified on the device itself, not on the host device. This ensures that the address can actually be attributed to the wallet.

This image has an empty alt attribute. The filename is tangem-1024x683.jpg
One card – Two addresses. Which is the real one?

A fake app can simply replace the address displayed in the app that supposedly belongs to that card with one controlled by an attacker. The user doesn’t notice the difference until he or she wants to send a transaction.

Limited backup options

Unfortunately, the lack of a display also results in limited backup options. Some providers do not even offer a backup of the wallet. Others display the seed directly in the app when you first set it up. Congratulations, the wallet was compromised before it was even set up!

A wallet with limited backup capabilities is at best suitable for smaller amounts.

Closed Source

So far, all the card wallets I’ve been able to test are closed source. This means that you have to completely trust the code running on the device and cannot track what exactly is happening on the wallet. It also makes it impossible to work on a common standard.

“At least the keys are not on the phone!”

The fact that the keys are not on the phone memory is definitely an advantage! However, this can also be solved with a software wallet by storing the private keys encrypted, or using a BIP39 passphrase. This makes it impossible for someone who has physical access to the smartphone to get their hands on the money.

Why a virus can steal your money while you are using it, I already explained in the previous paragraphs (Blind signing + Blind addresses).

In addition, some of these wallets do not allow you to set up a password for the card. This results in anyone who has access to the card also having access to the money on it. These are ultimately nothing more than paper wallets.

“For MultiSig, the security is enough!”

Especially for MultiSig wallets, it is important to verify various information such as addresses and cosigner XPubs on a secure device. If one or more card wallets are used in a MultiSig quorum, there is always a risk that in reality the cards are not part of the quorum, but an attacker’s wallet.

Here I see no comprehensible advantage over a software wallet as a cosigner.

“But these things are super cheap!”

At least for the manufacturers, this is true. That some manufacturer sells its card wallet for $100 is a cheek, considering the manufacturing cost of maybe $2. To be fair, there are also products for around $10, but a good software wallet is completely free and is in no way inferior to card wallets.

Alternatives

In the end, security-wise, a card wallet is a paper wallet where the private key is scanned every time it is used. If you want to have the user experience of a card wallet, you simply print out a QR code of your private key and scan it into BlueWallet when you use it. After use, the account is then deleted.

Who simply wants a mobile wallet for smaller amounts can reach for a software wallet with a clear conscience. This has the great advantage that its code is completely auditable. This is not the case with hardware.

If you value security, you cannot avoid a hardware wallet. Even an inexpensive wallet, like the Blockstream Jade, offers many times the security.

Conclusion

Card wallets are nothing but a quick cash grab from companies that are largely not from the bitcoin market. Among others, these are companies that produce credit cards in their main business. From this point of view, they can be forgiven for being ignorant. However, the fact that among the manufacturers are companies that should definitely know better should give some pause for thought.

“The safest crypto wallet for everyone”

Website of a card wallet manufacturer

The perfidious thing about these wallets is that the customer is led to believe that his coins can be safely stored on the device. The supposed physical separation of coins and host device suggests a security that simply does not exist. The customer’s ignorance is shamelessly exploited to sell him a useless, overpriced product.

Donate:

If you enjoyed this or any of our other posts, we would appreciate a small donation:

Leave a Reply