Jack Dorsey's Block Releases Bitkey Hardware Wallet

An anonymous reader quotes a report from TechCrunch: Jack Dorsey's Block (the company formerly known as Square) announced today that it is releasing its hardware Bitcoin wallet, Bitkey, in 95 countries. However, users can only preorder the device at the moment, with shipping starting in early 2024. The device will cost $150 USD. Block's pitch to Bitcoin holders is that using a self-custodial crypto wallet is more secure than keeping their crypto assets in custodial wallets or exchanges.

Self-custodial wallets put the onus on users to remember -- or store securely -- passwords or long seed phrases to unlock their accounts. The Proto team at Block, which worked on developing the Bitkey wallet, said that it solved this problem by using a two-of-three authentication mechanism. Two keys lie with the customer: the hardware wallet and a mobile app. Bitkey stores the third key on its server. The company argues that by having access to just one key, it can't access or move customers' Bitcoins.

Block said that it uses its server-side key only to authenticate transactions to move Bitcoin when they just have their phone and to recover their account when their device or phone is lost. The company said the server-side key will also be able to handle the scenario when a customer loses both the phone and the hardware wallet. Recovery was recently detailed in a blog post by the company. [...] Block has partnered with crypto exchange Coinbase and the company's own Cash App to help people easily buy or transfer (or both) Bitcoins to the hardware wallet. The company said that the ability to transfer Bitcoin from Coinbase and Cash App will be rolled out immediately with other features coming later.

Timing

[Baron_Yam]

P.T. Barnum was a man before his time.

So the company CAN

[hdyoung]

Access the funds without any input from the owner, but they totally pinkie swear that theyll never, ever do this unless its a totally for realized emergency. No company employee would EVAR clean out a bunch of crypto wallets and disappear. Cause that nevar, evar happens in the crypto world. This is nothing but a way to fleece crypto idiots out of 150 bucks. Or collect a bunch of wallets in prep for a rug pull although Dorsey is unlikely to be a grifter.

Re:

[Rei]

It's a two-of-three key system. The device would have to also be compromised. Which, mind you, is certainly not at all impossible, given the amount of money at stakes to anyone who did so.

Note that you lose the advantages of fast transactions, low transaction fees, etc when you don't use an exchange (exchanges keep track of individual holdings internally and only net-buy/net-sell bitcoins to match current total customer holdings), and you put more stress on the Bitcoin network itself (which can only handl

Re:

[burtosis]

If it’s a two of three system then

The company said the server-side key will also be able to handle the scenario when a customer loses both the phone and the hardware wallet.

does not make sense.

Re:

[Rei]

I'd assume they have to go through a full proof-of-identity process rather than just a quick pin or fingerprint press.

Re:

[burtosis]

That would imply the company does have full access with just their key, which means you are trusting the someone at the top of the company not to just make off with the money or lend it out at extreme risk to gorge on profits. I suppose it’s not much different than other financial services and third party payment services that have poor to no regulations or consumer protections but those don’t really inspire the confidence to place my money in.

Re:

[gander666]

I guess I will keep my eye on Molly's https://web3isgoinggreat.com/ [web3isgoinggreat.com] for this epic rugpull.

Dorsey needs to recoup the money of his in Xitter that Musk is lighting on fire somehow, and this might just do it!

Re:

[Rei]

That would imply the company does have full access with just their key

Where are you getting that?

Two of three. The second is your password, which you know in this situation.

Re:

[burtosis]

That would imply the company does have full access with just their key

Where are you getting that?

Two of three. The second is your password, which you know in this situation.

From TFA

Self-custodial wallets put the onus on users to remember -- or store securely -- passwords or long seed phrases to unlock their accounts. The Proto team at Block, which worked on developing the Bitkey wallet, said that it solved this problem by using a two-of-three authentication mechanism. Two keys lie with the customer: the hardware wallet and a mobile app.

One on the phone, one on the hardware wallet, yet as stated the company key can be used if the customer has nothing at all.

Re:

[Entrope]

It depends on where the computations are performed. With an N-of-M system, you can recover the underlying secret with any N of the M portions, but cannot find it out with only N-1 portions. It's similar to solving a fully determined set of linear equations: if you are missing one, there are as many possible solutions as the arithmetic field you are working in.

If the company's portion is only held in escrow, and provided to the authenticated user for recovery operations, then an adversary would need to com

Re: So the company CAN

[hdyoung]

reading the text, seems like the company can access the crypto with zero input from the owner, if they really feel like it. In other words, N=. In other words, their system is no better than a safety deposit box, but at least a safety deposit box is usually insured by the bank.

Re:

[Entrope]

Yes, the text quoted above by burtosis is very concerning, and should make potential customers think very hard about how this thing actually works. My comment assumed it worked as advertised.

Re:

[hdyoung]

It’s real simple. You hand the key to your crypto wallet over to a tech-startup, they solemly promise to keep them totally safe, and you pay for the privilege of doing this oh my god I can’t type this without laughing.

There truly is a sucker born every minute.

Re:

[Powercntrl]

This is nothing but a way to fleece crypto idiots out of 150 bucks.

All marketing is people with more money than you trying to convince you to buy their crap, so they can become even richer. The product itself doesn't necessarily have to be any good if your message reaches enough suckers (see "as seen on TV" goods).

Re:

[gosso920]

Anybody who uses this must be a Block-head.

21st Century muggings

[geekmux]

(Armed Mugger) "Gimmie your wallet!"

*Victim hands over Boomer-era folded piece of leather*

(Armed Mugger) "No, not that shit I already know is empty, your other wallet!"

Yeah, this should become interesting as popularity grows.

Re:

[Rei]

They'd also need either the person's memorized key or the key on the Bitkey server. Sounds like if they stole the phone as well and were able to authenticate with it (probably needs a pin or fingerprint), then they could get the key from Bitkey as well. I think that, unless they had no security on their phone, this would probably require a hostage-style situation. Or some other way to pull off identity theft with Bitkey. Or finding an exploit that might, say, find decrypted keys from the last transactio

Re:

[Opportunist]

Say, about that fingerprint sensor, does the finger have to be alive to work?

Asking for a friend.

Re:

[timeOday]

Yeah, yeah. Compare that against 30% of all bitcoin that has already been lost forever due to lost keys/passphrases.

Re:

[ThePawArmy]

For most, proof of life is “optional.”

Re:

[Opportunist]

I think then the problem has a solution.

Re:

[Powercntrl]

Yeah, this should become interesting as popularity grows.

A crypto "wallet" is really just something as simple as printing out/writing down your receive and spend addresses. Hardware wallets are for double-suckers (you already were a sucker for buying crypto in the first place). I don't see cryptocurrency use ever reaching the kind of critical mass usage where people are randomly mugged for it. The homeless beggars around here still seem kind of surprised when you tell them "no, sorry, I don't carry cash", and that's not because of crypto, it's because of good

Who cares

[gweihir]

At this time, BC is some oddity that a few scammers and a lot of greedy idiots play with. The time for it ever to be something else is long past.

Re:

[Entrope]

Don't forget the people who use it for money laundering and extortion! Smuggling assets into and out of repressive regimes is a huge part of current cryptocurrency uses.

Re:

[gweihir]

I put them under the scammers, but yes, as they are probably the primary user group, they deserve extra and more precise mentioning.

Funny how any type of shadow banking system (https://en.wikipedia.org/wiki/Shadow_banking_system) almost universally finds its primary customers in the criminal and how having that system never turns out to be a good idea.

Hehehe

[Mr. Dollar Ton]

Isn't this the sociopath that was fired from twitter for being a twat? The one with four-letter ID as opposed to the current, eight-letter sociopathic twat?

Nope

[Charlieboywoof]

Wouldn't use any product this prick offered

Cash

[slack_justyb]

Still offers zero advantage over cash. "Your BitKit is protected with a blah, blah, blah..." My cash is protected with a simple point and "click" UI called a Kel-Tec PMR 30. Bitcrap is still the number one way to increase your electric bill and have utter nothing to show for it. I am glad these folks enjoy their Ponzi scheme so much.