Wallets Pwnd [Beta]

A list of Bitcoin Hardware, Phone and Desktop wallet attacks

This list is not an endorsement of the security or the quality of any of the wallets.

Hardware

Project Status	Vendor	Model	Hardware Version	Docs	(Vulnerability Report, Vendor Announcement/Fix)
☠️🕵️‍💩🔵	Example	Model	Version	Doc	[1 V,A,F], [2 V,A/F], [3 V,A,F]
-	Coinkite	Coldcard	Mk1
-	Coinkite	Coldcard	Mk2
-	Coinkite	Coldcard	Mk3
-	Coinkite	Opendime	V1
-	Coinkite	Opendime	V2
-	Coinkite	Opendime	V3
-	Coinkite	Opendime	V4
-	Ledger	Ledger	Blue
-	Ledger	Ledger	Nano
-	Ledger	Ledger	X
-	SatoshiLab	Trezor	One
-	SatoshiLab	Trezor	Model T
-	ShapeShift	KeepKey	01
-	ShiftCrypto	BitBox	01
-	ShiftCrypto	BitBox	02

Desktop

Project Status|Vendor|Name|OS|Docs|(Vulnerability Report, Vendor Announcement/Fix) :—:|:—:|:—:|:—:|—|— ☠️🕵️‍💩🔵|Example|Model|OS|Doc|[1 V,A,F], [2 V,A/F], [3 V,A,F] TODO

Phone

Project Status|Vendor|App Name|OS|Docs|(Vulnerability Report, Vendor Announcement/Fix) :—:|:—:|:—:|:—:|—|— ☠️🕵️‍💩🔵|Example|App Name|OS|Doc|[1 V,A,F], [2 V,A/F], [3 V,A,F] TODO

Web

Node Computers and/or Turn Key Images

Project Status	Vendor	Model	Hardware Version	Docs	(Vulnerability Report, Vendor Announcement/Fix)
☠️🕵️‍💩🔵	Example	Model	Version	Doc	[1 V,A,F], [2 V,A/F], [3 V,A,F]
		CasaHold	CasaNode	v1
		BullBitcoin	Cyphernode	v1
		Nodl	Nodl	v1
		Nodl	Samourai	v1
		myNode	myNode	v1

Notes:

Icon	Legend
🕵️‍	Poor default privacy
💩	Supports altcoins
☠️	Known unfixable exploit that could cause loss of funds
🔵	No known unfixable exploit that could cause loss of funds

Requirements for vulnerability to be listed

Working Proof of Concept
HW SW HW+SW

Explainer: Wallet Types

TODO

Learn more about wallet derivation types and recovery here walletsrecovery.org

Did we get it wrong? Just let us know, and this will be updated. :)

Want to contribute, make a Pull Request.