Wallets Pwnd [Beta]
A list of Bitcoin Hardware, Phone and Desktop wallet attacks
This list is not an endorsement of the security or the quality of any of the wallets.
Hardware
Project Status | Vendor | Model | Hardware Version | Docs | (Vulnerability Report, Vendor Announcement/Fix) |
---|---|---|---|---|---|
☠️🕵️💩🔵 | Example | Model | Version | Doc | [1 V,A,F], [2 V,A/F], [3 V,A,F] |
- | Coinkite | Coldcard | Mk1 | ||
- | Coinkite | Coldcard | Mk2 | ||
- | Coinkite | Coldcard | Mk3 | ||
- | Coinkite | Opendime | V1 | ||
- | Coinkite | Opendime | V2 | ||
- | Coinkite | Opendime | V3 | ||
- | Coinkite | Opendime | V4 | ||
- | Ledger | Ledger | Blue | ||
- | Ledger | Ledger | Nano | ||
- | Ledger | Ledger | X | ||
- | SatoshiLab | Trezor | One | ||
- | SatoshiLab | Trezor | Model T | ||
- | ShapeShift | KeepKey | 01 | ||
- | ShiftCrypto | BitBox | 01 | ||
- | ShiftCrypto | BitBox | 02 |
Desktop
Project Status|Vendor|Name|OS|Docs|(Vulnerability Report, Vendor Announcement/Fix) :—:|:—:|:—:|:—:|—|— ☠️🕵️💩🔵|Example|Model|OS|Doc|[1 V,A,F], [2 V,A/F], [3 V,A,F] TODO
Phone
Project Status|Vendor|App Name|OS|Docs|(Vulnerability Report, Vendor Announcement/Fix) :—:|:—:|:—:|:—:|—|— ☠️🕵️💩🔵|Example|App Name|OS|Doc|[1 V,A,F], [2 V,A/F], [3 V,A,F] TODO
Web
Project Status|Vendor|App URL|Docs|(Vulnerability Report, Vendor Announcement/Fix) :—:|:—:|:—:|:—|— ☠️🕵️💩🔵|Example|wallet.domain.com|Doc|[1 V,A,F], [2 V,A/F], [3 V,A,F] TODO
Node Computers and/or Turn Key Images
Project Status | Vendor | Model | Hardware Version | Docs | (Vulnerability Report, Vendor Announcement/Fix) |
---|---|---|---|---|---|
☠️🕵️💩🔵 | Example | Model | Version | Doc | [1 V,A,F], [2 V,A/F], [3 V,A,F] |
CasaHold | CasaNode | v1 | |||
BullBitcoin | Cyphernode | v1 | |||
Nodl | Nodl | v1 | |||
Nodl | Samourai | v1 | |||
myNode | myNode | v1 |
Notes:
- WIP
Icon | Legend |
---|---|
🕵️ | Poor default privacy |
💩 | Supports altcoins |
☠️ | Known unfixable exploit that could cause loss of funds |
🔵 | No known unfixable exploit that could cause loss of funds |
Requirements for vulnerability to be listed
- Working Proof of Concept
-
HW SW HW+SW
Explainer: Wallet Types
TODO
Learn more about wallet derivation types and recovery here walletsrecovery.org
Did we get it wrong? Just let us know, and this will be updated. :)
Want to contribute, make a Pull Request.