The physical wallet Ballet was created by Bobby Lee, co-founder of the Chinese exchange house BTCC. The private key of the wallet is pre-recorded on the device, which can be an insecure design.
Mass adoption is crucial to ensure the long-term viability of Bitcoin. However, a wallet should not sacrifice the security of its funds to become a simple and easy-to-use device. Ballet, a wallet created by the co-founder of BTC China (BTCC), Bobby Lee, has opened this discussion in the Bitcoin community.
Ballet is a user-friendly physical wallet, which was launched last month on Kickstarter and has been prominent for its design similar to that of bank cards. The project website describes Ballet as the first physical non-electronic wallet that offers support for multiple cryptocurrencies such as BTC, BCH, ETH, and LTC.
The goal of Ballet is to offer a device to store cryptocurrencies without connecting to the Internet (offline or cold) that is easy to use for novice users. Due to this, it does not have options for its configuration or passwords to operate.
The launch of the device has reached notoriety as its creator is Bobby Lee, who besides having started BTCC operations, is the brother of Litecoin founder Charlie Lee. The executive, as a way of promoting the Ballet wallet, commented on his Twitter account that he was on the same flight as actor Bruce Willis, with whom he talked about Bitcoin and the new wallet.
Beyond Lee’s marketing techniques, the wallet has been criticized by Bitcoin users for its lack of security. The device works with its private key, also known as the recovery phrase, which is generated by the company before the user acquires the device, providing these data at the time of delivery.
Renowned bitcoiners, such as Alistair Milne, the BTC Sessions group and White Rabbit, have denounced that the wallet does not provide the basic security required to manage cryptocurrencies. It is worth mentioning that Rabbit discovered a vulnerability in the firmware of a Bitmain miner this year. Ballet users need to rely on the transparency of the company, which might suffer a leak of information or store the data of its private keys.
Reasons to Distrust
The private key of a wallet is usually created at the time when the user first uses the device or platform. These types of wallets are known to be non-custodial, since users manage their own private keys and, therefore, have full control over their money. These tools were created to eliminate the use of intermediaries, such as banks, companies or exchange houses, to protect their operations.
Most physical wallets, such as Ledger, Trezor or KeepKey, are non-custodial as they seek to provide users with greater security and privacy. Although Ballet is also a physical wallet, the company is the one that previously generates the private keys of its users, which is why owners would not be the only ones to have access to the recovery phrase.
Diego Gurpegui notes that this is the biggest vulnerability of Bobby Lee’s wallet. If the private key of a wallet is created by the company, then there is a possibility that a third party copies or leaks such sensitive information. In this case, all the funds in the wallet are compromised, since the recovery phrase provides full access to the device.
The Ballet team states that wallet recovery phrases are created under a 2-factor process (2FKG) that ensures their privacy. The company notes that the device has an encrypted key (EPK) and a recovery phrase, components that are generated in different locations thousands of kilometers away.
Gurpegui says that, although the two components can be created separately, they are printed together in the wallet. He believes that this feature confirms that the device is not safe since the user must continue relying on the company’s word rather than on the technology itself.
By Willmen Blanco