According to a couple of recent startling discoveries Bobby Lee’s cryptocurrency wallet Ballet may have some glaring flaws in its security system with a likelihood that the company may have access to the key generation.
Famous Chinese Bitcoin proponent, Bobby Lee, has many identities. Besides being known for his over-the-top Bitcoin predictions, he is also the founder and CEO of the hardware cryptocurrency wallet Ballet, co-founder of the first cryptocurrency exchange in China BTCC and brother of Litecoin founder Charlie Lee.
Last week, he took Twitter by storm by announcing his encounter with Hollywood movie star Bruce Willis and purportedly gifting him Bitcoin following a casual conversation about cryptocurrencies. And while many Twitter users refused to believe his Bruce Willis Bitcoin story, today, many are questioning the safety features of his beloved wallet service. Touted to be the most straightforward and user-friendly wallet service existing today, the Ballet wallet is the world’s first multi-currency non-electronic physical wallet.
Apparently, the wallet has no password requirement, and its simplicity makes it an attractive cryptocurrency service for people from all age groups. To access this wallet, all one needs to do is undergo the 2-Factor Key Generation (2FKG) process, involving the encrypted private key (EPK) and the subsequent wallet passphrase, both imprinted in the wallet.
However, according to some Twitter users, this simplicity comes at a cost. The overall process of doing away with the setup process and offering access through a private key generation process is, per some users, not as foolproof as one might believe it to be.
Cryptocurrency wallet Ballet boasts of simplicity but not security
Reportedly, there is a strong possibility that Ballet has access to these keys, thus making user funds vulnerable to a significant security breach.
@FTC @CFPB @kickstarter I submitted a report to all of you over the @BalletCrypto wallet. There is no way for the user to verify that the private keys are not held by Ballet. Meaning, Ballet likely has full access to all user funds placed on the device.
— Steven Oustecky (@soustecky) October 2, 2019
Moreover, there is no way to verify if Ballet can retrieve the EPK and that users are just expected to trust them blindly with their funds, a Twitter user Steven Oustecky highlights. The whole idea of cryptocurrencies was to ensure a decentralized and autonomous structure. If the company expects its users to trust them with their funds, without questioning how and what they do with it, it defeats the whole purpose.
What is Ballet’s defense? It is that the security keys are generated in two different devices, which are miles apart from each other. However, in the age of internet and social media, have the physical locations really mattered?
It’s pretty simple: anyone associated with @BalletCrypto should be ashamed of themselves.
— Matt Odell (@matt_odell) November 10, 2019
Thus, a Bitcoin expert, Matt Odell, has publicly condemned Bobby and Charlie Lee for developing an unsound wallet service.
That said, the wallet was launched just last month, and the company has been receptive to service improvement suggestions so far. So, one can only hope that the wallet makers promptly address this defect and used as a stepping stone to build a much more robust and resilient framework.
Featured Image by Pixabay