We built the iCoin Hardware wallet because we wanted to help bring Bitcoin to the uninitiated and we knew the devices on the market today pose a huge barrier. They are intimidating and difficult to use. Wallets need to change if people are going to take the initiative to move their Bitcoin off exchanges and onto hardware wallets. We’re here to make self-custody less intimidating, simple, and maybe a little fun. Read on if you care to -
iCoin – The Hardware Wallet
There is no wifi, cellular, or GPS functionality in this device. In fact, the iCoin wallet application is the only application that can run on this device. No third-party apps of any kind.
It is by definition a cold device that never connects to a network. The companion mobile app acts as a communication gateway that relays the signed raw hex wallet transaction to the blockchain.
It is also an HD compatible Hardware Wallet so the keys and accounts can be moved to other HD compatible wallets if iCoin goes out of business or newer, better wallets come on the market.
The device comes default in Air Gap mode in both the wallet and the Mobile App, but can be switched back and forth between Air Gap and Bluetooth in settings. It is up to the user to decide when and if to use the Bluetooth capability to connect the Hardware Wallet and Mobile App. If you stay in Air Gap mode, Bluetooth will never broadcast. It should also be noted that even in Bluetooth mode, the wallet is not a network connected device. Bluetooth is a short range, peer-to-peer wireless protocol that has no way to directly connect to the internet.
Even if the user selects to use Bluetooth, it is only activated momentarily to either send or receive encrypted data with the Mobile App or the Printer. Again, that data is encrypted. Even if you try to snatch that data “from around the block”, it is only broadcasting for a fraction of a second and you have to catch it. Then you have to decrypt it.
The Security of Air Gap
Air Gap is a method of communicating between the hardware wallet and the mobile app using QR codes and cameras. In this scenario, the camera does not lie and “what it sees is what you sign”.
When the Mobile App transmits the raw transaction information to the wallet, it is in the form of a plaintext QR code. The QR codes are not encrypted, deliberately, so the user can use any third party QR code reader to confirm that the information in the QR code is correct. The user then reads the QR code from the Mobile App with the camera on the Hardware Wallet (air gap.) The same information is then displayed on the large screen of the wallet and should be compared side-by-side with the info displayed on the Mobile App. This way the user can feel comfortable that the information being transferred from the Mobile App hasn’t been tampered with by carefully checking the source address, destination address, amount and fee. The user should compare every digit of the destination address to protect against a man-in-the-middle attack. Only after carefully comparing the displayed information on the Wallet and Mobile Phone should the user “sign” the transaction on the Wallet by entering their secret pin code.
When the signed QR code is displayed on the Hardware Wallet, it is in the exact raw hex format that is being sent to the node for validation. If you have the wherewithal and interest to dissect that long string of data, the user can confirm the transaction hasn’t been meddled with. This Wallet QR is then read using the Mobile Phone camera and relayed to the blockchain. At this point the transaction file can no longer be modified without being rejected by the blockchain miners and validating nodes.
The Companion Printer
The thermal printer is an optional purchase and an extremely convenient one. You can also just buy the Wallet standalone and use pencil and paper to write everything down, like all other wallets.
Encrypted Bluetooth is the only option to connect the Wallet and printer. The printer has no camera or memory. The choice here is that the user is NOT required to use the printer and can choose between convenience and better security.
The printer allows you to print your Seed Phrase, transaction receipts and account addresses. The printed Seed Phrase displays the 24-words along with a QR code of those words, which allows easy restoration using the wallet’s camera.
Using the printed Seed Phrase reduces the typical 15 to 30 minutes of time that it takes to setup or restore a hardware wallet to just a few minutes. Once you name the wallet you have the option to write down your 24-word seed phrase or print it out. If you want to stick with pen and paper for your seed phrase, there’s a numbered card in the box.
Regarding thermal paper, storing it in a cool dark place can retain its image for 5-7 years. It is a good idea to make a copy of your seed phrase on a laser or inkjet printer at home, and never tell anybody where you hid them. Again, the printer is an optional convenience. It’s safe and it’s fun, but there is no substitute for exercising general security practices and keeping your seed phrase safe.
Our Open Source Policy
Experts are divided on whether open source is a good or bad thing for code security. We do not make our code open source. Pouring over thousands of lines of source code is a huge endeavor, and then there’s no guarantee what we shared is what we actually loaded on the device. The bootloader of the operating system can interfere with this. In addition, only a very small percentage of our users have the ability to build an object file from the sources and to compare it with what is actually loaded on the device, so they are still trusting the word of someone else and not personally verifying.
Our security guarantee comes from the Air Gapped nature of the Wallet, not from open source. When fully Air Gapped, with Bluetooth off, there are no electronic interfaces into the Wallet. There is no networking stack, and no applications allowed that do not come with the device.
We agree that open source is important for cryptography. In this respect, we use standard BTC/ETH open source libraries for public/private key generation, account addresses, digital signatures, HD seed phrase creation/dictionary, etc.
Since we do not allow third party applications to run on our Wallet, we don’t provide the option for third party developers to integrate their platforms. Our policy on open source may change in the future, but right now we cannot justify the cost and time required to maintain an open source community platform with all the security and oversight that comes with it.
Our Operating System
Our OS is a basic Android (Linux) kernel. We use the open-source Android (AOSP) as a starting point for the convenience it offers in operating the large Hi Res touchscreen, camera and powerful memory encryption. We have stripped everything else out of the system. Our version of Android is not part of the Android Compatibility Program and is incapable of running any other Android apps. No Google Playstore, email, calculator, calendar, photo gallery, messaging, maps, etc. can run on our Wallet. There is only one application running on our device, and that is the wallet and its system manager (firewall). The device OS cannot be updated, only our Wallet App. Again, this is a cold device, you cannot remotely hack it.
Our Secure Memory System Architecture
Our wallet uses a state-of-the-art CPU and has more than 10GB of Encrypted memory. Enough to support more than 10 million keys and account addresses within a single Hardware Wallet. The CPU chip contains multiple ARM 64-bit processors running TrustZone protection (Apple calls this feature “Secure Enclave”), and a powerful GPU. All integrated on a single chip (SoC) containing more than 1 billion transistors. There is No practical way to probe the inner workings of this chip. The private keys are generated and encrypted within one of the CPU’s TrustZone (which one?). Then the encrypted keys are stored in memory until they are needed to sign transactions. When signing, the keys are moved to the processor TrustZone, decrypted to sign, and then deleted (the encrypted version of the key is already stored in memory).
Why We Support Ethereum in addition to Bitcoin
Bitcoin represents about 50% of the total market cap of all blockchain tokens. It is by far the largest and most decentralized. It is the global standard as a store of value.
The Ethereum token and its ERC-20 (Stablecoins) and ERC-721 (NFT’s) smart contract tokens represent approximately 25% of the total market cap of blockchain tokens. A lot of users find utility in Stablecoins as an alternative to central bank controlled fiat currency. There is also a lot of interest in NFT’s. The combination of BTC and ETH represents 75% of the total crypto market cap and that is what we support.
Support for Advanced Bitcoin features like Multi-sig and Lightning
We built this product for everyone, and while we eventually will release new updates which include support for advanced Bitcoin features, like multi-sig, coin control, lightning, etc., those features are lower in priority than our primary mission which is to get people off exchanges and onto a self-custody hardware wallet asap.
We absolutely love Bitcoin and everything it stands for. We’re all about encouraging people to get into the space by making them comfortable. We’re trying to remove the intimidation without sacrificing security. We’re going to do everything in our power to make sure our Users possess the keys to their own destiny. We believe in this product, we use it ourselves, and our keys are safe in our own custody.
Thank you for reading,
The iCoin Founders