Leo Wandersleb: Bitcoin Wallet Security to Avoid Exit Scams


Topics

Our topic today is all about Bitcoin wallets and their security. I am talking with Leo Wandersleb a german developer living in Chile, who is the founder of a project called Wallet Scrutiny. The goal of his project is to avoid exit scams through the verifiability of the wallet source code.

“The goal of Wallet Scrutiny is to avoid exit scams and to avoid major flaws that would make all the users of a certain wallet vulnerable to some back doors that get injected by the provider or by somebody who has a means to add an attack through maybe some libraries that are used in that wallet, et cetera.” – Leo Wandersleb

  • Why he started Wallet Scrutiny
  • His take on Bitcoin as the major cryptocurrency
  • How bitcoin wallets are built
  • The importance of a verifiable source code
  • Anonymity and transparency in respect to security
  • Why hardware wallets are the most secure wallets
  • Bitcoin fee estimation

Sponsors

Ask a question

Support the podcast

Donations

Shownotes

Recording Date: April 27, 2020
Location: Online

Recommendations

Links

Transcript

Anita Posch:
Hello Leo thanks for your time to do this interview.

Leo Wandersleb:
Hi, Anita. Thanks for having me. Yeah. I founded Wallet scrutiny all on my own. I had little help by others later on, but, it's basically my project at this point.

Anita Posch:
That's great. We'll talk about that. And also about your interest in Bitcoin in general. I found your project because I'm not only a podcaster but also a Bitcoin educator. I wrote a guide for Bitcoin newbies, and as such, I'm always interested in the advancements and security of wallets. of course, and also as a user. I always want to recommend the best state of the art wallets to my readers. that's the reason why I wanted to, talk to you. ,
but before we start, please tell us a little bit about yourself.
who are you? What have you been doing before? And, how did you get into Bitcoin?

Leo Wandersleb:
Yeah, I'm I German citizen living in Chila since nine years now. And I, studied mathematics in Munich. And after that I started as a software developer for a database admin and stuff and game developer. Later, I came to Chile for a startup, which was also a Facebook game and there I was already a bit into Bitcoin.
So I, was looking at opportunities to get into Bitcoin full time as I was very much fascinated of how Bitcoin works and, what can be done with it. And four years ago or more than four years ago, I got in touch with Mycelium and they hired me. And, a year later or so, I became the release manager of mycelium. At Mycelium I am full time in charge of making the wallet secure. So I'm reviewing everything that goes into the wallet. But I see that this is not possible as a single person on such a project, and I am very sure that other projects have the same issues.
So I was exploring how to improve the situation in general for all the Bitcoin wallets, and that's where I founded Wallet scrutiny last year in November.

Anita Posch:
That's a great idea. is living in Chile also a reason for you to be interested in Bitcoin? What's the situation in Chile is it, in a way comparable are like, from the standpoint of using Bitcoin as a medium of exchange? for instance, like in Venezuela, Argentina.
Can you tell us a little bit about that?

Leo Wandersleb:
In South America the Chilean currency is probably the most stable. So, and all sort of banks work quite great here. So here in Chile, when you do a bank transfer it's always instant. So it's not like you would see it the next day, like in Germany, or at least that's how it was when I left Germany or some days later, like it is in the United States now in Chile when I do a wire transfer. the other person knows about it before my page reloads. On the internet banking, it's really instant and always instant. So from that point, inflation,
not, not so much. So, yeah, the volatility of Bitcoin is probably scaring more people than the volatility of their national currency. Not like in Argentina where they have a,
reset of their banking system every eight years or so, and
not like in Venezuela where they devalued their currency at a mindboggling pace.
But yeah, there is some interest

Anita Posch:
So if the financial system in is quite stable compared to other South American countries, what are the sides of Bitcoin that interests you the most?

Leo Wandersleb:
it's, A system that is not controlled by a handful of people that do some back room deals, and surprise, the general public with, whatever,
interest decisions like interest rate change. And. So you have the high frequency trading bots that analyze the latest changes in femtoseconds to do trades of billions of dollars.
That's crazy. So I prefer something that is. Just out of the control of everybody and that makes it a much more honest money. And that doesn't give the power to some central banks that can, I mean, what does increased balance sheet mean? It means that the central bank currently is buying up the real assets.
It's buying up the, not only the government bonds. Okay. Those are worthless. Pieces of paper anyway, but now they are also buying up companies and doing all kinds of market trades, which, skew the market. So if a company should fail then the central bank comes along and saves it just because it employs people doing shit nobody needs.
That's something that should not happen. And with Bitcoin, we can fix this.

Anita Posch:
Are you also interested in other cryptocurrencies and other blockchain projects or only in Bitcoin? BTC

Leo Wandersleb:
I am slightly interested in grin coin, but, other than that. I am only interested in Bitcoin. I do some Ethereum transactions for my job at mycelium because, my boss decided to integrate Ethereum and, ERC 20 tokens. But other than that, I did not touch, well, I did sell the fork coins, like the Bitcoin cash and Bitcoin SV to get more Bitcoins.
But other than that, I did not touch any other crypto coins.

Anita Posch:
Why do you think that other crypto coins are not so interesting?

Leo Wandersleb:
BTC is currently just the most solid, the biggest development team. And the network effect is super important for this just to work.
Bitcoin can be considered as a balance sheet or a ledger of How much does society owes to each person. So that's, I mean, that's how gold started, like, it's just not feasible to have a ledger where you record that Anita owes Joe three hours of work and Peter owes Marcus so many hours of this kind of work.
And gold replaces that with something that is. Fungible that you can,
exchange and swap, and it's just much more efficient. But it does the same thing. And if we want to replace what gold did in the past, and we don't want to go to a ledger that can be arbitrary, manipulated by some central bank where they can decide that now society owes the central bank 20% of the global output.
Just because they can, we should agree on one ledger and not on a million ledgers. So I think there is a huge incentive to have just one ledger or just one cryptocurrency. And the most stable one is Bitcoin. It, I mean, it's the most solid. It has the most brain power behind it. It has a. biggest network effect because most people are using it.
So in order to replace Bitcoin, you would need something that's not only twice as good in any given aspect, but in probably would need to be five times as good as Bitcoin in all its aspects.

Anita Posch:
Yeah, and I think it has also proven 11 years of highest security. I mean, it was never hacked. Let's talk about Bitcoin wallets, which actually are a crucial part in this peer to peer system because without wallets, we couldn't send any transactions. So, you founded the project Wallet scrutiny last year, and, it says it's a project aimed at improving the security of Android, Bitcoin wallets. what is the goal for this project? And how do you want to improve wallets through your analyzes.

Leo Wandersleb:
The goal is to avoid exit scams and to avoid major flaws that would make all the users of a certain wallet vulnerable to some. back doors that get injected by the provider or by somebody who has a means to add an attack through maybe some libraries that are used in that wallet, et cetera.
So,
we all remember, I mean, it's, it's common history of the Bitcoin community. What happened with Mt. Gox but also with other smaller wallets where hundreds of millions of dollars were lost.
And never to be recovered. And I think something like that will also happen in the wallet space. Mt. Gox was a Bitcoin bank, so people trusted them to have the money.
They did fractional reserve banking, meaning they didn't have all the Bitcoins that the people had in their accounts. And so they screwed up and, people lost their money. But. In Bitcoin, we tell people, be your own bank, but being your own bank is a damn responsibility that not everybody is up to. So I want to make more wallets Capable of keeping the Bitcoins safe by making them transparent to security and researchers. So it makes sense for the security researchers to find bad apples. So we can throw them out from the, from the Bitcoin ecosystem and we can concentrate on building the stuff that makes people safe when being their own bank.

Anita Posch:
And being your own bank implies that you use a noncustodial wallet because that's what you said before, like a Mt. Gox was an exchange basically where the exchange held to Bitcoin keys, the private keys for the users. Can we start from scratch?
Maybe because most people are not developers and nobody really knows how a wallet is made. What are the steps when a wallet is built?

Leo Wandersleb:
Every wallet provider has some team. Those teams are sometimes just one guy, and sometimes it's like 1520 guys that. Develop those wallets but they are not alone. So they rely on stuff that was developed before they started working on the wallet. They use something that's called libraries.
So if you want to do a Bitcoin wallet, you don't start from scratch inventing how does Bitcoin work? And you don't start from scratch how to make a round button or how to make a drop down menu. That's something that you do use from third parties. So you go, you Google and say, Oh, which library has the nicest round buttons?
And are you like that one? You, you'll just import it into your project of which, what library does Bitcoin the best? Oh, that's a nice library. I put that into my project and now I just need to place my round buttons and connect the buttons with what the Bitcoin library does, with some of my own code.
So that turns out to be a Bitcoin wallet. And then you do testing and you might have testers internally And then comes the important step where somebody hits the compile button and takes the compiled app and gives it to Google, and now Google distributes it to the users. And now the users trust that this wallet is doing what the provider claims it does.
So this step of compiling it makes it, harder to analyze sort of source code. It's something that all the dev developers can analyze or could theoretically look into. But the binary that comes out from the compilation is something that is hard to analyze. So what wallet scrutiny does is it analyzes who.
Is actually distributing through Google a binary that was compiled from the publicly available source code. So if the source code is not publicly available, then the wallet is avoiding scrutiny by hiding what it actually compiled behind closed doors. And as a. Bitcoiner you probably don't want to trust some third party to compile something, without any scrutiny.
Because the, scrutiny also leads to security researcher looking into this stuff, and no team of 10 guys will get perfectly right. All aspects of. Network security of privacy of cryptography of. UI glitches that make, might make it, vulnerable to some data leakage, et cetera, et cetera, et cetera.
So to get the full benefits of public scrutiny, it has to be open source, and it has to compile from the public open source code to the binary that they have, on Google Play So that reviewing the code has any meaning for the binary that's found on Google play.

Anita Posch:
So for non-developers, a binary is basically, the application to download .

Leo Wandersleb:
That's the application. When you download the application, it's one file and that file in the world of Android as an APK in the world of. Windows. It's an EXE file or a com file or something.

Anita Posch:
So it's basically when you download something like an EXE file from, the internet, that's a binary.

Leo Wandersleb:
exactly. And as everybody learns to not just trust any EXE file on, on the internet, the APK is also the same thing, like an EXE file just that the android system is protecting you a bit more because the, the binary that you download for your Android. Can not reach into the other,
binary. So, if you install angry birds, then angry birds can not reach into your
Bitcoin wallet and the Bitcoin wallet should not know what the angry birds app is doing neither. So isolation is much better on Android than it is on. Windows, for example, or also in Linux, but isolation is not perfect.
So if you use the clipboard, any app on your Android has
access to the clipboard. If you copied the receiving address of your Bitcoin transaction, then any of the apps you have installed on your Android can without any extra permissions. take note of you having interest in that Bitcoin address.

Anita Posch:
Oh, wow. I didn't know that. So basically that's also. One of the reasons why you should never write down your seed on your smartphone or somewhere else digitally.

Leo Wandersleb:
Well, I'm writing it down. for example, mycelium, we have a custom keyboard. We don't trust that the keyboard that you happen to have. Installed on your phone is not, I'm sending everything. You're right off to some server, like, there is, you can have a Google keyboard with spellchecker enabled. And then for the spellchecker, everything you type, even though it's not in your browser or anything, that would be online is being sent online for spellchecking.
And that's what, the Coinomi wallet, for example, had. for entering your 12 seed words. So there's many tricky things that can happen when you use some third party apps. And so a Bitcoin wallet needs that scrutiny. I'll stay, we'll just do those rookie errors. And, there is no single developer who would be able to avoid all of them. The public scrutiny is essential.

Anita Posch:
why is your project only for Android? Because it would be too much then, or is there another reason.

Leo Wandersleb:
It's, because I'm an Android developer, so for me, this was the low hanging fruit to look into that. And also because I expected that Android wallets would not all be verifiable. It would be boring to analyze a platform where all the wallets are actually verifiable.
And, for the desktop wallets, I would expect that those that are open source are much more verifiable than on Android. But I have to get there too. So on iPhone, I expect it will be worse than on Android, as I saw already several. Wallet providers claim that they are not allowed to put open source on iPhone.
So I have to take into what that claim is about because Mycelium does have an open source wallet on iPhone. I don't recommend using it because it's a, it wasn't updated in two years. But, but I know that we have to open source code available, but I have never tried to compile it because for compiling it, I think you need an Apple device or some, tools work to compile iPhone apps, but I'm not an iPhone developers, so I would just have to figure out how to do that.
And then I would expand to iPhone to desktop, to Apple to whatever.

Anita Posch:
are there any industry standards for software wallets.

Leo Wandersleb:
No I mean, yeah. standards. So of course there is the Bitcoin improvement proposals that a wallet should implement or could implement. So there is how you get from the 12th seed words to your HD wallet. that's covered by several standards. And so a wallet that follows those standards allows the user to still have access to his Bitcoins, even though a wallet provider might switch off its servers. So if a one wallet goes under, I can use my backup and on another wallet and it would in theory, just restore my. Bitcoins on a different, wallet that works mostly, but as there are, more standards if you try to restore a SegWit wallet on a non-segwit software and. That non SegWit software will not find your SegWit Bitcoins.
Of course. And there are other details about, that. For example, MyCelium is mixing accounts. So if you have, a legacy account, a, paid to script hash SegWit account, and a. K two, SegWit key hash account. Then in MyCelium those would be, mixed into one account because you don't want to switch account if you want to send to a SegWit address or if you want to receive to a segwit address and, in other wallets, those would be three separate accounts.
But other than that, in theory, you should be able to, if. The, wallet follows those standards to restore the same wallet in different software.

Anita Posch:
It sounds terrifying actually. If I imagined to be a newbie. I hear all those things. I wouldn't know which wallet I should choose, but let's get to that back later. Because what I would like to know now is, which kind of wallets are you testing? How do you select them?

Leo Wandersleb:
when I started, I just went to the play store and searched for Bitcoin wallets and that got me some 70, presumably Bitcoin wallets. And I checked out if they are Bitcoin, if they have more than thousand downloads, and from there they would fall into those major four categories of either being custodial.
Or closed source or open source or verifiable. over time, whenever I come across any Bitcoin wallet, I had never had heard of, I added to the project. And sometimes those are not actually Bitcoin wallets. They are whatever Bitcoin, cash or Bitcoin gold wallets. Sometimes they, are already out of business.
Or they are not a wallet at all because they whatever track only the worth of your portfolio. But they don't manage private keys. So I categorized them and, first I look, is it custodial? If it's custodial I am done with the analysis, and I, tag it as custodial. 27 of the wallets. I analyzed our custodial 26 ended up to be close source, nothing to review, nothing to verify.
Then technically 29 are open source, but of those 29 only four are verifiable. Verifiable, meaning that I was able to reproduce the build that is on Google play from the GitHub, and the build instructions that they provide.

Anita Posch:
So basically one should only use the four that are verifiable or what can happen if I use wallet of the others.

Leo Wandersleb:
If you use a custodial wallet, of course the custodian could decide to not let you use your Bitcoins. This happens again and again where people use Coinbase and then Coinbase tells them that they have whatever they have to provide additional information else. They cannot use that Bitcoin anymore if it's closed source.
Then there's no way of knowing if the wallet has a back door or not. The same applies to if it's open source, but not verifiable. So having an open source wallet, but, For example, if it's open source, but I don't share the latest version, so I update on Google play, but on GitHub, I don't update for a year or two.
Then it's not really open source anymore because the code they used to compile the binary. is already two years more of development and it might be just the last release. So if they don't release an update on GitHub, but they release an update on Google play, then they might just have changed such that the backup is being sent to their server.
And if you cannot check that, if you cannot verify that, then you cannot really trust that wallet and you should probably not use it. I currently would say it's more nuanced than that. and the verifiable section there is like MyCelium just dropped out of the verifiable section because a build verification, how I do it for wallet scrutiny was not able to reproduce the build.
I found that there was one line of difference. And one line could be auditable. So I could read that line and decide that it's a benign difference. And I could say, okay, I still trust that wallet, but, I decided to be strict about that. And if it doesn't reproduce exactly, then I classify it as not verifiable.
While other wallets like the Samourai wallet, when you compiled their source code, which they claim is what is behind the wallet on Google play, you get thousands and thousands of lines of code that are different than what they claim goes into an wallet. So you certainly should not trust those.
And I'm more and more inclined to suggest not to trust any. Wallet that in three or four months couldn't come around and make their build verifiable. And Samourai is very notorious about that and Samourai is secret about its founders. So if some random stranger on the street would ask you, Hey, give me your money, I will keep it safe for you and I will also as scramble it up so it's, you'll get some extra privacy.
Would you give a random person on the street your money. Probably not. So if you say, okay, those open source wallets, they try to do their best and they have other priorities, like, maybe Electrum or bread wallet, then trust rather them, where there's some faces behind those products. Than a product where the people behind it are anonymous.
Yeah. So I'm totally in favor of being anonymous, but if you are anonymous, then you have to make your product transparent. If you don't want to make your product transparent. Then you have to at least make yourself vulnerable to a recourse. If somebody, put some backdoor into their wallet, then they have no cost to, to scamming their users. Yeah. Satoshi is also anonymous, but Satoshi, was completely transparent about everything that went into Bitcoin and you cannot have it both ways.

Anita Posch:
Yeah, that's very interesting. I did an interview with Thomas Voegtlin the founder of the Electrum wallet. some months ago, and we were also talking about this being an anonymous or not, because when he started out, he also was anonymous, but then he realized, he has to put his name because otherwise people wouldn't trust, Electrum do you know other differences between smartphone wallets and desktop wallets regarding their risk of having backdoors or vulnerabilities

Leo Wandersleb:
desktop systems in general are much more heterogeneous. So on Android, most people run one out of five versions of the Android operating system. They run one out of three, brands of phones that come with, with some Android system pre-installed. So there is. Several companies have big players that would have access to implant back doors on your Android phone.
Of course, Google, There is your provider way. If you go to telecom and you. you'll get a new phone from them. Then you see already that it's telecom branded. When you start the phone, it says telecom, and just as they can put an animated GIF into your phone, which says telecom, they can put some backdoor into the system.
Then if it's a Samsung, then of course Samsung could have a backdoor there. And that's some huge players that might have an incentive to do those back doors. So if you want to be secure against those, then you should probably use hardware wallets, which you can use with some of the Android wallets, with the desktop wallets.
I mean, you could have an Arduino, you could have. An HP laptop, you could have, there is many, many brands. There's not so many chip manufacturers, but there's still many more. there's much more variety in terms of chips and providers and, there's just also more volume of providers that. So it's much harder to attack, the desktop system as a whole, but it's much easier to attack one desktop user as the protection between the isolation between the apps on a desktop system is much worse.
Then on an Android system. So if you install a Bitcoin wallet on your desktop and you, install a Bitcoin game on your desktop, then I would say that the probability that I Bitcoin game is actually after you a Bitcoin wallet is quite high. So now you have to problem that on your desktop. That database of your Bitcoin wallet is not protected against the game.
And now the game can. Just item, monitor your keystrokes while you use your Bitcoin wallet or monitor, or dig into your file system and read all the files and find your Bitcoins this way. So, it's not a black and white situation. It's all very nuanced, . But, I would say that mobile wallets have very good security properties because isolation of.
Apps was a concern from the start, but they also have the higher probability of one of those players that have access to all the devices of all the users might go evil on the users

Anita Posch:
Huh, so actually then it's really a good rule to say. On your phone, you only should have small amounts of money, and if you are the owner of a bigger stash of SATs or Bitcoin, then you should use a hardware wallet, but not a desktop wallet, or?

Leo Wandersleb:
Well, if you are not really a technical user, then you should certainly not have any Bitcoins on your windows system, because you probably have. Several viruses fighting for dominance over your windows machine. So whichever of those viruses, siblings will get your Bitcoins, and on your mobile phone, that's a bit a better situation.
And, when it comes to hardware wallets. consider this, some people say, Oh, if it's a life changing amount for you better get a hardware wallet, and if not, then don't bother. And for me, to measure I would suggest is this, it's the probability of losing your funds, multiplied with the funds you have at stake worth more than buying and learning about a hardware wallet.
So if the hardware wallet you're considering is worth $150, and you'll have $1,500 and you consider it a 10% chance that, a software wallet gets emptied by some virus. Then you should definitely get a hardware wallet at that point. Or as soon as Bitcoin, rises in value because now the investment of $150 is your expected loss from a virus, for this 10% probability.
And, you should get it then, but if, a hundred dollars for you. It's a life changing amount. Then you would have to apply different strategies. Maybe use a paper wallet, although they are vulnerable to the software wallet that you end up using it with, et cetera. But it might be secure against certain viruses that, that you have installed over the time, but not in the moment that you are using your paper wallet.

Anita Posch:
Hmm. Yeah, I don't recommend paper wallets I say if you have a smaller amount, I think a smartphone wallet will do. but yeah, I mean, everybody's different. it sounds to me that less complexity is better. So. The, the less complex software is the better or the more secure it can be. Does this also mean that Bitcoin only wallets, which we can see in some hardware wallets, are better than the wallets that, can manage more currencies.

Leo Wandersleb:
Absolutely. complexity is the enemy of security, so, but. If you have two specific wallets and you only look at how many coins they support and one supports 12 and the other a hundred, then it's pointless to argue that the one with a hundred is less secure than the one with 12 if the wallet claims to, be.
A native client of each of those coins, then it's probably, more so that the more coins you have, the more danger there is because then that means that, Oh, to manage Ethereum I have an Ethereum library in my app and to manage Monero, I have a Monero library in my app, and every library that I add to my project. Is a vector of attack. So the Monero guy that does the Monero library can now inject something that steals money from the Leo wallet. So that's something that happened to the. Copay wallets. They used a library. It was not even a crypto library, but a library maintainer ended with some five lines of code library.
It's something that really trivial, which people just don't want to bother to invent themselves, so they use the library for that. And the maintainer of the library was bored of, getting asked about it. So he handed it over to some anonymous guy, anonymous guy, made an update of that library. And that update was specifically targeting the copay wallet users and it was leaking the seed words to the attacker. and of course a crypto library is more likely to try to get to the crypto keys. And, so, yeah, the more libraries you use, the more dangerous. But if you support tokens, ERC, 20 tokens, additional tokens, if they are all ERC, 20 tokens might just be an asset, like a picture and a string that defines the tokem and then that's it. So there's no difference of supporting 12 ERC 20 tokens, or 1200 or 12 million. I don't know how many there are. Yeah.

Anita Posch: In your test, did you also test the software wallets that come with the big hardware wallets like the Trezor or the Ledger or the shift BitBox02?

Leo Wandersleb:
Those wallets don't provide Android apps. So of course my focus currently is Android. I didn't look into those yet. So that would probably be in yet another category because if I, if I talk about desktop apps, so far have not considered browser apps, but some of those apps are browser apps that work with browser plugins.
And it's like, Whoa, that gets, quite, heterogeneous. So it will be hard to get all those into categories and, and browsable and, and into a nice list. Like I have currently.

Anita Posch:
yeah, it's true. They are not Android apps, but I think the bitbox 02 will have an app in the future. I'm not quite sure, but I think I heard about that. I could choose another software for my hardware wallet.
Then the one that is, provided by the manufacturer? Or I can, I mean, how should I decide that as a newbie.

Leo Wandersleb:
I think as a newbie, it's usually natural to use the software wallet provided by the hardware wallet provider, but, a hardware wallet. Precisely claims to be secure against the software wallet. and mycelium, we support the ledger, the Tresor, and the keep key. And the idea is that even if MyCelium would turn evil, we would not be able to steal the funds from those hardware wallets.
We were in the interesting situation because we. Tried to integrate them or because we tried to upgrade our integration, we've, touched code and so we found a bug in the ledger wallet. And, that bug would have allowed us to create a transaction where the user would confirm to send $1 to pay this coffee from his account three in his ledger wallet.
And. That $1 would then turn into all the funds. He has an account, one, two, three, four and five. and it would empty his whole ledger. So yeah, we, but this vulnerability might also be the back door that the provider planted there too. fool all the users into emptying their wallet. So for me, it's one thing to trust the hardware wallet, but it needs to be auditable.
and it's probably secure to not use the providers software wallet because maybe that was a backdoor planted by the provider, expecting to be able to extract all the funds of all the users at some point in the future. And if you use a third party. software wallet with that, then you don't have that match between the provider of plant at the backdoor to them, steal them, funds.
and, the software wallet does the stealing later on. So the hardware wallets I think are best being used with. The, I mean, you need to also update those tools. So a hardware wallet providers know best when you should update your hardware wallet. So, maybe they want you to update it to an evil version.
So auditing is again, super important. maybe they want to protect you from some zero day exploit that they found because they are the ones that look most at their products. It's all very tricky. So, so to be really secure, you probably should use a multisignature setup, which. Currently is not trivial.
So I think, don't get too paranoid about what I'm telling. It's, if you're not a very technical user, if you're a technical user, please try to figure it out, how to make it happen and be the first to use the more. complicated products to help them be more easy products so that in a future, every average Joey can use a multisignature set up with, multi hardwares, where he doesn't even know that he's using multiple hardware wallets with multiple software wallets because it's all integrated into his.
One phone that by industry standards has those multiple hardware wallets integrated and it's auditable and whatnot.

Anita Posch:
I think a newbie does not really have to be scared now. So I guess if you follow the standards and. The recommendations of people like Andreas Antonopoulos for instance. Then I guess you're on the good side. I mean, nothing is 100% secure, but, if you back up your, seed and use a hardware wallet, I think you most probably are on the good side.
I mean, because otherwise we would scare people completely off.

Leo Wandersleb:
I mean, if it was warranted to scare people off, we should scare them off. I noticed that, verifiability is. Just not very interesting topic for many people. And I try to change that and I try to reach the providers before I reach the users. But so if. Now all the new users say, Oh, I will never touch Bitcoin because Leo said those wallets are not secure.
Then I completely failed. If I get more and more wallets to be verifiable, and if I get more wallets to offer bug bounties, and if I get more security researchers to look into those verifiable wallets, then I succeeded with my project.

Anita Posch:
I think it's a very important project and that's why I also wanted to talk with you. So in the last three years, I've used several wallets because the development is fast and the features are always changing. And as you said before, the copay wallet, for instance, I used it, two or three years ago, and then I heard from this bug and, and started to use another wallet.
But basically, I'm, I'm changing my wallets every year or something like that. What are you doing here? Are you emptying your old wallets and deleting the old ones? Because Satoshi originally said that you should never delete the wallet.

Leo Wandersleb:
Oh, you should never throw away your key material, but of course you should empty your wallet. So if you switch, even if you switch from one cell phone to the next one, if you buy a new Android phone and you want to keep using your old, wallet, let's say you're using mycelium and now. You use another Android phone again with mycelium, don't, export the 12 seed words and import them on the other of wallet.

It would just double your attack surface. So if somebody somehow got a hold of your 12 seed words on your old phone and you keep using that, those 12 seed words on your new phone, then you just, took over your vulnerability to. That guy pressing the empty all those wallets button, that he is monitoring for increasing amounts in his soon to be had wallet.
Huh. So, take the opportunity, create a new, a new backup. Send your funds over. But keep the seed words of your old wallet, because maybe somebody accidentally sends your funds to an address he had from last year and thinks that's still Anita's wallet. Just send it there. And so those funds don't get lost.
keep those backups. So you have, a track record of what you transacted. And keep them in a safe place because you don't want, a random person to have access to your complete transaction history, but, keep them but keep them empty.

Anita Posch:
Oh, that's very interesting. Thanks. one of the questions I always ask myself each time I'm using my wallet is how should I set, how high should I set the transaction fee? And then I always go to this website where you can see the current transaction fees and how long you have to wait to get your transaction into the next block. why can I not see that inside my wallet? be a better, a usability if I could see which, transaction fees recommended to get it into the next block in the next 10 or 20 minutes.

Leo Wandersleb:
Oh, there is most, well, it's half that integrated into the UI. So what we do at mycelium is we have a four. Levels, like a high priority, a normal priority, low priority on, something like that. So, you've picked those. And, depending on how the Bitcoin network behaved over the last week. low priority might be one Satoshi per byte or low priority might be 50 Satoshi per byte.
But as that is always a guess about the future and no certainty, those fees tend to be not accurate or those predictions. What's your, inclusion into a new block is not accurate. So just because in the last week. only 1% of guys that paid three Satoshi per byte did not get a confirmation within five blocks.
doesn't mean that that same 5% probability applies to you. Because if you hit send and a second before that. Some guy decided to consolidate his 1 million UTXOs and paid a fee that is higher than the fee you are about to pay. Then you are, in line after that guy. So he will fill up the next 60 blocks and then it's time for whoever came after that. And if in those, during those 60 blocks, other people realize that now the fees are higher again, then they will create transactions with higher fees. And then people get excited that there is activity on the blockchain and they start moving their coins.
And that can be a whole. A tale of activity that happens after you hit that send button so that you're, heuristic of when will my transaction get confirmed, will turn completely obsolete. The second that you hit the send button. So it's not trivial.
Anita Posch: [00:45:26] okay. I understand. so looking on on this website, bitcoinfees earn dot com doesn't help me actually.

Leo Wandersleb:
I prefer Jochen-Hoenicke.de where you can find a histogram of, which fee level, represented how many megabytes of block space, not confirmed yet. on the Bitcoin full nodes once you understand what those charts mean, then it's much more meaningful than having some entity tell you which fee level will get you, which, confirmation time

Anita Posch:
okay, thanks. I'll put that in the show notes then. we're coming to an end now. The last question I have is, what are you planning, next with Wallet scrutiny and, how could anybody support you in this project?

Leo Wandersleb:
well if you, if you know something about compiling wallets and, if you want to help, yeah, I, I wouldn't. Be very eager to find somebody take the iPhone part to take, to figure out how to approach desktop wallets. I don't have a Mac, and, I don't know. It would be nice to have that. And of course there to develop the standards, how to make it reproducible, because Wallet scrutiny is also open to scrutiny. So all the results I get, I hope to have completely reproducible. So it should be easy for anybody to reproduce those. So if you care, please share, like, and follow me on Twitter and follow Wallet scrutiny on Twitter help me fight those people that try to downplay what this going on with, ah.
With those wallets and, yeah. And, finally, just also a donate button and a website. So use that, try it out, see if it works.

Anita Posch:
tell us your Twitter handle please, and the location of your website.

Leo Wandersleb:
So my Twitter handle is leowandersleb and the wallet scrutiny handle is just that wallet scrutiny.

Anita Posch:
Great. Anything that you want to add that we have forgotten, maybe.

Leo Wandersleb:
No.

Anita Posch:
Thank you, Leo. That was very interesting. I learned a lot in our talk and I wish you all the best. Bye.

Leo Wandersleb:
Thank you, Anita. Thanks for having me. Bye.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top