iColdWallet

🔍 Last analysed 11th March 2022 . Bad Interface

Launched

6th December 2021

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis ¶

General Overview

The original company is named Shenzhen Feitianxia Technology Co, Ltd. It is also known as idiskk. The product listings on Amazon.com are under the brand ySky or Jostart. However, we believe these are produced by the same company: Feitianxia Technology Co, Ltd.

iColdWallet is the mobile iOS app referenced in both ySky and Jostart. It also references Feitianxia Technology Co, Ltd.

Product Description

Compatible with iOS devices, including iPhone and iPad:

iPhone 13/Pro/Pro Max, 12/Pro/Pro Max, 11/Pro/Pro Max, XS Max/XS, X/XR, 8 Plus/8, 7 Plus/7/6/SE, iPad 2/3/4/Air series/Pro series etc(NOTE: Don’t support latest version of 11&12.9 inch iPad pro with USB-C port).

Once removed from the key enclosure, the device can be plugged in the phone or tablet’s lightning port.
The user then has to install the iColdWallet app referenced above.
The device supports the 12 or 24 word BIP39 Standard
Supports Cross-chain & Multi-currency, including but not limited to: BTC, ETH, BCH, DASH, LTC, etc.

iColdWallet App

The app has the following features:

Cryptocurrency hardware wallet: allows you to send and receive cryptoassets conveniently. Your hardware wallet can be easily connected to the iPhone and managed through professional app(iColdWallet). Protect your private keys.

Multiple security verification: Your confidential data will never be exposed. It is stored in a highly isolated chip and locked by a 6-digit APP code. At the same time, there are Google verification codes and iOS face ID to protect wallet account security.

Multi-currency support: You can manage multiple cryptoassets on the same device, and supports more than 30 cryptocurrencies and all ERC20 tokens.

Backup and recovery: Backup Mnemonic words(seed words) on the recovery sheet, so your account can be easily restored to any accounting device or compatible wallet (iColdWallet). The recovery sheet is compatible with any 12 or 24 word seed in multi-language, which is ideal for storing your private crypto currency information or anything that may require a private cold storage system.

Easy to use: Designed through an intuitive user experience.

Regular updates: Update new features regularly without additional cost.

Fully flexible: Supports Bitcoin, Bitcoin Cash, Ethereum, Zero Cash, BNB etc, and more than 1500 ERC20 tokens.

iColdWallet is a App for hardware wallet Key. Using them together, supporting the following functions:

Check the balance

Transfer out crypto currency

Receive crypto currency

Exchange crypto currency

Observe Cryptocurrency market conditions

Verdict

There is no specification whether the private key leaves the hardware wallet once it interfaces with the mobile device. The promotional material mentions that the private key is encrypted but there was no further elaboration on this.

It also has no interface or a display. Although it mentions that transactions are confirmed on the hardware wallet, it does not specify exactly how. Without any noticeable buttons or displays, we take this statement with a bit of skepticism. What we can see is that it is reliant on the mobile phone app.

(dg)

Verdict Explained

The design of the device does not allow to verify what is being signed!

As part of our Methodology, we ask:

Bad Interface!

Can the user verify and approve transactions on the device?

If the answer is "no", we mark it as "Bad Interface".

These are devices that might generate secure private key material, outside the reach of the provider but that do not have the means to let the user verify transactions on the device itself. This verdict includes screen-less smart cards or USB-dongles.

The wallet lacks either an output device such as a screen, an input device such as touch or physical buttons or both. In consequence, crucial elements of approving transactions is being delegated to other hardware such as a general purpose PC or phone which defeats the purpose of a hardware wallet.

Another consquence of a missing screen is that the user is faced with the dilemma of either not making a backup or having to pass the backup through an insecure device for display or storage.

The software of the device might be perfect but this device cannot be recommended due to this fundamental flaw.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

Share on

Twitter Facebook LinkedIn

Or embed a widget in your website

<iframe 
    src="https://walletscrutiny.com/widget/#appId=hardware/icoldwallet&theme=auto&style=short" name="_ts"
    style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;">
</iframe>

will show

and

<iframe 
    src="https://walletscrutiny.com/widget/#appId=hardware/icoldwallet&theme=auto&style=long" 
    style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;">
</iframe>

will show