Wallet Logo

Trove

🔍 Last analysed 27th April 2022 . Bad Interface Not updated in a long time

Jump to verdict 

Help spread awareness for build reproducibility

Please help us spread the word discussing build reproducibility with Trove  via their Twitter!

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

The Analysis 

Product Description

TROVE is a wearable device providing a way to store and manage digital currency for daily spending and trading. The system stores cryptocurrency offline on the hardware – rather than online – meaning it is less susceptible to hackers.

Users unlock the system using their ECG signature – a biometric method of verification that recognises a user’s unique heartbeat pattern – by touching the contact zone on the front.

This activates the bluetooth, which communicates with the user’s smartphone and allows funds to be accessed.

Trove is a wearable offline device that utilizes biometric verification. This is meant to recognize the user’s “unique heartbeat pattern.” The device can be worn as a watch, necklace, or brooch.

This opens a few issues if the user of one of the devices passes away. As he will probably not have a heartbeat pattern anymore, the funds will become completely inaccessible. It’s possible there is a feature for family and friends to add their “ECG signatures”, but nowhere on the website is a feature like this mentioned.

Verdict

This product was released years back in 2018. There is a general lack of documentation concerning its security features and how it functions. Notably, we also could not find any shop for this product online.

As mentioned above, it’s stated that Trove depends on the user’s smartphone to make transactions. The device may be able to approve transactions, but it has no screen meaning that it can’t confirm the address where the user sends bitcoin.

(dg)

Verdict Explained

The design of the device does not allow to verify what is being signed!

As part of our Methodology, we ask:

Bad Interface!

Can the user verify and approve transactions on the device?

If the answer is "no", we mark it as "Bad Interface".

These are devices that might generate secure private key material, outside the reach of the provider but that do not have the means to let the user verify transactions on the device itself. This verdict includes screen-less smart cards or USB-dongles.

The wallet lacks either an output device such as a screen, an input device such as touch or physical buttons or both. In consequence, crucial elements of approving transactions is being delegated to other hardware such as a general purpose PC or phone which defeats the purpose of a hardware wallet.

Another consquence of a missing screen is that the user is faced with the dilemma of either not making a backup or having to pass the backup through an insecure device for display or storage.

The software of the device might be perfect but this device cannot be recommended due to this fundamental flaw.

But we also ask:

Obsolete!

Was the product updated during the last two years?

If the answer is "no", we mark it as "Not updated in a long time".

Bitcoin wallets are complex products and Bitcoin is a new, advancing technolgy. Projects that don’t get updated in a long time are probably not well maintained. It is questionable if the provider even has staff at hands that is familiar with the product, should issues arise.

This verdict may not get applied if the provider is active and expresses good reasons for not updating the product.