A cryptowallet created by a slovenian security company called Real Security d.o.o. The cryptowallet prides itself as the most secure way to store funds, with high emphasis on security of hardware, software and even the methods of storing the data.
At a glance
Transparency
The hardware and software is blackboxed. It’s unknown what they use specifically. Due to the nature of the device, it doesn’t even have an FCC filing, which would help pin down the manufacturer or approximate architecture. According to the marketing material, the device uses FRAM to store data. It’s unknown what else it has and demands a further teardown of the device.
The device seems to cater to more casual audience, with high emphasis put on marketing and PR from Youtubers and public interviews hosted by known cryptocurrency enthusiasts. The core of the marketing is their “ferromagnetic RAM”, which had been mentioned nearly in every single PR material released about BC Vault.
Author's note: what truly bugs me is how frivolous this claim is, it can be mentioned only a couple or so times, but if it's dropped on every single occassion it where they have a chance to raise selling points of the hardware, it makes me literally cringeThe device has just recently added support of DeFi/NFTs in 1.7.0, further confirming this catering - https://bc-vault.com/2022/03/nft-and-defi-space-is-about-to-witness-a-whole-new-world-of-possibilities/
Software client
The software client is a complementary to the device, called BC Vault Desktop Application. The application not only manages the funds, but also the device itself. Similarly to the hardware, it’s proprietary, and source code is not publicly available. Due to the security policies of the device, you need to install a daemon service called BCD, which serves as a communication bridge between the hardware wallet and PC. This daemon serves the purpose of unlocking the wallet with passphrases (either global or wallet), and inquiring the device about addresses or signing transactions. This daemon allows user to connect it with other wallets like MyEtherWallet. There is a .dll file that allows interfacing with the BC Vault device, but it’s unknown how it works or operates for that matter. Possibility of reverse engineering.
Optional features
- Importing other wallets, these wallets are cosmetically differed from the ones generated by BC Vault.
- Built-in warning for user whether the transaction has too high transaction/gas fees before signing.
- Wallet with 1 BTC stored in FRAM of each device as a bounty for penetration testers. https://support.bc-vault.com/support/solutions/articles/43000456550-there-is-a-btc-walled-called-bc-vault-bounty-wallet-with-address-1nlrleo8uuozetw2sbnun7cppuv6j7xpe
Security
The device has certifications of conformity according to standards EN 60950-1 :2006 + A 1:2010 + A2:2013 + A 11 :2009 + A 12:2011, but this standard is only about safety of the device. In addition to that, it is also certified under EN 55032:2012, EN 55024:2010, EN 61000-3-2:2014, EN 61000-3-3:2013 which is also about electronic safety of the device and is in no way relevant to the SECURITY of the device.
The device had been independently security audited by a company called “SIQ”. // Source: https://bc-vault.com/2020/05/bc-vault-completes-security-assessment-by-siq/
The device is one of the few if not only nondeterministic wallets, that means it’s not reliant on BIP-39 deterministic wallet generation but instead generates private-public keys for each new wallet. The device can store up to 2000 of such wallets. For the sake of safety, the device forgoes also standard methods of backup, instead relying on encrypted SD card backups of private keys or manual readout of the private key while in IKWID mode (special recovery mode for extracting private keys on request, this marks the said wallet as unsafe permanently).
The access to the device is governed by 4 layers of password protection, two in-device, two on-computer. Those are according to the web:
- **Global Password** – Used for unlocking access to BC Vault along with the device’s Global PIN. Entered in the application.
- **Global PIN** – Used for unlocking access to BC Vault along with the device’s Global Password. Entered on the device.
- **Wallet Password** – Used for sending currencies from individual wallets along with the Wallet PIN. Can be different for each wallet. Entered in the application.
- **Wallet PIN** – Used for sending currencies from individual wallets with along with the Wallet Password. Can be different for each wallet. Entered on the device.The wallets are individually encrypted by the global and per-wallet credentials.
The device seems to lack any semblance of supporting HWI, or PSBTs. The official KB states that the device doesn’t need multisig and if necessary, the user can simply split the custody of the multiple passwords to multiple people, thus making it “multisig”. https://support.bc-vault.com/support/solutions/articles/43000374160-does-bc-vault-support-multi-signature-access-to-wallets-
Transferring keys to other devices is complicated, even when moving to another BC Vault device https://support.bc-vault.com/support/solutions/articles/43000630121-how-can-i-gain-access-to-my-bc-vault-created-wallet-on-another-device-or-software-wallet-. Also, it’s user unfriendly, because transferring the keys to another BC Vault device will permanently mark the wallet as unsafe on both devices, encouraging user to simply send the funds to another wallet instead.
Physical security
The device has a holographic seal on the USB port. The case is glued shut.
Privacy
The device relies on a software wallet to do it’s work, reducing confidentiality of the funds on the device. In the security features page, BC Vault states, that the software included is phoning home to query the balance of connected wallets and only stores a salted SHA-256 address. It’s unknown whether they store these logs permanently or not.
Also whether they store IP address is not stated in the web’s privacy policy either. Only possible answer is in the EULA/Privacy Policy of the software, but this is not publicly available and is possible contained with the software itself
The BC Vault - End-User License Agreement describes what kind of data is being sent to Real Security’s servers, but the test data enclosed in the web address is no longer up-to-date.
Non-hardware related
Manual
There is a manual located at https://support.bc-vault.com/support/home with mostly complete info about the wallet operation. There is also a simplistic starter guide.
Support
Support is done via email only, there is also an option of consulting the FAQ for most common questions. Despite an evident lack of serial numbers, the support is capable of replacing broken devices for new ones, if the issue cannot be repaired/rectified remotely.
Upgradability
The device is regularly updated with new cryptocurrency support and features. Due to the uncertainty of the containing hardware, it’s unknown whether the device has strong or weak performance. But due to the fact that it supports Ripple, which is not generally supported by Trezor One but by Trezor Model T, the performance of the SOC is somewhere above One, and around Model T. Unfortunately the device doesn’t support Monero yet, so it’s not on par with Model T.