According to a recent discovery, Bobby Lee’s Ballet Crypto wallet has some gaping security flaws. Its key generation is not as private as people would expect it to be.
Bobby Lee, a popular Bitcoin bull known for his wild Bitcoin predictions launched a hardware crypto wallet called Ballet on Kickstarter last month. Bobby Lee is a well-known figure in the crypto industry as he’s the co-founder of China’s first exchange BTCC, and he is the brother of Litecoin founder Charlie Lee.
Bobby Lee’s Simple Wallet
Ballet wallet was pitched as the most straightforward hardware wallet aimed at everyone. According to its website, it is the world’s first multicurrency non-electric physical wallet. Bobby Lee even claims to have gifted the wallet to the Hollywood star Bruce Willis, as BeInCrypto has previously reported.
On my flight from #LA to #Shanghai, I was surprised to see #BruceWillis come onboard, sitting next to me, traveling w/ his family to China. 🙂
What do I do? Let’s talk #Bitcoin! He didn’t know much, so I introduced him to $BTC, and showed him our @BalletCrypto physical wallets. pic.twitter.com/fektI7miCb
— Bobby Lee – Ballet: World's EASIEST crypto wallet! (@bobbyclee) November 2, 2019
The Ballet wallet has no setup or even passwords. According to the company, children to grandparents from ages 9 to 99 can use it. To access the wallet, it requires a 2-Factor Key Generation (2FKG) process. First is the encrypted private key (EPK) and then the corresponding wallet passphrase. However, both are engraved in the wallet itself.
Simplicity At The Cost Of Security
While trying to make a simple wallet, Ballet has failed to provide basic security required for cryptocurrency wallets. For starters, to eliminate the setup process, the company generates private keys. There is no way to verify if Ballet is storing these keys, and the users will have to trust them blindly.
@FTC @CFPB @kickstarter I submitted a report to all of you over the @BalletCrypto wallet. There is no way for the user to verify that the private keys are not held by Ballet. Meaning, Ballet likely has full access to all user funds placed on the device.
— StevenOustecky.hodl (@StevenOustecky) October 2, 2019
The project encourages its customers to trust them, which is the opposite of what Crypto stands for. Twitter user Steven Oustecky pointed out that crypto adoption should not come at the cost of unverifiable security practices.
Ballet also claims that the two security components are generated separately on two different devices in different locations, thousands of miles apart. However, in the age of the internet, physical locations do not matter. Matt Odell (@matt_odell), a popular Bitcoin expert, called out both Bobby Lee and Charlie Lee for creating the wallet.
It’s pretty simple: anyone associated with @BalletCrypto should be ashamed of themselves.
We see you @bobbyclee & @satoshilite.
— Matt Odell (@matt_odell) November 10, 2019
While Ballet could genuinely be trying to solve a major problem in the crypto industry, it comes with a high cost. Ballet is not reliable for any serious crypto user, and at best, it is an expensive novelty tool which could be useful for gifting.
Did you know you can trade sign-up to trade Bitcoin and many leading altcoins with a multiplier of up to 100x on a safe and secure exchange with the lowest fees — with only an email address? Well, now you do! Click here to get started on StormGain!