I wasn’t aware of BC Vault until a few days ago, when their CTO, Alen Salamun, popped up in response to a vulnerability disclosed in another hardware wallet.
What’s that? Another bounty, loaded onto a wallet, and sent out?
Does this sound familiar to anyone?
They even frame this as a “Guaranteed Security”:
All this bounty does is demonstrate that someone cannot recover a key from a given device – the stolen device threat.
It doesn’t provide any assurance around phishing, evil maid attacks, or the usability of the system. The bounty provides no guarantee whatsoever.
Then Dimitry Fedotov, who deals with BC Vaults business development, laid down the gauntlet:
1 BTC is currently $9,400.
Day rates for hardware testing are $2,000.
That’s less than 5 days pay.
A full security review and penetration test of a hardware wallet would easily run to 25-30 days of work, and cover many more threats than “someone stole my wallet”.
This bounty is just another rigged fairground game.