With New Crypto Hardware Wallet, Evercoin Takes Aim at Trezor and Ledger
Evercoin launches Evercoin 2, a secure crypto wallet powered by YubiKey 5ci. How does it compare with Trezor and Ledger and will it really keep users safe?
Evercoin announced the launch of Evercoin 2 today, Nov. 12, at New York Consensus Invest Summit. Evercoin claims that its new wallet is the safest hardware wallet currently on the market, providing users with an end-to-end encrypted ownership solution for cryptocurrency storage.
Powered by YubiKey 5ci — a security key designed to deliver strong hardware-backed authentication for iPhones and other devices — Evercoin 2 contains a hardware wallet no bigger than a house key. This is the first hardware wallet to use YubiKey 5ci for iPhone and USB-C for android devices.
“Unlike hardware wallets such as Ledger or Trezor, Evercoin 2 uses YubiKey to provide 360-degree internet protection. It’s designed to bring cryptocurrency adoption to the masses,” Evercoin co-founder Miko Matsumura told Cointelegraph.
Trezor and Ledger did not respond to Cointelegraph’s request for comment.
Evercoin currently supports 20 digital assets, including Bitcoin and Ethereum. Users are able to hold their own assets, while the built-in non-custodial exchange allows them to swap popular cryptocurrencies. Users are also able to link their bank accounts in Evercoin to exchange U.S. Dollars with cryptocurrencies and vice versa.
The Ledger Nano S supports 22 digital assets and features a unique display screen to provide an added layer of protection when making payments, letting users to confirm the amount transacted and correct address. However, Ledger does not provide a built-in-exchange.And while Trezor wallets generally support over 1000 coins, these also do not contain an exchange to swap cryptos.
While Evercoin already functions as a mobile wallet app with a built-in exchange, Evercoin 2 is secured by hardware that is fully controlled by the user. This means that users get all the financial services expected from a service like Coinbase, but now have the option of keeping their private keys safe in a hardware device.
The expert take
With these features in mind, John Jefferies, chief financial analyst at blockchain security company CipherTrace, thinks that Evercoin 2 is not, strictly speaking, a hardware wallet because it is an authentication device rather than a piece of hardware that physically stores private keys on the device. "It would be more accurate to describe the Evercoin wallet as a mobile software wallet that is protected by a hardware-based second factor," he told Cointelegraph.
Matsumura pointed out that Jefferies’ definition is a correct stricter use of the term, but asserts that the current implementation goes beyond just an additional authentication factor because the key is being encrypted using on-key APIs rather than just the One-Time-Password features of the YubiKey.
Nonetheless, Evercoin 2 contains unique features that are intended to provide enhanced security through easy-to-understand procedures.
For instance, if a user loses their private key, they can go into the Evercoin app and show their driver's license to get it back or to receive a new one. This is unlike many exchanges and wallet apps, where losing a private key can mean that crypto is lost forever. However, if a third party is able to retrieve a user’s private key, there is the concern that the key may not be fully private anymore.
According to blockchain analysis firm Chainalysis, misplacing private keys has resulted in the permanent loss of 2-3 million Bitcoin (BTC). While crypto users are often told to write down their 24-word private key phrase on a piece of paper, it’s almost impossible to ensure that this paper will remain safely stored and free from damage.
“The thing to understand is what happens if you lose the physical hardware device,” noted Matsamura. “We then will need to recover your account using standard account recovery procedures from an Evercoin backup. The standard procedure involves a password to recover, but if you forget that, you can show your ID and recover with that.”
Matsumura also claims that because the YubiKey 5ci functions intuitively, users can access their crypto in a safe and familiar way. He said:
“The Evercoin solution works like a hotel key — you push the key in to your phone to unlock it, and when you pull it out it automatically relocks. It’s a simple, known concept to grasp. When you buy a house or a car, you always have ownership of key. You should have the same thing to protect your account of bitcoin, which is what comes out of YubiKey.”
In addition, Evercoin 2 users will be able to make use of all of their YukiKey's other functionality, such as securing email and social media accounts. Similarly, existing owners of a YubiKey 5ci can add hardware wallet storage to their existing device by downloading the Evercoin wallet app.
How Safe Is It, Really?
While these features make Evercoin unique, hardware wallets are still prone to vulnerabilities that can occur when loading boot code, updating firmware, intercepting chip-to-chip communications and physical attacks.
According to Jefferies from CipherTrace, a best practice would be to have any type of hardware wallet certified by an independent lab like UL Labs to ensure that regulatory standards are met. While certification can be expensive, ranging anywhere between $100-200k per device, The Federal Information Protection Standards provides standards for encryption that is required by the U.S. Government.
“I encourage hardware wallet vendors to pursue FIPS 140-3 or FIPS 140-4 to demonstrate that they have properly implemented the encryption in software and designed tamper-proof hardware," Jefferies told Cointelegraph. Unfortunately, none have done so just yet.”
Jefferies also noted that the two leading hardware wallets, Ledger and Trezor, have both been hacked and have since been hardened.
“In lieu of FIPS certification, I would select a hardware wallet that has a bug bounty program and has been available for sale long enough for penetration testers to have time to try to hack it,” said Jefferies.