The last couple of years have been unexpectedly great in terms of popularizing cryptocurrencies as either means of payment or speculative investments. By now, it’s pretty common to find people who store their coins in software wallets. They are quick, easy to use, and very convenient for commerce. However, the issue at stake is that a very small amount of these wallets actually benefit from the security advantages of open source software. Therefore, this article aims to point out these bad choices and highlight the better alternatives.
The faux-open source choices.
If you randomly ask casual crypto enthusiasts about the software wallets they’re using, the most common responses you get include Jaxx, Exodus, and Coinomi. Though some of these do include parts that are open-sourced or borrow industry-standard elements, the final versions contain multiple additions to the code that cannot be reviewed by everybody in a GitHub repository.
There are several reasons why people use an application like Jaxx: the mobility factor (you can have your wallet on your phone as well as on your home computer), the intuitive interface, the advanced functions (such as instant Shapeshift or Changelly conversions), and the effective marketing behind the efforts. Just the idea of managing your entire crypto portfolio within the UI of a single application is appealing to lots of enthusiasts.
It appears that in terms of security and management, users of Exodus have taken a step forward as compared to those who use the Coinbase and Binance wallets. The action of holding your own coins is definitely more thoughtful and security-conscious than recklessly entrusting and exchange with your private keys.
However, not allowing independent security experts to review to code in a public and open repository is a big issue. In some ways, it’s understandable that a company wants to keep its trademark features away from becoming something common. There’s nothing special about your product if everybody else has it.
Nevertheless, not open sourcing the code means that a greater amount of trust has to be vested in the developers’ abilities as security experts. It’s also a way of narrowing down the amount of code reviewers. And as Nick Szabo likes to remind us every time, a trusted third party is a security hole. How about we minimize risk by trying the open-source alternatives?
The more secure open-source wallets.
Almost every team of cryptocurrency developers has released an open-source solution for a wallet. Are you looking to store your Cardano in a more secure way? Then you should try Daedalus. Need a Tezos wallet that’s more secure than the multi-coin alternatives? Galleon or TezBox will get the job done.
The situation is even more diverse with Bitcoin, and you have approved and tested alternatives for every medium: from the classic desktop Bitcoin Core implementation to the mobile-friendly Green Address or Green Bits, there’s a plethora of choices you can’t go wrong with. If you like more privacy features, then you can also give Samourai a shot, as it’s the first implementation of BIP47.
Want an open-source multi-coin wallet which also allows you to store Ethereum, XRP, Monero, and Litecoin (among many others)? Then you can pick Edge. Would you like to have Stellar (XLM) too? Then you can sign up for the Blockchain.com wallet. Though it’s recommended to have one secure wallet for every coin to avoid the undesirable situation where you get hacked and lose all funds at once, these multi-coin alternatives are alternatives that provide that compromise between safety and convenience.
All these choices, despite lacking some features that you can find in Coinomi or Jaxx, are way better in terms of security and should be regarded as solutions that you can trust to a greater extent. However, the fact that they are open-source doesn’t mean that they are perfect or unhackable by default. Yet they benefit from two great advantages: the incentive to attack a public project is lower than the reward to point out its flaws, and the openness enables security experts everywhere to test and identify bugs which need to be fixed.
Remember the time when John McAfee promoted the $120 BitFi wallet and promised it would be impossible to hack? That ended up becoming a challenge for hackers everywhere, and it didn’t take long until workarounds were found… twice! Anything that exists may have a security loophole, and making big statements about “unhackability” is nothing but a call to action for those who want to prove their skills.
Using open-source software is a noble pursuit through which you support the work of purist enthusiasts and you have more reasons to trust the software’s reliability due to the increased number of experts being able to review the code. This article isn’t meant to convince you to dump Jaxx, Exodus, Coinomi, or whichever opaque crypto wallet you might be using. However, you should consider the alternatives and think about worst case scenarios. Which implementation do you think that is more likely to fix bugs before they have disastrous outcomes?