Should you trust Ballet? Should you trust anyone?
The following is an article written in the first person by Ballet CEO & Founder, Bobby Lee, back in 2020.
Last week, I posted a hacking contest in which I asked you to hack my two Ballet REAL Bitcoin wallets, loaded with a combined value of over $21,000 in bitcoin (1.0 BTC on each wallet).
I said that it’ll be very hard for anyone to try and steal those bitcoins, even though I’ve already provided the encrypted private key and the BIP38 decryption passphrase for each of the two wallets, respectively. The reason is that BIP38 is hard to hack.
What about us, Ballet? Can we steal your funds? In practice, no, because in our manufacturing process, we don’t store the intermediate data that’s needed to ultimately create the private key.
Here’s another important technical point: the actual private key is actually NOT stored or printed on the Ballet wallets. Our wallets utilize a two-factor private key. The two critical private key components are what’s stored on the wallets: the encrypted private key is behind the silver sticker, and the BIP38 decryption passphrase is behind the scratch-off on the bottom of the wallet card.
Most importantly, during the manufacturing process, our company doesn’t ever have the actual private key at all, because you can only construct the private key once you’ve decrypted the encrypted private key using the BIP38 decryption passphrase. We never do that, so we’ve never seen the private key!
In fact, in our manufacturing process, the two components are made and generated in completely different locations (Las Vegas, USA, and Shanghai, China) and that data gets destroyed locally on premise, as part of the manufacturing process. So in practice, Ballet never has the actual private key to the wallets, and our manufacturing process doesn’t allow for us to steal your funds.
How about in theory? Well, if we were evil and we intended to steal your funds, then surely, we could have booby-trapped our wallets, lied to everyone, tricked you into using our wallets, aiming to steal your funds. Would we? No. (By the way, this above statement is 100% true and applicable for any other wallet provider: if XXX wallet vendor were evil and intended to steal your funds, they could do so as well. Now think about that! And because logic dictates that you cannot prove a negative, then there’s no 100% foolproof way for them to prove it, or for you to verify otherwise, is there?)
What does that say about all wallet companies in general? In the end, you have to trust them. There is no such thing as a trustless wallet or a trustless wallet company, despite what they might try to make you believe. All wallet makers will claim that their software stack & hardware chips are secure, and that it can be proven so, by vetting their open source code, etc.
The reality is much more complicated. Yes, open source software can be vetted, but in practice, what percentage of open source software is vetted thoroughly? How about open source hardware designs? Open source firmware code? In the end, most people just prefer to trust, and don’t actually verify. It’s not because they don’t want to verify, but rather, it’s time consuming, resource intensive, and just plain too hard for many people.
Are you surprised? There is no such thing as a trustless wallet provider! Yes, let me repeat that: whatever crypto wallet you’re using, whether it’s a desktop app, a mobile app, or a hardware wallet, you implicitly have to trust the vendor and/or maker. You can only verify so much, and you can never verify all 100% of anything (unless you did it and created it all yourself, 100%). In the end, people tend to verify things to the extent that they’re comfortable with, because every subsequent decimal percentage of verification gets exponentially more difficult.
Here’s my conclusion: in the real physical world, there has to be trust, and it can never be discarded. This answer is not apparent to most people, and for sure, this conclusion is not currently a popular mindset, but I firmly stand by it.
(If you still believe otherwise, I’m happy to discuss and debate with you. Just be civil, and we can have a respectful and engaging discussion on the topic of trust.)
Trust is needed in real life. Given that, I launched Ballet to revolutionize the cryptocurrency wallet, to make it extremely easy to use, so that we can help onboard millions of new users, and eventually billions of users worldwide. Finally, we have a cryptocurrency wallet for the rest of us.
— Bobby Lee, Ballet founder & CEO
