In the fierce competition of Web3 security, who can truly withstand the comprehensive examination by industry experts? GoPlus—focusing on Web3 user security—has partnered with six major wallet brands to launch a unique hardware wallet evaluation inquiry session. SafePal participated in the AMA on the evening of August 12 as one of the invited wallet brands. Representing SafePal was Harry, the head of product, who shared detailed insights into the product features and technological advancements of SafePal during the AMA. This article will provide a detailed review of SafePal's outstanding remarks during this AMA.
For those who want to directly listen to the original audio, we also have a voice editing version prepared, which you can enjoy by clicking here!
Part one: Expert Inquiry Session
Volatility — GoPlus Host
Harry — SafePal Product Manager
Volatility: Now we will enter the stage of guest self-introduction and a brief introduction of the project. Let’s first invite Harry from SafePal to give us a brief introduction about himself and his product.
Harry: Alright, thank you, host. Hello everyone, I am Harry from SafePal. I am responsible for products at SafePal. Let me briefly introduce SafePal: SafePal was established in 2018, and our first product was a cold wallet. After the release of the cold wallet, we gradually launched our SafePal APP software wallet, browser plugin wallet, and TG mini program wallet, among other wallet products.
SafePal was established in 2018 as one of the projects incubated in the first phase of Binance Labs and currently has over 20 million users worldwide.
In addition to wallet products, last year we also launched the function of opening offshore Swiss bank accounts within the APP. Users can conveniently and legally exchange stablecoins like USDC for US dollars, euros, or offshore RMB, etc. At the same time, we also launched a MasterCard linked to this bank account, allowing users to spend globally. This card can be linked to Apple Pay, Google Pay, as well as domestic WeChat Pay and Alipay, etc. This is a brief introduction to SafePal, thank you all.
Volatility: Thank you for SafePal's self-introduction. We are now ready to enter our core inquiry session. SafePal, please listen to the question. The evaluation shows that your S1 and S1 Pro's Air gap scanning requires multiple operations in complex DeFi scenarios, which experts regard as sacrificing user experience for higher security. I would like to hear how you respond to this question, Harry.
Harry: First, let me briefly share that SafePal currently has three hardware wallets: SafePal S1, SafePal S1 Pro, and SafePal X1. Both S1 and S1 Pro transmit signature information by scanning QR codes with the camera. SafePal X1 transmits data and signature information via Bluetooth.
When using a camera to scan QR codes for transmission, the amount of information that can be encoded in each QR code is fixed. This means that when users perform complex on-chain signature logic, the amount of information they sign becomes quite large. Consequently, a single QR code cannot encode all of this information for transmission. It is possible for this information to be split into multiple QR codes. Currently, we conduct rapid polling of multiple QR codes to facilitate users to continuously scan without moving the camera. After scanning the information, we then combine it into complete information for the hardware wallet to sign.
So indeed, there is the issue mentioned by the host. I believe that all hardware wallets that scan QR codes through a camera and transmit signed information will face this problem. I think this is a problem brought about by the transmission mechanism, which may be difficult to resolve perfectly by switching to other transmission methods, such as Bluetooth. Therefore, for products like the S1 and S1 Pro, we have adopted the method of quickly polling multiple QR codes to transmit information.
My personal suggestion is that if a user is a holder, a diamond hand who rarely makes transfers or on-chain interactions, then using the S1 and S1 Pro models with QR code transmission and Air gap methods is excellent. For users who frequently interact, we recommend using the X1 model, as it transmits via Bluetooth, enabling rapid transmission of signature content regardless of length, completing the signing process.
Volatility: This question contains a point that I believe also needs to be addressed. The demand for a smooth experience and enhanced security may currently somewhat conflict. From SafePal's perspective, which of these two priorities do you consider higher? Could you share a few thoughts?
Harry: Personally, I believe it depends on the user's needs. Some users may care more about the security of information transmission. Generally, people believe that using radio frequency signals to transmit signature content is less secure than using QR codes. However, from a technical perspective, both methods are secured by negotiated encryption, where the hardware wallet and the mobile APP or PC negotiate a unique key for both sides before encrypting the signature information for transmission. Therefore, in terms of security level, both are equivalent.
For many users, they may feel that radio frequency signals, such as Bluetooth transmission, exist in an open environment, and there is a possibility that hackers could intercept and crack this information. In contrast, with camera QR code transmission, users feel it is a close-range method, where both the phone and hardware wallet are within their line of sight, making them feel safer.
If a user is not someone who frequently interacts, then I think such users are suitable for choosing the S1. For some users who have a deeper understanding of technology, they understand that Bluetooth transmission is actually secure; even if information is intercepted, without the two devices (phone and hardware wallet) negotiating, the key cannot be decrypted. For users with a deeper understanding of technology, if their signing frequency and hardware wallet usage frequency are relatively high, then they are suitable to use the X1.
I think it’s difficult to have a solution that perfectly balances convenience and security. We still need to find a perfect balance point. Currently, the assets managed by SafePal wallets have exceeded 40 billion dollars. From our hardware wallet sales data, more than half of the users choose the models that transmit information via camera QR codes. We have indeed seen on-chain that many hardware wallet users have a very low frequency of interacting with their funds, and for this group of users, the S1 is actually a good choice.
Volatility: Thank you, Harry. The second question I continue to give to you. You mentioned your X1 model, and there is a particularly obvious point of contention regarding its openness. The X1 claims to be open-source, but its completeness is questionable. Why should institutional users trust a partially open-source wallet? Can you address this question?
Harry: Actually, regarding the completeness of open-source, we have previously discussed this issue with our community users, especially those with technical backgrounds. It's worth sharing again in this context. Previously, users in the community raised questions, noticing that our business logic is open-source, but the complete build and compilation chain is not available. This means we haven’t enabled users to quickly compile this source code into usable hardware wallet firmware documentation. However, all our business logic and security-related code is open-source. In other words, users can verify the security-related business logic based on this open-source content.
Here, we also share some thoughts. The core of what we understand as open-source culture is not about complete exposure, but about making everything verifiable. I believe that all hardware wallet brands have already prevented external firmware—whether official or unofficial—from being reprogrammed into this hardware after leaving the factory. This means that even if we open the complete build and compilation chain for users to compile their firmware directly, users still cannot flash this firmware onto the hardware wallet for verification.
The reason we have not opened the complete compilation chain, as mentioned earlier, is that the official measures prevent external hardware or firmware from being burned into the device. This is a crucial strategy to protect user security against phishing or implanted risky firmware. Thus, based on the mechanisms described above, I believe it does not affect users' understanding and verification of the security logic. Of course, we will continue to find a healthier balance in user security code transparency and community collaboration. It’s worth mentioning that not only SafePal but also many other hardware wallet brands in the industry, such as Ledger, follow similar strategies.
Volatility: Thank you, Harry. The questions just now were from the expert group. They tend to be more technical or require a certain level of understanding to comprehend. The next question is quite special: SafePal claims to be the best crypto wallet, but compared to Onekey and Cool Wallet, what specific features do you think allow SafePal to stand out from the perspective of new users? Please prepare to answer this question.
Harry: For a newbie user, understanding the entire wallet creation logic and completing a full signature process has a certain threshold. I believe 99.9% of users are concerned about whether the content transmitted to the hardware for signing matches the content transmitted to the mobile.
We have implemented a mechanism where the content that users need to sign on their mobile phones is encoded into a 6-digit number using encryption algorithms. Users can quickly understand it; when this information is sent to the hardware wallet, it will also compute a 6-digit number using the same encryption algorithm. Novice users can confidently sign when they see that the number displayed on the phone matches the number displayed on the hardware wallet.
SafePal has a slightly different strategy from other hardware wallets. We believe that a hardware wallet should not be a product that users need to spend a lot of money to secure their assets. It should be a right that every crypto user has. Therefore, the pricing of SafePal hardware wallets is very affordable; all our hardware wallets are priced under 100 dollars, and our S1 is priced under 50 dollars.
In the SafePal APP, you can often see us collaborating with other project parties to give away hardware wallets. For example, we partnered with Circle to give away 15,000 wallets; we gave away 2,000 hardware wallets with Binance. Users only need to complete some tasks set by the project parties and pay for shipping to receive a SafePal hardware wallet for free. Recently, we have also organized activities in the APP where users can receive a free X1 hardware wallet by opening an account with a Swiss bank and depositing 10 US dollars, just paying for shipping. So this is our thinking to lower the barrier for newcomers to own their own hardware wallets and the right to safely hold their assets.
Volatility: Thank you for Harry's positive response. I remember during the evaluation, an expert expressed strong agreement with one of your parameters regarding your understated design. So, this question is also directed at you: If SafePal had the choice, would you prefer to produce products that look very much like hardware wallets, or would you lean towards producing very discreet hardware wallets that resemble ordinary cards?
Harry: To be frank, we did not intentionally design our hardware wallet to look less like a hardware wallet. It is more about the convenience of user operation and interaction (in the design). For example, the X1 retains all digital buttons, which is to make it easier for users to enter passwords quickly.
Many KOLs who received our X1 felt it looked like an old-fashioned calculator, which is quite interesting. Frankly speaking, all hardware wallets will have their own logo, and even someone outside the circle who picks up such a device, if they slightly care, could just Google the name on the logo and find out it is a hardware wallet.
Part two: Audience Q&A Session
Audience one: I would like to ask SafePal, just now when speaking, they mentioned how they know the usage frequency of SafePal users. How did they obtain this data? Isn't this hardware wallet not connected to the internet?
Harry: Hardware wallets are not connected to the internet, but the mobile APP is connected to the internet. During the pairing process between the hardware wallet and this mobile APP, the public key is transmitted to the APP, which can then derive the wallet address. Thus, once the address is known, all information on-chain related to that address is public.
Audience two: I want to ask about the physical security of these several hardware wallets. Because I have mentioned before, hardware wallets are expected to be used continuously. For instance, how do they ensure security under extreme high temperatures, in water, and in magnetic field environments? Have any relevant tests been conducted? Another question is about the supply chain: I want to know how each wallet ensures security in its supply chain during the production process.
Harry: Regarding the first question, I personally believe that keeping your recovery phrase secure is of utmost importance. Even with the best protective measures, hardware can fail in extreme situations. If a hardware wallet is damaged or lost, it’s okay as long as your recovery phrase is intact and your PIN hasn’t been compromised; you can buy a new hardware wallet and recover using your recovery phrase. This is some advice I can give.
Additionally, I would like to share a case seen in overseas communities regarding overall production security. I won’t specify which hardware wallet brand it was, but we observed that some malicious actors purchased some hardware wallets, then created their own packaging and reprinted the manuals. They took the hardware wallet, created a wallet, set a password, and printed the password on the manual. This deception is very strong. For users of hardware wallets, it is likely their first purchase, and they may not know what the normal packaging of this hardware wallet should look like. They may end up with a packaging box that was redone by these malicious actors or hackers, which is a counterfeit packaging box and manual.
Under such attacks, it can be quite difficult for novice victims to discern. SafePal has done a few things to address this. The first is an activation process. Each new hardware wallet, when connecting to a phone, not only a new one, but any hardware wallet that pairs with a phone, will prompt a window indicating whether this hardware wallet has been activated. If it has been activated, it will show when it was activated. If our users encounter such extreme attack forms and see that this device has already been activated before purchasing, they can tell that there is a problem with this wallet.
When our hardware wallet is produced, each hardware wallet is written with an SN. This SN is bound to the fingerprint information of this hardware wallet, including its encryption chip ID, business logic MCU or CPU, independent ID, and its component information. When users receive this hardware wallet for activation, we compare the SN with all information on this hardware to check if it has been tampered with. If it has not been tampered, the hardware wallet can be activated normally; otherwise, it cannot be activated.
Audience three: My question is somewhat similar to the previous inquiry. For a specialized device like a hardware wallet, it could itself be a potential risk factor. From a social engineering perspective, people may not originally know you have crypto, but if they see you using a hardware wallet, especially in the crypto circle, there is a consensus that users of hardware wallets likely have significant assets. Some might feel that taking the wallet away is somewhat unsafe, and some prefer to carry it with them, which indirectly increases their risk, for example, making them a potential target for social engineering. Given this view, I would like to ask what thoughts wallet projects have regarding this?
Harry: There are indeed practical problems like this. First, I think users need to improve their security awareness. Holding a hardware wallet is already a label of whether you have money for many people. I believe that whether using a hardware wallet, APP wallet, or exchange, one should avoid exposing where their assets are kept as much as possible. Not only should one avoid flaunting their hardware wallet or asset information in public, but information from other apps, software wallets, and exchanges should not be exposed either. In centralized exchanges, if you encounter a hammer attack and open your mobile APP to see how much money you have in your exchange account, it won’t help you escape.
Audience four: I have never used this hardware wallet, and previously, while interacting, I visited a fake website and lost a lot of wallets. I want to ask if you can solve this problem with this hardware wallet.
Harry: The features shared by the Onekey CEO are also fully available in SafePal. Additionally, we have developed another feature, which allows users to simulate ahead of time what the consequences of a signature will be before signing. This feature is nearly complete and in the testing phase. It will be online shortly, and we welcome everyone to experience it.
Audience five: Are the official hardware wallets produced by themselves or outsourced to third parties? For instance, when third-party production occurs, could there be infiltration during that process, leading to hidden security vulnerabilities in the produced devices?
Harry: This is a very good question. We have indeed thought deeply about this issue. Going back to the community question about why our complete compilation chain is not open-sourced, but only certain business and verification logic is open-sourced, this is also a consideration for security. If we fully opened it up, allowing the community to freely compile a complete firmware, it would introduce systemic risks if abnormal firmware were batch burned into the hardware during production. This is one point.
Secondly, as mentioned earlier, we have a process for writing the SN during production. This SN is actually linked to SafePal's backend. During the manufacturing process, when it reaches this stage, only with permission from SafePal's backend can they write an SN into the hardware wallet. At the same time, this SN is bound to the fingerprint information of this hardware and various chip information. This step prevents supply chain attacks.
Through these two points: first, there is no way to compile or implement firmware that can be written into SafePal hardware at a low cost. The second point is that when we write the SN, we need to interact and verify with our backend server extensively to prevent issues during the production stage.
Audience six: Regarding SafePal, when using Bluetooth to connect, I cannot use it if I turn off the location information on my phone. Since a hardware wallet is such a private item, I must authorize the location to use it, and without location authorization, it cannot be opened. I think this could be slightly improved.
Harry: This is a strict limitation of Android. When you want to connect to an external device via Bluetooth, GPS must be turned on. All hardware wallets that connect via Bluetooth face this issue—not just SafePal. This is a restriction of the Android version.
Three: Sharing Feelings
Volatility: Finally, please let the guest summarize today’s Space with a sentence.
Harry: First, I would like to extend special thanks to GoPlus. I believe that many of the security protections provided by SafePal actually utilize GoPlus's data support. I would also like to thank all the participants today. I think whether for everyone's learning experience in this industry or many listeners providing us with great suggestions for wallet manufacturers, I am very grateful.
Lastly, a small advertisement: even if those who did not receive the hardware wallet today, if you want a free hardware wallet, you can download the SafePal APP. We are currently running a promotion where if you complete opening a Swiss bank account, complete a KYC, and deposit 10 USDT, you can receive a free SafePal X1 hardware wallet. You only need to pay for shipping.
Welcome to learn more about SafePal
SafePal Official Store: www.safepal.com/zh-cn/store
Download SafePal App: www.safepal.com/zh-cn/download
SafePal Official Chinese X: https://x.com/SafePalCN
SafePal Website Navigation: www.safepal.com/zh-cn/sitemap
