KeepKey

The wallet arrives in a tamper-proof package. The package arrives in tamper-proof shrink wrap, with a thick holographic seal on the package. If the box has been tampered with, it is evident because the seal will have been torn/broken. If this is the case, be sure to contact ShapeShift.

Inside the package is:

• KeepKey hardware wallet device
• A USB to micro-USB cable
• Recovery cards, to write the recovery phrase on
• A leather case to hold the recovery phrase card
• An installation manual

KeepKey supports 40+ cryptocurrencies and digital tokens, including top currencies:

• Bitcoin (BTC)
• Bitcoin Cash (BCH)
• Bitcoin Gold (BTG)
• Dash (DASH)
• Dogecoin (DOGE)
• Ethereum (ETH)
• Litecoin (LTC)
• Aragon (ANT)
• Augur (REP)
• Basic Attention Token (BAT)
• Civic (CVC)
• District0x (DNT)
• FunFair (FUN)

KeepKey works with the cryptocurrency wallet software on a computer to manage private key generation. As mentioned, cryptocurrencies are never literally stored within the hardware wallet itself. Instead, cryptocurrencies always remain on their respective blockchain—a hardware wallet keeps private keys.

A personal private key unlocks the address on the blockchain where one’s assets are. Since networks and nodes keep the blockchain, a hardware wallet enables the ownership and use of tokens.

Like many hardware wallets, KeepKey generates a private key with its hardware-based random number generator. The private key is then combined with randomness provided by your computer. The process of computing the key is known as entropy. Entropy is the randomness collected by an operating system and is applied in cryptography (or cryptocurrency) which relies on random data.

At the initialization time, the user is given a ONE-TIME opportunity to learn and write down a backup phrase. Then, if the wallet passkey needs to be reset, the owner needs the twelve-word recovery sentence.

IF YOU LOSE YOUR BACKUP PHRASE, YOU WILL LOSE ACCESS TO THE CRYPTOCURRENCY IT STORES.

This warning can never be made clear enough.

KeepKey was acquired by ShapeShift, a cryptocurrency exchange. As such, the wallet itself enables the user to convert tokens directly within the KeepKey. That means that coins are traded or swapped without needing to create an exchange account.

ShapeShift is a non-custodial cryptocurrency exchange established in 2014. Non-custodial exchanges give the user complete control of their assets. Conversely, custodial exchanges hold funds, much as traditional banks do. That means that ShapeShift does not require personal information from its users.

1. Open the KeepKey app and enter a PIN.
2. Click on Add Account in the bottom right corner of the window.
3. Select the account to be added.
4. Enter a name for the account and select Add Account.
5. The new account is now listed with other accounts. 

NOTE: Once an account is added, it cannot be deleted from the wallet.

1. Open the KeepKey Client App.
2. Each time KeepKey is unplugged, the user must authenticate the device by entering the PIN.
3. Select the receiving account for the transaction.
4. Select Receive Bitcoin.
5. Copy the receiving address (click the green clipboard icon).
6. Double-check the address provided matches the address displayed on the device. (This step ensures that the address belongs to KeepKey).

NOTE: KeepKey does not need to be connected to receive cryptocurrency. It is possible to save one or more addresses to use later without connecting the KeepKey.

Transactions: Each transaction must be manually approved with KeepKey’s confirmation button.

KeepKey’s firmware is entirely open source. The source code is open and available for anyone to view. Open source makes it possible to know how the software works and what upgrades and problems have occurred. Open source is common in the world of defi (decentralized finance), and it is an effort to increase transparency. Transparency is vital when it comes to products and entities that manage money, such as hardware wallets.

More importantly, open source allows organizations to be sure there are no undesired or hidden functions. An example of such malware is software that secretly collects personal data.

Additionally, KeepKey is PIN-protected. In order to access the wallet, one must enter the PIN. If it is lost or stolen, it is much harder to access the private key.

The private key is stored securely on the KeepKey device, so it never leaves the device.

Typically, once a USB drive is inserted into a computer, the computer accesses everything stored on it. This is not so with the KeepKey wallet. When plugged into a computer, the wallet only communicates using a limited protocol. This level of privacy is to ensure that the wallet never reveals the private key to the computer, where it can be compromised. ‍

Users can back up the condense of their wallets with their 12-word recovery phrase. With KeepKey, 12 words are the default setting. However, users can choose an 18 and 24 seed phrase if they want one.

The seed is generated offline on the KeepKey devise. It is then displayed on the device’s screen. That means that the seed is never displayed on an internet-connected device, which is crucial to maintaining the recovery seed’s security. 

If the device is lost and the user does not have multiple accounts, they can recover their digital assets on any wallet that is BIP39 compatible. For more than one account, they can recover them with any wallet that is BIP44 compatible.

Here is a list of BIP44 compatible wallets:

• Exodus
• JAXX
• CoPay
• Coinomi
• MyCelium

The wallet also uses RNG (Random Number Generator). The RNG randomly determines the placement of the numbers on the device screen. This helps ensure that if the computer the KeepKey is working on is ever compromised, the PIN is not. Malware might try to mirror the number choice but can only do so using a keypad that is ordered sequentially.

There have been two major security issues recently for KeepKey.

First, to combat this, the Chrome app has been retired because there were too many scams designed to hack wallet accounts. KeepKey now only works with the ShapeShift web platform.

Secondly, ShapeShift issued a firmware update in February 2021. Users must connect their devices to the desktop app to download the update.

To begin with, for a hack to work, a thief must get hold of the actual device. The hack does not work remotely. Most people who hold crypto are generally careful and the fact that you need the actual device to hack into it is a huge plus and makes it quite safe.

However, if the device is ever stolen, hackers can use electrons to measure the voltage emitted from PIN entries. There is a subtle difference between correct and incorrect PIN entries in terms of voltage. With enough data, the thief can use this catalog of voltage measurements to guess the PIN and unlock the KeepKey wallet.

Donjon researchers found they could monitor voltage output changes as the chip received PIN inputs to determine the PIN itself. However, they first need to take thousands of measurements of the PIN processor’s voltage output for each value of known PINs for the hack to succeed. Once identified the voltage outputs of each PIN phase, an attacker can locate the PIN of a wallet.

For the hack to succeed, the thief needs:

• Hardware engineering expertise
• Software designed to guess all possible PINs
• The physical possession of the KeepKey

The ShapeShift firmware update makes it more challenging to collect a reliable catalog of power consumption outputs, making mapping PIN values more difficult.

KeepKey is a very functional and straightforward hardware wallet. ShapeShift is committed to autonomy and maintaining security. No single piece of technology is perfect. However, given the price point and functionality, KeepKey is a good choice for many cryptocurrency holders.

Main functions:

• Stores passkey
• Create addresses
• Send and receive cryptocurrencies
• Integrated with the Shapeshift exchange
• Larger size with an OLED screen makes it highly functional
• Each transaction must be manually approved using the confirmation button

This device is a great way to keep cryptocurrency secure and get a functional piece of hardware for an affordable price. However, the device has limited cryptocurrency compatibly. Therefore, it may be best for those who only use a moderate number of popular cryptocurrencies.

• Limited cryptocurrencies: Unlike other similar hardware wallets, KeepKey only supports around 40 currencies. However, this is made up for in part by the lower cost of the device.
• Physical Size: Several reviews have commented on how large the device is (approx. 4 inches). For some, this is too large.

Shipping: Orders ship within 5 business days of the order. Facilities are open Monday–Friday, 9 am–5 pm.

Carriers: USPS, DHL

Order Tracking: If a tracking number is provided, the buyer will be updated with the tracking information once it is received.

Shipping Rates: Rates charged for shipping are a flat rate based on shipping speed.

Customs and VAT: International orders are typically subject to local import duties and taxes (VAT). The buyer is responsible for all such fees, which are determined upon arrival.