This past week there was a hack of wallets (mostly related to Solana blockchain), resulting in the theft of millions of dollars worth of tokens. The root cause was that many users had been using the "Slope" wallet, which had a design flaw in its security that was eventually exploited. Slope is a closed-source wallet, so the source code for this software was never reviewed externally and the flaw was not discovered. Thus people using Slope thought they "held their own keys", but ultimately they didn't.

You are little better off using a closed-source wallet app than you are leaving funds on a custodial exchange. And even if there is source code published for your wallet app, what good does that do you? If the app you downloaded and installed doesn't match the source code, then having an "open source" wallet even means pretty much nothing!

The only surefire way to know that the software download matches the source code is to build it yourself and compare. Almost nobody does that. But there are two projects that aim to show proof that a software build available to the public can be reproduced from the software project's corresponding source code repo.

This post is simply to bring awareness to these two projects and to list the surprisingly very few software releases which are (currently) found to be reproducible.

BitcoinBinary:

"BitcoinBinary.org is a repository of Reproducible Build Proofs for Bitcoin Projects"

Reproducible: [13 brands]

• BITBOX02
• BITCOIN CORE (and BITCOIN-CORE)
• BLOCKSTREAM GREEN (and BLOCKSTREAM-GREEN)
• COLDCARD (and COLDCARD-MK3)
• ELECTRUM
• LND
• MYCELIUM (and MYCELIUM-ANDROID)
• SIMPLE BITCOIN WALLET (and SIMPLE-BITCOIN-WALLET)
• SPARROW (and SPARROW WALLET)
• TREZOR 1 (and TREZOR T)
• WASABI (and WASABI WALLET)
• ZAP (and ZAP-ANDROID)

Wallet Scrutiny:

To improve the security of Bitcoin wallets by examining products for transparency and potential attacks

Play Store:Play Store:

Reproducible: [9 apps]

• Bitcoin Wallet (Shildbach)
• Mycelium Bitcoin Wallet
• Electrum Bitcoin Wallet
• SBW: Simple Bitcoin Wallet
• Green: Bitcoin Wallet
• Unstoppable Wallet
• AirGap Vault- Tezos, Cosmos, Ethereum, Bitcoin
• Zap: Bitcoin Lightning Wallet
• ABCore [obsolete]

Unreproducible: [19 apps]
Others not included (e.g., custodial, no source, not enough users, etc.): [Hundreds]

App Store:App Store:

Reproducible: [0 apps]
Unreproducible: [16 apps]
Others not included (e.g., custodial, no source, not enough users, etc.): [Hundreds]

Hardware Wallet:Hardware Wallet:

Reproducible: [4 devices]

• Trezor One
• KeepKey
• Trezor Model T
• Foundation Passport

Unreproducible: [11 devices]
Others not included (e.g., custodial, no source, not enough users, etc.): [Dozens]