In brief
- The Cypherock X1 employs a shard-based recovery model in which the private key is split across multiple cards with secure elements.
- The cards and the X1 Vault hardware wallet employ secure elements with EAL6+ certification.
- Any two components in the system can be used to recover the private key.
The Cypherock X1 is something of a newcomer in the crypto hardware wallet space, with an open beta in 2022 ahead of its full launch in 2023.
With an unusual joystick-based control setup, and promises of super-secure self-custody thanks to its NFC based cards and shard-based security model, the X1 has a lot to live up to as it tries to muscle in on a market dominated by wallets like the Ledger Nano X and the Trezor Safe 5. In this review, we’ll find out whether it can do exactly that.
What is the Cypherock X1?
The Cypherock X1 is a cryptocurrency wallet that’s designed with security in mind, aiming to free the user from the vulnerabilities associated with crypto seed phrases.
The problem, according to Cypherock, is that conventional hardware wallets store your private keys in a single location, with a paper backup—creating a single point of failure.
Cypherock X1. Image: Decrypt
The X1 aims to address this by splitting the private key into five parts using Shamir’s Secret Sharing (SSS), and storing them on the X1 Vault device and across four X1 Cards kitted out with secure elements and NFC connectivity.
Any two of the cards and the Vault can be used to restore the private key, which can be further secured with a PIN number.
It’s a bit like Voldemort’s Horcruxes—but without the evil intent.
Cypherock X1: Design and build
The X1 is a compact and portable crypto wallet that can not only fit in a pocket but is designed to attach a loop, allowing you to hook it onto a keychain, your belt, or your wrist.
The device itself is ultrasonically welded together, making it challenging for any attackers to access without leaving visible signs of tampering. Inside is a dual-chip architecture for offline computation and secure verification.
Cypherock X1. Image: Decrypt
The X1 Vault sports a 0.96-inch OLED display, which is able to display text clearly so you can interact with the wallet alone, without the need for the app all the time. It is a little dim, though—so if you want to use it in sunlight, you may struggle. That said, for indoor use it was plenty clear enough.
The joystick is one of the stand-out design features as it’s quite unique, especially at this small scale. It’s similar to that featured on the Nintendo Switch, and appears to be of high quality too, with five-axis sensitivity. It all makes for an effortless and very intuitive way to control the device using your thumb alone.
The X1 comes with a USB cable and an adapter so you can use USB-A or USB-C, making it ideal for both Windows and Apple machines.
The X1 Cards are made from plastic and feature NFC technology. They’re identical in size and appearance to a credit card, making for easy storage and secure distribution. They can be stored in the supplied hard case, which also acts as a Faraday cage to protect against remote electromagnetic signals.
It’s all built to last, with the company claiming that the setup is good for at least 500,000 taps using NFC and that your data is secure for at least 20 years.
You can also buy replacement X1 cards and Vaults should the originals be lost or destroyed—and if you lose a single card it’s recommended that you buy a complete set of new X1 cards, and replace the originals if you want to add new wallets to the system.
Cypherock X1: What’s in the box?
The box has a card outer that you tear to open, inside which is a container case with a zipper that’s been cable tied shut to keep things securely sealed.
Cypherock X1. Image: Decrypt
Unzip the case and you’re met with instructions on getting started, a USB-C- to USB-A shielded cable and that USB-A to USB-C adapter.
There are also four X1 Cards pouched together next to the X1 itself. You also get a lanyard to attach to the X1, a user manual and warranty documentation.
Cypherock X1: Getting started
Once you’ve opened everything and plugged the X1 into a power source, it immediately turns on and the display shows the website you need to visit to download and install the app. Once this is on your machine you are taken through the process of setting up your wallet.
Most of the interactions happen on the X1 device itself, with minimal app input. An extra step in the setup process is validating the four X1 cards, one at a time, which involves holding the device on them for a few seconds each.
Cypherock X1. Image: Decrypt
You can set up multiple wallets on the X1, and implement a pin code if desired, before setting them up in the app. Once set up in the app you have deeper levels of control.
You also have the option to view and export the BIP39 seed phrase, should you want to record it as a paper backup (or in case Cypherock goes out of business).
Cypherock X1: Cypherock CySync app
The Cypherock CySync app is available to download on Mac, Windows and Linux, with a mobile version for iOS and Android.
Primarily it serves as a point of contact for you to access your wallet from with a big screen view. The app is pretty minimal, making it easy to use, without overcomplicated menus that can put off the newcomer. It also enables you to buy and sell crypto securely, using a fiat on-ramp powered by Binance Connect.
Cypherock X1. Image: Decrypt
This app goes beyond the X1’s own wallet, though you can also import other wallets using their seed phrases to view and track them. The app also lets you connect to dapps via WalletConnect so you can swap over 1,000 cryptos across more than 15 networks.
It’s worth keeping in mind that if you want to buy and swap using the CySync app, you will be subject to its transaction fees, which can vary. That said, you can always buy and swap elsewhere, using CySync and the X1 as a base point to extract.
Cypherock X1: Features and assets
The X1’s standout feature has to be the four X1 Cards used to secure your wallet.
The use of Shamir’s Secret Sharing (SSS) private key storage adds an extra layer of security. The X1 Cards can be used to distribute shards of the private key across a range of locations, making physical access more difficult. Any two of the five shards are needed, lowering the risk of single point failure and meaning that if any one component is compromised, it should still not be possible to get access to the complete private key.
The fact that it only requires the vault and one card to access the private key is a limiting factor, though—many SSS schemes opt for a three-of-five threshold for additional security. With $5 wrench attacks on the rise, it’s something to consider as many users will likely keep the X1 vault and a single card close at hand for ease of use.
One helpful additional feature is the ability to use the X1 as a seed phrase vault, meaning you can back up seed phrases from any BIP39-supported wallet, with up to four available slots.
Thanks to a partnership with blockchain platform Near Protocol, users can manage existing wallets and create a registered account, and securely store account data on their devices, all via the CySync app. That means developers can create decentralized apps, or dapps, for use within the CySync app.
At time of publishing the Cypherock X1 and accompanying app offers support for over 9,000 digital assets ranging from big names like Bitcoin and Etherium to less known options including Starknet, Frax and more. A full list of supported assets can be found here.
Cypherock X1: Security
Cypherock is building its brand on security, so it’s worth taking some time to go over the hardware.
The X1 Vault uses an EAL6+ certified secure element with bank-grade hardware components, placing it on par with rivals like Ledger and Trezor. The X1 Cards likewise use EAL6+ certified secure elements.
The X1 uses open-source firmware, while audits have been conducted by firms including WalletScrutiny and Keylabs. The company also runs an ongoing bug bounty program as a way to spot potential weaknesses and address them before they become an issue.
Cypherock X1. Image: Decrypt
It’s worth noting that the Cypherock employs the older ATECC608A secure memory circuit, which Ledger Donjon claims to have penetrated on the Coldcard Mk3 hardware wallet using a Multiple Laser Fault Injection attack. The Coldcard Mk4 subsequently upgraded to the newer ATECC608B circuit, as recommended by Ledger Donjon.
In a response to Keylabs’ audit, which flags the X1’s use of an older circuit, Cypherock noted that, “ATECC608B is fully compatible with ATECC608A interfacing but wasn’t available when we procured it. We plan on using the latest versions based on the part’s availability.”
Decrypt has contacted Cypherock and will update the review should they respond.
There is a nice touch with the PIN where lockout times are progressively increased after each incorrect attempt—a feature the company calls CyLock. This should help to prevent any brute force attacks.
When it comes to recovery options there is that SSS algorithm, with the private key split across five points, where any two can be used to recover the assets. It’s worth noting that hardware wallets from rivals such as Ledger and Trezor provide the option to create Shamir backups, albeit in seed phrase form rather than leveraging the X1’s more user-friendly card-based interface.
Cypherock X1: Verdict
The Cypherock X1 is a relative newcomer to the digital wallet market, but the firm has aimed to spin that into a positive, by building its system from the ground up to address the shortcomings of traditional hardware wallet security.
And while its solution does introduce some additional elements of trust—in the manufacture and auditing of the secure bank-grade components in its X1 Cards—that’s mitigated against by the use of Shamir’s Secret Sharing to decentralize the wallet’s private key. In theory, even if one component in the system was compromised, the user could gather two of the others, reassemble the wallet, and extract their funds.
It’s a slickly-designed system, and one which does away with one of the more archaic features of the crypto user experience, namely recording your vitally important seed phrase on a bit of paper.
That, coupled with its suite of features such as CySync, make the CypherRock X1 a worthy contender in the hardware wallet space.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
