2018 Cryptocurrency Wallet Safety Scorecard

Interest in cryptocurrencies is reaching a fever pitch, both driven by and feeding skyrocketing prices for cryptocurrencies. This has been accompanied by a proliferation of wallets both as standalone wallets and custodial wallets that provide a fuller institutional experience. Less sophisticated users are likely to turn to custodial wallets, which have lower barriers to entry and resemble traditional financial institutions, but which have broader security vulnerabilities. All of this puts the onus of safeguarding those funds on the creators of cryptocurrency wallets — which can either enable or prevent fraud. In this report, Javelin evaluates the customer-facing fraud mitigation features of major cryptocurrency wallets against the fraud threats facing cryptocurrency investors.

• What kinds of fraud mitigation features are offered at leading cryptocurrency wallets?
• What are the key fraud threats faced by users of different types of wallets?
• How do these capabilities compare with the fraud threats faced by users of these services?
• How will the fraud-management features of these providers need to evolve as they try to compete with mainstream financial services providers?

Companies Mentioned: Abra, Airbitz, BitGo, BitPay, Blockchain, Bread, Coinapult, Coinbase, Copay, Exodus, GreenAddress, Jaxx, Mycelium, Xapo

Javelin selected 14 custodial and noncustodial cryptocurrency wallets that were accessible to the Internet; available for desktop, Android, or iOS; appeared to be actively maintained by a core group of developers; and intended for storage of moderate to large values of cryptocurrencies.

Data was collected by Javelin employees who held accounts with each of the wallets. Data collection and quality assurance checks were conducted by separate employees using separate accounts with the same wallet. Data collection and quality checks occurred in January 2018.

In the event that a criterion was not applicable for a given wallet (e.g., desktop/browser authentication for mobile-only wallets), that criterion was not considered in Javelin’s assessment of that wallet. Partial credit was awarded in the event that a wallet did not offer the full capability for the criterion but offered a limited version of the feature or an equivalent feature that accomplished a similar purpose.