Notes about KeepKey hardware Bitcoin wallet

Reading Time: 7 minutes

Back in December 2018, there was a small period of time during which the price of the KeepKey hardware wallet on the Bitcoin.com store page was either entered wrong ($79 instead of $129) or heavily discounted, and at the same time it was possible to get 35% discount plus free worldwide shipping by using a special voucher code. Under normal circumstances, I would never do business with bitcoin.com because it is a fraudulent website owned and operated by a bad actor. However I have no qualms accepting gifts and so I went on to order 1 unit.

Due to the holiday season, the KeepKey arrived only in the beginning of January 2019, and it took another month for the postal service to clear customs on my behalf. The device is now finally in my hands and so I set out to write my impressions on using the KeepKey hardware wallet.

Packaging and Physical Dimensions / Weight

The device comes in a sturdy cardbox box with a magnetic flap to keep it closed. As soon as I took the device in my hands, it felt almost too big and too heavy. The front panel is 93×37 mm and the unit itself is 12 mm thick; total weight is 52 grams. Heck, these dimensions and heft are not dissimilar to those of a Nokia 150 cell phone! The device is many times larger and heavier than my Ledger Nano S or Trezor One.

The main benefit from the increased size is the big OLED screen; but overall the KeepKey feels like a ‘desktop’ device rather than something I can carry with me at all times.

KeepKey: inconvenient USB port location
Who thinks the USB port is positioned well?

The second annoyance I had was with the position of the micro USB port on the lower left side of the device. Holding the KeepKey (or even leaving it on your desk) is quite difficult when using a USB cable with a straight plug that comes from below. It gets only a little more convenient when I plugged the right-angle cable I use with my Trezor. IMHO, had the connector been placed on the left side of the device, it would have been much, much easier to operate.

Initial Startup and Setting Up

The KeepKey I received came with bootloader firmware version 1.03. As soon as I plugged it and launched the KeepKey Client app, it informed me that I needed to update that to the current version, which is 1.10. Flashing firmware is easy: it requires the user to disconnect the device, hold down the single button at the top right corner, and reconnect it. Flashing took something like 15 seconds and then I was asked to disconnect and reconnect the device to continue.

KeepKey wallet: Choose PIN
KeepKey setup: Choose PIN

Users can choose to do one of two things with a ‘fresh’ KeepKey. They can either initialize the device (i.e. have it generate a new random seed & private keys) or recover from an existing BIP39/BIP44 compatible device. I proceeded to initialize the device.

First step is selecting a name for the device itself, which you need if you have several KeepKey units. I called mine ‘Thanks 2 Roger’. I hope I’ll be able to change it in the future. (Edit: Yes I can.)

Second step is to select a PIN code to protect the device. Users do this by looking at the numbers 1-9 displayed in random pattern on the device screen, and clicking on some ridiculously small squares on the helper app. In this aspect, the KeepKey shares an inconvenience with the Trezor: PIN codes can’t contain the digit 0 — only digits 1 thru 9 are allowed. This limitation is due solely to fact that the numbers are aligned in a 3×3 box and is annoying because it sacrifices a certain amount of entropy for purely stylistic reasons. In other words, a 6-digit PIN on a Ledger Nano device is stronger than a 6-digit PIN on a Trezor or a KeepKey. Ah, well. Let’s carry on.

Choice of Seed Phrase (and Implications)

KeepKey wallet: Save Recover Seed
KeepKey wallet: Save Recover Seed

KeepKey then shows me the 12-word seed phrase (they call it ‘Recovery Sentence’) it has generated for me. I wrote it down on the thick cardboard recovery KeepKey has provided for this purpose. Note that the app doesn’t support BIP39 seed encryption (extra seed word that you input at initialization but do not write down with the others). If somebody gets their hands on your recovery sheet, you’re screwed for good. This, and the fact that 24-word seed phrases are not supported confirms my initial feeling: the KeepKey is a good device to handle small to medium amounts of BTC and use as a daily wallet, but is not sufficiently safe for long-term storage of large amount (at least in comparison to Trezor and Ledger, whose devices support 24-word seed phrases and allow me to scramble them additionally with a password).

Update: a recent blog post on the KeepKey website indicates that passphrase protection is coming soon and is currently available in beta firmware. Bear in mind that if you enable a passphrase over an existing wallet, you will lose access to any funds already on it; the passphrase changes the underlying private keys. However if you enable passphrase protection and leave the passphrase field empty when opening your original wallet, balance will show up. Tried & tested, works.

Operation

After finishing setup, I am presented with a simple screen from where I can receive, send and trade bitcoins. KeepKey is owned by ShapeShift.io and that is why the first button is called Send/Trade — trading is handled via ShapeShift. I can also create separate accounts for Bitcoin Cash, Litecoin, Dogecoin, Dash, Ethereum and Bitcoin Gold. That’s right, a total of 7 currencies are supported. The ‘Cryptocurrencies’ page on the KeepKey website claims that I can send, receive and hodl 54 coins and tokens but I have no idea how this works.

The KeepKey application offers the barest minimum of capabilities. It offers no means to label incoming/outgoing transactions and addresses, or rename the main Bitcoin account. If you close the application and re-open it, it will not autodetect a KeepKey device that is already connected. You will have to unplug the device and reconnect it to trigger detection.

But my final jaw dropping experience came when I clicked on the ‘Receive Bitcoin’ button. It turns out that in this day and age KeepKey still uses plain old 1-type P2PKH addresses. No SegWit P2SH (3-type), no bech32 (bc1-type) address support: the KeepKey is still in the Bitcoin stone age.

The app does not support any kind of long term storage of transaction logs, or provide the ability to export logs of incoming/outgoing payments. If you uninstall the Chrome app, your records of used addresses and transactions made in the past are gone.

Integration with Electrum

Lack of support for SegWit and bech32 annoyed me so much that I shut down the KeepKey app. I then decided to test integration with Electrum to see if I can fare better. But no, Electrum does not recognize my KeepKey device even though they claim support on the web page. There is some contrived way to integrate KeepKey and Electrum using Python that I won’t bother trying.

Dependence on External Services & Instability

KeepKey uses the Blocktrain blockchain explorer to track transactions and the app does not allow me to select another explorer. Blocktrain doesn’t load for me (I get a CloudFlare timeout page), it has been more than 6 hours. This sucks. Even more annoyingly, the KeepKey app started getting stuck on the ‘Loading Accounts’ screen after PIN code entry. I have no idea why this happens and how to fix it.

Outgoing Payments

The app does not allow me to set a custom mining fee, or at least select fee type (e.g. fast/normal/economy) like any good wallet. It only offers a single, obscenely high mining fee: For my test payment, it calculated a charge of 3178 satoshi for a simple 1 input, 1 output transaction (226 bytes) at a time where the mempool is around 1MB in size. For comparison, here’s a random transaction from a block mined around the time I made my payment. TX size: 217 bytes, Fee size: 136 satoshi. KeepKey made me pay 14× as much.

Repeat after me: A wallet that wastes your money on expensive payments is garbage.

Summary

The KeepKey has a fantastic large screen that displays addresses and QR codes in wonderful detail. Like, really fantastic. It is by far the best screen used in any wallet, and an outstanding feature of this product. The unit itself is a solid block of aluminum and acrylic. It is similar in looks and proportions to the monolith from ‘2001: A Space Odyssey’. If I had to judge the KeepKey solely on the way it looks and feels, I’d give it straight 10/10.

However as soon as we move from form to substance, things start looking differently. The location of the micro USB port; bare-bones app functionality; can’t extract keys or generate XPUBs; no facilities to sign messages & prove ownership of address; no support for SegWit and modern address formats; no ‘book-keeping’ services (e.g., keeping log of incoming/outgoing transactions); support for few coins; lack of integration with Electrum; outrageously expensive mining fees. It seems stuck in 2014 in terms of features and lags terribly behind other hardware wallets. Every time I am using it, I get sad thinking about what it is, and what it could be.

To Buy Or To Stay Away?

If you rely on your hardware wallet to verify send/receive addresses on a large screen, you may find the KeepKey worth using. But unless the KeepKey team finds it in them to drastically fix and expand app functionality, the device itself is a complete let down. To add insult to injury, the more you use the KeepKey, the more it will cost you. Overpaying on fees by a factor of 10 or 20 times will pile up quickly. Edit: the beta app version 6.0.3 adds support for fast/normal/slow fees, but again no custom fee and again very high value (cheapest one is at least 3-5× more expensive than it needs to. So, still garbage.

If you search the Internet, you will find many reviews that describe the KeepKey as similar to, or better than the alternatives. These reviews are fraudulent; no objective person can see the lack of major features and still call the product the same as others.

Perhaps things can be turned around. The KeepKey shares internal design with the Trezor One and as such is capable of doing all things the Trezor does. Until things change, however, my honest advice is to stay clear of the KeepKey and buy a Ledger Nano or a Trezor instead.

Important Update

Less than 10 days after I posted my review, KeepKey announced a price reduction for their HW wallet from $129 to $79. I don’t know if this means a new product is on the way or they just realized their sales suck and they need to do better.

At that price point, it makes a better purchase, especially for technically inclined people who will use it with Electrum wallet. With the reduced price, I am somewhat comfortable with shilling my own referral link for the device:

KeepKey Bitcoin wallet
Order a KeepKey Bitcoin wallet now at a reduced price ($79 down from $129)

Please consider supporting this blog by clicking on the banner below when purchasing bitcoin equipment.
Ledger Nano S - The secure hardware wallet