S8 E3: Erik Voorhees on KeepKey, Open Source & Self Custody

Erik Voorhees has been involved in the Bitcoin space for almost a decade. Which means that, depending on the moment when you first got interested in the topic, you might know him as the Marketing Director of BitInstant, the co-founder of Coinapult, the founder of Satoshi Dice, the creator of ShapeShift (under the Beorn Gonthier pseudonym), one of the proponents of SegWit2X, or an investor in Bitcoin projects such as Start9 Labs.

If you have a good memory, you might also remember him for his involvement in FeedZeBirds, Paysius, and KryptoKit. But this interview only focuses on two of Erik Voorhees’ roles: the CEO of the company which owns and manufactures the KeepKey hardware wallets, and a long-time bitcoiner who has seen most of the developments that happened in the space and knows a little something about sovereignty and self-custody. And while we do drop a few fleeting mentions of Start9 Labs’ ambitions and the fact that ShapeShift has eliminated mandatory KYC, the discussion mostly revolves around securing your own bitcoins in an environment which may seem a little bit confusing to newcomers.

Throughout this hour-long interview, I got to learn more about the KeepKey hardware wallet and have also acquired a fresh perspective on how early bitcoiners secured their scarce bits of digital gold. And when I found myself in doubt in regards to the financialization of Bitcoin and how “traditional” fiat institutions may compromise the price and the value proposition, Erik Voorhees provided a dose of optimism which suggested that the phase through which we’re going is a sign that we’re on the road to victory.

This interview is somewhat of a sequel to S4 E1, in which I interviewed ShapeShift’s Jon (who at the time was the COO and now became a Chief Product Officer) about the KeepKey. And if you would like to know more about the most inexpensive premium hardware wallet on the market and its use cases, you definitely need to listen to this chat with Erik Voorhees. Even if you don’t care much about hardware wallets, there’s still a lot to learn about the open source philosophy and the importance of self-custody.

Listen to Erik Voorhees on Apple Podcasts and Spotify!

For the privacy-focused users, I also have a direct link to my RSS feed. This way, you won’t need to sign up to any third party service and you can listen directly from your browser without sharing your data with any kind of corporation. I strongly recommend that you use the Tor browser, so not even my hosting service can determine your identity.

And if you’re into downloading the episode to add it to another device (like an mp3 player with flash memory or a phone which allows you to add your own audio files), then you have a dedicated button for this exact feature. Your privacy is a lot more important to me than my stats on Spotify or Apple Podcasts.

But if you do use Spotify and/or Apple Podcasts, I’d love to read your review of the show!

This episode is sponsored by Vaultoro and Wasabi Wallet

Want to learn more about the values of the two companies? I have recorded episodes with both Joshua Scigala (Vaultoro CEO) and Nopara73 (Wasabi Wallet creator).

If you would like to support the show and you’re into trading hard money like bitcoin, gold, and silver, then sign up to Vaultoro using my referral link. Vaultoro will help you forget about shitcoins and focus on sound money. They also allow you to pick up your gold bars or have them shipped to your address, so you don’t have to trust any custodian with your money. Keep in mind that you are responsible for your own decisions and I am not providing you financial advice.

And if you would like to increase your network and transaction privacy, you should download Wasabi Wallet on your computer. It routes your connection through the Tor network to hide your IP, it downloads block filters so you validate your own transactions locally without appealing to a trusted third party, and it also connects to your own full node to boost your financial sovereignty. Wasabi is best known for its link-breaking CoinJoins, which are giving a hard time even to the EuroPol. Use the wallet to increase your financial sovereignty, but don’t do any illegal stuff – use your financial sovereignty with responsibility (also read the Wasabi terms of service).

Time Stamps of my Interview with Erik Voorhees:

00:00 – 03:05 – Introduction

03:06 – When did Erik Voorhees use the first hardware wallet?

06:49 – KeepKey’s design

07:38 – What were the most popular wallets that OGs were using in the early 2010s?

10:28 – Start9 Labs

13:53 – Mt. Gox, exchange hacks, and the importance of self-custody

17:05 – Do exchanges really insure your bitcoins?

23:18 – Michael Saylor, Elon Musk, Stock to Flow (S2F) & Lending Services Like BlockFi & Celsius

28:07 – The financialization of Bitcoin (ETFs, derivatives) 

32:29 – Why verification matters

35:20 – Mt. Gox YubiKeys influenced the creation of hardware wallets?

36:07 – Using your hardware wallet for U2F/2FA

36:30 – Resetting a KeepKey

37:30 – Dealing with fake KeepKey apps

41:55 – Why Shapeshift acquired the KeepKey

43:07 – What does Erik Voorhees think about the Trezor One and the Trezor Model T?

45:06 – What hardware wallets should do

46:20 – Ledger and why open source matters

47:20 – Is open source socialist?

49:12 – Did Erik Voorhees try the Coldcard, BitBox02 or Jade?

49:30 – Ballet Real vs Pro

50:40 – Mike Caldwell’s extra security steps with the Casascius coins

52:38 – Multisig setups

54:30 – Shamir Secret Sharing

56:40 – Why open source helps software outlive the company that created it

57:30 – What kind of Bitcoin custody advice would Erik Voorhees give his younger self?

1:00:25 – Why should anyone buy a KeepKey hardware wallet instead of something else?

1:01:30 – Does KeepKey work with Electrum and Wasabi?

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

3 Comments

  1. greatwolf Reply

    You should have asked Erik Voorhees regarding the plans on dedicating some development resources into improving and maintaining the firmware and software for keepkey. There are currently a lot of outstanding pull request on their keepkey github repo that hasn’t been reviewed and merged in, including some of mines.

    It seems like support for KeepKey in general has gone downhill ever since KeepKey Jon left the project. I don’t know if he left for real but I have not seen any commits by him for close to a year now.

    The situation has gotten so bad I had to take it upon myself to take their original KeepKey chrome extension client and forked to get it working again. Google is supposedly deprecating Chrome apps in general but I will continue to keep supporting that KeepKey client so long as extension apps continue to work. (You can find my fork here btw: https://github.com/greatwolf/KKClient)

    The second thing you should have asked Erik was regarding the seed extraction vulnerability on KeepKey and Trezor. Just google for Ledge’s Donjon seed extraction if you’re unaware of the issue. The claim is that with ~$100 equipment anyone with a little know-how can extract the PIN and mnemonic seed secret from the device in under 10 minutes.

    Now I know during the interview you did touch on that anyone with physical access to a device given enough time can break into it. But I would expect a hardware wallet device like this to put up more resistance than that especially since it could be securing someone’s lifesaving’s and assets!

    1. Vlad Costea Post author Reply

      Thank you for your comments! These are all legitimate concerns and it’s great that you take it upon yourself to maintain a discontinued application. However, I think that Erik’s reply to the question “Why should anyone buy a KeepKey” is most relevant for the context – the device is an easy and affordable way to gain extra security on the ShapeShift platform. Doesn’t sound like they still compete with Trezor, though I agree with you that they should at least get their firmware updates since it’s all free open source software and the hardware is very similar.

      Last year I’ve also interviewed Jon of ShapeShift (S4 E1), so you can look up that interview if you’re looking for some extra answers. I think I’ve also attached a transcript to make it easy to find the relevant information.

  2. greatwolf Reply

    Also regarding the numerous fake KeepKey apps on the google webstore, a kind of obvious followup question to Erik’s response to users downloading the ‘wrong’ malicious app: why was the KeepKey Official Client not the very first item on the list when searching for it?

    In fact it doesn’t even appear at all when you search for it. If you or anyone else search for KeepKey, you would get the app with the most review, most stars etc. and it’ll show it’s from KeepKey LLC/Shapeshift etc.

    The fake app problem was preciously because Shapeshift didn’t publish the KeepKey Client where it’s searchable on the webstore. The only way to get to it was if you knew the right link to the webstore to begin with. So instead of putting out Shapeshift’s own fake app to warn users about it, maybe they should have just published their real app and have it show up on search as the first choice?

So, what do you think?

Follow Me