Poor UX can lead to trapped funds
It's relatively easy to get your wallet into a state where anyone can send money in but no money can ever leave the wallet. I'll show you how.
Let's pretend you're a new user creating a new wallet. You land on the main webpage and click "Create New Wallet":
Copy your mnemonic and click "Continue":
Fill in the mnemonic words on the confirmation screen:
This is just the standard signup flow so far. Now set up two-factor authentication using Google Authenticator. Intentionally disregard setting up email as a two-factor authentication method because every other app you've ever used relies on Google Authenticator or Authy (this is where you made a serious mistake, read on):
Set up a pin:
Now suppose you upgrade your Android OS so that your Google Authenticator keys get nuked (a fairly common scenario). Then you let a long amount of time pass and forget that you ever set up two-factor auth on the wallet. Then you log in after months of inactivity and get a friend to send money into the wallet.
At this point, I want to point out something important:
- You were able to log into the wallet without being prompted for your 2-factor token so you have no idea two-factor auth is enabled
- The wallet did not notify you about a possibly stale two-factor auth configuration even though months have passed
- The wallet never notified you that an email address is not associated with the account
So you happily instruct your friend to send money into the wallet. Once the transfer is confirmed, you try to send some money out:
Then you realize how utterly fucked you are. You remember that the wallet has two-factor auth enabled and you no longer have the token:
Then you do some reading and realize GreenAddress has an nLockTime feature for funds recovery. Except using it requires having an email address associated with the wallet:
So you try to add an email address. Of course, that requires providing the Google Authenticator token that you don't have:
Then you try emailing GreenAddress to help you recover your money, but they tell you that they can't verify your identity because you never associated an email address with the account.
So the UX issue boils down to treating email as an optional two-factor method alongside Google Authenticator. Calling it a two-factor method discourages actually using it because most apps in the wild don't follow that pattern. Also, not requiring the two-factor method to login but requiring it for sending out money encourages a scenario where funds can become perpetually trapped.
Disclaimer: this exact thing happened to me and I've been fighting with GreenAddress for over a year to recover my funds. If you have any ideas on how I can make it happen or want to just call me an idiot, don't be afraid to get in touch.
If you're in the same situation, consider filing two complains:
- Office of the Arbiter for Financial Services against GreenAddressit Limited
- California Department of Business Oversight against parent company Blockstream
Here's a rough template for your complaint:
I created a GreenAddress Bitcoin wallet on <date>. I enabled Google Authenticator two-factor authentication on the wallet immediately. On <date>, I had a friend send <amount> bitcoins into the wallet (after logging into my wallet account to verify that it was still active). However, later when I attempted to move the bitcoins out of the wallet, I discovered that I was restricted as the Google Authenticator on my mobile device was not communicating with the wallet.
No support for Bitcoin Cash
If you had put money into your GreenAddress wallet before the recent fork, you're shit out of luck on claiming your BCH because they officially don't support it.
If the GreenAddress backend goes down, you won't be able to access your funds because they control your private key (I've been locked out of my account for several days in the past). Also, if a fork happens, you may not reap the benefits of the fork as in the Bitcoin Cash case.