Maros Hluska

Why You Should Avoid GreenAddress Bitcoin Wallet

Lost your 2FA token and have money trapped in a GreenAddress wallet? Join us in Slack.

1. Centralized / Shared Control of Money

This is a multisig wallet where GreenAddress signs outgoing transactions. The end result is that they have full control over your funds. Also, if the GreenAddress backend goes down, you won't be able to access your funds either (I've been locked out of my account for several days in the past).

I want to stress that GreenAddress is a Malta-based company. If you're a US citizen, you're entrusting your funds to a private offshore company with no regulatory oversight from your home country. This might sound fine in the beginning until your funds are frozen. I go into more detail about my personal horror story below.

From bitcoin.org:

This wallet is loaded from a remote location. This means that whenever you use your wallet, you need to trust the developers not to steal or lose your bitcoins in an incident on their site. Using a browser extension or mobile app, if available, can reduce that risk.

Instead of GreenAddress, I recommend you just generate your own mnemonic using Ian Coleman's BIP39 tool. The tool is open-sourced on GitHub and actively maintained. The mnemonic can be used to generate Bitcoin addresses and that single phrase is really all you need to receive Bitcoin. It also gives you absolute control over your money. You just need to safeguard the mnemonic.

If you need a full-fledged wallet, I recommend using Electrum. The mnemonic mentioned above can also be imported into Electrum. Electrum offers ease of use but suffers from none of the centralization issues that GreenAddress does.

2. No support for Bitcoin Cash

If you had put money into your GreenAddress wallet before the recent fork, you're shit out of luck on claiming your BCH because they officially don't support it.

However, there seems to be a third-party recovery tool for extracting Bitcoin Cash.

3. Confusing UX can lead to trapped funds

It's relatively easy to get your wallet into a state where anyone can send money in but no money can ever leave the wallet. I'll show you how.

Disclaimer: this exact thing happened to me and I've been fighting with GreenAddress for two years to recover my funds. If you have any ideas on how I can make it happen or want to just call me an idiot, don't be afraid to get in touch.

Let's pretend you're a new user creating a new wallet. You land on the main webpage and click "Create New Wallet":

Step 1

Copy your mnemonic and click "Continue":

Step 2

Fill in the mnemonic words on the confirmation screen:

Step 3

This is just the standard signup flow so far. Now set up two-factor authentication using Google Authenticator. Intentionally disregard setting up email as a two-factor authentication method because every other app you've ever used relies on Google Authenticator or Authy (this is where you made a serious mistake, read on):

Step 4

Set up a pin:

Step 5

Now suppose you upgrade your Android OS so that your Google Authenticator seeds get nuked (a fairly common scenario). Then you let a long amount of time pass and forget that you ever set up two-factor auth on the wallet. Then you log in after months of inactivity and get a friend to send money into the wallet.

At this point, I want to point out something important:

So you happily instruct your friend to send money into the wallet. Once the transfer is confirmed, you try to send some money out.

Then you realize how utterly fucked you are. You remember that the wallet has two-factor auth enabled and you no longer have the token:

Step 8

Then you do some reading and realize GreenAddress has an nLockTime feature for funds recovery. Except using it requires having an email address associated with the wallet! The only 2FA recovery method that works with nLockTime is the email recovery method.

Step 9

So you try to add an email address. Of course, that requires providing the Google Authenticator token that you don't have:

Step 10

Then you try emailing GreenAddress to help you recover your money, but they tell you that they can't verify your identity because you never associated an email address with the account.

So the UX issue boils down to treating email as an optional two-factor method alongside Google Authenticator. Calling it a two-factor method discourages actually using it because most apps in the wild don't follow that pattern. Also, not requiring the two-factor method to login but requiring it for sending out money encourages a scenario where funds can become perpetually trapped.

Searching their subreddit for "lost 2FA", we find countless posts with the same issue:

I've learned two lessons from this nightmare:

  1. Do not use Google Authenticator for 2FA. Use an app that has recoverable seeds such as Authenticator Plus. The seeds will survive an OS upgrade. I am not affiliated.
  2. Do not use a centralized wallet service that can control your funds.

If you're in the same situation, consider filing two complains:

Here's a rough template for your complaint:

I created a GreenAddress Bitcoin wallet on <date>. I enabled Google Authenticator two-factor authentication on the wallet immediately. On <date>, I had a friend send <amount> bitcoins into the wallet (after logging into my wallet account to verify that it was still active). However, later when I attempted to move the bitcoins out of the wallet, I discovered that I was restricted as the Google Authenticator on my mobile device was not communicating with the wallet.

Edit: GreenAddress seems to have silently changed their Terms of Service some time after my 2FA issue cropped up, adding GreenAddressIT Ltd takes no responsibility for … Financial loss due to lost or inaccessible two factor authentication (2fa) mechanisms.