We’re happy to announce the third Enjin Wallet update — bringing advanced blockchain gaming features, new supported games, and the results of an extensive security audit.

The most secure mobile blockchain wallet now supports sending and melting of ERC-1155 assets, as well as two new games: Blockchain Cuties and Axie Infinity.

An extensive Enjin Wallet security audit and penetration test has also been completed by the ORU.hr security team, which found no issues that could be used to compromise the wallet or the cryptographic keys stored in the system.

Update Summary

🔥 ERC-1155 sending and melting support
🐶 ERC-721 support for Blockchain Cuties
👾 ERC-721 support for Axie Infinity
🔒 Security audit report

ERC-1155 Melting & Sending

The Enjin Wallet is not just a cryptocurrency wallet—it’s a user-facing blockchain control panel.

With this latest update, our original promise of value-backed digital goods has been brought to life.

The full blockchain asset life cycle of minting, owning, sending, receiving, and melting can now be completed.

If you’re lucky enough to own gaming items from War of Crypto and/or CryptoFights, you can now use the Enjin Wallet to send those assets to others and melt them back into Enjin Coin (ENJ).

The concept of backing virtual items with a material of value is very important, not only to guarantee the value of virtual items, but also to curb hyperinflation of the growing digital asset economy by setting a standard control over production and issuance.

When something is made of nothing, how much can it really be worth?

Here’s a real-world analogy: an 18-carat gold ring is considered fine jewelry and therefore worth disproportionately more than an ordinary 9-carat gold ring, despite only having twice as much gold per unit.

During their pre-sales, War of Crypta and CryptoFights proved that an item with a high amount of ENJ backing is always more desirable than an item with a minuscule amount.

We believe this will become a common occurrence within the realm of digital assets—and one of many soon-to-be industry standards developed by Enjin.

New Use Cases

This update completes the support infrastructure for what I believe is the most powerful form of digital asset in the world: ERC-1155 tokens.

Remember: anything that can be owned can be an ERC-1155 asset, whether it’s completely unique, mass produced, or both.

Every customer-facing business can benefit from using this powerful form of digital item that can be sent, swapped, sold, and owned forever—all facilitated by the most advanced blockchain wallet in the world.

The games market brings in $137 billion per year, which is massive.

The retail market brings in $24 trillion per year, which is just ridiculous.

We have the capability right now to start minting blockchain assets for retail purposes. In fact, War of Crypto and CryptoFights have technically already done so.

Retail Collectibles

Are you looking for a way to endear customers to your brand?

Have you dreamt of creating an asset that lives permanently in your customer’s back pocket?

What if a customer could come to your store and present that asset to a staff member to receive a discount—would they come back more often? And what if that asset could eventually be integrated into games, websites, and apps?

Doesn’t that idea blow your mind?

An automated retention process like this could deliver extraordinary results in boosting repeat business, and we aim to gather solid data around the benefits of this use case over the coming months.

Certificates of Authenticity

While products can be faked, blockchain assets cannot.

Blockchain-based certificates of authenticity offer peace of mind to customers.

Customers can use the EnjinX explorer to see exactly how many of their items exist on the blockchain and rest assured that the product they purchased is the real deal.

One could argue that a bad actor could on-sell a fake item with a real token. However, they could only do so once, as opposed to currently being able to replicate products infinitely.

Discounts & Credits

Stored in their owner’s secure blockchain address, these types of discounts and credits have a deeper emotional impact because people can trade, transfer, lend, and share them freely.

This also opens up the potential for new business through referrals.

Branded blockchain assets are also:

  • Convenient: Physical vouchers are very easy to forget, lose, and discard—but if they’re on your customer’s phone, they are always available and easily accessible when needed.
  • Accepted Everywhere: Blockchain-based promotional materials are cross-platform compatible, which means supporters will eventually be able to redeem them in person, on websites, in apps, or via any internet-enabled device.

But the key benefit to branded, blockchain-based promotional materials assets is that you can utilize the Enjin Wallet to securely send and receive them.

This means you will no longer need to spend a fortune on creating new apps, websites, or platforms to offer your customers a personalized digital experience.

ERC-721 Support: Blockchain Cuties

Meticulously designed and beautifully animated, Blockchain Cuties features a diverse choice of cryptographic pet tokens you can collect, level up, breed, and test their skills in battle.

The game features a competitive multiplayer mode with roll-the-dice battles in which winners receive wearable or consumable items as prizes.

Our development team worked with Blockchain Cuties to deliver a seamless, satisfying experience for their users, enabling them to keep a colorful myriad of their Blockchain Cuties assets in the Enjin Wallet, as well as to send their Cuties to other players.

The Blockchain Cuties team is also busy designing an Enjin-themed Cutie to be launched in about a month.

ERC-721 Support: Axie Infinity

Inspired by the idea of Pokémon and Tamagotchi, Axie Infinity is a decentralized game that introduces players to adorable fantasy creatures known as Axies.

These creatures have powerful potential beyond their cute appearance. The game allows players to breed, raise, battle, and even trade Axies in the marketplace.

The Axie Infinity team sold its first batch of Axies on February 16, raising about 900 ETH ($650,000). At the time, it was one of the top three highest grossing ETH games of all time.

Now, Axie Infinity players can manage (keep/send) their Axies in a secure, usable crypto-collectible vault—the Enjin Wallet.

Security Audit and Penetration Test

Developing good products takes time and effort.

Producing great products takes time, effort, and innovation.

Creating revolutionary products? That takes an almost irrational amount of dedication, experimentation—and testing.

While we’ve conducted countless in-house security tests of the Enjin Wallet, we had to be absolutely sure that it is indeed impenetrable. It’s not just our company’s reputation at stake here, but also valuable blockchain-based assets held by hundreds of thousands of Enjin Wallet users.

And the stakes are even higher when you look into the future, as we believe the Enjin Wallet will become the default crypto-gaming vault used by tens, if not hundreds of millions of gamers around the world.

The best way to make sure your stuff works is to hire someone to try and break it — which is precisely what we did by having the ORU security team throw everything they’ve got at one of our flagship products.

The result?

“Our finding is that the overall security posture of the wallet application and the backend API is solid for the required risk profile and that the software is developed according to current security best practices which are required for a product that warrants a high level of security.

We found no issues that could be used to compromise the wallet or the cryptographic key stored in the system in the scope of our penetration test.”
Security Review: Enjin Crypto Smart Wallet

ORU Information Security | September 2018

Here are a few highlights from the report, demonstrating that our innovative security measures work as intended:

Sensitive input cannot be cached or copied to clipboard

"Production APK showed that all sensitive inputs use the Enjin Secure Keyboard. All manual tests we performed for caching of input or copying input to the clipboard failed."

App overlay detection

“We’ve wrote a custom user and system app which simulates a malicious app that overlays the screen and collects user taps on the screen, which would enable an attacker to collect a wallet password. When opening the wallet, Enjin Wallet app detected a screen overlay and did not proceed until the screen overlay was shut down.”

No ability to take screenshots when making backup

“On the production APK we’ve tried both taking screen captures and recordings. Regular user screenshots are blocked with a notification, but captures that run from an ADB shell are not blocked. Upon inspection of the made recordings, no app content was seen in the recordings, instead, only a black screen was shown on both image and video.”

No sensitive information found in memory

“We’ve conducted tests by dumping the application memory when performing sensitive actions (wallet unlock, wallet backup, …) and searching for sensitive information such as passwords, cryptographic keys, etc. via the Android Profiler. We found no occurrences of sensitive information in memory dumps.”

Cryptographic material is stored in Android Keystore

“Reverse engineered source code showed that all cryptographic key material is stored in the Android Keystore. This means that cryptographic operations are never done through the application process and keys may be bound to a Trusted Execution Environment of the device. We’ve tried to fetch the keys by using a custom piece of malware we developed and moving it to a system app after discovering the alias of the key in the Android Keystore. None of the apps (user or system) were able to fetch the cryptographic material."

We believe the Enjin Wallet’s superior features — speed, security, and usability — will result in it becoming the default cryptocurrency wallet for blockchain traders, hodlers, and gamers.

Don’t believe us?

Check it out and see for yourself.