BitBox hardware wallets began in 2015, and every enhancement and security improvement has led to the BitBox02 available today. The BitBox02's hardware and software were built from the ground up, prioritizing security, with multiple external security teams reviewing its design and implementation.
All of our products are Swiss made and developed by our team of Bitcoin and crypto experts. You can help protect your financial sovereignty with the security features listed below.
A miniature computer (aka a microcontroller chip) inside the BitBox02 allows running open-source security code that is available from high-quality publicly-vetted repositories. A separate secure chip, the ATECC608B hardens access to your wallet in multiple ways. We pioneered the "dual chip" security concept in the original BitBox. Learn more about how it works in the BitBox02 by reading this blog article.
Three secrets are needed to access the encrypted wallet seed stored on the microcontroller. For a thief to gain access to a wallet, they must get all these pieces of data: a random secret on the secure chip, a random secret on the microcontroller, and a random secret not on the device - your device password. The secure chip mitigates against a thief brute forcing (aka guessing many times) a simple password. Learn more by reading the blog post mentioned above.
Hide nothing by open sourcing everything, including the firmware on the BitBox02, the BitBoxApp, and x rays of the hardware, schematics.
The BitBox02 accepts only firmware signed by Shift Crypto. The bootloader prevents firmware downgrades and installing firmware for a different edition of the BitBox02 (Multi or Bitcoin-only). The bootloader can also display the hash of the firmware before running it for binary transparency.
Each BitBox02 is loaded with a secret attestation key during factory setup. This means the BitBoxApp or any wallet it connects to can check if the BitBox02 is a genuine device every time you use it.
To add redundancy and failsafes, the BitBox02 uses five sources of randomness (aka entropy) to generate the wallet seed instead of a single source. Each source is cryptographically combined such that the overall entropy is at least as strong as the strongest of all, not the weakest of all. This mitigates against attacks even when four of the sources are compromised. The entropy sources are:
The latter two are completely independent of the BitBox02.
Don't trust, verify! The BitBox02 firmware is reproducible, meaning anyone can compile the open-source firmware themselves and verify that the binary is exactly the same as the official release. You can find instructions and more details on how the reproducible builds work on our Github .
We also gather signatures from the community asserting the correctness of our releases.
Contribute and sign the bitbox02-firmware
In addition, the reproducible build is regularly tested by WalletScrutiny, a community project which aims to improve the security of Bitcoin wallets.
Read WalletScrutiny's analysis on reproducing the BitBox02 firmware
The BitBox threat model assumes your computer can be compromised and should not be trusted. Therefore, securely verify transactions, receive addresses and other data using the built-in screen and touch confirmation (tap, slide and hold). Enter your password directly on the device instead of in the BitBoxApp.
As a fallback to avoid brute force attacks if the 10-attempt limit imposed by the microcontroller is somehow bypassed by a thief, a monotonic counter in the secure chip limits the total attempts of device-password entries. In addition, password stretching increases the amount of time needed to test each possible password, making such attacks infeasibly difficult.
A specialized solvent-resistant epoxy is applied over the microcontroller and secure chip to completely encapsulate it. Once dry, the epoxy bonds the chips to the casing of the BitBox02. If the casing is opened to access the chips, the chips will be physically ripped off the PCB, thus destroying the BitBox02.
The glue used to attach both halves of the BitBox02 casing is specially chosen to create a permanent bond between the pins of the top casing and the pin holes of the bottom casing. An attempt at separating both halves of the casing will physically break the pins. Two halves can no longer cleanly re-attach, thus making it obvious to the user that the BitBox02 has been opened.
Backing up the seed to a microSD card ensures that you won't lose funds by accidentally writing down the wrong words. Furthermore, you do not need to watch out for hidden cameras or wondering eyes watching you set up your wallet.
This feature promotes people to check their backups more often since it is easy to do. In addition, you can make new backups at any time, either on another microSD card or by viewing the seed words.
In addition to the microSD card backup, you still have the option to display and write down your 24 recovery words after re-entering the device password.
The BitBox02 firmware was audited by Census Labs along with consulting done by multiple third-party security firms.
We take security reports very seriously: we run a bug bounty program and encourage independent researchers to audit our device and responsibly disclose any findings.
All USB communication between the BitBox02 and the host computer is encrypted using the noise protocol. Any malware sniffing the USB bus cannot decipher what communication is happening between the host and the BitBox02.
When making a transaction using the BitBox02 and BitBoxApp, no personal identifiable data (such as an IP address) or transaction data is stored on our servers. We offer an option to connect to your own Bitcoin full node such that your financial history can remain private.
We found that almost all hardware wallet multisig setups are insecure and are likely vulnerable to remote theft or ransom attacks. The main issue is they either skip over or incorrectly implement xpub verification. We believe the BitBox02 is the only hardware wallet to have correctly implemented multisig safely since the beginning.
Here is a blog post written by one of our engineers on the issues with multisig, how other hardware wallet vendors implemented them insecurely (and are still insecure now) and how the BitBox02 fixes them.
This optional feature allows you to verify that you are using the correct firmware every time you plug in the device.
An optional feature that lets you create your own seed without the use of the BitBox02 random number generation. For example, a user could roll dice to generate a wallet and then import it into BitBox02. See how in this article .
The BitBox02 is the first hardware wallet that offers protection against the nonce covert channel attack, by supporting a protocol called anti-klepto. This attack can leak a private key via malicious transaction signatures. This blog post explains how the BitBox02 protects you against leaking private keys. We wrote the original pull request to the Bitcoin Core repository that made this possible.
The BitBox02 security features reduce the attack surface, which means attackers have fewer options to steal your private keys and your coins.
Covering all possible scenarios is not trivial, there are situations where the security threats are harder to define. This is why we've published a threat model, where we explain what the BitBox02 protects your funds against.