You might wonder how you can be sure that the device you use is an original BitBox02. Indeed there have been instances of other hardware wallet customers finding fake devices in their mailbox in the past.

As our customer’s security is our highest priority, we’ve addressed this risk in a simple, yet effective way.

Attack methods

The supply chain

To get into your wallet, an attacker might not shy away from spending a lot of money and time. If they expect to steal a lot of money, even making a fake BitBox02 might seem viable to them.

The typical way for such an attack to occur would be the first delivery of the device, as deliveries are usually less secure than having the device in your home or in our production facility. An attacker could replace an authentic BitBox02 with one that looks the same, but in reality is controlled by the attacker.

The evil maid

Another method of attack is what’s considered an “evil maid” attack. Here, someone who has physical access to your hardware wallet, for example a maid, switches your device out with a fake one, after you set up the real device.

When you try to unlock the fake device, it records your password and sends it to the maid, who already has your genuine BitBox02. She can now unlock your wallet and steal your coins.

The mitigation

Attestation check

To mitigate fake devices and evil-maid attacks, we sign a public key generated on the secure chip of each device during the factory setup using our own private key.

The BitBoxApp verifies the challenge is signed by a certified attestation key

When you connect the BitBox02 to the host device, the BitBoxApp automatically checks that it is connected to an authentic device produced and programmed by Shift Crypto with a challenge-response mechanism.

The BitBoxApp sends the BitBox02 a challenge (random number) that needs to be signed by the attestation key on the device. The attacker does not have access to the root attestation keys, since they are in Shift Crypto’s possession, and therefore are unable to create a certificate for the public key on the device. In addition, the secure chip on the device is designed to prevent extracting the device attestation key. An attacker would need either the root attestation key or device attestation key to pass the challenge-response mechanism.

The BitBoxApp automatically performs an authenticity check before you unlock your device.

If the device does not provide this signed response and certificate, the BitBoxApp will display a big red warning notifying you that your BitBox02 is not authentic.

What to look out for

All this built-in security only helps if you know how the basics of a hardware wallet works. In most real cases supply chain attacks are much simpler than those described in this blog post.

There have been instances with other hardware wallets where people would receive a device that they think is an authentic hardware wallet but in fact would act like a flash storage device. The user would then be instructed to open a program stored on the flash storage and install it on their computer. This program is malicious and asks the user for their seed phrase. If a user does not know any better, they might fall for it. Remember, there is never a reason to enter your hardware wallet seed phrase on your computer or phone!

That's why we also offer our customers free tutorial emails as well as paid onboarding calls when ordering the BitBox02. That way they can make sure they get the information about how to use the device from the original manufacturer.

Can someone send me a fake hardware wallet?
If someone sends you a fake wallet, the software on your computer should recognize it as such. By simply following the official instructions, you can make sure not to fall for fake devices.

How can I prevent falling for a malicious cold wallet?
To make sure you are using an authentic hardware wallet, get familiar with how to use it and only follow the official instructions provided to you by the original manufacturer.

What should I do if I receive a fake hardware wallet?
If you think you received a tampered device, immediately contact the manufacturers support and ask for further confirmation. Do not set up the wallet or send money to it.

Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!

Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.