Du kannst diesen Artikel auch auf Deutsch lesen.

The reason for using a hardware wallet such as the BitBox02 can be narrowed down to a simple principle: Avoid trusting your smartphone or computer. Because they run many different applications whilst being connected to the internet, they are more susceptible to malware and targeted attacks. This is where the hardware wallet comes into play as an isolated and purpose-built security device. Every critical interaction with your wallet happens directly on the BitBox02, instead of relying on the potentially compromised host device.

However, verifying receive addresses and transactions details on the secure display of the hardware wallet does not automatically remove all trust from the host device. Bitcoin transactions not only require interaction with your wallet itself, but crucially also with other entities you’re receiving money from or sending money to. Exchanging Bitcoin addresses between transaction peers securely can be challenging and is usually out of scope for the hardware wallet. But it doesn’t have to be that way!

Withdrawing securely

Creating and verifying a new receive address on the BitBox02 ensures that an address actually belongs to your wallet. The challenging part is to communicate this verified address to the sender who’s actually going to use it. For example, a compromised host device could manipulate an exchange into withdrawing your bitcoin to an attacker by replacing the correct address with one belonging to somebody else.

This is why the buying integration using Pocket Bitcoin in the BitBoxApp prompts the user to verify their receive address through an independent communication channel, ideally on a third device. This greatly reduces the risk of this rather sophisticated attack method. We already dove deeper into this side of the story in another blog post.

Verifying a withdrawal address “out-of-band” on a third device.

Depositing securely

A similar problem arises when it comes to securely sending bitcoin to someone else. Strictly speaking, it’s exactly the same situation outlined above, just from a different point of view. Let’s look at it through the eyes of the sender now. We will use the example of selling bitcoin on an exchange, as this is the most likely scenario where a user will send large amounts of bitcoin from their wallet to another entity.

To trust or not to trust

To send bitcoin to an exchange, the user requires a deposit address to create the transaction. The exchange knows it sent a correct address to the user, but how does the user know they actually received that same address? All they see is a deposit address inside their browser, on their potentially compromised host device.

Does this address belong to the exchange or an attacker?

In theory, an attacker in control of the host device is able to show any information they want to the user, including a manipulated deposit address. If the user wants to send bitcoin to this malicious address, the hardware wallet has no way of verifying its authenticity, since it came “from the outside world”. This attack is also known as address spoofing.

The inconvenient solution

We already outlined a simple solution to this problem in the very beginning, which is to use a second device. If the user logs into their exchange account on another device, e.g. their smartphone, they can go through the same deposit workflow again to check whether the addresses match up.

This approach comes with a few flaws, though. For one, given it’s a bit cumbersome, users will likely neglect this verification step, especially because they’re not actively prompted to do it like in the buying workflow in the BitBoxApp. Secondly, some exchanges automatically provide a different deposit address whenever the user requests one, rendering a second device useless in the first place.

Of course, it’s also imperfect from a security point of view, since the theoretical possibility of both devices being compromised always remains, for example if the manipulation happens through a fake website accessed by both devices.

Payment requests

Just like Bitcoin uses public and private keys to ensure secure ownership of Bitcoin, we can use public key cryptography to ensure a piece of information really came directly from an exchange. This can be done with payment requests, a standard originally pioneered by Trezor in SLIP-24.

The idea is to register a public key of the recipient, which is the exchange in this example, directly on the hardware wallet itself, out of reach of potential attackers. Using their private key, the exchange can now sign a deposit address, including an amount or even a message, and send the signed request to the user. When creating the transaction, the hardware wallet can now verify that this payment request came directly from the exchange, since it can trust the public key it already knows.

If an attacker tries to manipulate a signed payment request, the verification on the hardware wallet would simply fail and sound the alarm bells, just like a Bitcoin transaction cannot be changed after it has been signed and broadcast.

Ever since the Ritom update, the technical foundation for payment requests is already implemented in the firmware of the BitBox02. Because registering public keys is critical for the security of this feature, it is done carefully by our developers in direct communication with partners and will not be available for users. This way, payment requests on the BitBox02 can be verified and confirmed by the user with confidence.

Selling with Pocket Bitcoin

Together with our partner Pocket Bitcoin, we’re currently working on integrating the option to sell bitcoin directly from the BitBoxApp. Using payment requests, the user will be able to confirm the intention of sending Bitcoin to Pocket directly on the device, instead of manually verifying a deposit address. Because the BitBox02 can verify that a given payment request was signed by Pocket and has not been altered since, the user does not have to worry about sending to the wrong bitcoin address anymore.

When selling Bitcoin with Pocket, the user also provides his banking details, i.e. an IBAN, where the exchanged value will be directly sent in fiat currency. To ensure that Pocket actually received the correct banking details from the user, they are also included in the payment request as a message and shown on the device for confirmation. This means that all relevant information, including…

  • the amount of bitcoin about to be sold
  • the verified recipient of the Bitcoin transaction (e.g. Pocket)
  • the banking details of where the exchanged money will be sent

… can be verified directly on the BitBox02, without having to trust the host device!

Conclusion

The upcoming selling integration in the BitBoxApp not only solves the problem of address spoofing we outlined above, but even improves on the user experience with an intuitive selling workflow and a clear verification process, greatly reducing the risk of manipulation or misunderstandings.

Selling your bitcoin can be a scary venture with large amounts of money being moved around, which is why we’re taking the extra time to implement a solution that holds up to our core principles: Simplicity and security.

Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in a Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!

Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.