Description
Security On Every Level
BitBox Hardware Wallets began in 2015, and every enhancement and security improvement has led to the BitBox02 – Multi available today. The BitBox02’s hardware and software were built from the ground up, prioritizing security, with multiple external security teams reviewing its design and implementation.
All BitBox products are Swiss made and developed by our team of Bitcoin core developers and crypto native experts. You can help protect your financial sovereignty with the security features listed below.
Firmware & Software Security
Dual Chip Security Architecture
A miniature computer (aka a microcontroller chip) inside the BitBox02 allows running open-source security code that is available from high-quality publicly-vetted repositories. A separate secure chip, the ATECC608B hardens access to your wallet in multiple ways. We pioneered the “dual chip” security concept in the original BitBox. Learn more about how it works in the BitBox02 by reading this blog article.
Wallet Seed Storage
Three secrets are needed to access the encrypted wallet seed stored on the microcontroller. For a thief to gain access to a wallet, they must get all these pieces of data: a random secret on the secure chip, a random secret on the microcontroller, and a random secret not on the device – your device password. The secure chip mitigates against a thief brute forcing (aka guessing many times) a simple password. Learn more by reading the Blog Article mentioned above.
Open-Source
Hide nothing by Open Sourcing everything, including the firmware on the BitBox02, the BitBoxApp, and x rays of the hardware, schematics.
Secure Bootloader
The BitBox02 accepts only firmware signed by Shift Crypto. The bootloader prevents firmware downgrades and installing firmware for a different edition of the BitBox02 (Multi or Bitcoin-only). The bootloader can also display the hash of the firmware before running it for binary transparency.
Device Authenticity Check
Each BitBox02 is loaded with a secret attestation key during factory setup. This means the BitBox App or any wallet it connects to can check if the BitBox02 is a genuine device every time you use it.
Wallet Seed Generation
To add redundancy and fail safes, the BitBox02 uses five sources of randomness (aka entropy) to generate the wallet seed instead of a single source. Each source is cryptographically combined such that the overall entropy is at least as strong as the strongest of all, not the weakest of all. This mitigates against attacks even when four of the sources are compromised, or even when all five sources are compromised if they are compromised by more than one party. The entropy sources are:
- A true random number generator on the secure chip
- A true random number generator on the microcontroller
- A static random number set during factory installation and unique to each BitBox02
- Host entropy provided by the app running on your computer, e.g. from /dev/urandom
- A cryptographic hash of the device password
The latter two are completely independent of the BitBox02.
Reproducible Builds
Don’t trust, verify! The BitBox02 firmware is reproducible, meaning anyone can compile the open-source firmware themselves and verify that the binary is exactly the same as the official release. You can find instructions and more details on how the reproducible builds work on our Github .
We also gather signatures from the community asserting the correctness of our releases.
Physical Protection
Secure Display
The BitBox threat model assumes your computer can be compromised and should not be trusted. Therefore, securely verify transactions, receive addresses and other data using the built-in screen and touch confirmation (tap, slide and hold). Enter your password directly on the device instead of in the BitBox App.
Secure Chip
As a fallback to avoid brute force attacks if the 10-attempt limit imposed by the microcontroller is somehow bypassed by a thief, a monotonic counter in the secure chip limits the total attempts of device-password entries. In addition, password stretching increases the amount of time needed to test each possible password, making such attacks infeasibly difficult.
Epoxy Potting
A specialized solvent-resistant epoxy is applied over the microcontroller and secure chip to completely encapsulate it. Once dry, the epoxy bonds the chips to the casing of the BitBox02. If the casing is opened to access the chips, the chips will be physically ripped off the PCB, thus destroying the BitBox02.
Breaking Pins
The glue used to attach both halves of the BitBox02 casing is specially chosen to create a permanent bond between the pins of the top casing and the pin holes of the bottom casing. An attempt at separating both halves of the casing will physically break the pins. Two halves can no longer cleanly re-attach, thus making it obvious to the user that the BitBox02 has been opened.
Wallet Backup
Instant MicroSD Card Backup
Backing up the seed to a microSD card ensures that you won’t lose funds by accidentally writing down the wrong words. Furthermore, you do not need to watch out for hidden cameras or wondering eyes watching you set up your wallet.
Instantly Verify Backup At Anytime
This feature promotes people to check their backups more often since it is easy to do. In addition, you can make new backups at any time, either on another microSD card or by viewing the seed words.
View Recovery Words After Setup
In addition to the microSD card backup, you still have the option to display and write down your 24 recovery words after re-entering the device password.
Security Audit & Bug Bounty Program
External Security Audit
The BitBox02 firmware was audited by Census Labs along with consulting done by multiple third-party security firms.
Bug Bounty Program 🏴☠️
We take security reports very seriously: we run a bug bounty program and encourage independent researchers to audit our device and responsibly disclose any findings.
Privacy Features
Encrypted USB Channel
All USB communication between the BitBox02 and the host computer is encrypted using the noise protocol. Any malware sniffing the USB bus cannot decipher what communication is happening between the host and the BitBox02.
User Data Not Stored On Servers
When making a transaction using the BitBox02 and BitBoxApp, no personal identifiable data (such as an IP address) or transaction data is stored on our servers. We offer an option to connect to your own Bitcoin full node such that your financial history can remain private.
Advanced Features
Secure Multisig/Multisig Account Registration
We found that almost all hardware wallet multisig setups are insecure and are likely vulnerable to remote theft or ransom attacks. The main issue is they either skip over or incorrectly implement xpub verification. We believe the BitBox02 is the only hardware wallet to have correctly implemented multisig safely since the beginning.
Here is a Blog Post written by our lead engineer on the issues with Multisig, how other hardware wallet vendors implemented them insecurely (and are still insecure now) and how the BitBox02 fixes them.
Show Firmware Hash Before Boot
This optional feature allows you to verify that you are using the correct firmware every time you plug in the device.
Create Your Own Wallet With Your Own Entropy
An optional feature that lets you create your own seed without the use of the BitBox02 random number generation. For example, a user could roll dice to generate a wallet and then import it into BitBox02. See how in this Article .
Anti-Klepto
The BitBox02 is the first hardware wallet that offers protection against the nonce covert channel attack, by supporting a protocol called anti-klepto. This attack can leak a private key via malicious transaction signatures. This Blog Post explains how the BitBox02 protects you against leaking private keys. We wrote the Original Pull Request to the Bitcoin Core repository that made this possible.
Threat Model
The BitBox02 security features reduce the attack surface, which means attackers have fewer options to steal your private keys and your coins.
Covering all possible scenarios is not trivial, there are situations where the security threats are harder to define. This is why we’ve published a threat model, where we explain what the BitBox02 protects your funds against.