BitBox02 Review 2022
BitBox02 is the second hardware wallet from the Swiss company Shift Cryptosecurity AG. This time there are two editions that share the same hardware but differ by the software. One edition provides support for different cryptocurrencies while the other minimizes the attack surface and only supports Bitcoin.
Both editions of the hardware wallet Bitbox02 can currently be ordered at a price of 109,00 € (click here to check the current price) directly from the manufacturer.
Hardware Wallets should preferably be ordered directly from the manufacturer or official resellers if possible. Dubious stores or private sellers on platforms like ebay or amazon could manipulate the devices for their own purposes or trick the buyer. This way, the thieves can steal all the coins from your hardware wallet at a later time. Unfortunately, there have already been such cases in the past.
The difference lies only in the software. In addition to Bitcoin, the Multi Edition also supports other, more well-known cryptocurrencies such as Ethereum or Litecoin. It is also possible to use the Multi edition for universal 2-factor authentication. U2F provides the ability to securely log in to online accounts using BitBox02 as a physical security key. This is deliberately missing from the Bitcoin-only edition, because they want to keep the attack surface for hackers as low as possible.
Scope of Delivery
The carton is shipped in a plastic bag welded in. You should check beforehand whether it is intact and does not appear to be damaged. If the vacuum bag is damaged or cut open, looks different or the grey pattern is missing on one of the four sides, you should not use the device and contact the manufacturer.
The BitBox02 is shipped with extensive accessories. In addition to the hardware wallet itself, it includes an 8GB microSD card, a USB-C to A adapter, a USB-C extension cable, tapes for the hardware wallet and a quick start guide with stickers. Everything was really thought of here, so that you can start directly.
The Digital Bitbox looks like a small, inconspicuous USB stick with USB-C port with a size of 45x24x8 millimeters. On both sides there is a small Digital Bitbox logo and on the bottom there is an eyelet for the ribbon and a slot for a microSD card. Touch sensors are hidden on both sides, which react to typing, swiping and holding gestures.
Set up BitBox02
Never use a hardware wallet that is already set up. You must choose your own PIN code or password and do the backup yourself. This is not given by anyone!
As described in the Quick Start Guide, you first download the BitBox app. These can be found on shiftcrypto.ch/start for all common operating systems. Now you insert the microSD card into the BitBox02 and connect it to the computer or smartphone on which the BitBox app is installed. Then simply follow the instructions of the software and perform the setup. This includes an update of the firmware and later also the setting of a device password. You can create a new account or import an existing one. The latter is quick and easy if the account has previously been created with a BitBox and the backup is on the SD card. But also accounts of external hardware wallets can of course be restored.
When you play this YouTube video, data is transmitted to Google.
After creating an account, a backup is automatically saved on the SD card. After backup, it is recommended to keep the micro-SD card separate from the BitBox, unless you want to manage the backups. It is important to store the SD card securely, as the backup is not protected by a password. This gives everyone with access to the SD card also access to the cryptocurrencies Later you can also display the recovery key in the form of 24 words in the settings.
Because you don’t necessarily have to write down the backup yourself, but it is stored on the SD card, the setup is really quick and convenient. Also the easy handling makes the process easy.
Controlling the BitBox02
The control of the BitBox02 has been fundamentally revised. For example, there is no longer just a touch button like its predecessor, but five sensors on each side that react to touch. This allows you to use typing, swiping and holding gestures to type words or sign transactions. Feedback is displayed directly on the integrated display. The touch gestures work very reliably and are really fun with the hardware wallet The display always remains clearly visible and the visual feedback fits perfectly with the gestures.
Handling the BitBox app
The software has also been fundamentally revised and is now the new standard for both the predecessor BitBox01 and BitBox02.
The software is clear and well structured. For each page there is a help area that you can open. This provides answers to the most frequently asked questions specifically for the current screen.
There are also additional features for experienced users. For example, it is possible to activate Coin Control. This adds a privacy-enhancing feature by choosing which unspent transaction spending (UTXO) you want to use for a transaction. Other features such as TOR support, your own full-node support or the selection of Bitcoin/Litecoin transaction formats (Legacy, Segwit, Bech32) are added. The MultiSig option no longer exists.
The BitBox02 can be used on all major operating systems:
Since not all PCs have USB-C ports yet, an adapter is included. Mobile use is also planned, for Android the version is currently still in beta.
The following cryptocurrencies are currently supported by the Multi Edition, with continuous work on further coins:
- ERC-20 Tokens
Documentation and Support
The BitBox02 comes with a quick start guide that explains the first steps of setup and the gestures of touch control. In addition, there is an extra help sectionfor all products from Shift Cryptosecurity AG, which leads one step by step through all topics. Everything is explained, from unpacking and setup to the exact functions and, if necessary, with videos and screenshots. All articles are written in English.
However, if a question remains unanswered, there is a contact form in the help section or you can also reach the team by e-mail.
Shiftcrypto itself says that they have developed both the hardware and firmware of the BitBox02 from scratch, based on all the insights they have gained from the BitBox01.
A hardware wallet is the most secure way to store cryptocurrencies. This is because these devices store the private keys that provide access to your cryptocurrencies. Only a hardware wallet can effectively protect private keys through numerous security measures. Even though all hardware wallets are considered very secure, there are small differences between each model. In addition, even with a hardware wallet, it cannot be 100% ruled out that a hacker can extract information with physical access with great effort.
Security features include securely verifying transactions, receiving addresses, and other data on the built-in screen by acknowledging gestures (tap, swiping, and holding). The password is also entered directly on the device instead of in the BitBoxApp. You no longer have to pair a smartphone with the hardware wallet like the BitBox01 to see what you’re actually signing.
To avoid brute force attacks, a monotonous counter in the secure chip limits the total number of attempts on device password inputs. The BitBox02 only accepts firmware signed by Shift Cryptosecurity. The boot loader prevents firmware downgrades and the installation of firmware for another output of BitBox02 (multi or bitcoin only). The encrypted seed is stored on the microcontroller unit (MCU), which is protected by both the secure chip and the device password chosen by the user. The BitBox02 uses multiple entropy sources to generate the seed.
The firmware of the BitBox02 is open source. Each device is authenticated at the factory setup, and the BitBoxApp checks the authenticity of your device each time. USB communication between the app and the device is encrypted to protect against malicious USB cables and software stacks.
In the BitBox02 threat model the company discloses in detail what attack options exist and what measures they have taken against it.
FAQ 10Ask your own question
That is not a problem. You can restore your accounts to a new hardware wallet using the recovery key you wrote down when you set it up.
Yes, an Internet connection is required to synchronize the hardware wallet, send transactions and retrieve the last exchange.
- backup and restore with a microSD card at any time
- own native software client
- possibility to create hidden wallets
- subtle design avoids unwanted attention
- completely open source.
- display on the device for secure transaction verification
- secure password and seed entry via the device
Use the principle of plausible deniability. When you activate the optional passphrase function, you will be prompted for a passphrase after entering the BitBox password. This option can be used to derive different wallets. This means each passphrase opens a different wallet.
Warning! Coins deposited on a wallet derived from a passphrase can only be restored from the backup if the passphrase option is enabled and the same passphrase text is entered. This is an advanced feature for experts.
Most wallets support more than just one cryptocurrency, but only generate one backup. Nevertheless, this one backup is sufficient to restore all cryptocurrencies as all private keys of the different wallets result from the seed that is backed up as a backup during setup.
Hardware Wallets such as the Ledger Nano X, TREZOR Model T, BitBox02 or KeepKey all work according to the same principle. They are a special form of a so-called wallet, which is used to manage cryptocurrencies. A hardware wallet is a physical device that securely and inisolationly generates the private keys to the cryptocurrencies. Due to the extra hardware, they have some advantages over software wallets:
- Private keys are often stored in a protected area of a microcontroller and cannot be transferred out of the device in clear text.
- Hardware wallets are immune to computer viruses that steal from software wallets.
- They can be used securely and interactively, private keys never need to come into contact with potentially vulnerable software.
- The software is in most cases open source, so that the user or professionals can validate the entire operation of the device.
However, it is important to understand that hardware wallets are an attractive target for attackers and depend on several assumptions to maintain security. They are not a miracle weapon, and there are several realistic ways to hack a hardware wallet Especially if someone has physical access to the device.
The BitBox app is also available in different languages. You can change the language in the bottom right corner of the software during setup. The firmware of the hardware wallet is only available in English. But the text that is displayed directly on the hardware wallet is not very extensive.
A new cryptocurrency is rarely supported directly by a hardware wallet at the beginning. However, most providers such as Ledger or TREZOR are constantly working to support new cryptocurrencies. Therefore, it is often worth waiting until the desired currency is supported by your hardware wallet.
Are my cryptocurrencies stored in the hardware wallet, or where exactly are they? This is a very good question because the answer defines what your wallet actually needs to protect.
Cryptocurrencies are so named because they are secured by cryptography. For this you need a set of digital keys, for example your (very secret) private key. With this key you can encrypt and digitally sign things.
Let’s take Bitcoin as an example (other cryptocurrencies work in a similar way). The entire Bitcoin network is kept up to date by a common data structure called the blockchain. It contains records of all transactions ever made and is publicly accessible online, so anyone can read it. When you receive some bitcoins, say 0.1 BTC, you see them in your bitcoin wallet, listed under a bitcoin address.
At the same time, the bitcoins are not actually stored in the wallet, they are just an entry in the public blockchain. What the wallet stores is your secret private key that belongs to that address. Since you control that private key, you can spend those Bitcoins again: that’s how “Bitcoin ownership” is defined. Anyone can see these bitcoins, but only you can spend it, so they are yours. But that also means that *anyone* with the right private key can spend those bitcoins. Therefore, it is very important to keep this key secret.
What stops the manufacturer of your hardware from using a backdoor and simply stealing your cryptocurrencies? How much do you have to trust hardware wallet manufacturers?
While a completely “trustless” solution is probably not possible, manufacturers are doing everything they can to minimize the need to trust them.
Most of the software code of many hardware wallet manufacturers is open source, i.e. publicly available. Anyone can check how the device works and how secrets are handled. Of course, not everyone has the ability to review code: that’s why independent researchers are often encouraged to analyze, and are often rewarded by bug bounty programs when they find something. This does not limit their ability to publish a full independent report without permission.
The essentials to go: A wallet manages your secret private keys and requires full access to them. You can and should demand full transparency about how a wallet works and ensure that independent public audits are encouraged.
Ask your question about the product. The question will be published here together with the answer after a few days. You will be notified by e-mail.
|Cryptocurrencies||Bitcoin, Cardano, Ethereum, Litecoin, ERC-20 Tokens|
|Input Options||Touch Buttons|
|Platform||Windows, Linux, Mac, Android|
|FIDO U2F Authenticator|
User Reviews 3