BitBox02 Review 2020
BitBox02 is the second hardware wallet from the Swiss company Shift Cryptosecurity AG. This time there are two editions that share the same hardware but differ by the software. One edition provides support for different cryptocurrencies while the other minimizes the attack surface and only supports Bitcoin.
Hardware wallets should preferably be ordered directly from the manufacturer or official resellers.
Dubious shops or private sellers on platforms such as ebay or amazon could manipulate the devices for their purposes or trick the buyer. This way the thieves can steal all coins from your hardware wallet at a later time. Unfortunately, there have been such cases in the past.
The difference lies only in the software. In addition to Bitcoin, the Multi Edition also supports other, more well-known cryptocurrencies such as Ethereum or Litecoin. It is also possible to use the Multi edition for universal 2-factor authentication. U2F provides the ability to securely log in to online accounts using BitBox02 as a physical security key. This is deliberately missing from the Bitcoin-only edition, because they want to keep the attack surface for hackers as low as possible.
Scope of Delivery
The carton is shipped in a plastic bag welded in. You should check beforehand whether it is intact and does not appear to be damaged. If the vacuum bag is damaged or cut open, looks different or the grey pattern is missing on one of the four sides, you should not use the device and contact the manufacturer.
The BitBox02 is shipped with extensive accessories. In addition to the hardware wallet itself, it includes an 8GB microSD card, a USB-C to A adapter, a USB-C extension cable, tapes for the hardware wallet and a quick start guide with stickers. Everything was really thought of here, so that you can start directly.
The Digital Bitbox looks like a small, inconspicuous USB stick with USB-C port with a size of 45x24x8 millimeters. On both sides there is a small Digital Bitbox logo and on the bottom there is an eyelet for the ribbon and a slot for a microSD card. Touch sensors are hidden on both sides, which react to typing, swiping and holding gestures.
Set up BitBox02
Never use a hardware wallet that is already set up. You must choose your own PIN code or password and perform the backup yourself. This is not given by anyone!
As described in the Quick Start Guide, you first download the BitBox app. These can be found on shiftcrypto.ch/start for all common operating systems. Now you insert the microSD card into the BitBox02 and connect it to the computer or smartphone on which the BitBox app is installed. Then simply follow the instructions of the software and perform the setup. This includes an update of the firmware and later also the setting of a device password. You can create a new account or import an existing one. The latter is quick and easy if the account has previously been created with a BitBox and the backup is on the SD card. But also accounts of external hardware wallets can of course be restored.
When you play this YouTube video, data is transmitted to Google.
After creating an account, a backup is automatically saved on the SD card. After backup, it is recommended to keep the micro-SD card separate from the BitBox, unless you want to manage the backups. It is important to store the SD card securely, as the backup is not protected by a password. This gives everyone with access to the SD card also access to the cryptocurrencies Later you can also display the recovery key in the form of 24 words in the settings.
Because you don’t necessarily have to write down the backup yourself, but it is stored on the SD card, the setup is really quick and convenient. Also the easy handling makes the process easy.
Controlling the BitBox02
The control of the BitBox02 has been fundamentally revised. For example, there is no longer just a touch button like its predecessor, but five sensors on each side that react to touch. This allows you to use typing, swiping and holding gestures to type words or sign transactions. Feedback is displayed directly on the integrated display. The touch gestures work very reliably and are really fun with the hardware wallet The display always remains clearly visible and the visual feedback fits perfectly with the gestures.
Handling the BitBox app
The software has also been fundamentally revised and is now the new standard for both the predecessor BitBox01 and BitBox02.
The software is clear and well structured. For each page there is a help area that you can open. This provides answers to the most frequently asked questions specifically for the current screen.
There are also additional features for experienced users. For example, it is possible to activate Coin Control. This adds a privacy-enhancing feature by choosing which unspent transaction spending (UTXO) you want to use for a transaction. Other features such as TOR support, your own full-node support or the selection of Bitcoin/Litecoin transaction formats (Legacy, Segwit, Bech32) are added. The MultiSig option no longer exists.
The BitBox02 can be used on all major operating systems:
Since not all PCs have USB-C ports yet, an adapter is included. Mobile use is also planned, for Android the version is currently still in beta.
The following cryptocurrencies are currently supported by the Multi Edition, with continuous work on further coins:
- ERC-20 Tokens
Documentation and Support
The BitBox02 comes with a quick start guide that explains the first steps of setup and the gestures of touch control. In addition, there is an extra help sectionfor all products from Shift Cryptosecurity AG, which leads one step by step through all topics. Everything is explained, from unpacking and setup to the exact functions and, if necessary, with videos and screenshots. All articles are written in English.
However, if a question remains unanswered, there is a contact form in the help section or you can also reach the team by e-mail.
Shiftcrypto itself says that they have developed both the hardware and firmware of the BitBox02 from scratch, based on all the insights they have gained from the BitBox01.
A hardware wallet is the safest way to store cryptocurrencies. Because on these devices the private keys are stored, which represent the access to your cryptocurrencies. Only a hardware wallet can effectively protect private keys with numerous security measures. Even though all hardware wallets are considered to be very secure, there are small differences between the individual models. Furthermore, even with a hardware wallet, it cannot be 100% excluded that a hacker with physical access can extract information with great effort.
Security features include securely verifying transactions, receiving addresses, and other data on the built-in screen by acknowledging gestures (tap, swiping, and holding). The password is also entered directly on the device instead of in the BitBoxApp. You no longer have to pair a smartphone with the hardware wallet like the BitBox01 to see what you’re actually signing.
To avoid brute force attacks, a monotonous counter in the secure chip limits the total number of attempts on device password inputs. The BitBox02 only accepts firmware signed by Shift Cryptosecurity. The boot loader prevents firmware downgrades and the installation of firmware for another output of BitBox02 (multi or bitcoin only). The encrypted seed is stored on the microcontroller unit (MCU), which is protected by both the secure chip and the device password chosen by the user. The BitBox02 uses multiple entropy sources to generate the seed.
The firmware of the BitBox02 is open source. Each device is authenticated at the factory setup, and the BitBoxApp checks the authenticity of your device each time. USB communication between the app and the device is encrypted to protect against malicious USB cables and software stacks.
In the BitBox02 threat model the company discloses in detail what attack options exist and what measures they have taken against it.
FAQ 7Ask your own question
That is not a problem. You can restore your accounts to a new hardware wallet using the recovery key you wrote down when you set it up.
Yes, an Internet connection is required to synchronize the hardware wallet, send transactions and retrieve the last exchange.
- backup and restore with a microSD card at any time
- own native software client
- possibility to create hidden wallets
- subtle design avoids unwanted attention
- completely open source.
- display on the device for secure transaction verification
- secure password and seed entry via the device
Use the principle of plausible deniability. When you activate the optional passphrase function, you will be prompted for a passphrase after entering the BitBox password. This option can be used to derive different wallets. This means each passphrase opens a different wallet.
Warning! Coins deposited on a wallet derived from a passphrase can only be restored from the backup if the passphrase option is enabled and the same passphrase text is entered. This is an advanced feature for experts.
Most wallets support more than just one cryptocurrency, but only generate one backup. Nevertheless, this one backup is sufficient to restore all cryptocurrencies as all private keys of the different wallets result from the seed that is backed up as a backup during setup.
Hardware Wallets such as the Ledger Nano X, TREZOR Model T, BitBox02 or KeepKey all work according to the same principle. They are a special form of a so-called wallet, which is used to manage cryptocurrencies. A hardware wallet is a physical device that securely and inisolationly generates the private keys to the cryptocurrencies. Due to the extra hardware, they have some advantages over software wallets:
- private keys are often stored in a protected area of a microcontroller and cannot be transmitted in plain text from the device
- immune to computer viruses stealing from software wallets
- can be used securely and interactively, private keys never need to touch potentially vulnerable software
- the software is open source in most cases, so that the user can validate the entire operation of the device.
However, it is important to understand that hardware wallets are a high-quality goal and depend on various assumptions that apply to maintaining security. They are not a miracle weapon, and there are several realistic ways to hack a hardware wallet Especially if someone has physical access to the device.
The BitBox app is also available in different languages. You can change the language in the bottom right corner of the software during setup. The firmware of the hardware wallet is only available in English. But the text that is displayed directly on the hardware wallet is not very extensive.
Ask your question about the product. The question will be published here together with the answer after a few days. You will be notified by e-mail.
|Platform||Windows, Linux, Mac, Android|
|Cryptocurrencies||Bitcoin, Ethereum, Litecoin, ERC-20 Tokens|
|Input Options||Touch Buttons|
|Supported Coins||4 Coins|
|FIDO U2F Authenticator|
User Reviews 1