Du kannst auch die deutsche Version dieses Artikels lesen.
We get it, securing your own bitcoins can be daunting. But it becomes easier once you understand a few basic principles. Not relying on a third party to safekeep your funds is a paradigm shift, but we believe it’s possible for everyone. In this article, we’ll answer the most common questions we get from people new to the concept of hardware wallets.
Where are my coins actually stored?
Let’s start with the elephant in the room: are my coins stored in the wallet, or where the heck are they? This is a very good question, because the answer defines what your wallet actually needs to protect.
Cryptocurrencies are called like that because they are secured by cryptography. For this purpose, you need a set of digital keys, for example your (very secret) private key. With this key you can encrypt and digitally sign things.
Now let’s take Bitcoin as an example (other cryptocurrencies work in a similar way). The whole Bitcoin network is kept in sync through a shared data structure, the blockchain. It contains records of all the transactions ever made and is publicly available online, so it can be read by anyone. If you receive some bitcoins, let’s say 0.1 BTC, you see them in your Bitcoin wallet, listed under a Bitcoin address.
Your bitcoins are not actually stored in the wallet, they’re just an entry in the public blockchain. What the wallet stores is your secret private key that belongs to that address. Because you control this private key, you can spend these bitcoins: this is how “Bitcoin ownership” is defined. Everybody can see these bitcoins, but only you can spend them, so they are yours. But this also means that *everyone* that has the right private key can spend these bitcoins. This is why it’s very important to keep this key a secret.
What are common threats to my bitcoins?
Bitcoin ownership is defined by having access to the private keys that allows you to spend them, and these keys need to be protected. But against what? What are some common threats to your coins?
Phishing: most common and successful
Did you ever receive an email from a “prince” somewhere, offering you money if you just help him out? That’s an obvious scam. But what if you’re not quite sure how Bitcoin works, and you receive a well-formatted email from your cryptocurrency exchange, asking you to confirm a few things? Be aware! This is called social engineering. It can be very subtle and many people fall for it.
Main takeaway: Never ever disclose your private keys or your wallet backup (a microSD card or 24 recovery words) to anyone, and never enter them on any device that is not a hardware wallet. Don’t trust anyone asking you to do this, even if they claim they’re an exchange or even the hardware wallet manufacturer.
Remote attacks: scale really well
Depending on the source, between 30% and 50% of computers have been infected with malicious software at some point. A virus could monitor your clipboard for Bitcoin addresses and replace them with the attacker's address. It could make your software wallet send your coins somewhere or steal your private keys. The problem with these attacks is that they scale very well: an attacker needs to write the code once, distribute it and then wait for the “rewards” to come in.
Main takeaway: Always assume that your computer or phone is compromised and could steal your coins. It's a similar situation with the wallet you use to store cash in your local currency: the risk is ok for a limited amount for daily use, but you wouldn’t keep your life savings in your back pocket.
Local attacks: take a lot of effort
Someone with physical access to your computer hardware or mobile phone could manipulate it to send out secrets, or they could physically threaten you to hand over your funds. Attacks like that happen, but are rare because they’re very targeted and need a lot of effort and criminal effort. The best prevention against that is to not brag about how many bitcoins you own and enable digital access controls for the devices you use.
Main takeaway: Take privacy seriously and don’t paint yourself a bull’s eye on your back in social media. Protect access to your devices and invest in a hardware wallet if you secure significant amounts.
What makes a hardware wallet secure?
So many attack vectors, but don’t fret. It’s important to understand what we’re up against, so can we come up with adequate protections. The main issue with regular computers or phones is that they’re just too complex to be secure. Any kind of update could undermine your security, and with millions of lines of code it’s impossible to know exactly what’s going on. Building a secure crypto storage on top of that is nearly impossible.
Hardware wallets like the BitBox02, on the other hand, are simple by design. They don’t have an operating system like Windows or MacOS, no background programs running, no “login” functionality. They are made with the sole purpose of protecting your private keys, and never to disclose them. A hardware wallet usually comes with a software companion app, like our BitBoxApp. You should always assume that your computer or phone is already compromised with malware, and with that in mind not even the BitBoxApp on your computer can be trusted. But that’s ok, because the application never learns any secrets.
Whenever you want to use cryptocurrencies, it’s the BitBoxApp that talks to the outside world, but only the BitBox02 hardware wallet does the secret stuff:
- Receiving: if you want to receive crypto, you need to give someone an address to send the coins to. But are you sure that it’s actually your address, and not the address of an attacker, manipulated on your insecure computer by a virus? This is why all receiving addresses need to be verified on the display of the hardware wallet itself. Only the BitBox02 can say for sure if it controls this address.
- Sending: when sending crypto, you need to sign a transaction with your private keys. If these keys are stored on your computer, they can be stolen by a remote or local attacker. You also need to be sure that you sign the right transaction, sending the correct amount to the correct receiving address. This is why the private keys are only stored on the hardware wallet. The BitBoxApp prepares the unsigned transaction and sends it to the hardware wallet. The BitBox02 then shows all details on its secure screen, so you see what you’re about to sign. When you confirm on the device, the transaction is signed directly inside the BitBox02. The signed transaction - which is not secret - is then sent back to the BitBoxApp which sends it out into the world.
So, these are the two important benefits of a hardware wallet:
- It is designed to keep your private keys safe from any unauthorized access, remote or local.
- It lets you independently verify and confirm important information on its secure screen, because your computer or phone screen can be easily manipulated by malware.
Main takeaway: Verify sending and receiving information on your hardware wallet and trust the secure screen of your BitBox02 over what your computer or phone shows.
Can a hardware wallet be hacked?
Yes, of course, everything can be hacked. If someone tells you otherwise, they either don’t understand that information security is a constant battle, or they’re simply lying. But: it’s possible to raise the cost and success rate of getting hacked to a level where it’s no longer feasible for an attacker.
The following security features of the BitBox02 make it one of the most secure hardware wallets. It is very hard to breach, and when doing so there is a high chance of physically destroying it in the process.
- Minimal software
Regular software has millions of lines of programming code and uses many ready-made libraries that are written by others. A secure system must run on minimal software that can be audited line-by-line. The BitBox02 Bitcoin-only edition takes this security principle to the next level: it can only run radically focused firmware for Bitcoin, no altcoins, no other “nice-to-have” features.
- Restrictive communication interface
A hardware wallet must be very strict with answering requests by insecure computers. You can’t “log in” to a hardware wallet or access its memory like a USB thumbdrive. The BitBox02 uses a very restrictive communication protocol, and simply aborts an information exchange if the other side does not follow it exactly.
- Secure hardware
To protect against local attacks, it is essential that a hardware wallet uses hardware especially designed against physical tampering. Without a secure chip, experts can just read out the secrets using specialized equipment. The BitBox02 uses a secure chip specifically built for physical device hardening.
- Secure supply chain
Using a fake and potentially malicious hardware wallet is a serious risk. This is why the BitBox02 is engineered and manufactured in Switzerland, where we oversee the whole production process. The official BitBoxApp is able to detect if the BitBox02 is an original device to prevent users from getting bad clones. And the BitBox02 only runs official firmware signed by Shift Crypto so that nobody can load a malicious firmware on an otherwise real BitBox02 before you get it.
- Inconspicuous looks
Avoiding an attack is always better than defending yourself against it. This is why the BitBox02 does not look very flashy. When viewed from afar, it looks somewhat like a bigger USB thumb drive. And when not powered, you don’t even see that it has a screen.
- Full transparency
The firmware on your hardware wallet has full access to your private keys and could do all sorts of malicious things. This is why the program code must be publicly available for review, and firmware updates need to be created to allow verification that the firmware is actually built from the public source code.
Hardware security is hard, needs a lot of expertise and a humble mindset. We encourage independent security research and reward anyone that finds a vulnerability through our bug bounty program. If the amount you want to secure yourself is significant, a single hardware wallet might not be enough. We will dive more deeply into how to improve your hardware wallet setup security with multi-signature in a follow-up article.
Main takeaway: Nothing is “unhackable”. It’s good to understand what protections are in place, but a good indication of how the manufacturer of security hardware employs a “security mindset” is how open and humble their communication is regarding vulnerabilities, and how quickly these are fixed.
What stops the maker of the hardware wallet from stealing my coins?
So, all is fine and dandy, and your coins are secure. But what stops the manufacturer of your hardware from using a backdoor and just taking your coins? In the case of the BitBox02, how much do you need to trust us?
While a fully “trustless” solution is probably not possible, we do everything we can to minimize your need to trust us:
- All our software code is public: everyone can check how the device operates and how secrets are handled.
- The public program code repository has a full history of all edits: it’s possible to only check all changes since the last release. No need to validate everything every time.
- We produce the firmware releases using “reproducible builds”: anyone can compile the public source code and the result will be the exact same binary firmware, bit by bit.
- Not everyone has the capability to audit program code: we encourage independent researchers to do so and reward them through our bug-bounty program if they find anything. That does not limit their options to publish a full independent report without our permission.
Main takeaway: A wallet handles your secret private keys and needs full access to them. You can and should demand full transparency about how a wallet works and make sure that independent public audits are encouraged.
Our main goal is to empower every Bitcoin and cryptocurrency user, both by building products that keep your funds safe, as well as helping you find the information about how to do that best. Yes, securing your own bitcoins can be daunting, but we’d like to support you in your journey! We designed our BitBox02 and the companion BitBoxApp with exactly this in mind: making you feel comfortable when taking that first step and start using a hardware wallet.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.