- BitBox02’s Packaging and Presentation
- Setting Up the BitBox02
- Send and Receive Transactions on BitBox02
- BitBox02 Advanced Features
- BitBox02 – The Swiss Knife of Hardware Wallets?
In this post we are going to cover:
Plus more... Read on to learn everything you need to know about BitBox02.
Shift Crypto’s BitBox02 hardware wallet is a competitive in-betweener. In a quest to offer the best of both worlds with minimal compromises, the Swiss-made device takes elements from both Trezor and Ledger. The result is an impressive middle ground between open-source transparency and physical security. And to for simplicity purposes, everything works on top of the elegant BitBoxApp.
The comparisons with other devices don’t end here. Internally, the BitBox02 is very similar with the Coldcard Mk3. Both hardware wallets use the ATECC608A secure chip. But unlike the Coldcard, it has a faster 120 MHz microcontroller chip. This makes multisig setups faster and easier to perform.
Furthermore, the onboarding process on the BitBox02 is simple and effortless. You can do the initial setup within a couple of minutes, as your encrypted backup gets stored on the SD card. But to increase your security, you can also get your BIP 39 seed phrase from the BitBoxApp.
In comparative terms, the BitBox02 is the hardware wallet that:
1. follows the open source ethos of Trezor;
2. takes user interface simplicity cues from Ledger;
3. offers physical security like the Coldcard.
The BitBox02 feels like the Swiss army knife of hardware wallets. But now that we’ve compared it with other devices, let’s mention the features that make it unique.
First of all, the input and controls are unlike anything else on the market. The BitBox02 sports touch sensors. These are different from the more common touch screen. The two sides of the device contain these sensors which enable touch gestures. So if you want to input your command, you tap, swipe, or hold with two fingers on both sides.
Secondly, the BitBox02 comes with a male USB-C port. This means that you can connect it to your computer or Android phone without a cable. Nonetheless, included in the package you will also find an extension cable and an adapter to USB-A.
The BitBoxApp also has a few of power user tricks up its sleeve. It allows you to run a full Bitcoin node and also features Tor routing. This means that you get more privacy and security for your transactions in the default app.
Also, the BitBoxApp combines all Bitcoin address types under one menu. This is great for newbies, as they don’t need to differentiate between legacy and bech32. By ticking the “Coin Control” box, you also get to manage UTXOs like a pro. It’s a neat power user feature which boosts your financial privacy in a way that very few wallets do.
Info: The BitBox02's security goes beyond delying on the ATECC608A secure element chip. By employing open source software, it mitigates potential threats. For instance, it encrypts the communication between your hardware wallet and your computer. This is great for your security, as it prevents evil maid and man-in-the-middle attacks.
Since the Monte Rosa update of 2021, the BitBox02 is even more secure. To increase the randomness of your seed phrase, you can now roll the dice. And to avoid leaking your private key through signatures, you also get the anti-klepto protection. The latter feature is unique to the BitBox02 and makes use of research on Schnorr Signatures.
The BitBox02 comes in two versions: Bitcoin-only firmware and multicoin. The latter device supports Bitcoin, Litecoin, Ethereum and pretty much every ERC20 token.
Without further ado, let’s break down every significant detail about the BitBox02.
BitBox02’s Packaging and Presentation
The BitBox02 maintains the minimalistic packaging style of their original Digital BitBox. But this time around, it feels more premium. At first, you’re going to observe that the external carton box is hermetically-sealed. On the edges of this plastic wrapping you can see the Shift Crypto logo. As long as there is no air coming out of the packaging, it means that it’s safe. Through this proprietary plastic wrapping, ShiftCrypto ensures the integrity of the device. It prevents supply chain attacks and guarantees that nobody else opens your BitBox02.
Shift Crypto’s competence also extends to the field of tamper-evident bags. This means that they know a thing or two about securing the integrity of packages. So it’s great that they combine this extra qualification of theirs to make the BitBox02 more secure. Before you proceed with the installation, you should always check the packaging. Unless you find the box sealed with the proper packaging, don’t use the device inside.
Beyond this security bag, you’re going to find a double-layered carton box. You slide the cover sideways to reveal the elegant black box that’s inside. Notice that the materials are friendly with the environment and easy to recycle. Open the black box and you will find a crash course in the 3 basic gestures that you use to operate the BitBox02. The device has no physical buttons, so you will have to tap, slide, and hold with two fingers.
Next up, pull the first layer of the box towards you. Inside, you will find the BitBox02 hardware wallet, a Sandisk 8GB SD card, and a USB-C to USB-A adapter. The bottom layer is a large pocket where you find accessories and stickers. The most useful two are the USB-C extension cable and the manual which helps you get started. Other goodies include three rubber pulls for your keychain, and a bunch of stickers.
Info: Unlike the Trezor and the Ledger, you won’t find any cards or sheets of paper to write down your BIP39 seed phrase. It’s because ShiftCrypto opts for a simplified onboarding process. This quick setup makes the SD card backup the default way to get started. You can choose to back up via seed phrase later from the BitBoxApp.
Also notice the white carton space which connects the two inner modules. It says you should visit the shiftcrypto.ch/start webpage to proceed with your setup. The URL takes you to a page which helps you download BitBoxApp for your operating system. This is where the situation is getting more serious.
Setting Up the BitBox02
To use your BitBox02 hardware wallet, you must download the BitBoxApp. It’s available for Windows, Mac OS, Linux, and Android. Even if you plan to use the device with Wasabi or Electrum, you should first install the firmware updates. So in the beginning, the BitBoxApp is a must-install.
As soon as you plug your BitBox02 and run the app, you learn the three gestures: tap, slide, and hold. These controls have a futuristic feeling and also offer privacy benefits.
To type letters, you touch one of the 3 spots which select columns. So to pick one of the 26 letters of the alphabet you perform 3 taps. For the letter A, you select the left column 3 consecutive times. For the letter B, you tap twice on the left column and once on the middle column. You get the drill. The average seed requires lots of taps on the device. So it becomes impossible to track fingerprints. Identifying patterns will give potential hackers a very hard time. Plus you can wipe the surface with a piece of cloth to remove all evidence.
This input method takes some time for accommodation. At first it’s slower than the Trezor Model T touch screen or the rubbery physical buttons on the Coldcard. But it’s still faster than the two-button Ledger design. Once you get used to tapping, swiping, and holding on the BitBox02, it becomes fun.
Advice: Create a password to unlock the device, and also update the firmware. This initial setup takes about 2 minutes and you will find it very simple. But you must be aware that your backup gets stored in the micro-SD card. This is great and convenient, but you should not rely on electronic storage.
SD cards can deteriorate over time and become unreadable. Depending on weather conditions and temperature, this can heppen sooner or later. So to avoid data corruption issues, you should also write down your seed phrase.
To do this, go to the “Manage Device” menu on the left hand side. Then under the “Secrets” tab, click on “Show Recovery Words”. BitBoxApp will display a warning message to deter you from leaking the BIP 39 seed phrase. Never take pictures of it, store it in digital format, or read the words out loud. As soon as you understand the privacy procedures, click “Confirm”.
In the next section, you must write down the 24 seed words in the correct order. After you finish, you will have to confirm every word on the device’s screen. But instead of typing them, you must choose the correct ones from a list. Once you’re done with the verification, you can also put the words on your Billfodl. This way, your backup can withstand all sorts of natural and man-made hazards such as fires and floods.
Send and Receive Transactions on BitBox02
On the BitBoxApp, all the magic happens in the “Accounts” section on the left hand side. You pick your cryptocurrency (Bitcoin, Litecoin, or Ethereum) and click on it. Then you can check your balance, or send, receive, or buy coins. Another interesting option is to export your transaction history to an Excel file.
When you check your balance, you can view it both in its crypto form and in fiat. At first you can interchange between USD, EUR, and CHF. But if you want to add another currency, go to the “Settings” menu and select it from the list.
The BitBox02 allows you to send transactions in two different ways. The first one involves an automatic selection of UTXOs. But to improve your privacy, you should go to the “Settings” menu and select “Enable Coin Control”. You will find it in the “Expert Settings” panel, but it’s quite easy to use. Once activated, you will select from which pocket of your wallet you want to send the coins. This way, the recipient will not know how many coins you have in the other pockets (UTXOs).
An integral part of sending transactions is picking the correct fee. By default, the wallet picks the fee for you and seeks to have your transaction confirmed faster. But if you know what you’re doing, you can enable custom fees from the settings menu. After this, you should check a service such as mempool.space. According to your time preference and budget, think about the right fee and set it manually.
As is the case with all hardware wallets, you must confirm the transaction on your device’s screen. So double check the sending address by swiping the surface to scroll through it. And once you’re sure that the address and the amount are right, you can do the confirmation. You confirm by performing the “hold” gesture with two fingers on opposite sides of the BitBox.
Receiving transactions on the BitBox02 is also unique. The BitBoxApp uses your public key to generate 20 new receiving addresses. So when you decide to receive funds, you pick one of them. In the case of Bitcoin, you also choose between SegWit and bech32.
Info: Before you copy the address, you should also use the "Show and verify full address on device" feature. It's important that the two addresses correspond. It proves that you're not involved in a phishing attack and that your software works well.
ShiftCrypto also lets you buy coins from the BitBoxApp interface. For this purpose, they partnered with MoonPay. While the method is convenient, the fees don’t make it the best way. Also, MoonPay is a KYC service that will ask you for a national ID and a picture. So be aware that this is not a very private or affordable service to buy bitcoins. Yet it’s very useful for users who want to save time and energy.
BitBox02 Advanced Features
Under the “Expert Settings” menu, the BitBox02 offers 5 useful options. The first one is “Enable custom fees”, which helps you save on transaction fees. I’ve already described it in the previous section, so I’ll move on. If you know what you’re doing, this option should be on.
The second expert setting is coin control. This enables you to manage UTXOs (pockets from your wallet). Whenever you send a transaction, you can choose the UTXO (pocket). This is useful for privacy, as the recipient will only know about the funds that you choose to send.
So let’s say you have 3 UTXOs of 1 BTC, 0.5 BTC, and 0.01 BTC. You want to send 0.005 BTC. To perform this task, it would be wise to choose your third UTXO. This way, the person receiving the payment will only know that you own 0.001 BTC and have no idea about the other UTXOs.
The third expert setting allows you to have separate accounts by address type. So for Bitcoin, you can have separate tabs for SegWit and bech32 addresses. This can help you save on fees, but otherwise is not as game-changing as the others.
The fourth expert setting lets you enable Tor proxy. This is great for network-level privacy. It’s what more advanced wallets like Wasabi have by default. One minor issue with BitBoxApp is that you must type the address of the Tor proxy. 127.0.0.1:9150 or 127.0.0.1:9050 should work well and boost your privacy. This way, it will be harder for ShiftCrypto to identify your device by IP address.
The fifth expert setting is both the most important and the most difficult to use. “Connect your full node” will help you follow the “Don’t trust, verify” ethos of Bitcoin. The only issue is that the Bitcoin Core client you run on your PC won’t suffice. For this integration, you need to run an Electrum server and connect to its endpoint. To transform your instance of Bitcoin Core into an Electrum server, follow this guide.
Once you’re set, paste the end point host and port into the first box. Then paste your server’s certificate in the second box. Click “Download remote certificate” so BitBoxApp can update with your node info. Then check the connection by pressing the “Check” button. If everything goes well, click on the “Add” button and restart BitBoxApp. Next time you open the software, you’re running it on sovereign mode.
Info: The BitBox02 features more advanced features, but they run in the background. You have the anti-klepto certificates to prevent private key leakage. Then there's the encrypted connection between the computer and hardware wallet. And when you first set up the wallet, you also get cool features such as rolling the dice to add entropy.
On top of it all, everything described in this section works on the BitBoxApp mobile app. ShiftCrypto believes in the power of mobile devices and targets this market segment. Their attempt is successful, as the male USB-C connector makes everything simple. Most Android devices these days have the USB-C port, so the process should be seamless.
BitBox02 – The Swiss Knife of Hardware Wallets?
The BitBox02 is definitely an unique device which brings great and affordable security. From a hardware perspective, it’s like a Coldcard. From a software perspective, it’s a lot like a Ledger – but more open source. And from a security research perspective, it holds its own against the Trezor.
It can be an impressive first hardware wallet for newbies and a mighty tool in the hands of pros. And the fact that you can use it on both computers and Android phones makes it more attractive.
By purchasing a BitBox02 you also support a lot of useful security research. ShiftCrypto’s open source work helps all devices become more secure. So the company’s presence on the market has merits and benefits of its own.
Advice: Make sure you don't trust too much in the SD card backup, though. Save your BIP 39 words and have them written on a Billfodl.
What is BitBox02?
The BitBox02 is a hardware wallet.
Who does develop BitBox02?
It is developed and manufactured in Switzerland by Shift Crypto AG, a privately held company based in Zurich.
What coins does the BitBox02 Bitcoin-only edition support?
The BitBox02 Bitcoin-only edition exclusively supports Bitcoin.
What coins does the BitBox02 Bitcoin-Multi edition support?
The BitBox02 Multi edition supports Bitcoin, Litecoin, Ethereum and ERC-20 tokens.
Can I use BitBox02 with a phone?
Yes, you can use BitBox02 with Android phones.
Can I use multiple BitBox with the same BitBoxApp?
Yes, you can. You can use BitBoxApp with multiple BitBox02. The different BitBox02 devices can contain different wallets.
Which devices and operating systems are supported by BitBox02?
BitBox02 supports Windows (Windows 7, Windows 10), MacOS (10.13+), Debian GNU/Linux (Stretch and Buster), Ubuntu (16.04+), Fedora (26+), Android (5.0+).
Can I unplug my BitBox02 while a transaction is 'pending'?
Yes, you can. The transaction has been signed and sent into the network but it has not yet been included in the blockchain.