When storing cryptocurrency, the most important thing to protect is your private keys. Whoever controls these keys controls your funds.
Hardware wallets are specifically designed to keep these keys safe. Instead of storing private keys on an internet-connected device such as a computer or smartphone, a hardware wallet stores them in a dedicated device built for security.
Unlike regular computers, hardware wallets are intentionally simple and built with one purpose: securely managing and signing cryptocurrency transactions.
Hardware wallets are designed with the assumption that your computer or smartphone may already be compromised. The device therefore protects your private keys even if the connected computer cannot be trusted.
If you want to learn more about possible attack scenarios and risks, see also:
Can a hardware wallet be hacked?
What are private keys?
Private keys are secret cryptographic numbers that prove ownership of your cryptocurrency.
Whoever controls the private keys can send or spend the associated funds on the blockchain.
Protecting these keys is therefore the central security goal of any cryptocurrency wallet.
Hardware wallets are specifically designed to protect private keys by keeping them isolated from internet-connected systems.
Why private keys must stay offline
Regular computers and smartphones are complex systems running millions of lines of code. Because of this complexity, they can potentially be affected by:
- malware
- malicious browser extensions
- compromised applications
- software vulnerabilities
If private keys are stored on such devices, attackers may be able to steal them.
Hardware wallets solve this by keeping private keys isolated inside the device, where they cannot be accessed by other software.
How a hardware wallet protects your keys
Hardware wallets protect your funds through two fundamental principles.
Private keys never leave the device
Private keys are generated and stored directly inside the hardware wallet.
When sending cryptocurrency:
- The BitBoxApp (our companion application) prepares an unsigned transaction.
- The transaction is sent to the hardware wallet.
- The hardware wallet signs the transaction internally.
- The signed transaction is returned to the BitBoxApp (our application) and broadcast to the network.
At no point are the private keys exposed to the computer or the internet.
Independent verification on the device screen
A compromised computer could manipulate information shown on the screen.
For example, malware could replace a receiving address with the attacker’s address.
Hardware wallets prevent this by displaying important information directly on the secure device screen, including:
- receiving addresses
- transaction amounts
- transaction destinations
You should always verify these details on the hardware wallet itself before confirming a transaction.
Always trust the hardware wallet screen over what your computer or phone displays.
Security architecture of BitBox hardware wallets
Modern hardware wallets combine multiple layers of security. BitBox devices are designed using a layered approach that protects private keys even if one component fails.
The BitBox02 and BitBox02 Nova include several security mechanisms.
Dual chip security architecture
Inside the BitBox02 there are two chips:
- a microcontroller running the open-source firmware
- a secure chip protecting critical secrets
This dual-chip architecture strengthens protection against physical and software-based attacks.
Encrypted wallet seed storage
The wallet seed is encrypted and protected by multiple secrets:
- a secret stored on the secure chip
- a secret stored on the microcontroller
- your device password
All three are required to unlock the wallet seed.
In addition, the seed is kept encrypted in memory and only decrypted briefly when required.
Whenever you want to use cryptocurrencies, it’s the BitBoxApp that talks to the outside world, but only the BitBox02 hardware wallet does the secret stuff:
Defense in depth - encrypting the BitBox02’s seed in RAM
Secure firmware verification
The BitBox only accepts firmware signed by Shift Crypto. The secure bootloader prevents:
- installation of unauthorized firmware
- firmware downgrades
- installation of firmware from another edition
Users can also display the firmware hash before boot for additional verification.
Device authenticity check
Each BitBox device contains a unique attestation key created during manufacturing.
When connecting the device, the BitBoxApp verifies that the hardware wallet is genuine.
This ensures that the device was manufactured by BitBox.
Secure wallet seed generation
The wallet seed is generated using multiple independent sources of randomness, including:
- hardware random generators
- factory-installed entropy
- host-provided randomness
- a cryptographic hash of the device password
Combining several entropy sources protects against failures or manipulation of individual components.
Reproducible firmware builds
BitBox firmware is reproducible, meaning anyone can compile the firmware from the open-source code and verify that it matches the official release.
BitBoxSwiss / bitbox02-firmware
Independent projects such as WalletScrutiny regularly verify the reproducibility of BitBox firmware.
Open-source transparency
BitBox firmware, the BitBoxApp, and hardware schematics are published as open source.
This allows independent researchers and security experts to review the code and verify the implementation.
Physical security protections
Hardware wallets also include mechanisms that protect the device against physical attacks.
Secure display
Because computers cannot always be trusted, the BitBox includes a secure screen and touch confirmation system.
This allows you to independently verify:
- addresses
- transaction details
- critical security actions
Secure chip protection
The secure chip enforces limits on password attempts and increases the difficulty of brute-force attacks.
Password stretching further increases the time required to attempt password guesses.
Epoxy protection
Sensitive components inside the device are protected with security-grade epoxy to make invasive hardware attacks significantly more difficult.
Tamper-evident casing
The casing is designed so that opening the device breaks internal pins, making tampering visible.
Secure wallet backup
Your hardware wallet itself is not the only backup of your funds.
Your wallet can always be recovered using your recovery words (seed phrase).
BitBox hardware wallets provide multiple backup options:
Instant microSD card backup
The BitBox can create an encrypted backup directly on a microSD card. This reduces the risk of writing down recovery words incorrectly during setup.
Verify backups at any time
Backups can be verified easily, encouraging users to periodically confirm that their backup works.
Display recovery words when needed
You can also display and write down your recovery words later by entering your device password.
Anyone who gains access to your recovery words can access your funds.
Store them securely and never share them.
Security transparency and audits
Security improvements are an ongoing process.
The BitBox02 firmware has undergone external security audits and the project runs an active bug bounty program encouraging researchers to responsibly disclose vulnerabilities.
Privacy protections
BitBox devices also include features designed to protect user privacy.
Encrypted USB communication
Communication between the hardware wallet and the computer is encrypted using the Noise protocol.
No personal data stored on servers
When using the BitBoxApp, personal or transaction data is not stored on BitBox servers.
Users can also connect the BitBoxApp to their own Bitcoin full node:
Connecting the BitBoxApp to your own full node (Tor, TLS & Privacy Explained)
Summary
Hardware wallets improve cryptocurrency security by combining multiple layers of protection:
- private keys stored offline
- independent transaction verification on the device
- secure firmware and hardware design
- strong backup systems
- transparent open-source development
These protections make hardware wallets one of the most secure ways to store cryptocurrency.
If you are interested in the potential risks and limitations, see also:
Can a hardware wallet be hacked?
FAQ
Yes. Hardware wallets store private keys inside a dedicated device isolated from internet-connected systems.
Why does a hardware wallet have its own screen?
The screen allows you to verify addresses and transaction details directly on the device before approving a transaction.
What happens if my hardware wallet is lost or damaged?
Your funds are not stored on the device itself. They can be recovered using your recovery words (seed phrase) on another compatible wallet.
Why are recovery words so important?
Recovery words are the backup of your wallet. Anyone who has access to them can restore your wallet and access your funds.
Can malware steal my private keys from a hardware wallet?
A hardware wallet is designed so that private keys remain on the device and are not exposed to the connected computer.
Why is open-source important for hardware wallet security?
Open-source code allows independent researchers and security experts to review the implementation. This transparency helps detect and fix vulnerabilities.
Where can I learn more about BitBox security?
You can find a broader overview of BitBox protections here:
BitBox security features
If you want a more advanced explanation of attack assumptions, scope, and countermeasures, see:
BitBox threat model