Phishing and scam attempts targeting BitBox users have become increasingly sophisticated. Fraudulent emails, fake websites, phone calls, and impersonation messages are designed to look professional and trustworthy — but their goal is always the same: to trick you into revealing sensitive information or taking unsafe actions.
This guide explains how to recognize phishing attempts, avoid common scam tactics, and understand what to do if you encounter a suspicious message, call, or website claiming to be related to BitBox.
The most important rule to protect your funds
If you remember only one thing, remember this:
Never enter your wallet backup (your recovery words) anywhere except directly on your BitBox02 hardware wallet.
Any message, website, or call requesting your recovery words is a scam. Entering them anywhere else immediately puts your funds at risk.
Additionally:
- Never unlock your BitBox02 when connected to an unknown or untrusted application
- Only use the official BitBoxApp or software you intentionally installed
Unlocking your BitBox02 while connected to a malicious application can put your funds at risk — even if you never share your recovery words.
Understanding why “your BitBox account is compromised” is a scam
BitBox does not operate accounts in the traditional sense.
When using a BitBox02, your wallet is not stored with Shift Crypto. Instead, it exists on the blockchain and is controlled exclusively by:
- Your BitBox02 device
- Your recovery words
Shift Crypto does not have access to:
- Your recovery words
- Your private keys
- Your PIN or passphrase
This means:
- We cannot access your funds
- We cannot move or block your funds
- We cannot “freeze” your wallet
- We cannot determine whether your wallet is “compromised”
We also cannot know:
- How many wallets you have created
- How you manage or store your backups
Learn more about what data is shared and how to improve your privacy:
Any message claiming your “BitBox account is compromised” or that “suspicious activity was detected” is not legitimate.
There is no scenario where Shift Crypto needs you to:
- Confirm a device via email or website
- Verify or sync your wallet online
- Provide recovery words, PINs, passwords, or screenshots
Your wallet security is fully controlled by you.
Common phishing and scam tactics impersonating BitBox
Scammers repeatedly reuse the same techniques. Being familiar with these patterns makes them much easier to identify.
Urgent security warnings
Messages or calls may claim things like:
- “Unusual activity detected”
- “Your wallet is in danger”
- “Immediate action required”
- “Your funds will be frozen”
These are designed to create panic and pressure you into acting quickly.
BitBox does not send urgent security alerts that require immediate action via email, phone calls, or messages.
Requests to verify, sync, or restore your wallet
Scam websites or callers may claim you must:
- Verify ownership
- Sync your wallet
- Restore access
- Complete a security check
These actions are designed to lead to a request for your recovery words.
There is no legitimate reason to ever enter or speak your recovery words. This is always malicious.
Fake websites that look almost identical
Phishing websites often copy:
- Layout, logos, and colors
- Text from official pages
- Product images
The difference is usually the domain name, not the design.
Suspicious attachments or downloads
Some phishing emails include:
- PDF invoices
- ZIP files
- “Security updates”
- Unexpected order confirmations
BitBox does not send unsolicited attachments asking you to open or install software.
Do not open unexpected attachments, even if the email appears professional.
Clear warning signs of phishing attempts
Before clicking, responding, or engaging, check for these red flags:
- Pressure, urgency, or threatening language
- Unexpected contact, especially if you did not initiate the conversation
- Links that do not clearly lead to BitBox
- Requests for sensitive information, such as recovery words, PINs, passwords, or screenshots
Hover over links before clicking. If unsure, open a new browser tab and type the address manually.
Why you may receive phishing emails or calls
Receiving a phishing message or call does not mean your BitBox, wallet, or device has been compromised.
Phishing campaigns are typically sent in bulk using publicly available contact data, information from unrelated third-party breaches, or random dialing and messaging attempts.
Attackers usually do not know whether you actually own a BitBox.
For background on scam emails and how to identify them, see:
What BitBox will never do
Knowing what is guaranteed not to happen makes scams easier to spot:
- BitBox will never ask for recovery words
- BitBox will never request PINs or passwords
- BitBox will never ask you to verify or sync wallets online
- BitBox will never contact you first by phone
- BitBox will never send you unsolicited direct messages on Telegram, social media, or forums
If someone contacts you first and claims to be BitBox support, this is not legitimate.
Official and controlled BitBox domains
While phishing awareness goes beyond domain checking, verifying the website address is still an important step.
BitBox controls the following domains:
| Domain | Purpose |
|---|---|
bitbox.swiss |
Main website |
shop.bitbox.swiss |
Online shop |
support.bitbox.swiss |
Knowledge base |
blog.bitbox.swiss |
Official blog |
contact.bitbox.swiss |
Contact form |
shiftcrypto.support |
Support site |
shiftcrypto.io |
Redirect |
digitalbitbox.com |
Redirect |
shiftcrypto.org |
Redirect |
shiftcryptosecurity.ch |
Redirect |
shiftcryptosecurity.com |
Redirect |
shiftdevices.com |
Redirect |
If a website looks like BitBox but uses a different domain, treat it as suspicious.
All official domains use HTTPS encryption. Your browser should show a lock icon in the address bar.
 |
 |
What to do if you encounter a phishing attempt
If you only received the message or call
- Do not click any links
- Do not open attachments
- Do not engage or respond
- Mark it as spam or phishing
- Ignore or delete the message
If you clicked a link but entered no information
- Close the website immediately
- Do not revisit it
- Clear your browser data, including cookies, cache, and history
- Mark the email as spam or phishing
- Delete the message
If a file was downloaded:
- Do not open it
- Delete it immediately
- Empty your downloads folder
If you are unsure whether anything was installed or executed, run a malware scan on your device.
If you connected your BitBox02 to a suspicious website or application
- Disconnect it immediately
- Do not unlock the device
- Close the suspicious website or application
- Restart your computer
- Only reconnect your BitBox02 to the official BitBoxApp or software you trust and intentionally installed
If you entered recovery words
Your funds are at risk.
- Move your assets immediately to a new wallet using a fresh recovery phrase
- Do not reuse the compromised backup
If you need help, contact support immediately.
Reporting phishing attempts (optional)
You do not need to report phishing attempts if you are confident and did not interact with them.
If you are unsure, or would like us to review a message, website, or call, you can contact us and include the details you received:
Do not reply to scammers or continue interacting with them.
Frequently asked questions
A website or caller asks me to enter or speak my 24 recovery words to “secure” my wallet. Is this legitimate?
No. This is always a scam. Recovery words must only ever be entered directly on your BitBox02 device.
How did scammers get my email address or phone number?
Phishing campaigns often rely on public data or unrelated third-party data leaks. This does not indicate a compromise of your BitBox or wallet.
Have there been past data breaches related to BitBox?
We communicate transparently about security-relevant incidents.
You can find our public explanations here:
At no point were wallet data, recovery words, or device information exposed.
How can I report a phishing website, message, or call?
If you are unsure or want confirmation, contact us and share the details: