What makes a hardware wallet secure?

It’s important to understand what we’re up against, so can we come up with adequate protections. The main issue with regular computers or phones is that they’re just too complex to be secure. Any kind of update could undermine your security, and with millions of lines of code it’s impossible to know exactly what’s going on. Building a secure crypto storage on top of that is nearly impossible.

Hardware wallets like the BitBox02, on the other hand, are simple by design. They don’t have an operating system like Windows or MacOS, no background programs running, no “login” functionality. They are made with the sole purpose of protecting your private keys, and never to disclose them. A hardware wallet usually comes with a software companion app, like our BitBoxApp. You should always assume that your computer or phone is already compromised with malware, and with that in mind not even the BitBoxApp on your computer can be trusted. But that’s ok, because the application never learns any secrets.

Whenever you want to use cryptocurrencies, it’s the BitBoxApp that talks to the outside world, but only the BitBox02 hardware wallet does the secret stuff:

  • Receiving: if you want to receive crypto, you need to give someone an address to send the coins to. But are you sure that it’s actually your address, and not the address of an attacker, manipulated on your insecure computer by a virus? This is why all receiving addresses need to be verified on the display of the hardware wallet itself. Only the BitBox02 can say for sure if it controls this address.
  • Sending: when sending crypto, you need to sign a transaction with your private keys. If these keys are stored on your computer, they can be stolen by a remote or local attacker. You also need to be sure that you sign the right transaction, sending the correct amount to the correct receiving address. This is why the private keys are only stored on the hardware wallet. The BitBoxApp prepares the unsigned transaction and sends it to the hardware wallet. The BitBox02 then shows all details on its secure screen, so you see what you’re about to sign. When you confirm on the device, the transaction is signed directly inside the BitBox02. The signed transaction - which is not secret - is then sent back to the BitBoxApp which sends it out into the world.

So, these are the two important benefits of a hardware wallet:

  1. It is designed to keep your private keys safe from any unauthorized access, remote or local.
  2. It lets you independently verify and confirm important information on its secure screen, because your computer or phone screen can be easily manipulated by malware.

Main takeaway: Verify sending and receiving information on your hardware wallet and trust the secure screen of your BitBox02 over what your computer or phone shows.