Yes, of course, everything can be hacked. If someone tells you otherwise, they either don’t understand that information security is a constant battle, or they’re simply lying. But: it’s possible to raise the cost and success rate of getting hacked to a level where it’s no longer feasible for an attacker.
The following security features of the BitBox02 make it one of the most secure hardware wallets. It is very hard to breach, and when doing so there is a high chance of physically destroying it in the process.
Regular software has millions of lines of programming code and uses many ready-made libraries that are written by others. A secure system must run on minimal software that can be audited line-by-line. The BitBox02 Bitcoin-only edition takes this security principle to the next level: it can only run radically focused firmware for Bitcoin, no altcoins, no other “nice-to-have” features.
Restrictive communication interface
A hardware wallet must be very strict with answering requests by insecure computers. You can’t “log in” to a hardware wallet or access its memory like a USB thumbdrive. The BitBox02 uses a very restrictive communication protocol, and simply aborts an information exchange if the other side does not follow it exactly.
To protect against local attacks, it is essential that a hardware wallet uses hardware especially designed against physical tampering. Without a secure chip, experts can just read out the secrets using specialized equipment. The BitBox02 uses a secure chip specifically built for physical device hardening.
Secure supply chain
Using a fake and potentially malicious hardware wallet is a serious risk. This is why the BitBox02 is engineered and manufactured in Switzerland, where we oversee the whole production process. The official BitBoxApp is able to detect if the BitBox02 is an original device to prevent users from getting bad clones. And the BitBox02 only runs official firmware signed by Shift Crypto so that nobody can load a malicious firmware on an otherwise real BitBox02 before you get it.
Avoiding an attack is always better than defending yourself against it. This is why the BitBox02 does not look very flashy. When viewed from afar, it looks somewhat like a bigger USB thumb drive. And when not powered, you don’t even see that it has a screen.
The firmware on your hardware wallet has full access to your private keys and could do all sorts of malicious things. This is why the program code must be publicly available for review, and firmware updates need to be created to allow verification that the firmware is actually built from the public source code.
Hardware security is hard, needs a lot of expertise and a humble mindset. We encourage independent security research and reward anyone that finds a vulnerability through our bug bounty program. If the amount you want to secure yourself is significant, a single hardware wallet might not be enough. We will dive more deeply into how to improve your hardware wallet setup security with multi-signature in a follow-up article.
Main takeaway: Nothing is “unhackable”. It’s good to understand what protections are in place, but a good indication of how the manufacturer of security hardware employs a “security mindset” is how open and humble their communication is regarding vulnerabilities, and how quickly these are fixed.