What stops the maker of the hardware wallet from stealing my coins?

What stops the manufacturer of your hardware from using a backdoor and just taking your coins? In the case of the BitBox02, how much do you need to trust us?

While a fully “trustless” solution is probably not possible, we do everything we can to minimize your need to trust us:

  • All our software code is public: everyone can check how the device operates and how secrets are handled.
  • The public program code repository has a full history of all edits: it’s possible to only check all changes since the last release. No need to validate everything every time.
  • We produce the firmware releases using “reproducible builds”: anyone can compile the public source code and the result will be the exact same binary firmware, bit by bit.
  • Not everyone has the capability to audit program code: we encourage independent researchers to do so and reward them through our bug-bounty program if they find anything. That does not limit their options to publish a full independent report without our permission.

Main takeaway: A wallet handles your secret private keys and needs full access to them. You can and should demand full transparency about how a wallet works and make sure that independent public audits are encouraged.