BitBox02

shiftcrypto.ch
BitBox02

Open source hardware wallet, supporting secure multisig with the option for making encrypted backups on a MicroSD card.

Open Source

BitBox02 Source Code

Author

BitBoxSwiss

Description

The BitBoxApp for desktop and mobile.

#bech32#bitcoin#hardware-wallet#litecoin#segwit#wallet

Homepage

https://bitbox.swiss/app

License

Apache-2.0

Created

02 Aug 18

Last Updated

09 Jul 26

Latest version

v4.51.3

Primary Language

Go

Size

984,216 KB

Stars

322

Forks

126

Watchers

322

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • benma (09 Jul 26)

    Merge pull request #4231 from benma-agent/simulator/add-v9.26.3 simulator: add firmware v9.26.3

  • Marko Bencun (09 Jul 26)

    Merge remote-tracking branch 'pull/merge-release-v4.51.2'

  • benma's agent (09 Jul 26)

    simulator: add firmware v9.26.3 Add the v9.26.3 BitBox02 simulator release to the simulator test data. Simulator tests pass with the updated list.

  • Marko Bencun (08 Jul 26)

    Merge remote-tracking branch 'benma/fix/restrict-config-permissions'

  • Marko Bencun (08 Jul 26)

    Merge branch 'merge-master-into-release-v4.51.2' into release-v4.51.2

  • Marko Bencun (08 Jul 26)

    merge master into release v4.51.2 Conflict resolution summary: - backend/coins/btc/coin.go: took pull/master; it already has the headers-status backport plus the Initialize() error refactor. - backend/handlers/handlers.go: took pull/master; it has the same response-shape fix on the generic /coins/{coinCode}/headers/status route. - backend/coins/btc/transactions/transactions.go: took pull/master; it already has the BTC transaction-sync backports plus later notifier and verification refactors. - backend/devices/bitbox02bootloader/handlers/handlers.go: kept the release bitbox02bootloader.Status return type and master success and error response wrappers. - frontends/web/src/components/devices/bitbox02bootloader/bitbox02bootloader.tsx: kept the release deferred /info loading while preserving master request-error handling.

  • Marko Bencun (05 Jul 26)

    backend: restrict config file permissions Create app-private directories with 0700 and write wallet config files with 0600. Migrate existing broad config and log files on startup while leaving symlinks untouched.

  • Jad (09 May 26)

    clear cache function add clear cache button in advanced settings so users don't need to manually navigate folders to delete them.

  • Nikolas De Giorgis (07 Jul 26)

    tests: add playwright test for clearing cache.

  • benma (06 Jul 26)

    Merge pull request #3896 from BitBoxSwiss/dependabot/go_modules/github.com/ethereum/go-ethereum-1.17.0 build(deps): bump github.com/ethereum/go-ethereum from 1.17.0 to 1.17.4

  • dependabot[bot] (06 Jul 26)

    build(deps): bump github.com/ethereum/go-ethereum from 1.17.0 to 1.17.4 Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.17.0 to 1.17.4. - [Release notes](https://github.com/ethereum/go-ethereum/releases) - [Commits](https://github.com/ethereum/go-ethereum/compare/v1.17.0...v1.17.4) --- updated-dependencies: - dependency-name: github.com/ethereum/go-ethereum dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

  • benma (06 Jul 26)

    Merge pull request #3893 from BitBoxSwiss/dependabot/github_actions/actions/upload-artifact-7 build(deps): bump actions/upload-artifact from 6 to 7

  • benma (06 Jul 26)

    Merge pull request #3894 from BitBoxSwiss/dependabot/go_modules/golang.org/x/net-0.51.0 build(deps): bump golang.org/x/net from 0.48.0 to 0.56.0

  • benma (06 Jul 26)

    Merge pull request #3895 from BitBoxSwiss/dependabot/go_modules/github.com/decred/dcrd/dcrec/secp256k1/v4-4.4.1 build(deps): bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.4.0 to 4.4.1

  • dependabot[bot] (06 Jul 26)

    build(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

  • dependabot[bot] (06 Jul 26)

    build(deps): bump golang.org/x/net from 0.48.0 to 0.56.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.56.0. - [Commits](https://github.com/golang/net/compare/v0.48.0...v0.56.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

  • dependabot[bot] (06 Jul 26)

    build(deps): bump github.com/decred/dcrd/dcrec/secp256k1/v4 Bumps [github.com/decred/dcrd/dcrec/secp256k1/v4](https://github.com/decred/dcrd) from 4.4.0 to 4.4.1. - [Release notes](https://github.com/decred/dcrd/releases) - [Changelog](https://github.com/decred/dcrd/blob/master/CHANGES) - [Commits](https://github.com/decred/dcrd/compare/dcrec/secp256k1/v4.4.0...dcrec/secp256k1/v4.4.1) --- updated-dependencies: - dependency-name: github.com/decred/dcrd/dcrec/secp256k1/v4 dependency-version: 4.4.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

  • benma (06 Jul 26)

    Merge pull request #4208 from BitBoxSwiss/dependabot/go_modules/go_modules-c7ca89b307 build(deps): bump the go_modules group across 1 directory with 2 updates

  • benma (06 Jul 26)

    Merge pull request #4206 from BitBoxSwiss/dependabot/github_actions/actions/checkout-7 build(deps): bump actions/checkout from 6 to 7

  • benma (06 Jul 26)

    Merge pull request #4207 from BitBoxSwiss/dependabot/github_actions/actions/cache-6 build(deps): bump actions/cache from 5 to 6

  • Marko Bencun (06 Jul 26)

    Merge branch 'fix/webdev-lan-access'

  • Marko Bencun (05 Jul 26)

    dev: bind servers to loopback by default servewallet and Vite should not listen on every host interface during normal local development. Dev mode exposes unauthenticated local services. Docker still needs BITBOX_DEV_BIND_HOST=0.0.0.0 inside the container because published ports are reached through the container's external interface. The published host ports are bound to 127.0.0.1 so they remain accessible from the host without exposing them to the LAN.

  • Marko Bencun (06 Jul 26)

    Merge branch 'aopp-host'

  • Marko Bencun (06 Jul 26)

    frontend: harden AOPP VASP matching AOPP requester branding matched known VASPs with a raw string suffix. A callback host like evilbitcoinsuisse.com could therefore render Bitcoin Suisse branding even though it is not that domain or one of its subdomains. Require an exact host match or a dot-boundary subdomain match, and keep the real callback host visible when branding a subdomain. Add regression tests for exact, subdomain, and suffix-spoof hosts.

  • strmci (06 Jul 26)

    Merge branch 'move_insurance_to_marketplace'

  • thisconnect (09 Jun 26)

    frontend: simplify market routing state Drop unnecessary supported-accounts state. Simplify routing without the layout wrapper. Move market logic into MarketContext. Drop the one-use tab reader because the tab is controlled by app. Treat account code as one of the account codes. Update market tab tests.

  • strmci (11 May 26)

    frontend: move insurance into marketplace Route Bitsurance through the marketplace flow so tab navigation, account selection, and swap availability share one context.

  • Marko Bencun (03 Jul 26)

    Merge remote-tracking branch 'benma/bb02update'

  • sl (02 Jul 26)

    Merge branch 'frontend-back-chevron'

  • sl (25 Jun 26)

    frontend: use mobile header for back navigation on mobile changed the previously used Back button on page body, to be the chevron back on mobile header.

BitBox02 Security

5.6/10

Repo Security Summary

Updated 29 Jun 26

  • Maintained 10/10
  • Code-Review 10/10
  • CII-Best-Practices 0/10
  • Dangerous-Workflow 10/10
  • Packaging N/A
  • Token-Permissions 0/10
  • Security-Policy 0/10
  • License 10/10
  • Binary-Artifacts 9/10
  • Branch-Protection N/A
  • Signed-Releases 8/10
  • Fuzzing 0/10
  • SAST 0/10
  • Pinned-Dependencies 0/10

BitBox02 Website

Website

301 Moved Permanently

Redirects

Redirects to https://bitbox.swiss/

Security Checks

3 security checks failed (62 passed)

  • External Redirect Detected
  • Domain Recently Created
  • Domain Very Recently Created

Server Details

  • IP Address 172.67.157.94
  • Location San Francisco, California, United States of America, NA
  • ISP CloudFlare Inc.
  • ASN AS13335

Associated Countries

  • US US
  • CA CA

Safety Score

Website marked as safe

100%

Blacklist Check

shiftcrypto.ch was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview

BitBox02 Reviews

More Crypto Wallets

  • An easy-to-use, super secure Bitcoin hardware wallet, which can be used independently as an air-gapped wallet. ColdCard is based on partially signed Bitcoin transactions following the BIP174 standard. Built specifically for Bitcoin, and with a variety of unique security features, ColdCard is secure, trustless, private, and easy-to-use. Companion products for the ColdCard include: BlockClock, SeedPlate, and ColdPower.

  • A steel plate, with engraved letters which can be permanently screwed - CryptoSteel is a good fire-proof, shock-proof, water-proof, and stainless cryptocurrency backup solution.

  • Long-standing Python-based Bitcoin wallet with good security features. Private keys are encrypted and do not touch the internet and balance is checked with a watch-only wallet. Compatible with other wallets, so there is no tie-in, and funds can be recovered with your secret seed. It supports proof-checking to verify transactions using SPV, multi-sig, and add-ons for compatibility with hardware wallets. A decentralized server indexes ledger transactions, meaning it's fast and doesn't require much disk space. The potential security issue here would not be with the wallet, but rather your PC - you must ensure your computer is secure and your wallet has a long, strong passphrase to encrypt it with.

  • Sparrow is a Bitcoin wallet for those who value financial self-sovereignty. Sparrow’s emphasis is on security, privacy, and usability. Sparrow does not hide information from you - on the contrary, it attempts to provide as much detail as possible about your transactions and UTXOs, but in a way that is manageable and usable.

  • Open source, cross-platform, offline, crypto wallet, compatible with 1000+ coins. Your private key is generated on the device, and never leaves it, all transactions are signed by the Trezor, which ensures your wallet is safe from theft. There are native apps for Windows, Linux, MacOS, Android, and iOS, but Trezor is also compatible with other wallets, such as Wasabi. You can back the Trezor up, either by writing down the seed, or by duplicating it to another device. It is simple and intuitive to use, but also incredibly customizable with a large range of advanced features.

  • An open source, native desktop wallet for Windows, Linux, and MacOS. Wasabi implements trustless CoinJoins over the Tor network. Neither an observer nor the participants can determine which output belongs to which input. This makes it difficult for outside parties to trace where a particular coin originated from and where it was sent to, which greatly improves privacy. Since it's trustless, the CoinJoin coordinator cannot breach the privacy of the participants. Wasabi is compatible with cold storage and hardware wallets, including OpenCard and Trezor.

About the Data: BitBox02

API

You can access BitBox02's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/bitbox02

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share BitBox02

Help your friends compare Crypto Wallets, and pick privacy-respecting software and services.
Share BitBox02 and Awesome Privacy with your network!

View Crypto Wallets (7)