BitBox02 review: Small, secure, expensive

Shift Cryptosecurity's BitBox02 packs in USB-C support and can be backed up via microSD for added peace of mind. We go hands-on to see if it's any good.

By Daniel Phillips

10 min read

Since the introduction of the first cryptocurrency hardware wallet in 2014, an ever-increasing number of hardware wallet manufacturers have emerged, each looking to bring something new to the market.

As arguably the safest way to store cryptocurrencies, hardware wallets are designed to isolate cryptocurrency private keys from external attacks—allowing owners to transact with both improved privacy and security.

One of the more recent arrivals is the BitBox02, the second hardware wallet designed by the Swiss company Shift Cryptosecurity.

The BitBox02 is as available as either a Bitcoin-only edition, or the multi-edition wallet reviewed here—which, as its name suggests, is able to store multiple different cryptocurrencies. Both cost CHF 109.00 (approx $110) and are available to order now.

BitBox02 review: Design and build

The soft plastic of the BitBox02 screen is a fingerprint and scratch magnet (Image: Decrypt)

Like most hardware wallets, the BitBox02 comes in a thumbstick-like form factor, which makes it both portable and somewhat resistant to damage.

Its design is fairly simple, consisting of a smart rectangular main unit with a built-in MicroUSB slot and USB-C connector. Round the front of the device there's a large OLED display with a resolution of 128 x 64 pixels, while the sides contain touch sensors that are used to navigate menus and approve transactions.

The BitBox02 is definitely one of the smaller hardware wallets we have seen. At just 45mm x 24mm x 8mm, the BitBox02 is just over half the size of its major competitor, the Ledger Nano X, and far smaller than ShapeShift's KeepKey wallet.

The BitBox02 won't win any awards when it comes to build quality or design. Its casing appears to be constructed almost entirely out of plastic—making it something of a scratch magnet. Nonetheless, the device feels sturdy enough, despite weighing just 12g.

BitBox02 review: What's in the box?

The BitBox02 comes vacuum sealed—you'll need scissors to open it. (Image: Decrypt)

The BitBox02 packaging comes vacuum-sealed in a plastic bag, which minimizes the chances of the item being tampered with as it passes through the supply chain.

Once you've removed that, you'll find a smart outer sleeve containing an unfolding box. Inside, you will find the BitBox02 unit, an 8GB MicroSDHC card, and a USB-C to USB type A converter.

The BitBox02 also comes supplied with a 50cm long USB-C extension cable, a pack of multi-colored keychains, and a sheet of stickers.

In terms of documentation, the package contains a warranty and compliance card, and a getting started manual.

BitBox02 review: Ease of use

Despite being smaller than the Ledger Nano X (left) and Trezor One (right), the BitBox02 (middle) is still easy to use. (Image: Decrypt)

One of the chief concerns surrounding many hardware wallets is usability. When hardware wallets first hit the market back in 2014, they were clunky to use and had a poor overall user experience.

Fortunately, things have moved on a great deal since then; today's hardware wallets are no more difficult to use than many software or mobile wallets. The BitBox02 is an excellent example, thanks to its unique touch controls.

The five touch sensors built into the frame of the device are used to detect sliding, tapping and pinching motions which can be used to navigate through menus, show more information and confirm selections. Although this system might be unfamiliar to those used to using hardware wallets with physical buttons, we found it both intuitive and surprisingly accurate.

Like most hardware wallets, the BitBox02 needs to be connected to a device running an app to use. Through the BitBoxApp, BitBox02 owners are able to manage their device, initiate transactions, update their firmware and more, with all sensitive actions requiring confirmation on the BitBox02.

The BitBox02 can be connected to your computer or mobile device using its USB-C connector with either the included extension cable, a USB-C to USB-A converter, or both. We found that for the most part, using the device while connected to your mobile is a painless task, while connecting it to a computer can be tricky, depending on where it's located.

For those who keep a desktop computer tucked away, even the supplied 50cm USB cable might not be long enough to keep the BitBox02 within reach.

BitBox02 review: Getting Started

After setup, you can retrieve your recovery phrase from the BitBoxApp settings menu. (Image: Shift Cryptosecurity)

The BitBox02 set up process is one of the simplest we have encountered to date, and should take less than five minutes to complete.

First head over to shiftcrypto.ch/start, where you can download BitBoxApp for your operating system. After installing BitBoxApp, you'll need to insert the supplied MicroUSB card into the device and connect the BitBox02 to the computer running BitBoxApp.

Once connected, the BitBox02 will be detected by the app and you will likely be prompted to update the firmware—a process that takes just one click and completes in under a minute. Once completed, both the BitBox02 app and the BitBox02 device will display a pairing code; if this code is the same on both screens, tap the top right of the BitBox02 to complete the pairing process.

You'll now be given the option to create a new wallet, or restore a wallet from a mnemonic phrase or MicroUSB. Select the 'Create wallet' option, enter a name which can be used to identify your device and then tap the top right of the device to confirm it. Now, you will be prompted to select a password. To select the characters for your password, simply tap beneath the desired character to expand the selection, and tap again to select the character you want. Repeat this process until you've created your password and pinch the right side of the device to confirm it.

The BitBoxApp will then create a backup of your wallet on your MicroSD card and will load your wallet. The device is now ready to use!

Once complete, we recommend navigating to the 'Manage Device' section of the BitBox02 app and saving your mnemonic seed to a safe place, as you may need it to recover your wallet, should you accidentally lose your BitBox02 device or its memory card.

BitBox02 review: Features

A built-in MicroSD slot is one of the BitBox02's main distinguishing features. (Image: Decrypt)

As mentioned above, the BitBox02 stores a wallet backup on the supplied microSD card. Once this backup is made, the microSD should be stored separately from the BitBox02 device, and should only be retrieved to manage or restore a backup. Because of this system, the BitBox02 is safer to use than many other hardware wallets, since these typically only allow wallet recovery by using a mnemonic phrase.

The BitBoxApp is currently available for Windows, MacOS, and Linux, and a beta version of the app is also available for Android via the Google Play Store. Through the app, users have access to a range of additional features, including the option to connect to custom full nodes and connect to the network via Tor. 

Once set up, BitBox02 multi-edition users have access to both legacy and SegWit wallets for Bitcoin and Litecoin, as well as an Ethereum wallet, whereas BitBox02 Bitcoin-only edition owners will only have access to Bitcoin wallets (legacy and SegWit).

In addition, the multi-edition version of the BitBox02 can be used as a FIDO Universal 2nd Factor (U2F) authenticator, allowing users to securely log in to any U2F compliant platform, including Google, GitHub, Facebook and more.

One of the key features that differentiates the BitBox02 from many of its competitors is its built-in USB-C support. This makes the device compatible with the latest phones, laptops and desktop computers, while the supplied USB-C to USB-A converter means it can still be used with older hardware.

In terms of portability and accessibility, the BitBox02 doesn't quite match up to newer Bluetooth wallets. However, by avoiding wireless connectivity, the device does close itself off to the possibility of Bluetooth exploits and eavesdropping, which could be a possible attack vector for Bluetooth-enabled wallets like the Ledger Nano X and CoolWallet S.

BitBox02 review: Supported crypto assets

The BitBox02 multi-edition supports Bitcoin, Litecoin, Ethereum and ERC20 tokens. (Image: Shift Cryptosecurity)

Depending on the version of the BitBox02 you purchase, the range of supported crypto assets can differ. This, because the BitBox02 is available as either a "multi-edition," which supports a variety of different cryptocurrencies, or a "Bitcoin-only edition," which only supports Bitcoin. In our hands-on, we took a look at the BitBox02 multi-edition.

Unlike some other hardware wallets, the BitBox02 multi-edition is only compatible with a restricted range of cryptocurrencies. As it stands, the device only supports Bitcoin (BTC), Litecoin (LTC), Ethereum (ETH) and all ERC-20 tokens. Again, as the name suggests, the Bitcoin-only edition only supports Bitcoin.

Though the range of supported assets is limited right now, Shift Cryptosecurity does plan to expand this selection in the future.

BitBox02 review: Security

A built-in secure chip and MCU keeps private keys safe from attacks. (Image: Decrypt)

Being a cryptocurrency hardware wallet, the BitBox02 is designed to help users securely store their cryptocurrencies offline. To achieve this, Shift Cryptosecurity has carefully considered all the ways the device could possibly be compromised and designed its security around these potential vulnerabilities.

With the BitBox02, the first line of defense is the access password, which can consist of both uppercase and lowercase alphanumeric characters. To prevent this from being brute-forced, the built-in secure chip includes a password counter that limits the number of password entry attempts an attacker can try, while password stretching in the secure chip makes cracking the password practically impossible.

The device was built from the ground up by Shift Cybersecurity, with custom firmware that has been externally audited, while the bootloader will only load firmware signed by the company. This bootloader is also protected against downgrade attacks and can be used to display the hash of a firmware before running it.

The BitBox02 also uses multiple sources of entropy to generate the seed, which is then stored in the device microcontroller unit (MCU)—access to which is protected by an enterprise-grade secure chip and the user's password. For additional protection, users can enable an optional BIP39 passphrase via the BitBoxApp, which needs to be entered in addition to the password when using the wallet. This passphrase can also be used to create a hidden wallet, for maximum security.

Overall, the BitBox02 leaves little to be desired as far as security goes and should withstand practically any type of attack.

BitBox02 review: Verdict

As far as hardware wallets go, the BitBox02 can be considered relatively barebones in terms of both features and digital asset support. However, the device more than makes up for this by being incredibly simple to use and extremely secure.

Thanks to its microSD backup functionality, the Bitbox02 ensures that even those who've forgotten their recovery phrase and lost their BitBox02 device can still retrieve their funds—a feature available to few other wallets. Likewise, its small size, discreet form factor and USB-C support make the BitBox02 suitable for those who need to access their cryptocurrency portfolio on the move.

With that said, at CHF 109 (~$111), the BitBox02 is one of the more expensive hardware wallets on the market and is only slightly cheaper than the Ledger Nano X (priced at $119). As such, it is a tough sell unless USB-C and microSD backups are a must-have.

Rating: 3/5

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News