π¨ Two days ago, we received a concerning support request: An app that appeared to be the BitBoxApp asked the user to enter their recovery words.
This was clearly a phishing attempt by an attacker trying to steal the users funds.
Here's what happened: π
The victim has had his BitBox02 for multiple months already. One day, after plugging in their BitBox02, the BitBoxApp flashed and displayed the above screen.
Knowing he wasn't supposed to enter his recovery words on a computer, he immediately contacted our support. πͺ
Together with the victim, we figured out that a malicious BitBoxApp clone was placed on his computer. It does not replace the BitBoxApp, but is installed in another folder.
Once the original BitBoxApp has been opened, it minimizes the original BitBoxApp and displays the malicious "Bitbox.exe" over all other content.
The malware also appear to take screenshots to surveil the victim. π¨
We were able to trace the origin of the malware to a malicious website.
The victim used DuckDuckGo to search for "wasabi wallet" and ended up downloading a malicious installer.
This is an extremely easy mistake to make, as there are multiple phishing sites in the top results.
We have reached out to Wasabi Wallet and they assured us they do everything in their power to get rid of these fake sites.
It is necessary for DuckDuckGo to take action and make sure these malicious websites don't appear in their search results.
To make sure this does not happen to you, you should always verify exactly where you are downloading programs from.
This is also why we provide instructions on how to verify the signatures for our BitBoxApp before you run them:
https://github.com/digitalbitbox/bitbox-wallet-app/releases/tag/v4.39.0
Thank you again to the victim for helping us figure this out as quickly as possible!
Their fast and correct response made it possible for us to figure this out really fast and warn other users. We've already shipped them a small 'thank you' package to show our gratitude. π
In the end the BitBox02 did exactly what it was supposed to:
It protected the users wallet when their PC got compromised.
Would the victim have used a software wallet, chances are high that their money would have been stolen.
Yes, we have a Multi-Edition that supports a hand full of altcoins.
But our focus is Bitcoin:
We were one of the first to implement secure MultiSig.
We were one of the first to implement Taproot.
We were one of the first to implement Miniscript.
We are one of the two only Bitcoin wallets to implement Anti-Klepto.
We are currently the only hardware wallet openly working on Lightning.
There's a lot of "Bitcoin-Only" companies doing less Bitcoin development.
Please consider donating to them as well:
https://opencollective.com/bitcoin-design-foundation
All of the profits generated from sales of our whitepaper copies are donated to Bitcoin open source development. You can find our whitepapers here:
We are happy to announce that we are supporting the Bitcoin Design Foundation with 3 million satoshis.
Their work on open source design has helped many apps become more user friendly. π
This donation was made possible by the bitcoin whitepaper copies sold in our shop.
Yes, it's more or less "infinite" touch zones. For unlocking, they are split in 6 discrete zones for typing, changing character type, removing and confirming.
With its invisible touch sensors on its sides, the BitBox02 keeps a stealthy appearance while having excellent flexibility for its inputs.
The 6 touch zones enable alphanumeric device passwords, which increase the security of your wallet compared to simple numerical passwords.
https://video.nostr.build/cf156f2cb5dd9613ffeccc8800ee467f00a290d33d672a232a60af9b57074773.mp4
Great. Thanks. Does it integrate with Sparrow wallet? nostr:npub1rxysxnjkhrmqd3ey73dp9n5y5yvyzcs64acc9g0k2epcpwwyya4spvhnp8
Works great with Sparrow!
nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt nostr:npub1rxysxnjkhrmqd3ey73dp9n5y5yvyzcs64acc9g0k2epcpwwyya4spvhnp8 with the bitbox02, can you backup the wallet with the seed phrase AND sd card or is it either one? #bitcoin #asknostr
Both of course!
Yes, we did! Please try updating your firmware and if you're still having issues please contact our support!
New blog post! π¨π
In our newest article we explore how Miniscript can be used for safer backups and show you how you can use Liana with the BitBox02 to create timelocked backup for your wallet.
https://bitbox.swiss/blog/exploring-bitcoin-miniscript-with-liana-and-the-bitbox02/
TL;DR: π
What if you have a wallet securing a lot of money and even the smallest chance of your funds becoming inaccessible is worth addressing?
Creating multiple backups is dangerous as it increases the chance of someone finding one of them and getting access to your wallet.
With miniscript, you can create backups that are timelocked and can only access your wallet after a certain amount of time has passed.
These timelocked backups can be handed to friends and family (or even companies) without worrying about them stealing money from you.
These timelocks can also be used in multisignature wallets to create elaborate spending conditions, like a family wallet that can always be used my mother and father, but includes an inheritence path that can be used by son and daughter together after a certain while.
Because the timelocks start once the transaction is received, it is necessary to "refresh" the coins before the timelock runs out and other spending paths become available.
To do this, all the user has to do is to send a transaction to themselves, resetting the timelock to 0.
We are incredibly excited about the future of Miniscript, which is why the BitBox02 was one of the first hardware wallets to support it!
For a detailed look at how you can use Liana to do these things with your BitBox02, check out our blog post!
π
https://bitbox.swiss/blog/exploring-bitcoin-miniscript-with-liana-and-the-bitbox02/
New blog post! π¨π
In our newest article we explore how Miniscript can be used for safer backups and show you how you can use Liana with the BitBox02 to create timelocked backup for your wallet.
https://bitbox.swiss/blog/exploring-bitcoin-miniscript-with-liana-and-the-bitbox02/
TL;DR: π
We've seen an increase in posts about hotwallet hacks in the last couple of days:
reddit.com/r/CryptoCurrenβ¦
Don't keep large amounts of money in a hotwallet.
Upgrade your security and withdraw your coins to the easiest hardware wallet, the BitBox02:
bitbox.swiss/bitbox02/
Hey nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt, i have a question-wish.
If i want to use the BitBoxApp in my Smartphone but what if i am using a de-googled Smartphone.
No Plays, no accounts, nothing.
Is there (or will be possible) a chance for a .apk version or simular?
Asking for a friend.
Yes! You can find the APK on our GitHub release page: https://github.com/digitalbitbox/bitbox-wallet-app/releases
Bringing Lightning to the BitBoxApp! β‘οΈ
We are exploring seamless, non-custodial Lightning payments directly within the BitBoxApp by partnering with Breeze.
Watch us pay a Bitrefill lightning invoice from within our BitBoxApp prototype:
https://video.nostr.build/67a8f0471dbcf2e9308cd3abaa6c87e88059653f8be1b55ef606a16c8a98aab4.mp4
Unified backup, easy top-up & spending on the go.
If you want to find out more about how we are planning to pull this off, you can find all information regarding our road map for Lightning integration in our blog post:
https://bitbox.swiss/blog/bringing-lightning-to-the-bitboxapp/
Bringing Lightning to the BitBoxApp! β‘οΈ
We are exploring seamless, non-custodial Lightning payments directly within the BitBoxApp by partnering with Breeze.
Watch us pay a Bitrefill lightning invoice from within our BitBoxApp prototype:
https://video.nostr.build/67a8f0471dbcf2e9308cd3abaa6c87e88059653f8be1b55ef606a16c8a98aab4.mp4
Complexity is not security.
If you wait long enough, the banks will make themselves obsolete! π
Not sure what you mean. π€
The confirmation button is already on the far right side of the device. The upper sensor is divided into three button regions that are all the same size.
With its invisible touch buttons and OLED display, the BitBox02 remains stealthy when unplugged, showing no signs of being anything more than a microSD card reader. π€«
