The BitBox02 is a compact, open-source hardware wallet built by Shift Crypto in Switzerland. Its design philosophy is minimalism applied to security: a dual-chip architecture that separates key storage from signing logic, a microSD card backup that eliminates manual seed phrase transcription, and a Bitcoin-only firmware edition that strips the codebase to a single chain. For users who want a small, fully auditable signing device without unnecessary features, the BitBox02 is one of the most focused options on the market.
This content is for educational purposes only and should not be considered financial or investment advice.
This article may contain affiliate links. Snout0x may earn a commission at no additional cost to you.
Reducing firmware to one chain shrinks the attack surface, not just the feature set.
Best for: Bitcoin-focused holders and privacy-minded users who want open-source firmware with reproducible builds, microSD backup, and the option for a Bitcoin-only firmware edition.
Price: ~CHF 149 (~$165) — both Multi and Bitcoin-only editions. Similar to the Trezor Safe 5 ($169) with a completely different form factor and feature set.
Trade-off: Small monochrome OLED, capacitive touch gestures (learning curve), limited chain support, no EAL-certified secure element.
Check Current Price at BitBoxKey Takeaways
- The BitBox02 uses a dual-chip design: an open-source microcontroller handles signing while an ATECC608B secure chip protects key material.
- Firmware is fully open-source with reproducible builds, so anyone can verify that the shipped binary matches the published source code.
- MicroSD card backup creates an encrypted seed file in seconds, eliminating manual 24-word transcription errors.
- A Bitcoin-only edition runs stripped firmware that removes all non-Bitcoin code, reducing complexity and potential attack surface.
- The device is small (54.5 x 25.4 mm), USB-C only, and uses capacitive touch gestures instead of physical buttons or a touchscreen.
What Is the BitBox02?
The BitBox02 is a hardware wallet that stores private keys offline and signs transactions through a USB-C connection. It was designed by Shift Crypto, a company headquartered in Zurich, Switzerland. The device communicates with the BitBoxApp companion software, which runs on Windows, macOS, Linux, and Android.
The form factor is intentionally small. At 54.5 x 25.4 x 9.6 mm and 12 grams, the BitBox02 is roughly the size of a USB flash drive. The front face has a small OLED display (128 x 64 pixels) and invisible capacitive touch sensors. You interact with the device through tap, slide, and hold gestures rather than physical buttons. This eliminates moving parts that could fail, though it requires a learning period for new users.
Two editions exist. The Multi edition supports Bitcoin, Ethereum, Litecoin, Cardano, and over 1,500 ERC-20 tokens. The Bitcoin-only edition runs separate firmware that supports only Bitcoin operations. The distinction is enforced at the bootloader level: once the firmware edition is set during initial setup, the bootloader permanently rejects firmware from the other edition. This prevents both accidental and malicious firmware cross-loading.
Dual-Chip Security Architecture
The BitBox02 splits security responsibilities between two chips. The main microcontroller (Microchip ATSAMD51J20A, a 120 MHz Cortex-M4F) runs the open-source firmware that handles transaction signing, address derivation, and user interface logic. The ATECC608B secure chip stores a cryptographic secret that hardens the encryption of the wallet seed.
The wallet seed is encrypted and stored on the microcontroller’s flash memory. Decrypting it requires three components: the secure chip’s secret, a secret stored on the MCU itself, and the user’s device password. If an attacker extracts the MCU storage, they still need the secure chip’s key and the user’s password. If they compromise the secure chip alone, they still lack the MCU-side data. This defense-in-depth approach means no single point of compromise is enough to extract the keys.
This architecture represents a different security philosophy than what Ledger or Trezor Safe 5 use. Ledger devices rely on a single high-certification secure element (EAL5+ or EAL6+) that handles both key storage and signing in a closed-source environment. The BitBox02 pairs a general-purpose MCU with a simpler secure chip, keeping the signing logic open-source and independently verifiable. For a deeper comparison of these approaches, see secure element vs open-source wallet architectures.
The ATECC608B also enforces a monotonic counter that limits password derivation attempts, blocking brute-force attacks against the device password. It includes a True Random Number Generator (TRNG) that provides additional entropy during key generation.
During factory provisioning, Shift Crypto permanently disables debug interfaces, locks the bootloader to read-only, and makes the secure chip configuration irreversible. These steps prevent firmware rollback attacks and debug-mode exploitation after the device ships. For users concerned about supply chain tampering, the device also performs an attestation check on first connection to the BitBoxApp, verifying it has not been modified in transit.
Open-Source Firmware and Reproducible Builds
The BitBox02 firmware is published under the Apache License 2.0 on GitHub. Beyond being open-source, the build process is reproducible: anyone can compile the firmware from source and verify that the resulting binary matches what Shift Crypto ships on the device. This is a stronger guarantee than open-source alone because it proves the compiled firmware has not been tampered with between source code and distribution.
The firmware includes multiple hardening measures. Stack smashing protection detects buffer overflow attempts. The MCU’s memory protection unit (MPU) enforces non-executable memory regions. Boolean values use specific integer encoding to prevent fault injection attacks that flip single bits. These are implementation-level defenses that go beyond what most competing wallets document publicly.
Firmware verification happens at boot. The device checks that the installed firmware is signed by Shift Crypto before executing. If the signature check fails, the device refuses to boot. Combined with the locked bootloader, this prevents attackers from loading modified firmware even with physical access to the device.
MicroSD Backup: Skipping Manual Seed Transcription
The BitBox02’s most distinctive user-facing feature is its microSD card backup. During setup, the device writes an encrypted backup of the wallet seed directly to a microSD card. The entire process takes seconds. No manual writing of 24 words, no transcription errors, no risk of incorrect word order.
The backup file is encrypted with the device password. To restore, you insert the microSD card into a new BitBox02, enter the password, and the wallet is recovered. You can also optionally display the seed words on screen for a traditional paper backup if you want both methods.
The trade-off is that the microSD card is a physical object that must be stored securely. If someone obtains both the card and the device password, they can restore the wallet on any BitBox02. Shift Crypto recommends storing the microSD card in a separate location from the device. For maximum redundancy, creating both a microSD backup and a metal seed backup covers both digital and physical failure scenarios.
BitBoxApp and Supported Assets
The BitBoxApp is available for Windows, macOS, Linux, and Android. It handles portfolio viewing, transaction building, and coin management. The interface is clean and minimal, matching the device’s stripped-down design philosophy.
For Bitcoin users, the app supports native SegWit and Taproot addresses, coin control for UTXO management, and optional Tor connectivity for network privacy. The Multi edition adds Ethereum and EVM tokens, Litecoin, and Cardano. WalletConnect integration allows connecting to Ethereum DApps directly from the BitBoxApp.
Third-party wallet compatibility includes Electrum, Sparrow, Wasabi, Specter, and BlueWallet for Bitcoin, and MetaMask and MyEtherWallet for Ethereum. The device also supports U2F/FIDO authentication for two-factor login on supported websites, adding utility beyond transaction signing.
Trade-Offs and Limitations
The OLED display is functional but small. At 128 x 64 pixels, verifying long Ethereum addresses requires scrolling through multiple screens. The capacitive touch gestures have a learning curve: first-time users often find tapping and sliding less intuitive than physical buttons or a color touchscreen like the one on the Trezor Safe 5.
The ATECC608B secure chip does not carry a Common Criteria EAL certification comparable to the secure elements in Ledger or Trezor Safe 5 devices. The security model relies on the dual-chip architecture and firmware hardening rather than a single high-certification chip. This is a deliberate design choice, not a gap, but it means the BitBox02’s security story is harder to summarize as a single certification number. Users who require formal certification as a baseline should weigh this carefully.
Chain support is narrower than competitors. The Multi edition covers Ethereum and a few additional chains, but does not support Solana, Cosmos, Polkadot, or many newer networks that Ledger and Trezor handle. If you hold assets across five or more chains, the BitBox02 will likely not cover your full portfolio.
USB-C only means no wireless signing. Every transaction requires a cable and a host device, similar to the Trezor Safe 5 but different from the Tangem wallet’s NFC-based approach or Keystone‘s air-gapped QR code workflow.
Who Should Buy the BitBox02 (and Who Should Not)
The BitBox02 fits a specific buyer profile. If most of these apply, it is a strong option:
- You hold primarily Bitcoin and want the smallest possible firmware attack surface. The Bitcoin-only edition removes all non-Bitcoin code at the source level, not just the UI.
- Firmware verifiability is a requirement. The BitBox02 is the only retail hardware wallet with reproducible builds — you can compile the source yourself and verify the binary matches what ships on the device.
- You prefer automated microSD backup over manual 24-word transcription. Setup takes seconds, not minutes of careful handwriting.
- You want a compact, discreet device. At 12 grams and 54.5 mm, the BitBox02 looks like a USB flash drive, not a crypto wallet.
- Desktop-first workflows on Windows, macOS, or Linux, where the BitBoxApp provides native coin control, Tor support, and UTXO management.
The BitBox02 is not the right choice if:
- You hold assets across many chains. The Multi edition covers Bitcoin, Ethereum, Litecoin, and Cardano — but not Solana, Cosmos, Polkadot, or most newer networks. The Trezor Safe 5 or Keystone 3 Pro cover far more chains.
- You want a large screen for transaction verification. The 128 x 64 OLED requires scrolling for long addresses. The Trezor Safe 5’s 1.54-inch color touchscreen or Keystone’s 4-inch display are substantially more readable.
- You require formal EAL-certified secure element chips. The ATECC608B does not carry Common Criteria EAL certification. If a single certification number is your baseline, the Trezor Safe 5 (EAL6+) or Ledger devices meet that standard.
- You are mobile-only. Android works via USB-C, but there is no iOS app and no wireless connectivity.
- You want the simplest possible self-custody with no seed phrase management. A seedless wallet like Tangem removes that complexity entirely.
- Reproducible firmware builds — the strongest verifiability guarantee in any retail wallet
- MicroSD backup eliminates seed phrase transcription errors
- Bitcoin-only firmware edition with bootloader-enforced separation
- Dual-chip defense-in-depth: no single chip compromise is sufficient
- Compact 12g form factor — discreet, portable, USB flash drive size
- Swiss-designed with locked bootloader and supply chain attestation
- Small 128×64 OLED — scrolling required for long addresses
- Capacitive touch gestures have a learning curve vs buttons or touchscreen
- ATECC608B lacks EAL certification — security relies on architecture, not a single cert
- Limited chain support — no Solana, Cosmos, Polkadot, or most newer networks
- ~$165 for the form factor — priced close to Trezor Safe 5 with a smaller screen
How BitBox02 Compares to Trezor Safe 5
The Trezor Safe 5 is the closest competitor in price and philosophy: both are open-source, USB-C only, and positioned as verifiable alternatives to closed-firmware wallets. The table below isolates what each device does differently at the same price point.
| BitBox02 | Trezor Safe 5 | |
|---|---|---|
| Price | ~$165 (CHF 149) | $169 |
| Open firmware | Yes (reproducible builds) | Yes (GPL) |
| Secure chip | ATECC608B (no EAL cert) | EAL6+ Infineon OPTIGA |
| Screen | 128×64 OLED mono | 1.54″ color touchscreen |
| Input | Capacitive touch gestures | Touch + haptic feedback |
| Backup | MicroSD (encrypted) + optional seed | Seed phrase + Shamir (Multi-Share) |
| Bitcoin-only edition | Yes (bootloader-enforced) | No |
| Reproducible builds | Yes | No |
| Form factor | 54.5 mm, 12g (USB stick) | 65.9 mm, 23g (card) |
Choose BitBox02 if you want reproducible firmware builds, microSD backup, a Bitcoin-only firmware edition, or the most compact form factor. Choose Trezor Safe 5 if you want a larger color touchscreen, an EAL6+-certified secure element, Shamir backup, or broader multi-chain support. Both are open-source and USB-C only — the decision comes down to which trust properties and usability trade-offs matter more to you.
For the full market overview including air-gapped and wireless alternatives, see the hardware wallet comparison.
BitBox02 Pricing
The BitBox02 Multi edition retails at approximately CHF 149 (around $165 USD). The Bitcoin-only edition is priced the same. Both include the device, a USB-C cable, and a microSD card in the box.
In context: the Trezor Safe 5 sells for $169, offering a larger color touchscreen and broader chain support but no microSD backup or Bitcoin-only firmware option. The Tangem 3-card set costs $69.90 with NFC signing and no screen, targeting a different simplicity model entirely. For a full breakdown of the hardware wallet market, see the complete hardware wallet comparison guide.
BitBox02 Review: The Verdict
The BitBox02 is the most verifiable hardware wallet available in 2026. No other retail device offers reproducible firmware builds, a dual-chip defense-in-depth architecture, bootloader-enforced Bitcoin-only firmware, and microSD backup in a 12-gram USB-stick form factor. For Bitcoin holders and privacy-focused users who treat firmware transparency as a non-negotiable requirement, the BitBox02 delivers a trust model that even the Trezor Safe 5 does not fully match — because reproducible builds prove the shipped binary matches the source, not just that the source is published.
The cost of that verifiability is everything the BitBox02 deliberately leaves out. The OLED screen is small and monochrome. The capacitive touch gestures require learning. Chain support is narrow. The ATECC608B chip lacks formal EAL certification. And at ~$165, the price sits next to the Trezor Safe 5 which offers a color touchscreen, Shamir backup, and broader chain coverage. The BitBox02 earns its price through firmware verifiability, microSD backup, and the Bitcoin-only edition — not through hardware specification or screen quality.
The 8.3 reflects the strongest firmware verifiability in any retail wallet constrained by hardware limitations and narrow chain support. Full marks for reproducible builds, dual-chip architecture, microSD backup, and the Bitcoin-only edition. It loses points for the small OLED screen, capacitive gesture learning curve, lack of EAL certification on the secure chip, limited chain support, and a $165 price that competes directly with the Trezor Safe 5’s larger feature set. For Bitcoin-focused holders who prioritize proof over specification, this is the right device.
Check Price at BitBoxIf you want broader chain support and a color touchscreen at a similar price, see the Trezor Safe 5 review. For the full market overview, see the hardware wallet comparison.
Sources
- BitBox02 Security Features (official documentation)
- BitBox02 Threat Model (official documentation)
- BitBox02 Firmware (open-source GitHub repository)
Frequently Asked Questions
Is the BitBox02 safe?
The BitBox02 uses a dual-chip architecture where the wallet seed requires three separate secrets to decrypt: the secure chip’s key, the MCU’s stored secret, and the user’s device password. The firmware is open-source with reproducible builds, meaning anyone can verify the shipped binary matches the public source code. Independent security audits have reviewed the firmware. The main consideration is that the ATECC608B chip does not carry a Common Criteria EAL certification, though the overall defense-in-depth design compensates by ensuring no single chip compromise is sufficient.
What is the Bitcoin-only edition?
The Bitcoin-only BitBox02 runs firmware that supports only Bitcoin. All code related to Ethereum, Litecoin, and other chains is removed at the source level. This reduces the total codebase, narrows the potential attack surface, and eliminates any risk from vulnerabilities in non-Bitcoin code paths. The firmware edition is enforced by the bootloader and cannot be changed after initial setup.
How does the microSD backup work?
During setup, the BitBox02 writes an encrypted backup of your wallet seed to a microSD card. To restore, insert the card into a new BitBox02 and enter your device password. The backup file is encrypted, so the card alone is not sufficient for recovery. You can also optionally view and write down the standard 24-word seed phrase as an additional backup method for redundancy.
Does the BitBox02 work with phones?
The BitBoxApp supports Android via a direct USB-C connection. There is no iOS support and no Bluetooth or NFC connectivity. Desktop use on Windows, macOS, or Linux remains the primary workflow.
How does the BitBox02 compare to the Trezor Safe 5?
Both are open-source and USB-C only. The Trezor Safe 5 has a larger color touchscreen, an EAL6+ certified secure element, and broader multi-chain support. The BitBox02 has a smaller form factor, microSD backup, reproducible firmware builds, and a Bitcoin-only firmware edition. Choose the Trezor Safe 5 if you value a touchscreen and wide chain coverage. Choose the BitBox02 if you prioritize compact design, build verifiability, and a Bitcoin-only option.
