Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
Our test script yields this result:
$ scripts/test/hardware/bitBox2.sh 9.15.0 ... firmware.bin created at: /home/leo/wsTest/bitbox02-firmware/temp/build/bin/firmware.bin or /home/leo/wsTest/bitbox02-firmware/temp/build/bin/firmware-btc.bin Hashes of signed download 29581aad94c771090b5d54efc521aa0383a3d57f144453a608c2a813164bed28 firmware-btc.v9.15.0.signed.bin signed download minus sig. b2dfdc5413678f663639a34a5082f93ec253fd405313baca93291cab0a91233c p_firmware-btc.bin built binary b2dfdc5413678f663639a34a5082f93ec253fd405313baca93291cab0a91233c temp/build/bin/firmware-btc.bin firmware as shown in device d743e4306f9c48a71d58d7f286c958fc4f10db0c86abc632d9cb8906d4e830c6 (The latter is a double sha256 over version, firmware and padding)
This version is reproducible.
Tests performed by Leo Wandersleb, Joko Ono, Mohammad Rafigh
Previous application build tests
|22nd May 2023||9.14.0|
|7th August 2022||9.12.0|
|17th February 2022||9.9.0|
|1st December 2021||9.8.0|
|5th October 2021||9.7.0|
|10th July 2021||9.6.0|
Our Analysis is not a full code review! We plan to make code reviews available in the future but even then it will never be a stamp of approval but rather a list of incidents and questionable coding practice. Nasa sends probes to space that crash due to software bugs despite a huge budget and stringent scrutiny.
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.