The BitBox02 is Swiss-made, fully open source (firmware and hardware schematics), and available in a Bitcoin-only edition with a smaller attack surface. At CHF 149, it sits between the budget-friendly Trezor Safe 3 and the premium Foundation Passport. Here's whether it earns that price after weeks of daily use.
Shift Crypto built this wallet in Zurich for people who believe trust should be verified, not assumed. Everything is auditable. The code, the hardware design, the companion app. If you're looking for a USB-connected signing device that takes transparency seriously without making you feel like you need an engineering degree, the BitBox02 deserves your attention.
Quick Verdict
Open-source purists and Swiss privacy fans
| Chip | ATSAMD51 |
| Secure Element | ATECC608A (Microchip) |
| Connectivity | USB-C only |
| OS Support | Windows, macOS, Linux |
| Companion App | BitBoxApp |
| Origin | Switzerland (Shift Crypto, Zurich) |
| Bitcoin-only edition | ✓ Yes |
| Price | CHF 149 |
| Category | Score | Notes |
|---|---|---|
| Security | 9.0/10 | Dual-chip, anti-klepto protocol, open-source everything |
| Ease of Use | 7.5/10 | BitBoxApp is great, but touch sliders take practice |
| Open Source | 9.5/10 | Firmware + hardware schematics + app. Top-tier transparency |
| Price / Value | 7.5/10 | CHF 149 is fair for what you get. Trezor is cheaper at $79 |
| Overall | 8.5/10 | Best open-source USB wallet for privacy-focused Bitcoiners |
The BitBox02 is a hardware wallet made by Shift Crypto, a company headquartered in Zurich, Switzerland. It comes in two versions: a Multi edition that supports several cryptocurrencies, and a Bitcoin-only edition that runs dedicated firmware for BTC and nothing else.
What makes this wallet stand out? Everything is open source. The firmware is on GitHub. So are the hardware schematics. Independent researchers can audit every component, from the circuit board traces to the signing logic. For security-conscious Bitcoiners, this transparency is not a bonus feature. It is the baseline requirement.
The device itself is small. Really small. About the size of a USB stick with a tiny OLED screen on one side and capacitive touch sliders along the edges. You connect it via USB-C (no dongles, no adapters on modern machines) and manage it through BitBoxApp, the companion desktop application.
For buyers in Germany, Austria, and Switzerland, the BitBox02 has a natural appeal. Swiss manufacturing, strong privacy laws, short shipping distances, and a company that operates under one of the strictest data protection regimes in the world. That is not a marketing story. It is a legal reality that directly benefits you.
We tested the Bitcoin-only edition over several weeks for this review. Day-to-day transactions, multisig setups with Sparrow, DCA withdrawals from exchanges, and firmware updates through BitBoxApp. Here is what we found.
The BitBox02 uses a dual-chip architecture. An ATECC608A secure element stores your private keys and handles cryptographic operations. A separate microcontroller runs the user interface and firmware. This separation means an attacker would need to compromise both chips to extract your keys. One chip alone is not enough.
The firmware is deterministically built. You can compile it from source and verify the resulting binary matches what is running on your device. This is a level of transparency that Ledger flat-out does not offer (Ledger's secure element firmware is closed-source). If you cannot verify what your hardware wallet is actually running, how do you know it is doing what the manufacturer claims?
The Bitcoin-only edition runs a smaller codebase than the Multi edition. Less code means fewer potential vulnerabilities. If you do not need altcoin support (and if you are reading this on a Bitcoin-only site, you probably do not), the Bitcoin-only firmware is strictly more secure.
One standout feature: the anti-klepto protocol. This prevents the device from leaking your private key through the signing nonce, a theoretical attack vector where compromised firmware could slowly exfiltrate key material during normal transaction signing. Most hardware wallets do not protect against this. The BitBox02 does. It is the kind of detail that security researchers love and normal users will not notice, but it is exactly why the security score hits 9/10.
What is missing? The BitBox02 connects via USB-C, so it is not air-gapped. Your computer and the device share a physical data connection during signing. For most people, this is fine. The secure element keeps your keys isolated regardless of what happens on the USB bus. But if you want a full air-gap (no cable at all), look at the Foundation Passport or Coldcard Mk4 instead.
During setup, the BitBox02 gives you two backup options. First, the standard 24-word BIP39 seed phrase that works with any compatible wallet. Second, an encrypted backup to a microSD card that slots into the bottom of the device.
The microSD backup is convenient. If your BitBox02 breaks or gets lost, you can buy a new one, insert the microSD card, enter your device password, and restore your wallet in under two minutes. No typing 24 words one letter at a time using touch sliders. Just insert, confirm, done.
Here is the catch. The microSD backup is not a standard BIP39 export. It is an encrypted file that only works with BitBox02 devices. If Shift Crypto disappeared tomorrow and you only had the microSD card, you would be stuck. That is why you should always write down the 24-word seed phrase too. The microSD is your fast recovery option. The seed phrase is your universal, manufacturer-independent backup.
Keep both. Store them separately. The seed phrase goes on steel (not paper) in a secure location. The microSD card stays somewhere accessible but safe. Think of the microSD as your quick-restore and the seed phrase as your cold storage insurance policy.
BitBoxApp is Shift Crypto's companion desktop application for Windows, macOS, and Linux. It handles everything: setup, firmware updates, sending, receiving, and wallet management. The interface is clean and uncluttered. No dashboard of altcoin prices. No DeFi tabs. Just your Bitcoin balance, transaction history, and the tools you actually need.
Two features deserve special attention. First, coin control. BitBoxApp lets you select exactly which UTXOs (unspent transaction outputs) to spend when constructing a transaction. This matters for privacy because it prevents you from accidentally linking coins from different sources. Most hardware wallet apps hide this entirely. BitBoxApp puts it front and center.
Second, built-in Tor support. You can route your connection through the Tor network directly from BitBoxApp's settings. One toggle. No manual configuration, no external software needed. This hides your IP address from the Bitcoin nodes you are connecting to, which prevents network-level surveillance from linking your transactions to your physical location. For privacy-focused users (especially in the DACH region, where data protection awareness runs deep), this is a big deal.
The app also supports custom fee selection, address verification on the device screen, and transaction labeling. It connects to Shift Crypto's full node by default, but you can point it at your own node if you run one. That is the kind of flexibility power users expect.
If you outgrow BitBoxApp, the BitBox02 works with Sparrow Wallet, Electrum, Specter Desktop, and other PSBT-compatible software. Sparrow in particular offers deeper transaction construction and multisig coordination. But for most users, BitBoxApp does everything you need with less friction.
The BitBox02 does not have buttons. It uses capacitive touch sensors along the edges and face of the device. You slide to scroll through menus, tap to confirm, and use gestures to go back. The OLED screen is small but clear enough to verify addresses and transaction details.
Honest take: it takes about five minutes to learn and ten minutes to stop accidentally selecting the wrong option. Once you are used to the gestures, it works fine. But it is not as intuitive as the Trezor's touchscreen or as tactile as physical buttons. Entering your seed phrase on the device (sliding letter by letter) is the most tedious part. Slow. Deliberate. A bit frustrating.
This is the weakest part of the BitBox02 experience. Not bad enough to avoid the device. Just different, and slightly less polished than what competitors offer. The microSD backup helps here too: if you ever need to restore, you can skip the manual seed entry entirely.
The BitBox02 competes directly with three wallets at different price points and with different philosophies. Here is an honest side-by-side.
| Feature | BitBox02 (CHF 149) | Trezor Safe 3 ($79) | Ledger Nano X ($149) | Passport ($199) |
|---|---|---|---|---|
| Open-source firmware | Yes | Yes | No (closed) | Yes |
| Open-source hardware | Yes | Yes | No | Yes |
| Bitcoin-only option | Yes | Yes | No | Yes (default) |
| Air-gapped | No (USB-C) | No (USB) | No (USB + BT) | Yes (QR only) |
| Secure element | ATECC608A | Optiga Trust M | ST33J2M0 (EAL5+) | EAL6+ |
| Anti-klepto | Yes | No | No | No |
| microSD backup | Yes | No | No | Yes |
| Coin control | Yes (BitBoxApp) | Yes (Trezor Suite) | Limited | Yes (Envoy/Sparrow) |
| Tor support | Built-in | Manual | No | Via Sparrow |
| Made in | Switzerland | Czech Republic | France | USA |
The honest take: if budget is your top priority, the Trezor Safe 3 at $79 offers nearly identical open-source transparency with a simpler setup experience. If you want air-gap security and do not mind spending $199, the Foundation Passport is the best QR-based option. Avoid Ledger if open-source firmware matters to you. And the BitBox02? It is the best middle ground: open source, Swiss-made, coin control, Tor, and the anti-klepto protocol. Each wallet serves a different person. Know which one you are.
This is not just about branding. Switzerland has some of the strongest privacy and data protection laws in the world. Shift Crypto operates under Swiss jurisdiction, which means they cannot be quietly compelled to insert backdoors or hand over user data the way companies in other countries might be. Swiss law protects you even if you are not a Swiss citizen.
Manufacturing locally also reduces supply chain risk. When your hardware wallet is designed, assembled, and tested in the same facility in Zurich, there are fewer opportunities for tampering during shipping or assembly. Contrast that with devices manufactured in one country, assembled in another, and shipped from a third. Each handoff is a potential point of compromise.
For the DACH audience specifically (Germany, Austria, Switzerland), buying a BitBox02 means shorter shipping times, no customs headaches within Europe, and support from a company in your time zone that speaks your language. Shift Crypto's website and documentation are available in German. Their support team responds in German. Small details, but they add up when you need help at 3 PM on a Tuesday.
And then there is the cultural angle. Swiss precision engineering has a reputation for a reason. The BitBox02 feels well-built, the firmware is clean, and the company treats security as a first principle rather than a feature to add later. You are not just buying a wallet. You are buying into a design philosophy that takes quality seriously at every layer.
Yes, and this is where the BitBox02 stands apart from most competitors. Shift Crypto publishes three things on GitHub: the complete firmware source code, the hardware schematics (circuit board design), and the BitBoxApp companion software. All of it. You can audit every layer.
Most hardware wallet companies publish firmware but keep their hardware designs locked away. You can verify what code the device is running, but you cannot verify what chips are on the board or how they are wired together. Shift Crypto gives you both. You can see the ATECC608A secure element, the microcontroller, the OLED display connections, and every trace on the PCB. If you are paranoid enough (and protecting enough Bitcoin), you could build the hardware from their published designs.
Why does this matter in practice? You are trusting this device with money. Maybe a lot of money. Closed-source firmware means you are taking the manufacturer's word that there are no backdoors, no key-logging, no data exfiltration channels. Open firmware lets independent researchers verify that claim. Open hardware goes a step further: it lets you verify the physical device matches the published design.
For context: the Foundation Passport also publishes both firmware and hardware schematics. The Coldcard publishes firmware but not hardware. Ledger's firmware is completely closed. The BitBox02 and Passport are tied for the gold standard in full-stack transparency.
And there is a bonus: deterministic builds. You can compile the BitBox02 firmware from source yourself and compare the resulting binary against what is on your device. If they match, you know your device is running exactly the published code. No surprises. No hidden modifications. This is the kind of verification that “do not trust, verify” was made for.
Does this matter for the average user who will never read a line of code? Indirectly, yes. Open source means security researchers, independent auditors, and the broader Bitcoin community actively review the code for vulnerabilities. Bugs get found faster. Backdoors cannot hide. The security of the device does not depend on trusting Shift Crypto alone. It depends on the code being correct, and anyone can check.
The BitBox02 is compact. Smaller than a lighter, thin enough to slide into a pocket. The body is a polycarbonate shell with an integrated USB-C connector (no cable needed for the physical connection, just plug it into your computer). The whole thing weighs about 12 grams. It does not feel like a premium device in the way that the Foundation Passport's aluminum chassis does, but it feels well-made. No creaking, no flex, no cheap plastic seams.
The OLED screen sits on the top face. It is small (128 x 64 pixels), but it shows enough: address characters, transaction amounts, and menu options. You will not be reading full paragraphs on this screen, but you do not need to. The critical job is verifying transaction details and receive addresses before signing, and the screen handles that fine.
The microSD slot is on the bottom edge. The card clicks in and stays put. Shift Crypto includes a microSD card in the box along with the device and a USB-C extension cable for computers where the port is hard to reach. Simple packaging, everything you need, nothing you do not.
One nice design detail: the BitBox02 has invisible touch sensors built into the device body itself. There are no visible buttons to wear out or break. The trade-off is the learning curve mentioned earlier, but from a durability standpoint, capacitive sensors with no moving parts should last longer than physical buttons. It is a design choice that favors longevity over immediate intuitiveness.
The Bitcoin-only firmware does one thing and does it well. It signs Bitcoin transactions. That is it. No Ethereum support, no altcoin token management, no DeFi integrations. The firmware is stripped down to the minimum code needed to handle BTC, and that is a security advantage.
Less code means fewer potential bugs. Every additional cryptocurrency adds signing logic, address formats, and network-specific code. Each line is a potential vulnerability. The Bitcoin-only firmware removes all of that. What is left is a smaller, tighter codebase that is easier to audit, harder to compromise, and faster to review when new versions ship.
There is a practical benefit too. With the Multi edition, there is always a chance (however small) of accidentally signing a transaction on the wrong chain. With the Bitcoin-only firmware, that is physically impossible. The device does not know what Ethereum is. It cannot sign anything other than Bitcoin transactions. That kind of simplicity removes an entire category of user error.
Both editions cost the same CHF 149. So the choice is simple: if you hold altcoins, get the Multi. If you are Bitcoin-only (and you probably are if you are reading this site), get the Bitcoin-only edition. There is zero downside to the focused firmware if you only care about BTC.
This mirrors what the Coldcard and Foundation Passport do by default. They are Bitcoin-only from the start, no multi-coin option at all. The BitBox02 gives you the choice, which is fine. Just make the right one.
The BitBox02 is for Bitcoiners who want full transparency without unnecessary complexity. You care about open source. You want to know that the firmware, the hardware, and the app are all auditable. And you are willing to pay a bit more for Swiss manufacturing, privacy-first design, and features like built-in Tor and coin control.
It is also a strong choice for buyers in Germany, Austria, and Switzerland. The Swiss origin means faster shipping, German-language support, no customs friction, and the peace of mind that comes from buying a product built under strong European privacy laws. If data sovereignty matters to you (and in the DACH region, it often does), the BitBox02 fits naturally.
Privacy-focused Bitcoiners will appreciate the Tor toggle in BitBoxApp and the coin control features. If you are running your own node, you can connect BitBoxApp directly to it. If you are not, Tor at least hides your IP from Shift Crypto's default node. Either way, you have more control over your network footprint than most hardware wallet apps offer.
Multisig users should also take a look. The BitBox02 works well as one of several signing devices in a 2-of-3 or 3-of-5 setup. Pair it with a Coldcard and a Passport, coordinate through Sparrow, and you have a multi-vendor quorum where no single manufacturer compromise can touch your funds.
If you have never owned a hardware wallet before, the BitBox02 works as a first device. The setup wizard in BitBoxApp holds your hand through every step. But if budget is tight, the Trezor Safe 3 at $79 teaches you the same fundamentals for roughly half the price. Start there if you need to, and upgrade to the BitBox02 when you are ready for coin control, Tor, and the anti-klepto protocol.
The BitBox02 earns 8.5/10 for being one of the most transparently built hardware wallets available. Fully open-source firmware and hardware schematics, Swiss manufacturing, a polished companion app with coin control and built-in Tor, and the anti-klepto protocol that most competitors skip entirely. For privacy-focused Bitcoiners who care about full-stack auditability, this is the right device.
Half a point off for the price premium over Trezor Safe 3 (which offers similar open-source security at $79) and for the touch slider interface that takes some getting used to. Neither is a dealbreaker, but they are real trade-offs worth knowing about before you buy.
At CHF 149, you are buying Swiss engineering, strong privacy jurisdiction, and a device that treats you as an intelligent adult. The BitBoxApp is clean, the security model is sound, and the company behind it takes transparency seriously. That combination is worth the premium.
Not for everyone. But for the right person: the open-source purist, the privacy-first Bitcoiner, the DACH-region holder who wants a local company with legal teeth behind their wallet. The BitBox02 earns every franc.
CHF 149 from Shift Crypto. Ships from Switzerland with fully open-source firmware and hardware. Bitcoin-only edition recommended.
Affiliate Disclosure: Bitcoin.diy may earn a commission if you buy through our links. This does not affect our ratings.
Yes. Both the firmware and the hardware schematics are published on GitHub. Anyone can audit the code, verify the build, and check that the device does exactly what Shift Crypto claims. Independent security researchers have reviewed the codebase, and deterministic builds let you compile the firmware from source and confirm it matches the binary on your device. This level of transparency puts the BitBox02 alongside Trezor as the most auditable hardware wallets available.
If you only hold Bitcoin, get the Bitcoin-only edition. It runs dedicated firmware that physically cannot interact with altcoin code. Less code means fewer potential bugs, a smaller attack surface, and zero risk of accidentally signing a transaction on the wrong chain. The Bitcoin-only edition is the one most Bitcoiners should pick.
The BitBox02 can back up your wallet to a microSD card in addition to the standard 24-word seed phrase. This encrypted backup lets you restore your wallet quickly by inserting the card into a new BitBox02. It is not a standard BIP39 backup, though. The microSD file only works with BitBox02 devices. Your 24-word seed phrase remains the universal backup that works across all compatible wallets. Keep both: the microSD for convenience, the seed phrase on steel for long-term security.
Both are fully open source with Bitcoin-only firmware options. The Trezor Safe 3 costs $79 vs the BitBox02 at $149. Trezor has a larger community and a longer track record (since 2014 vs BitBox since 2019). The BitBox02 offers the anti-klepto protocol, Swiss manufacturing, microSD backup, and built-in Tor support through BitBoxApp. If budget matters most, go with Trezor. If you want Swiss engineering, coin control, and Tor out of the box, BitBox02 earns the premium.
Yes. The BitBox02 works with popular multisig coordinators including Sparrow Wallet, Electrum, and Specter Desktop. You can use multiple BitBox02 devices or mix them with a Trezor and Coldcard in a multi-vendor multisig setup. Running different hardware from different manufacturers in the same quorum gives you defense in depth. No single manufacturer compromise can steal your funds.
Yes. The dual-chip architecture (ATECC608B secure element plus a separate microcontroller) protects your private keys from physical extraction. The anti-klepto protocol prevents the device from leaking keys through signing nonces, even if a malicious firmware update slipped through. Combined with open-source code that anyone can audit, this is one of the most transparent security architectures in any hardware wallet. For very large holdings, pair it with other devices in a multisig setup.
About 10 to 15 minutes. Download BitBoxApp, connect the device via USB-C, set a device password, write down your 24-word seed phrase, and verify it on the device. You can also create a microSD backup during setup. The touch slider interface takes a minute to get used to, but most people figure it out quickly. The setup wizard guides you through every step.
In Switzerland. Shift Crypto AG is headquartered in Zurich, and the devices are designed and assembled there. This matters for two reasons: Swiss privacy laws offer stronger protection than most countries, and controlling the supply chain locally reduces the risk of tampering during manufacturing. For buyers in Germany, Austria, and the rest of Europe, the Swiss origin also means shorter shipping times and no import duties within the EEA framework.
You can. The BitBox02 works with Sparrow Wallet, Electrum, Specter Desktop, and other compatible software. But BitBoxApp offers the smoothest experience, especially for setup, firmware updates, and day-to-day transactions. It also includes coin control and optional Tor routing, which most third-party wallets handle separately. Start with BitBoxApp. Move to Sparrow later if you want more advanced transaction construction.
The BitBox02 itself never connects to the internet. It is a signing device that holds your keys offline. You do need a computer or phone with an internet connection to run BitBoxApp (or another wallet), which broadcasts signed transactions to the Bitcoin network. But the device itself only communicates over USB-C. Your private keys never leave the secure element, and signing happens entirely on the device before the transaction is sent back to your computer.
The most beginner-friendly open-source hardware wallet at just $79
Maximum security with dual Secure Elements and full air-gap via microSD
Air-gapped QR signing with premium build quality and the Envoy app
Step-by-step guide to long-term Bitcoin storage with hardware wallets
Comprehensive guide to protecting your Bitcoin from theft and loss
Best practices for backing up and storing your 24-word recovery phrase
Side-by-side comparison of every major Bitcoin hardware wallet
Our ranked picks for the best Bitcoin wallets across all categories