Digital Bitbox Bitcoin Hardware Wallet Review

Digital Bitbox is a Bitcoin hardware wallet which stores your private keys internally, on the device, so your cryptographic secrets (which means your assets) are reasonably safe since they never go online. Hardware wallets can be used on a malware infected PC. Because the keys are always on the device secure microchip, isolated, viruses or keyloggers can’t access them.

I stressed the importance of keeping your private keys offline, several times on the blog. But due to the number of newbies entering the community, it won’t kill me to tell it again. Your private keys are your crypto assets. If you lose the access to them, you lost your assets, permanently. The private key is a string of numbers and letters which opens the door to anyone who owns it, to use all the coins deriving from that particular master seed.

The elevator pitch that Digital Bitbox gives to potential buyers is that it is open-source, minimalist, Swiss made hardware wallet which has a stand-alone software wallet. It enhances users privacy with Tor and Tails compatibility. Furthermore, device private keys are immediately backed-up on a microSD card, so there’s no need to write them down. It allows users to quickly backup multiple private keys and manages them efficiently.

Created by Shiftdevices, a company founded two years ago, based in Switzerland, the device continues the trend of European companies manufacturing hardware wallets. Shiftdevices is part of an ETH Zurich (University in Switzerland). It’s their spinoff company, which means it has its management and the structure but is still a part (division) of the parent company. The company was founded by scientist, Douglas Bakkum and Jonas Schnelli, the Bitcoin Core Maintainer. The development team includes a few more prominent names from the crypto community.

In this article, I would like to take an in-depth look at this minimalist Bitcoin hardware wallet and guide you step by step on how to set it up, secure it, send and receive payments. We will take a look at the advanced features it offers. My goal is that by the time you finish the article you’ll know if it’s the right hardware wallet for yourself. If you already own one, I hope this can serve as a step by step guide, as I did my best to write it from a newbie perspective. I purchased this wallet with my Bitcoin, and I was not paid or compensated to write the article.

Packing

Digital Bitbox arrives packed in a heat-sealed mylar bag. Some earlier versions of the product contained tamper-proof sticker, but the one I got was wrapped in the bag.

Once you open the mylar bag, inside, you’ll see two Digital Bitbox stickers and a rectangular cardboard box. On the front side of the box, there is an illustrated wallet. Backside highlights essential product features such as minimalistic design, second-factor authenticator, painless backup and recovery and more. Manufacturer prides with a Swiss made a product by emphasizing that on the box. Overall, the package is pretty decent. Nothing fancy or wrong about it.

Unboxing

When you open the cardboard box, inside, you’ll see a bit primitive packing of the product. There is no premium feeling once you do the unboxing. Everything is simple. Inside there is a hardware wallet and a SanDisk MicroSD 4GB memory card. Having a bit of experience with SD cards, I was quite happy when I saw that they included the card from the reputable brand, and not something generic.

There is no manual of any sort or a quick start guide. The inner side of the box has a message stating “Getting Started digitalbitbox.com/start.” I did not feel comfortable setting up the device which does not come with any instructions on how to set up the product. Good news is that this is an easy fix. The manufacturer can create a leaflet and place it in the upcoming batches if they want to.

Authenticity check

The wallet app automatically checks if the firmware installed on the device is signed by the manufacturer. Bootloader installed on the machine in the manufacturing process can’t be altered checks the authenticity.

Bootloader check on the startup. This happens only once, so you’re sure that nobody had access to a device before you

Tamperproof stickers

The tamper-proof stickers are no longer the part of the protection. According to their support, it is not a valid way of protecting the package. Theoretically speaking, the attack vector is: The malicious third party, can intercept the package and replace it with the new box.

Earlier batches of the device contained these protective holographic stickers, whereas newer batches do not. A colleague reviewer had a chance to review the early batch and discovered that it was very easy to pull out the device even with the tamper-proof sticker .

With heat-sealed mylar bags, it is not possible to easily pull out the device without making a damage to the packing.

Please understand that tampering the package only gives the false security impression. If you’re a high-profile target, someone with enough resources and knowledge could track your package and replace it entirely. It’s the attack vectors for any hardware wallet out there.

Update : The part of the article regarding the package has been modified and made clearer. Thanks Peter Todd for pointing it out.

Design and Build Quality

At the back, Digital Bitbox has a touch button and an LED indicator. The purpose of the button is a physical user confirmation. On the side, there’s something quite unusual – a microSD slot. The idea is that the backup of your private key string will be generated on a microSD card, out of the box. When you initialize the wallet, it generates a backup for you. You need to store the SD card separate from the hardware wallet. The backup can be used to import the keys into another compatible (or an another Digital Bitbox) wallet if you lose, break or your someone steals your hardware wallet. I’ll cover backups, their management, and security, later in this article.

Inside, the device has a dual microchip. One chip single-purpose microcontroller which is a mini-computer.  The second chip is the tamper-resistant chip (similar to what Nano S has) which is designed to make physical extraction of the keys quite hard and expensive or some say impossible.

Furthermore, there is a hardware true random generator chip. The chip randomly generates the private key. But how can you as a user trust a chip? Good question. They apparently added some randomness in the production process and also use entropy from your device, which is unique. That means that randomness comes from the chip, entropy added in the production and from your environment. I quite liked that they were quite open on how the whole process of generating the private key to ensure true randomness works.

The random key generator which uses entropy from the device comes from the password you enter.  (Trezor uses the entropy from the device as well) To generate your private key. This way the device has double or triple layer protection, depending on how you look at it.

For an attacker to guess how private key is generated is to infiltrate into your PC, the device, and their manufacturing process. That makes key guessing extremely difficult and creates multiple defense points. I also the trust in the company in the process of private key creation, since they do not know what password you’re going to input even if the messed with chip and factory entropy in any way.

Getting Started

Follow the instructions on the startup page of the Digital Bitbox website.

1. Download the wallet app and install it

The first step is to download and install a standalone wallet application on your PC. The wallet is available for all three major operating systems (Windows, Linux, and OSX). Click on the icon of the system you’ll be using.

I first tried Linux. The process was simple, but I encountered problems with the device not being recognized. Luckily the solution problem was presented on the download page right away with proper instructions and commands. I was able to resolve the issue within few minutes.

2. Insert the memory card and plug in the device

After the software download and installation put the microSD card inside the Digital Bitox SD card slot and insert it into your USB port. If the device is recognized by your operating system, you will see “device connected” in the left bottom corner of the wallet window.

3. Setup your wallet

Enter your “wallet name” and password and password confirmation.

Click onto “submit” button. You will next be updated to update the firmware of the device. Click on the > Yes. Next, you will have to confirm on the device by holding the touchpad (button) for 3 seconds or more. This confirmation unlocks the bootloader for new firmware. When you do that, you’ll be asked to unplug the USB stick and plug it in again. Press the touch button once again to initiate the upgrade process.

Next, you’ll see the app upgrading the firmware which will take few moments. Upgrade successful message should appear. It will ask you to unplug the Digital Box from your PC and insert it once again. This time, do not tap onto touch button. Enter your wallet password. Now, you need to “lock the firmware” which will prevent further accidental firmware updates. Hold the touch button for three more seconds as instructed. You will now be able to access your Digital Bitbox wallet app.

4. Remove SD Card

Remove your SD card and store it in a safe and dry place. It contains your private key. Whoever has access to it can access your assets and steal them. Do not share it with anyone.

1. SD card contains a key. If I insert that card into my PC, does that mean that a virus can access it?
2. What is the safest method of backing up besides having another Digital Bitbox wallet?
3. I am quite worried to disclose a digital copy to my PC, is this key encrypted or anyone can swipe it in out of the box?

Wallet

After the successful setup, the wallet interface will open. The first thing I noticed is that the UI looks very minimalist and easy to navigate. However, on Linux, the design of some parts seemed quite messed-up. On Windows 10 I did not have such alignment problems.

One more thing I immediately noticed is that generated receive address is not SegWit address starting with number 3, instead created address is Bitcoin legacy address. I was quite unpleasantly surprised with this, but I was informed that they are working on adding SegWit in their next update.

Let’s take a look at very concise and well-organized options inside the wallet and the features Digitalbitox offers.

The wallets interface is divided into five segments :

• History
• Receive
• Send
• Options
• Multisig

History

This segment is very concise. It displays your incoming and outgoing transactions. It shows your wallet name, available balance and transaction information (Amount | Address | Date )

Receive

To receive a Bitcoin payment, use this section. It will show you a freshly generated QR code and address in text format which you can use to receive coins. There are two additional options :

• Get new address – manually get a fresh public address
• Verify the address – verify that the address in the software is the same as the one wallet is sending coins to by checking by verifying it via a mobile application.

Send

Like pretty much everything, sending coins from DigitalBitbox hardware wallet is easy. Inside the “Send” section of the desktop wallet, you’ll see your available balance and field which you need to fill out to send payment.

• To Address – public address where you want coins to be sent
• Amount BTC – the Bitcoin amount you wish to send
• Fees – Priority | Standard | Economy | Budget – the fee you want to send. The higher the fee, the faster the transaction will get confirmed.

There are several things I did not like about the way in which DigitalBitbox handles sending.

First of all, there is no option to verify the sending address on the device due to the lack of the screen. This means that when sending the Bitcoin to any address, you just have to trust that your wallet software is not compromised and that address you see on your PC is the one the wallet will be sending Bitcoin too.

I found this unacceptable. At first, I thought I was doing something wrong and that it’s impossible that they did not implement the ability to verify the address when sending your Bitcoin.

When you want to send bitcoin, you’ll have to physically hold the touchpad of the device for 3+ seconds. If you just touch it, you’ll cancel it.

The wallet does not have dollar, euro or any other amount you can enter; you can only send Bitcoin amounts, which is not good user experience. Furthermore, there is no way to set custom fees, nor you’re able to see the estimates time for transaction confirmation.

Options

You can configure the settings and add additional features to your Digitalbitbox by changing options. This paragraph will cover all of the settings in the order they appear inside the desktop software.

Manage backups

Backups are important. I will cover how best backup practices with DigitalBitbox a bit later, but now let’s talk about backup management. This hardware wallet stores private keys in PDF format on the SD card. You can have plenty of private keys stored this way for different wallets.

To open a wallet which belongs to a different private key, you’ll have to recover it. Other wallets like Nano S or Trezor require much time when recovering the keys. Since Digitalbitbox stores it on an external medium, an SD card, the recovery takes few seconds. I’ll talk about attack vectors, usability improvements and pros and cons of this way of securing the private key in a moment, but first, let me guide you through the wallet recovery. The thing of this as a hard disk backup. You wiped your PC, and you’re now plugging in an external USB where all of your images are, so you’re recovering them. We’re doing the same. We have a private key in PDF format stored on an SD card, and we’re importing it into our DigitalBitbox.

There are several buttons/options when managing backups. Unfortunately, the wallet interface does not explain what each does.

• Add – creates the backup of the current wallet. (The one you’re using at that moment).
• Verify – verifies that the PDF file is recoverable and that it is the appropriate format
• Restore – restore the wallet from backup/import private keys (covered below)
• Erase – deletes the selected wallet. Be very careful here. Delete only the wallets you’re sure you do not need or already have a backup. This removed the backup from the memory card. I suggest that device asks the user twice when you try to delete a wallet, at this moment it will give the warning once if you delete a wallet and have no backup elsewhere, you lost all of your Bitcoin.
• Erase all – deletes an entire SD card and all the backups on it. Be very careful with this and use it only if you have another SD card with wallets backed up.

Restoring the wallet (importing private keys from the SD card)

To import a private key and at the same time your Bitcoin, click on Options tab > Manage backups > Select the PDF file containing your private key (you can have multiple private keys stored, the larger the memory card memory, the more private keys you can store) > Restore > Enter your wallet password. That’s everything. No manual words were entering, nothing. Smooth and fast.

As you can see remembering your wallet password for the recovery is crucial. Do not forget it.

Change password

If you wish to change the password of your wallet, you can do it here. Changing the wallet password does not change the backup password, use this option carefully. You’d need to create the backup again if you wish to change the backup password.

Create new wallet

You can create an unlimited amount of wallets. New wallet means new private key. Make sure to backupthe new wallet if you plan to hold your cryptocurrencies on it.

Reset device

If you want to factory reset the device settings and wallets, you can do it here. Please before doing that, if you have any funds deposited into any of the wallets, make sure to have the SD card backup.

Enable Full 2FA

Enabling the 2FA gives you better security. By enabling it, you will be able to verify the transaction on your mobile phone and audit the address before broadcasting the transaction to the network. To use this feature go to > Options tab> Full 2FA.

When you click on it, you’ll be given a warning.

If you have a wallet backed up on the SD card you’re good to go. Proceed. The wallet software will now enter the “lock mode” and disable most of the functions.

If you do not open the app on your phone, you’ll get the warning saying “2FA enabled, but no mobile app found online”. Open the app you previously paired, and try again. Click on “create transaction.” The pop-up window will ask you to verify the transaction on your phone.

Unfortunately, just as I was hoping that this might work, on my Android phone, I got an error. The app was in the loop checking for the connection. After some thinking, I realized that my VPN has probably been blocking the connection between the PC (wallet) and the phone. After disabling it, I was able to establish the connection and see the address on the device.

So the wallet advertises as the privacy aware, but I had to disable my VPN. That got me thinking. I left the VPN and enabled Tor, it did not work, I was still having connection issues, so I decided to try it out on Tails.

Unfortunately, the connection between the phone and software wallet on Tails is not working. You can’t verify the addresses. This bug was acknowledged by the manufacturer, and I was told they are working on fixing it. I was unable to find this issue on the Github. This is a problem and I hope they will fix it soon. At the moment of publishing this review, be very careful when using Digital Bitbox on Tails. While most of the features will work, you will not be able to use an app to verify the addresses, which is a serious flaw.

Connect mobile app

Establish the connection and pair the device with your mobile app. The step by step is covered in the “Mobile App paragraph”.

Blink LED

Not sure why is this feature useful, but it does what it says. When you click on the button, the USB will blink.

Get Random Number

Thanks to the random generator chip, if you ever need a random number, you can get it here. It’s generated internally on device microchip.

Check for updates and upgrade firmware

Pretty self-explanatory, manually check if there’s an update and upgrade the firmware.

Expert settings

The expert settings contain features which advanced user might need. There are four tabs.

• Wallet Service URLs – configure the service wallet URL
• Proxy Tor –  If you’re using the wallet over Tor or in Tails, enable this, otherwise keep unchecked
• Hidden wallet Password – excellent security feature. This is also known as “plausible deniability” or a passphrase. By enabling it, you are activating a hidden wallet feature which you can load with the tiny amount of BTC and use it to trick the attacker by entering the hidden passphrase. It opens a completely new wallet. I did not like that setting the secret wallet password reveals the password to a PC and is vulnerable to keyloggers. (See the GIF below) This should be fixed.
• U2F – pair or upair the U2F keys

Multisig

The feature which is promising is the ability of multisig right out of the box. To enable it you need to download and create copay wallet as your main wallet. The Digital Bitbox can be used as a secondary wallet from which you’d need to confirm the spending. I plan to test out this feature in the next few days and will update the article when I do that.

The integration with Copay works amazingly well, and out of the box, it takes few seconds to set up

Mobile app

Since Digital Bitbox does not have a screen like most of the other hardware wallets, they came up with an idea of using a mobile app. The purpose of the mobile app is to be a remote screen where you can verify what the device is signing (for instance verify that the address you’re seeing in your client wallet on your PC is the actual address the wallet is sending the coins to)

According to their support, the communication between the device and a mobile app is encrypted with the Diffie Hellman key exchange.

The way in which device handles verification might be reasonably secure, but I am not a fan of it. If nothing, the fact that I have to take out my phone to verify the address ruins the user experience and the whole concept of the “minimalist wallet.” I believe that screens on the device provide much better protection than the app, which just gives more options to a potential attacker.

Installing the app

The mobile phone software is available for iOS and Android. I performed the test on the Android. If you’re using the application for the first time, you’ll have to pair the device with the phone. Go to your desktop app > Options > Connect mobile app. On the desktop app, you’ll see the QR code. On your mobile phone, open the mobile app and click scan to scan the QR code.

The next step is to pair your hardware wallet by entering the number of LED blinks in each set. I thought this is a bit weird method of pairing and not quite user-friendly, but basically, you’ll have to pay attention to how many time will need the LED on the Digitalbitbox wallet blink. It will be a number from 1-4. This was a frustrating UX.

Tails Setup

One of the most significant advantages of the Digitalbitbox is that it has better privacy compared to other hardware wallets which offer web browser or Google Chrome app solutions for their wallets.

Digitalbitbox is compatible with Tails. The setup is not as smooth as you’d expect since there is not only the lack of concise documentation, but the provided instructions are misleading and require an update.

To save newbies the trouble of spending some time to figure out how to configure the hardware wallet with Tails, I’ll provide step by step instructions. Hopefully soon, the manufacturer will do the same. This setup assumes is valid for  Tails 3.5 and Digitalbitbox 2.2.2 on a 64bit system. Different version or system will require you to edit out some parts of the instructions.

1. When you boot up Tails, make sure to enable the administrative password.

2. Open your Terminal and type in the following command

curl -O https://digitalbitbox.com/download/DigitalBitbox_2.2.2_Linux64.tar.gz

2a. If that does not work and you get an error saying ” Failed to connect to digitalbitbox.com port 443: Connection refused”

enter this:

curl -O --socks5 localhost:9050 https://digitalbitbox.com/download/DigitalBitbox_2.2.2_Linux64.tar.gz

3. Next, enter this:

tar -xzf DigitalBitbox_*_Linux*

4. Now you’ll need to set the permission; you’ll need sudo access

printf "SUBSYSTEM==\"usb\", TAG+=\"uaccess\", TAG+=\"udev-acl\", SYMLINK+=\"dbb%%n\", ATTRS{idVendor}==\"03eb\", ATTRS{idProduct}==\"2402\"\n" | sudo tee /etc/udev/rules.d/51-hid-digitalbitbox.rules > /dev/null && printf "KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", ATTRS{idVendor}==\"03eb\", ATTRS{idProduct}==\"2402\", TAG+=\"uaccess\", TAG+=\"udev-acl\", SYMLINK+=\"dbbf%%n\"\n" | sudo tee /etc/udev/rules.d/52-hid-digitalbitbox.rules > /dev/null

(you’ll need to enter your administrator password, if you have not added it in the Tails setup, reboot your tails and add it as described in step 1.

5. Set another permission

printf "SUBSYSTEM==\"usb\", SYMLINK+=\"dbb%%n\", GROUP=\"plugdev\", MODE=\"0664\", ATTRS{idVendor}==\"03eb\", ATTRS{idProduct}==\"2402\"\n" | sudo tee /etc/udev/rules.d/51-hid-digitalbitbox.rules > /dev/null && printf "KERNEL==\"hidraw*\", SUBSYSTEM==\"hidraw\", SYMLINK+=\"dbbf%%n\", GROUP=\"plugdev\", MODE=\"0664\", ATTRS{idVendor}==\"03eb\", ATTRS{idProduct}==\"2402\"\n" | sudo tee /etc/udev/rules.d/52-hid-digitalbitbox.rules > /dev/null

6. Finally, execute the binary:

./DigitalBitbox_2.2.2_Linux64

You should be able to see the wallet and enter your password. However, we need to enable Tor inside the wallet to show your balance. Options>Expert settings go to > Tor > Check Use Tor > Check “Bypass the Cloudfare Tor blocker”

If you followed the steps carefully, you should now be able to use DigitalBitbox with Tor and Tails. I truly hope that future instructions and the documents will improve. I received excellent support from the manufacturer in trying to figure this out.

Backup

The backup part of Digitalbitbox is different compared to other wallets. Since it stores all the data onto an external source – the SD card. While this method provides smooth user-experience and straightforward setup, users must be cautious with this method of backing up.

Quite honestly, unless you buy two DigitalBitbox wallets, I do not think this is a secure way of backing up your private keys since, at some point, you’ll have to reveal them to a PC. You need to have full confidence that your PC is not compromised while doing this. If you want to do that, please use a clean installation of Tails.

Onto the SD card in a folder called /digitalbitbox you’ll see PDF documents looking like the one bellow with your private key string. Use the string to recover the wallet by importing it into a compatible BIP32 and BIP44 wallets like Electrum or Samurai.

Support

The customer support for Digitalbitbox is handled through their website. On the contact page I was unable to find the contact form, and after a bit of research, I found that the email where you can send your questions is support@digitalbitbox.com

All of my emails were replied within 24 hours, and I’m satisfied with the level of information their support team provided. So far my communication was with a single representative, so I’m not sure if they have one employee handling that customer enquires or multiple. Regardless, the representative was very prompt and provided satisfactory replies to even some quite technical questions I had.

Community

Unfortunately, the community behind this wallet is quite tiny. The subreddit has a tiny amount of subscribers, and from what I noticed there are no official representatives answering questions there. Apparently, the products need to market itself and have a bigger customer base to grow the community.

Summary

With a minimalist look, Digital Bitbox is a hardware wallet which you can carry around or plug into your laptop in a public space without looking like a weirdo and attracting attention. It looks exactly like a typical USB Stick and does not have any flashy features which can make you stand out from the crowd of IT dudes in a coffee shop.

The stand-alone desktop client is something I am delighted to see. The Tails and Tor compatibility are much-necessary features in the space. To use it on a public PC, you’ll need to download the software.

The initial setup is a breeze and is without any doubt the quickest and easiest hardware wallet that I configured so far. SD card backup is an interesting concept which can be good for newbies and eliminates the stress of having to write the correct backup seed, but – it’s kept external. You need to take care of it well and to reveal it; you need a safe PC environment. The safest option I can think of with this concept is to have two Digital Bitbox wallets and several SD cards backups. SD cards can fail, that’s nothing new. Keep your private keys on at least two cards. If you have only one device and want to import the keys into another hardware or software wallet, do it in a safe environment and with no internet access.

The customer support is excellent, and all of my questions were replied within a few hours. I feel that there’s a severe lack of user documents and videos and that the manufacturers need to work on it.

The fact that at the time of writing this article, Digital Bitbox supports only Bitcoin and Ethereum (ETH, ETC, and ERC20 tokens), will be a  deal-breaker for plenty of people. They are working on integrating more coins in the future, but they are far behind the competition. Even though it’s beautifully simple and easy to use desktop wallet lacks some serious security features like the easy way to verify the address when sending the coins from the wallet.

EDIT: Digital Bitbox supports the following coins: Bitcoin (BTC) and Ethereum (ETH, ETC, and ERC20 tokens). Thanks, u/rgm1 for correcting me.

I am not a fan of the lack of LCD screen and inability to verify the address on the device itself. The company probably had to sacrifice the LCD to get the minimal and unintrusive design. Digital Bitbox is a decent product developed by a trustworthy team. They need better marketing and features that will attract more customers and increase their very tiny and niche community.

The creators of the wallet indeed managed to fill the hole in the market and create a private, minimalistic wallet, but it still needs development and improvement to attract a more substantial amount of people. I was informed they are working on an improved 2.0 wallet client which will address some of the concerns I had and possibly implement few more coins, Litecoin for starters. Furthermore, the feature to connect the hardware wallet to your full node is something on the roadmap.

Cons

Pros