Security Center

The Ownbit security model

The Ownbit cold wallet is a permanently offline signing device: your private key lives only on this non-networked phone, and its only channel to the outside world is a human-readable QR code. The goal isn't "absolute security" — no system achieves that — but to minimize what you must trust and make everything that remains verifiable by you.

Three foundations of its security

Online · Watch-only PUBLIC KEYS ONLY Offline · Signer HOLDS PRIVATE KEY THE GAP · no network QR only · plaintext
The private key never crosses the gap. All that crosses it is plaintext QR you can inspect line by line.

Each foundation rules out an entire class of attack. These are the design's real, defensible strengths.

Permanently offline (air gap)

The signing phone has no network channel. Removes remote intrusion, background exfiltration and cloud-backup leaks.

You control the key's origin

Keys and seed are never uploaded; stored encrypted on your device. You can generate the seed offline and import it. Removes custodial risk.

A readable channel (plaintext QR)

The only thing crossing the gap is plaintext QR you can inspect line by line — a public key or a signature, nothing hidden.

An honest threat model

No wallet that claims "absolute security" deserves your trust. What deserves trust is a product that states its risks plainly. The threat model page covers what this design removes (remote attacks, custodial risk, watch-side leakage) and the residual trust that remains (signer implementation, entropy quality, build integrity) — and how each is bounded.

How it relates to hardware wallets

This isn't about which is "absolutely stronger," but what you choose to trust. Each model has real trade-offs.

DimensionHardware cold walletOwnbit cold wallet
Key isolationDedicated secure elementPermanently offline general device
What you must trustClosed firmware + supply chainOpen standards + public contracts
Interaction channelProprietary (USB/BT/QR)QR only, plaintext-inspectable
Independently verifiableLimitedContracts / encoding / determinism
Vendor lock-inUsually presentNone; standard seed is portable

It isn't strictly either/or: a hardware wallet is strong on physical isolation, Ownbit on verifiability and no lock-in. For high-value assets, the sounder approach is to spread single-key risk across a MultiSig rather than bet everything on one device.

Don't trust — verify

You don't have to believe us. Every claim here is something you can check by hand: decode a signing QR to plaintext, test the signing determinism, read the public contracts, and verify standard seed import. The verify-it-yourself page walks through each check.

Last updated:

Download

Download Ownbit

Install the app, then set up a cold wallet or MultiSig for the workflow you need.