The signing phone has no network channel. Removes remote intrusion, background exfiltration and cloud-backup leaks.
The Ownbit security model
The Ownbit cold wallet is a permanently offline signing device: your private key lives only on this non-networked phone, and its only channel to the outside world is a human-readable QR code. The goal isn't "absolute security" — no system achieves that — but to minimize what you must trust and make everything that remains verifiable by you.
Three foundations of its security
Each foundation rules out an entire class of attack. These are the design's real, defensible strengths.
Keys and seed are never uploaded; stored encrypted on your device. You can generate the seed offline and import it. Removes custodial risk.
The only thing crossing the gap is plaintext QR you can inspect line by line — a public key or a signature, nothing hidden.
An honest threat model
No wallet that claims "absolute security" deserves your trust. What deserves trust is a product that states its risks plainly. The threat model page covers what this design removes (remote attacks, custodial risk, watch-side leakage) and the residual trust that remains (signer implementation, entropy quality, build integrity) — and how each is bounded.
How it relates to hardware wallets
This isn't about which is "absolutely stronger," but what you choose to trust. Each model has real trade-offs.
| Dimension | Hardware cold wallet | Ownbit cold wallet |
|---|---|---|
| Key isolation | Dedicated secure element | Permanently offline general device |
| What you must trust | Closed firmware + supply chain | Open standards + public contracts |
| Interaction channel | Proprietary (USB/BT/QR) | QR only, plaintext-inspectable |
| Independently verifiable | Limited | Contracts / encoding / determinism |
| Vendor lock-in | Usually present | None; standard seed is portable |
It isn't strictly either/or: a hardware wallet is strong on physical isolation, Ownbit on verifiability and no lock-in. For high-value assets, the sounder approach is to spread single-key risk across a MultiSig rather than bet everything on one device.
Don't trust — verify
You don't have to believe us. Every claim here is something you can check by hand: decode a signing QR to plaintext, test the signing determinism, read the public contracts, and verify standard seed import. The verify-it-yourself page walks through each check.
Threat model
An honest threat model states what a design removes and what it does not. Ownbit's cold wallet removes several whole classes of attack by architecture; a few residual risks remain, which we name plainly below along with how they're bounded.
OpenAudits and code
Here is our audit stance, stated plainly. We would rather put our budget and attention into architecture you can verify than into a certificate.
OpenVerify it yourself
You don't have to believe us. Every claim in the security model is something you can check by hand — no source-code access required. Here are four black-box checks anyone can run.
OpenSecurity FAQ
Straight answers to the security questions we're asked most. For the full reasoning, see the security model, threat model, and verify-it-yourself pages.
OpenLast updated:
Download Ownbit
Install the app, then set up a cold wallet or MultiSig for the workflow you need.