Security / Audit

We attacked
ourselves first.

No other wallet publicly documents adversarial self-testing. Nox went through a full red-team / blue-team audit — before launch, before anyone could get hurt.

10Adversary types modelled

26Findings

0Critical/high left unfixed

The exercise

The process

Red Team — attackModelled 10 adversary types and found 26 vulnerabilities of varying severity.
Blue Team — defendFixed every critical and high-severity finding.
HardeningAdded CI checks that prevent regressions from ever shipping.

The numbers

The results

26 findings: 3 critical, 6 high, 8 medium, 5 low, 4 informational.
All critical and high findings — fixed.
The foundation held: BIP-39, PBKDF2, AES-GCM, and zero postinstall scripts in the supply chain.

The philosophy

Why it matters

Most wallets wait to get hacked. We attacked ourselves — before launch, before a single user could be hurt. That is what security-first actually looks like.

Keep exploring

NOX NOX NOX

Free · No account · Pre-launch

Stop trusting
blind wallets.

Self-custody, AI-protected, every chain. Install Nox and let Guardian watch your back.

Install for Chrome — Free How Guardian works

We attackedourselves first.

The process

The results

Why it matters

Related.

Stop trustingblind wallets.

We attacked
ourselves first.

Stop trusting
blind wallets.