Foundation's avatar
Foundation
_@foundation.xyz
npub1s0vt...pq6j
We build Bitcoin-centric tools that empower you to reclaim your sovereignty, including Passport hardware wallet and Envoy app. Open source, USA assembled. Learn more at https://foundation.xyz
Foundation's avatar
Foundation yesterday
Last week, we kicked off something new at Foundation, Prime Time Office Hours. A six-part live series where we go deep on Passport Prime with our community. No fluff. No marketing speak. Just an hour of real talk about the hardware, security architecture, and philosophy behind what we've been building for the past three years. Week 1 was our introduction and orientation session, hosted by our Head of Customer Experience. Here's what we covered: The evolution from our Founders Edition in 2020 to Passport Prime today. Four generations of hardware, each one informed by real customer feedback and a relentless focus on what self-custody should actually feel like. Passport Prime isn't just a hardware wallet anymore. It's a personal security platform, Bitcoin wallet, FIDO security keys, 2FA authenticator, encrypted file storage, and a vault for sensitive secrets. All offline. All in one device. The security model is built on layers of defense: fully open source hardware and software (audit it yourself on GitHub), a dedicated secure element, an isolated Bluetooth processor, anti-tamper protection, US assembly, and a published third-party audit. Our custom Bluetooth protocol, QuantumLink, even assumes the Bluetooth chip is already compromised from day one, and your keys are still safe. The app ecosystem runs on KeyOS, our custom microkernel-based OS. It ships with five core apps, and we're building an open developer kit so anyone can build on it. Third-party integrations are already underway. We also took live questions from the community, on everything from hardware design choices to app store architecture to feature requests that got added to the roadmap on the spot. This is what building in public looks like. Week 2 is tomorrow, we're going hands-on with onboarding, recovery, and Magic Backups. If you're curious about how Passport Prime works in practice, this is the one to join.
Foundation
Prime Time!
Join us for a six-part 'office-hours' live workshop series designed to help you get the most out of Passport Prime.
 image
Foundation's avatar
Foundation 4 days ago
🚀Envoy v2.2.13 is now available! Envoy 2.2.13 is a maintenance release focused on stability and bug fixes. This update addresses several Passport Prime onboarding issues, fixes an iOS share sheet bug, and includes a security-related dependency update. For more details on each of the changes, you can read our blog post below.
Foundation
Envoy version 2.2.13 is now available!
The latest version of Envoy v2.2.13 is now published on all your favorite mobile platforms! To download it, visit our download page or check for up...
 image
Foundation's avatar
Foundation 6 days ago
2026 so far: • $480M stolen from crypto users • 676M Americans' SSNs leaked • AI agent marketplace: 12% malware • Teens drove 600mi to rob $66M in Bitcoin Thats not even all. Your data, keys & passwords are only as safe as where they live. Keep all those offline.
Foundation's avatar
Foundation 2 weeks ago
A $5 wrench isn’t the only physical attack you should be thinking about. There’s a quieter, more dangerous scenario: Someone gains access to your hardware wallet, opens it, extracts sensitive data, then puts it back exactly as it was. The next time you use it, everything appears normal. But your keys may already be compromised. Most hardware wallets address this risk with tamper-evident mechanisms, typically stickers or seals that rely on the user noticing a change. If that signal is missed or misunderstood, the device may continue to be used in a compromised state. Passport Prime takes a different approach. It includes active tamper detection that continuously monitors whether the device has been physically opened or modified, or even tried to be. If tampering is detected, the device automatically erases all sensitive data, including your Master Key. This process happens immediately. There are no warnings, no prompts, and no way to override it. The assumption is simple: If the physical integrity of the device is compromised, your keys should no longer exist on it. Security shouldn’t depend on whether someone notices a broken seal. image
Foundation's avatar
Foundation 2 weeks ago
Introducing Prime Time, a free live workshop series for Passport Prime We're launching a 6-week live workshop series called Prime Time, dedicated entirely to helping people get the most out of Passport Prime. Each session runs for 60 minutes, once a week, hosted live in our Roam virtual auditorium, in an office-hours format. We'll walk attendees through everything from initial unboxing and setup to advanced features like Bitcoin security, 2FA, and security key management, seed and password storage, and encrypted file protection. Passport Prime is the world's first personal security device; it replaces multiple devices and apps with one offline tool. That's powerful, but it also means there's a lot to learn. Prime Time exists to make that easy. Whether someone is brand new to hardware security or has been self-custodying Bitcoin for years, there's something here for them. It's completely free. 😄 Sign up now to get your invite to our virtual office, and weekly reminders for each session → foundation.xyz/prime-time/ image
Foundation's avatar
Foundation 2 weeks ago
Every early access Passport Prime order has shipped. Thousands of devices out in the wild. We spent the week heads down shipping and we are fully caught up. Order now, it ships next business day. Bitcoin wallet. 2FA. Security keys. 50GB encrypted storage. One offline device.
Foundation
Buy Passport Prime
Foundation's avatar
Foundation 3 weeks ago
GM.🫡 Everything we showed you this week, KeyOS, QuantumLink, Passport Prime, Envoy, is all open source and reproducible. You don't have to trust our marketing. Go verify it yourself :) Have a great Friday 😊
Foundation's avatar
Foundation 3 weeks ago
This week, we launched Passport Prime into the world. We showed you how Passport Prime is built. KeyOS. QuantumLink. The open source hardware. The security architecture from top to bottom. But security architecture doesn't mean much if it doesn't solve real problems for real people. So let's talk about what Passport Prime actually does for you, every single day. Bitcoin wallet, Passport Prime is a best-in-class Bitcoin hardware wallet. Multisig. Passphrases. Temporary seeds. It supports every major Bitcoin software wallet you already use, and it pairs seamlessly with Envoy via QuantumLink. No more squinting at QR codes under bad lighting. Just tap, authorize, done. 2FA codes, offline. Right now, your two-factor authentication codes probably live on your phone. The same phone that's connected to the internet 24 hours a day. Passport Prime stores your 2FA codes in a secure, offline environment. If someone compromises your phone, your 2FA codes aren't there to find. Security keys, Passport Prime replaces every YubiKey you own. Create multiple security keys and use them over NFC. Tap your Passport Prime to log in. No more juggling a drawer full of keys. Encrypted file storage, 50 GB of secure, offline storage for your most important files. Tax documents. Recovery phrases. Legal records. Whatever you need to protect. Here's what makes it different: when you plug Passport Prime into your computer, it only exposes the files in your Airlock, a sandboxed folder you control. Everything else stays hidden. Seed vault, If you're deep in Bitcoin, you know the chaos of managing seed words across multiple wallets. Passport Prime brings them all into one place. Create new seeds, temporarily load existing ones, organize them all in the Seed Vault app. You can also manually add your most secure passwords. We're just getting started. Everything above ships today. KeyOS, the custom operating system powering Passport Prime, was built from day one as a developer platform. Every app runs in its own sandbox. Every app receives a hardened child seed, meaning even a malicious app has zero access to your master seed and cannot communicate with other apps. This is what unlocks everything. We are opening the developer SDK so that any team can build apps for KeyOS. Our friends at Cake Wallet are already building the first third-party app. But think about what comes next: password managers that never touch the internet. Encrypted messaging key storage. Nostr identity management. PGP signing. The possibilities are as wide as the developer community that builds on it. One device that starts as the most capable personal security device on the market, and only gets more powerful over time. Passport Prime. Open source. Made in the USA. This is what taking control of your digital life actually looks like. 🧡 image
Foundation's avatar
Foundation 3 weeks ago
What if the Bluetooth chip inside your security device were malicious? Compromised firmware. A supply chain attack. With Passport Prime, it wouldn't matter, because we built QuantumLink. QuantumLink is a new wireless protocol we designed from the ground up with Blockchain Commons. It encrypts every piece of data before it ever reaches the Bluetooth chip, using quantum-resistant cryptography. Here's what that means in practice: The Bluetooth chip in Passport Prime is physically isolated from the security processor running KeyOS. All data passing through it is already encrypted using CRYSTALS-Kyber key exchange and ChaCha20-Poly1305 symmetric encryption, both designed to withstand attacks from quantum computers. The Bluetooth chip never sees unencrypted data. It can't read what it relays. It can't inject commands. Even if it were fully compromised, it would have nothing useful to work with. Setup takes seconds. Passport Prime displays a QR code during onboarding. Scan it with Envoy, and a fully encrypted tunnel is established, no pairing codes, no trust prompts. From there, you get the real-time convenience of wireless communication, interacting with Envoy, updating KeyOS, and accessing new features, without compromising on security. And if you ever want zero wireless, one tap in KeyOS powers down the Bluetooth chip entirely. We built QuantumLink because wireless and secure shouldn't be a tradeoff. Read the full technical deep dive here:
Foundation
QuantumLink: Reinventing Secure Wireless Communication
When we set out to create Passport Prime, we knew we had to do more than just build a new operating system. We needed to address a long-standing is...
Foundation's avatar
Foundation 0 months ago
We spent three years building our own operating system from scratch. No Android. No off-the-shelf firmware. Just a microkernel OS written in Rust. KeyOS powers Passport Prime and delivers real process isolation, every app sandboxed, secure message-passing between processes, running on a 500 MHz security processor. It's fully open-source, built on the Xous kernel, and we're opening it up to third-party developers. Every app must be open-source with reproducible builds. Full technical deep dive: foundation.xyz/2024/12/building-keyos/ image
Foundation's avatar
Foundation 0 months ago
We're thrilled to announce that Passport Prime is officially shipping. 🎊 We set out to build something that didn't exist, that doesn’t fit neatly into any existing categories. Manufactured in the USA, built on open-source principles. New hardware. New OS. New communication layer. New software. What makes Passport Prime different: We built a brand new operating system from scratch. KeyOS uses a modern microkernel design where only the most critical functions run at the core, keeping apps and sensitive data completely segregated. We created QuantumLink, a quantum-resistant Bluetooth protocol that delivers wireless convenience with air-gapped level security. Before shipping, we commissioned a full third-party security audit by Keylabs. The result: zero critical or high-severity vulnerabilities. The full audit and our response are publicly available here:
Foundation
Passport Prime Security Audit
Our approach to security has always been consistent: build with care, and invite open verification. Before Passport Prime ships, we commissioned a...
 Passport Prime ships in a premium package: - 3.5" Gorilla Glass touchscreen - CNC-machined aluminum body - 3x NFC KeyCards with Faraday sleeves - USB-C cable. Looking ahead, we're continuing to build KeyOS improvements, a developer SDK, third-party app support, and accessories are all on the roadmap. This is just the beginning. → Learn more:
Foundation
Passport Prime - Secure your entire digital life
Secure your Bitcoin, 2FA codes, security keys, important files, and additional seeds – all in a single, easy to use device.
 image
Foundation's avatar
Foundation 6 months ago
image Before Passport Prime ships, we commissioned a full third-party security audit from Keylabs, the same team behind the well-known wallet.fail research. Their review covered every layer of Passport Prime, from hardware and firmware to system architecture to evaluate its resilience against real-world attack scenarios. The results: no critical or high-severity vulnerabilities were found. All observations were classified as low severity, requiring physical access and advanced tools. Keylabs concluded that Prime’s architecture demonstrates “exceptional security design principles and sophisticated implementation,” and “a highly secure architecture that exceeds industry standards.” We’ve published the full breakdown, findings, and our response here:
Foundation
Passport Prime Security Audit
Our approach to security has always been consistent: build with care, and invite open verification. Before Passport Prime ships, we commissioned a...