Back to Home
Sats Fort

Security

How SatsFort protects your data and maintains trust

Watch-Only

Sats Fort never has access to your private keys. It's impossible for the software to move your Bitcoin.

End-to-End Encryption

All data is encrypted locally using AES-256. Cloud backups are encrypted before leaving your device.

Self-Sovereign

Connect to your own Bitcoin node for complete privacy. No third-party servers required.

Open Source

100% open source with reproducible builds. Verify every line of code yourself.

Architecture Overview

Sats Fort follows a local-first architecture. Your portfolio data, wallet addresses, XPUBs, and transaction history are stored exclusively on your device in an encrypted SQLite database.

When you request blockchain data (balances, transactions), Sats Fort can either query your personal Bitcoin node or fall back to privacy-respecting public APIs over Tor.

Encryption Details

  • Local Storage: AES-256-GCM encryption with PBKDF2 key derivation
  • Cloud Backups: Client-side encryption using XChaCha20-Poly1305
  • Key Management: Your encryption password never leaves your device
  • Zero Knowledge: SatsFort cannot decrypt your backup data

Reproducible Builds

All releases include reproducible build instructions. You can compile Sats Fort from source and verify that the resulting binary matches the official release. This ensures no malicious code has been inserted during the build process.

# Verify release signature

gpg --verify satsfort-v1.4.2.sig satsfort-v1.4.2.tar.gz

# Build from source

git clone https://github.com/satsfort/satsfort

cd satsfort && ./build.sh --reproducible

Bug Bounty Program

We take security seriously and reward responsible disclosure. If you discover a vulnerability in Sats Fort, please report it through our bug bounty program.

Critical vulnerabilities: Up to 1,000,000 sats

High severity: Up to 500,000 sats

Medium severity: Up to 100,000 sats

Report vulnerabilities to security@satsfort.com (PGP key available on our GitHub)

Security Audits

Sats Fort undergoes regular security audits by independent third-party firms. Audit reports are published on our GitHub repository for full transparency. Our most recent audit was completed in Q1 2024 with no critical findings.