Frequently Asked Questions

XMRsafe is a professionally manufactured, air-gapped hardware wallet specifically engineered for Monero (XMR). It is a fork of XmrSigner (formerly MoneroSigner), which itself is derived from SeedSigner for Bitcoin. XMRsafe provides fortress-grade security without requiring technical expertise from the user.

Unlike DIY solutions that require users to source hardware, compile firmware, and perform QA testing, XMRsafe arrives pre-configured and ready-to-use with verified supply chain integrity.

XMRsafe is built specifically for Monero's privacy model, supporting ring signatures and stealth addresses natively. Key differentiators include:

• Monero-Native Design: Optimized exclusively for XMR, not a multi-coin afterthought
• Air-Gap Architecture: No WiFi, no Bluetooth, no network exposure
• Stateless Operation: Seeds exist only in memory while powered—no persistent storage of keys
• 100% Open Source: Every line of code is auditable
• Professional Manufacturing: Tamper-evident packaging with verified supply chain

XmrSigner (rebranded from MoneroSigner to avoid confusion with an abandoned project) is an open-source project that enables anyone to build a verifiably air-gapped, stateless Monero signing device using inexpensive hardware components (typically under $50).

XmrSigner is a fork of SeedSigner, the Bitcoin signing device project. It builds on the same hardware platform, meaning you could theoretically use the same device for both Monero and Bitcoin with different microSD cards.

XMRsafe takes this proven foundation and delivers it as a professionally manufactured, pre-configured product with enhanced quality assurance and supply chain transparency.

XMRsafe is completely isolated from any network connection:

• No WiFi or Bluetooth hardware: Physical impossibility of remote access
• QR Code Communication: All data input is through the camera scanning QR codes
• QR Code Output: All data output is displayed as QR codes on the screen
• Removable Storage: The SD card can be removed after boot to prevent any data persistence

This means your private keys never touch a network-connected device. Transaction data is passed via animated QR codes using the UR (Uniform Resources) format.

XMRsafe temporarily stores seeds in memory only while the device is powered. When power is removed, all memory is completely wiped—your seed phrase exists nowhere on the device.

This means:

• If your device is stolen while powered off, there are no keys to extract
• You must re-enter your seed phrase each time you power on (via QR scan or manual entry)
• Physical attacks against powered-off devices yield nothing

This is fundamentally different from hardware wallets that store encrypted seeds on the device.

XMRsafe supports multiple seed generation and import methods:

• 25-Word Monero Seeds: Standard Monero mnemonic phrases
• 16-Word Polyseed: Modern format with passphrase functionality and embedded creation date
• Dice Roll Entropy: Generate cryptographically secure seeds using physical dice rolls
• Camera Entropy: Capture randomness from camera images for seed generation
• SeedQR: Instantly load seed phrases via QR code scanning

XMRsafe is designed to work with wallets that support QR-based transaction signing:

• Feather Wallet: Primary supported wallet with full integration
• Official Monero GUI: Integration in progress

The device exports view-only wallet QR codes, allowing you to monitor your balance without exposing spend keys. Transaction signing uses the animated UR (Uniform Resources) QR format for secure data transfer.

XMRsafe supports all Monero networks:

• Mainnet: The primary Monero network for real transactions
• Stagenet: Testing network with no real value
• Testnet: Developer testing network

XMRsafe is built on proven, well-documented hardware components:

• Processor: Raspberry Pi Zero (v1.3 without WiFi/Bluetooth preferred)
• Display: Waveshare 1.3" LCD (240x240 pixels)
• Camera: OV5647 sensor module (5MP) for QR scanning
• Enclosure: Professional housing with tamper-evident seals

The Genesis Edition will include detailed component sourcing documentation and bill of materials.

100% open source. Every component is auditable:

• Firmware source code
• Build system and toolchain
• Documentation and specifications
• Manufacturing processes (Genesis Edition onwards)

We believe in security through transparency, not obscurity. Reproducible builds allow users to independently verify that the firmware on their device matches the published source code.

XMRsafe employs multiple layers of supply chain verification:

• Tamper-Evident Packaging: Visual indicators reveal any physical compromise during shipping
• Cryptographic Firmware Signatures: Verify your device runs authentic, unmodified firmware
• Reproducible Builds: Build the firmware yourself and compare against the installed version
• Transparent Sourcing: Full documentation of component suppliers and manufacturing facilities

Due to stateless operation, a lost or stolen XMRsafe (when powered off) contains zero sensitive information. Your funds remain secure as long as you have your seed phrase backup.

To recover:

1. Obtain a new XMRsafe device (or build an XmrSigner from source)
2. Enter your backed-up seed phrase
3. Full access to your funds is restored

Critical: Always maintain secure, offline backups of your seed phrase. XMRsafe cannot recover lost seeds—this is a security feature, not a limitation.

No. Remote attacks are physically impossible because:

• No WiFi hardware exists on the device
• No Bluetooth hardware exists on the device
• No cellular or any other radio hardware
• No USB data connection (power only)

The only data pathways are the camera (input) and display (output)—both require physical proximity and visual line-of-sight.

Absolutely not. XMRsafe enforces:

• No telemetry
• No analytics
• No phone-home mechanisms
• No persistent storage of any user data

Even if we wanted to collect data (we don't), the air-gap architecture makes it physically impossible.

Genesis Edition: 0.5 XMR per unit

Pricing in Monero enforces our privacy principles:

• Privacy-preserving payment with no transparent blockchain exposure
• No fiat intermediaries extracting fees or surveillance data
• Aligned incentives with the Monero ecosystem we serve

We do not accept Bitcoin, Ethereum, or fiat. Our commitment to privacy extends to every transaction.

The Genesis Edition is our initial limited release: 1,000 units maximum.

This isn't artificial scarcity—it's about establishing trust:

• Enhanced scrutiny from privacy advocates and security researchers
• Transparent documentation of initial manufacturing processes
• Community-driven auditing before mass production
• Genesis holders establish the baseline of trust

Future editions will scale production only after Genesis holders validate our claims.

Genesis Edition: Q2 2025

The release will include:

• Full source code publication
• Manufacturing documentation release
• Community audit period
• Lifetime firmware updates for all Genesis Edition holders

Absolutely. We celebrate the cypherpunk ethos of building from source.

You can build an XmrSigner yourself using:

• Raspberry Pi Zero (< $15)
• Waveshare 1.3" LCD display (< $15)
• OV5647 camera module (< $10)
• 3D printed or purchased enclosure

Total cost: Under $50 plus your time.

XMRsafe exists for those who deserve privacy but lack the time, expertise, or resources to compile cryptographic hardware from scratch. We supplement DIY approaches—we don't replace them.

Yes. We commit to:

• Lifetime firmware updates for all Genesis Edition holders
• Continued open-source development
• Reproducible build infrastructure
• Transparent disclosure of any modifications

All firmware updates are:

• Cryptographically signed for verification
• User-controlled (you decide when/if to update)
• Fully documented with changelogs

We will never:

• Introduce closed-source components
• Implement backdoors or master keys
• Compromise privacy for regulatory compliance
• Abandon hardware support for older units
• Possess, access, or control user keys
• Recover lost seeds (by design)
• Freeze wallets or censor transactions

Your keys. Your custody. Your rules.

XmrSigner is an open-source community project funded through the Monero CCS. Resources:

• Main Repository: github.com/DiosDelRayo/MoneroSigner
• Project Tracking: github.com/Monero-HackerIndustrial/MoneroSigner-Project-Tracking
• Emulator: Test XmrSigner software without hardware
• Companion Tools: Offline toolset for device interaction

XMRsafe builds on this foundation while adding professional manufacturing and supply chain integrity.