Before you trust anything on this page, make sure your browser's address bar reads proof.clavastack.com exactly. Attackers may register look-alike domains — with extra words, hyphens or different endings — to fake these proofs. If the domain is not exactly proof.clavastack.com, do not trust what you see.
A transparent, end-to-end look at how every Specter Hardware Wallet bag we seal becomes a permanent, independently verifiable record on the Bitcoin blockchain.
Watch the walkthrough of the protocol
A hardware wallet is only as trustworthy as its journey from the manufacturer to your hands. Between the factory and your front door, a device passes through distributors, warehouses and couriers — any of which is an opportunity for tampering.
Our answer is a simple principle: Trust the Source, Not the Route. Instead of asking you to trust the supply chain, we give you cryptographic proof of exactly what the sealed package looked like at the moment we sealed it — provably created at a point in time that no one, not even us, can fake or change afterwards.
From a sealed bag to an immutable Bitcoin anchor.
The wallet is placed in a tamper-evident bag with a unique printed serial number and sealed. We photograph the sealed bag. The sealing date printed on the label must match the day the photo is taken — the system warns and blocks if they ever differ, so the human-readable claim can never contradict the on-chain timestamp.
The photo is analysed by two independent signals: an AI vision model (Gemini) reads the printed digits, while a barcode decoder reads the bag's barcode. The two are cross-referenced — a bag ID is only accepted if the barcode confirms it, or the AI sees it consistently across multiple places in the image. This dual-source check guards against misreads, and bag IDs are never merged by mere similarity, because consecutive serials are genuinely different bags.
We compute a SHA-256 fingerprint over the exact, original bytes of the photo — with no re-encoding or conversion of any kind. Change a single pixel and the hash changes completely. This 256-bit fingerprint, not the image itself, is what gets anchored to Bitcoin.
The hash is submitted to the OpenTimestamps calendar servers. They aggregate many submissions from across the world into a single Merkle tree and periodically commit that tree's root into a Bitcoin transaction. The result is a compact .ots proof file that mathematically links your specific hash to that Bitcoin transaction.
Once the Bitcoin transaction is mined into a block (typically within a few hours), the proof "upgrades": the .ots file now contains a complete attestation pointing at a specific block height. At that moment the proof flips from Pending to Verified. The block's timestamp is the unforgeable "this existed by then" guarantee.
The original image, its hash, the .ots proof and the block details are stored and published on this site, searchable by serial number. Once a bag is verified on-chain, its proof is immutable: re-uploading a photo of an already-verified bag can never overwrite or destroy the original on-chain record.
Each arrow is a one-way cryptographic link. You can follow the whole chain backwards from any Bitcoin block to the exact photo — but no one can alter a link without breaking everything after it.
The whole point is that you never have to take our word for it. Anyone can independently confirm a proof without our servers:
Download the original image and its .ots proof file from the bag's entry on this site.
Compute the image's SHA-256 yourself and confirm it matches the hash recorded in the proof.
Verify the .ots file against the Bitcoin blockchain using the independent OpenTimestamps tools or any Bitcoin node. No part of this step depends on ClavaStack.
If a signed Nostr event is published, download the event JSON and verify it outside this website with an independent Nostr tool. The signature is only meaningful if the event pubkey encodes to the signer npub you already trust.
And, just as importantly, what it doesn't.
This exact photo provably existed no later than the Bitcoin block it is anchored in. Backdating is impossible.
If the published image were altered by even one byte, its hash would no longer match the anchored proof — and anyone could detect it.
Verification relies only on open standards and the public Bitcoin blockchain — not on ClavaStack staying online or honest.
The tamper-evident bags are extremely hard and costly to replicate or swap unnoticed. Their security ultimately rests on one residual trust assumption: the manufacturer, Debasafe, promises never to print two bags with the same number — and it is that unique, non-reused number that gives the seal its protection.
The cryptographic core — SHA-256, OpenTimestamps and Bitcoin — is what makes a proof trustworthy. The AI reading and storage layers are conveniences for finding and presenting proofs; they are never part of the trust guarantee, which rests entirely on open, independently checkable standards.
