Shop

Risk Disclosure

Please read this before buying a hardware wallet. Self-custody is powerful — and demanding.

Last updated: 10 April 2026

Read before buying Plain-language No financial advice
Read this first. Cryptocurrency self-custody means you alone are responsible for access to your assets. There is no customer-service line that can recover a lost recovery phrase, reverse a signed transaction, or refund a wallet you sent coins to by mistake. If that feels like too much responsibility, self-custody may not be right for you — and that is a perfectly reasonable conclusion. Please read this document carefully before purchasing.

1. Purpose of this document

Dollar Media Technology Limited (doing business as "ChinaBridge") sells a physical security device — a hardware wallet. We do not operate an exchange, we do not custody customer funds, we do not offer investment advice, and we do not sell or recommend any particular cryptocurrency. This Risk Disclosure explains, in plain language, the risks that come with using a hardware wallet and with cryptocurrency self-custody in general. We want you to buy a ChinaBridge device only if you understand these risks and are willing to accept them.

This document is not exhaustive. If you are unsure about any point, please write to [email protected] before placing an order.

2. The nature of self-custody

When you self-custody, you generate and hold the private keys to your crypto addresses yourself. Nobody — not ChinaBridge, not your bank, not an exchange, not a government — has a copy. That is the point: no third party can freeze, seize, or lose your funds on your behalf. But it also means:

  • There is no password reset. If you lose the 24-word recovery phrase your device generates during setup, there is no way to reconstruct it.
  • There is no undo. Once a transaction is signed and broadcast, it cannot be reversed.
  • There is no dispute mechanism. You cannot chargeback a crypto payment as you might a credit-card transaction.

These are features of the technology, not defects of our product.

3. Risks specific to cryptocurrency

Regardless of how you store your keys, holding cryptocurrency exposes you to a set of risks that arise from the nature of the asset class itself:

3.1 Price volatility

Crypto-asset prices can rise or fall sharply and rapidly, including to zero. Historical performance is not a reliable indicator of future results. You should not hold more than you can afford to lose.

3.2 Regulatory risk

The legal treatment of crypto-assets varies significantly between jurisdictions and is still evolving. A change in law or regulation may affect your ability to hold, transfer, or dispose of particular assets, or the tax treatment of your holdings. You are responsible for complying with the law that applies to you.

3.3 Protocol and smart-contract risk

Cryptocurrencies are software. Software has bugs. A vulnerability in a blockchain protocol, a layer-2 network, a bridge, or a smart contract you interact with can lead to loss of funds. Some losses have been in the hundreds of millions of dollars. A hardware wallet protects your keys; it cannot audit the contracts you choose to sign.

3.4 Network forks and chain reorganisations

Blockchain networks occasionally fork or undergo deep reorganisations. Your balance may split across chains, or transactions you believed to be final may be reverted. The resulting behaviour is decided by the network and its participants, not by us.

3.5 Irreversibility of transactions

A transaction broadcast to a blockchain is, as a practical matter, irreversible once confirmed. An address is a long random string; a single typo, a clipboard-swap malware, or a pasted address from the wrong network can send your funds to a place no one can recover them from.

4. Risks specific to hardware wallets

A hardware wallet dramatically reduces the attack surface compared to software wallets, but it does not eliminate risk. You should understand the following:

4.1 Loss or damage of the device

Hardware wallets can be lost, stolen, or physically destroyed (fire, flood, crushing). The device itself does not hold your crypto — your recovery phrase does. If the device is lost or broken but your recovery phrase is intact, you can restore your wallet on a new ChinaBridge device or on any other BIP39-compatible wallet. If your recovery phrase is also lost, your crypto is gone.

4.2 Loss of the recovery phrase

This is the single most common cause of permanent loss among hardware-wallet users. Treat the 24 words as at least as sensitive as cash in a safe. Consider a steel backup that resists fire and water.

4.3 Social engineering and phishing

Attackers will try to trick you into disclosing your recovery phrase or approving a malicious transaction. They impersonate support staff, wallet software, and even us. ChinaBridge will never ask for your recovery phrase, PIN, or passphrase — not by email, not by phone, not on a live chat, not through a form on our website.

4.4 Coercion ("$5 wrench attack")

If an adversary can physically force you to unlock your device, the device cannot protect you. Fortress's plausible-deniability hidden-wallet feature (BIP39 passphrase) is designed to mitigate this risk by letting you open a small decoy wallet, but it requires discipline to use safely.

4.5 Supply-chain tampering

An attacker could, in theory, intercept a device in transit and modify it before it reaches you. We mitigate this with (a) a tamper-evident seal on every box, (b) a verified bootloader that refuses to run unsigned firmware, and (c) a factory-provisioning check that the companion software runs on first boot. These controls make supply-chain attacks much harder, but they do not make them impossible. Always buy from chinabusinessbridge.com or an authorised reseller and verify the seal.

4.6 Firmware vulnerabilities

Firmware is software and, like all software, may contain vulnerabilities. We run a responsible-disclosure programme with a bug bounty, publish signed firmware updates, and have engaged external auditors to review the firmware. Despite this, a zero-day could exist. We commit to publishing an advisory and a fix as soon as we are aware of a confirmed issue.

5. What ChinaBridge can protect against

Engineered to resist

  • Key exfiltration by malware — keys are generated and stored only inside the EAL6+ secure element and never leave it.
  • Remote signing — every transaction must be confirmed by a physical button press, which is impossible to trigger remotely.
  • Blind signing — transaction details are rendered on the device's own screen, so a compromised host cannot show you one thing and sign another.
  • PIN brute-force — incorrect PIN attempts trigger exponential back-off and, eventually, a secure-element wipe.
  • Unsigned firmware — the bootloader refuses to run firmware that is not signed by ChinaBridge.

Cannot protect against

  • Losing your recovery phrase — we cannot regenerate it.
  • Sharing your recovery phrase — even once, with anyone, under any pretext.
  • Approving a malicious transaction that you have read on the device screen and confirmed with the button.
  • A coercive adversary, if you do not use the hidden-wallet feature.
  • Catastrophic physical loss combined with loss of the recovery phrase.
  • Defects in third-party software or smart contracts you choose to interact with.

6. Best practices

None of the following is novel advice — but the failures we see among customers are almost always failures of basic hygiene. Please take it seriously.

  • Store the recovery phrase offline. Never type it into a computer, phone, or cloud document. Never photograph it. A paper card stored securely is a strong baseline; a steel backup is better because it survives fire and water.
  • Split or redundant. Keep two copies in physically separate, trusted locations, or use Shamir backup (supported on Fortress) to split across three-to-five shards.
  • Verify the receiving address on the device screen every time — not only on the screen of your computer or phone.
  • Never share or input the recovery phrase on any website or device other than a factory-reset ChinaBridge. If any software asks for it, it is a scam.
  • Buy only from chinabusinessbridge.com or from the authorised resellers listed at /support.html. Inspect the tamper-evident seal on arrival; if it is damaged, do not use the device and contact [email protected].
  • Update firmware promptly when we publish a release. We sign every release and document the changes.
  • Practice a recovery with small amounts before you rely on the device for a life-changing sum.

7. No financial advice

Nothing on chinabusinessbridge.com constitutes investment advice, financial advice, tax advice, or a recommendation to buy, hold, or sell any crypto-asset. We do not know your circumstances and are not licensed to advise on them. Consult a qualified, regulated adviser in your jurisdiction before making any investment decision.

8. No guarantee of returns

We make no representation, promise, or guarantee about the future value of any crypto-asset. Past performance is not indicative of future performance. Holding crypto-assets can result in the total loss of the amount invested.

9. Regulatory note

Dollar Media Technology Limited (doing business as "ChinaBridge") sells a physical security device. We are not a financial institution, not a Virtual Asset Service Provider (VASP), not a Money Services Business, not a custodian, not an exchange, and not a broker. We do not offer services of buying, selling, exchanging, lending, or custodying crypto-assets. ChinaBridge is not registered with or supervised by the SEC, FinCEN, or any equivalent federal or state financial regulatory authority in the United States, the EU, or elsewhere, and our product does not require such registration.

10. Contact

For security-specific questions and vulnerability reports: [email protected]. PGP key fingerprint and bug-bounty terms at /security.html.

For general support: [email protected]. Postal: Dollar Media Technology Limited, Kam Fone Mansion, 16 Kam Fong Street, Mong Kok, Kowloon, Hong Kong. Phone: +852 5803 1288, Mon–Fri 09:00–18:00 HKT.