Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
You're thinking of a BIP39 mnemonic, or seed, from which you can derive a near infinity of private keys and public addresses. A private key only has a single associated public address.
I'm confused If it's their non-custodial wallet, and you have a BIP39 seed phrase, then you can just load it up in another wallet (Blue Wallet, or any of the other noncustodial wallets)
Try it with a fresh seed phrase. And then put your story into AI and ask if it can highlight the BIP39 words used, and if it could guess the passphrase. You'll be surprised.
Electrum does validate the checksum. And will warn you if it is not correct. Electrum allows you to create the wallet even if the checksum validation fails, as is mandated by BIP39: [...] there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes. Although using a mnemonic not generated by the algorithm described in "Generating the mnemonic" section is possible, this is not advised and software must compute a checksum for the mnemonic sentence using a wordlist and issue a warning if it is invalid.
With all the institutional Money in BTC there is No way that it’s dead - nevertheless I see challenges Coming up for the community which has to be solved, quantum Computing is a serious threat in a 5-10y perspective, interesting to See how this will solved, I like the BIP360 approach by Hunter Beast
Post subject is “2022 BTC” and OP said they had 1 BTC, so BIP39 would have been around.
>I have the phrase and number Not sure what you mean? Normally you would have a seed phrase, possibly coupled with a pass phrase. To recover a seed phrase, use any BIP39 wallet, software or hardware (I would use a hardware wallet). Go through the setup process and one of the options right at the start will be if you want to recover an existing seed, choose that, put in the seed (usually 12 or 24 words) and that should access the wallet.
I agree that cryptography security will always degrade over time, and you need to be prepared to upgrade it when needed (practically like every decade or so). And that applies to any cryptocurrency or related project. Similar thing applies to any software - it is never "complete", there is always some need for fixing, improving, evolving it as the needs of the users or technology around it evolves too. And I consider Bitcoin to be store of value - or the "digital gold" if you want (it's still second largest asset in my crypto portfolio), but I don't think it will always be like that. I think the quantum computing presents such a huge risk, that can practically destroy most of the value and trust in Bitcoin (and in other cryptocurrencies, of course, maybe even in all of them) if this is not prepared for and handled in time. Problem is that most people think that it's not a big deal, there is plenty of time, Bitcoin will just upgrade and everything is fine. But it's really not. Even author of BIP360 recently started "panicking" a bit, because he realized the threat may be closer than previously anticipated and the needed implementation, consensus and migration for Bitcoin will take a long time to complete.
So, while I am quite confident in my math and logic, I understand that it is all very academic unless I can actually come up with at least a half-decent example. :) So I whipped up a quick Python script to search for one, and I think I found one. Give this a try... start with: team hospital rookie caught donkey boss fly axis grape voice hurry usage This should be invalid. But then step that last word forward one BIP-39 mnemonic at a time until you find a valid wallet, and count the number of steps you needed. It should be something like 19 or so. (Assuming I didn't make some silly mistake in my program.)
I'm not sure where you are getting your data, but u/Charming-Designer944 is correct. There are not "14 different checksum potential numbers". The checksum itself is 8 bits and calculated from the 256-bit base, giving potentially 2\^8 = 256 different values. The 24th word consists of the final 3 bits of the base, plus the full checksum. As such, it may be any one of 2048 words in the full BIP-39 list, limited by the 3 bits from the base entropy allowing 8 different values. Thus 2048 / 8 = 256. There is also no guarantee that any consecutive sequence of 14 words from the BIP-39 list will fit the checksum requirements. Not the least reason being that there are 256 possible checksums, as mentioned above. There is, however, a guarantee that given 23 words, there will be at least one valid 24th word within any given sequence of (256\*2-1) = 511 words. It is possible for this sequence to be as small as 256, but only if the first 3 bits are the same for the entire sequence, i.e. in binary it begins with xxx00000000 and ends with xxx11111111. Otherwise, it is not guaranteed, though the chances are still fairly good.
See my longer response just before this. Or to quote bip39 "The conversion of the mnemonic sentence to a binary seed is completely independent from generating the sentence. This results in a rather simple code; there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes." BIP39.consists of two indeoendent parts 1. A method to generate mnemonic phrase based on collected entropy and a wordlist. A mnemonic seed phrase generated by this method embeds a checksum that allows to verify that the mnemonic has been entered. 2. A completely separate method to generate a BIP32 HD wallet seed from the mnemonic seed phrase plus the seed passphrase. The gereration of the BIP32 seed (thevactual seed) does not require or enforce any specific method of generaring the.mnemonic, but does recommend using the method given in the same document..This open-ended design is intentional to.allow for translated wordlists, custom word lists or even completely different methods of generating the mnemonic,.without.requiring.that the wallet must implement them all. You.could use a Klingon word list to generate the.mnemonic seed and a fully BIP39 compliant waller would let you enter, possibly with a warning that it does not recognize the mnemonic and can not verify it's checksum. Regarding the 24th word...the last word is both.entropy and checksum. ENT amount of entropy used when generating the mnemonic CS checksum size MS number of words in the resulting mnemonic CS = ENT / 32 MS = (ENT + CS) / 11 | ENT | CS | ENT+CS | MS | +-------+----+--------+------+ | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | | 192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 |
A BIP39 seed phrase can technically be anything..does not need to be a.valid.list of words. You can pick any sequence of letters, words, digits. However not.usinng then standard form has drawbacks and it is strongly recommended to use the standard format for the seed phrase. This ensures that your seed phrase 1. Can be verified that you typed the seed phrase correctly and will.alert you if you type something wrong 2. Is supported by all wallets. Not all wallets.allows you to enter a seed phrase in any other form than the English wordlist. 3. The method for generating the seed pjrase ensures that you have a known amount of entropy in your seed (128 bits for a 12 word phrase, 256 bits for a 24 word phrase). Further it is recommended to use either 12 ornö 24 word formats. Avoid the other lengths..Not all wallets supports other lengths, and also reduces risk of confusion on which seed phrase standard is used (i.e. bip39 vs slip39) SLIP39 seed phrases are more strict and must follow SLIP39 format.
For a 24-words-BIP39 mnemonic seed, there are 8 words (out of 2048) that will pass the checksum
Any combination of 24 words on the BIP list is a wallet/address etc?
Running Shor's algorithm (discovered in 1994) on powerful enough quantum computer will let attacker derive private key from given public key, basically breaking the ECDSA cryptography behind Bitcoin (and many other things today). So stealing the coins from any address with exposed public key (which are either old P2PK addresses, Taproot addresses, or any reused addresses, as the public key is exposed when sending a transaction). NIST already standardized new post-quantum cryptography variants that governments, banks, corporations should start adopting before 2030. See https://pqshield.com/nist-recommends-timelines-for-transitioning-cryptographic-algorithms/ There is BIP360 that addresses that a bit, but Bitcoin and other cryptocurrencies will have problems with migration from the vulnerable addresses, as every single user will need to create a new address and send their BTC there. But since up to 30 % of whole BTC supply (including Satoshi's coins) is expected to be on lost wallets, these won't be migrated and will be easy target for attacker with quantum computer. Another option is freezing/burning those old coins, but that presents legal and other issues. There is nice web that covers this whole topic, which I recommend checking out: https://quantumrekt.com (btw there exist few cryptocurrencies which are already using the post-quantum cryptography from the start, you can ask AI about it)
You want 304 stainless steel. If you buy generic off the shelf washers from your local hardware store you could get anything from zinc dipped metal to carbon steel I would go to a dedicated "nuts and bolts" hardware store if you can find one in your area, you can ask to see 316 (marine grade) steel washers, but unfortunately all 316 washers I've seen already have a letter stamped on one side, so 304 stainless steel is the best plain washers you can get. Whilst you are there decide how many washers you are going to use for your mnemonic seed (single side stamping, double side stamping, if you are going to have a blank cover washer on each end, BIP39 vs SLIP39) and order some bolts and wingnuts or nyloc nuts while you are there.
Your friend has swapped a universe of 2048 words for 100 words. Hackers use programs designed to detect lists of BIP 39 words for brute forcing. Your friend has reduce their security by 14 orders of magnitude.
Trezor literally invented the concept of the hardware wallet. Hell, they wrote BIP-39. That's good enough for me.
UI is slick i just wish They were BIP 39 compatible
Careful, your seed phrase is showing! Although, you may have burned your BTC, because I don't think "lmao" is in the BIP39 word list
Can you clarify if the "24-word passphrase" is the BIP-39 mnemonic or the BIP-39 passphrase. I'm assuming the latter since none of the paths results in a valid mnemonic.
Ok. Can there be more than one address that originates with derivation BIP-84?
Why do you think the address derivation is arbitrary? As the address was given, it's clear it's using BIP-84. Unless otherwise stated, we can probably assume it doesn't use a passphrase or other custom settings.
It is important to understand that in order to recreate the multisig quorum (ie : if your computer + wallet software is destroyed) that you need ALL cosigners' XPUBs. So if you store your cosigners' BIP39 mnemonic seeds is different locations, each backup needs a copy of ALL XPUBs
It has SilentPayments or BIP-352
Do you mean Passphrase ? BIP38 ? Encrypted mnemonic seed ?
Current discussion for possible fork ongoing (BIP360), interesting to See how this moves on, recommend to Check out the quantum resistant projects (just check coinmarketcap)
I don't mean price evolution. I meant Bitcoin the protocol. The code of the network also evolves. E.g, BIP 39 introduced the now knows 12 or 24 words for wallets. Prior to that they were just a long string of numbers and letters.
Currently discussion ongoing on the topic to prepare BTC for such a threat, recommend to watch interesting talk with Shinobi (Bitcoinmagazine) and Hunter Beast (Publisher of BIP360) on possible implications and solutions (BIP) on YouTube
Look into BIP 360. It is a project working on quantum solutions. It is a complex problem. One solution would be to create P2QKH (pay to quantum key hash), which supposedly will be quantum resistant. But this involves everyone actively moving their coins. What about old addresses like Satoshi's that can't be moved? These are just some of the issues that need to be resolved. But like someone said, it isn't imminent.
Think this will become an issue 5-10y from now - for BTC discussion just started some time ago (BIP360 by Hunter Beast). There are already quantum Secure projects out there - think interesting to Look at. I personally hold some QRL, lets see how this is moving in Future😉
Interesting topic, it's probably still 5-10y in the future before the topic of quantum computers becomes a danger for crypto, the big projects are currently starting to deal with it. For BTC, I find the discussion about Hunter Beast's BIP360 extremely exciting. There are also some smaller projects that have solved the quantum issue for themselves
The TapSigner's private key is generated when you initialise it. From their FAQ: *How do I know the manufacturer doesn't know the private key?* When setting up your TAPSIGNER for the first time, you provide a 32-byte chain code for entropy. That chain code plus a private key picked by the TAPSIGNER are combined using the BIP-32 standard to derive the payment address. Because you provided the chain code, and the TAPSIGNER shares the public part of its key, you can derive the payment address and confirm that it matches the address given by the card. Effectively this means you know the XPUB, the card knows the XPRV, and it's easy to prove the two correspond. *Could TAPSIGNER be generating private keys that look random but aren't?* No. Each customer provides their own chain code for entropy. Before making a deposit, a customer can verify TAPSIGNER incorporated the chain code entropy when it generated the keys.
Guessing 24 words in the BIP39 standard to crack the seed phrase of a specific wallet is 2048^24 possibilities. At 1^21 guesses per second is about 10^59 seconds which is equivalent to 10^52 years. The universe is 10^10 years old
This maybe very old seed phrase, written in the woods around a person’s house. One of 12 trees or 24 🌲. It is not NEO — the word is BTC nephew. This was a thing around 2014–2015. With the update to BTC BIP39 2013
A 24-word “seed” is a human readable form of your wallet’s private key. In most cases the is is all you need to control the wallet on any platform that supports the BIP-39 algorithm (the formula for translating the 24 words into a key). Basically all platforms use this standard. So you could carry your wallet between Ledger, Trezor, or whatever. A “passphrase” is typically a 25th word or phrase that is added to the seed to re-encrypt it as essentially a different seed. Same as above, just 1 more layer. M I think you’re referring the the Ledger live “password” though, which doesn’t really do anything but unlock the user interface on your computer - it has zero control over your funds and likely can be reset without disruption. You would need the physical ledger to interact through ledger live (which never reveals the seed even to ledger itself… the software preps a transaction, sends it to the physical device, which internally requires you to confirm the transaction on the screen with a button press, then it uses the seed to “sign the transaction” on the device and send back to the computer the signed version to process. No one ever seeds the seed, only the authorized transaction comes out, which can’t be tampered with without disrupting the “signature” and thus invaliding the transaction.
The headine isn't very fair (although I admit that I don't have all the details!) I don't know what El Salvador's setup was, or exactly what their new setup is, but it does make sense to stop re-using keys. i.e. once you spend from an address, you should spend all the balance and never accept any more to that address So a multi-address wallet (using a _hardened_ BIP84 wallet) makes sense
Back then there were no BIP39 words, just private keys
I expect this threat to come up in the 2030s (more end then beginning) - nevertheless the major projects have to talk about possible solutions. Looking at BIP360 for BTC for a while, think they can make it - but crucial questions to be answered (e.g. what to do with Satoshis coins), this will lead to more philosophical discussions in the community…
In the last 5y BTC did a Great Development on acceptance, this will get much further in the near Future, I expect much more use from governance side. Also this whole quantum discussion will be solved in a 2-3y period from now. Think BIP360 is offering a great answer to that, further discussions needed, but they will be done!
Ok, well I don't agree that it's designed so that people will lose coins. The design is extremely elegant, but requires good infrastructure and software around it to minimise the chances of loss. This has improved greatly, especially with BIP32 style wallets. Before that you could lose coins in your change addresses if you didn't have a recent backup. I disagree with you that loss of coins is a designed feature. I think it's an unfortunate consequence, and the risk is being reduced by improvements in wallet software.
Think this shift is not done because of quantum threat itself but also operational risks. Nevertheless the whole quantum discussion for BTC is a interesting topic, I recommend to watch some Talks with Hunter Beast on YouTube about BIP360 which is offering an answer how BTC might be shifted to quantum Secure Environment.
Vitalik should follow his own beliefs and write a BIP! don't just talk, walk!
Pretty much nailed it, the tradeoff is convenience vs safety. With an unhardened derivation you can hand out an **xpub** to a watch-only wallet or service (like an accounting app, an exchange, a POS terminal) and they can generate all the addresses for you without touching your private keys. That's super handy for businesses, multisig setups, or anything where you need to monitor incoming payments without risking the seed. Hardened derivations break that model, you can't generate child keys from just the parent xpub anymore. You need the private side of the parent to go further down the tree. So if you go 100% hardened, you lose the ability to safely share xpubs for watch-only purposes. That's why most wallets use a mix: the "account level" (first few branches) is hardened to wall off different accounts, but within an account, the receiving/change chains are unhardened so xpubs still work for generating addresses. As for support: yes, typical wallet software supports hardened paths, and in fact most of them already use hardened at the top level (BIP44, BIP49, BIP84 all do this). If you want to go full hardened all the way down, it's not *unsupported*, but you lost a lot of compatibility with existing tooling and services. That's the only reason people don't just default to it across the board.
I'll add if it wasn't clear- this would no longer be perceived as fud if a BIP was agreed to, and the work was in motion. There will be some trade-offs, which is of course why nothing is in motion, but those trade-offs have to be dealt with some time. Sooner the better.
That's correct. xpub is an EXTENDED public key. It can be used to generate other public keys that are actually used for individual transactions (usually by using BIP-32) From CoinTracker: > An xPub key, or extended public key, is a master public key that generates all subsequent addresses for a blockchain, such as Bitcoin. It allows you to view the wallet’s transaction history and balance without exposing private keys. Since xPub keys cannot initiate transactions, they help ensure your security. > The evolution of Bitcoin standards has created several types of extended public keys: xPub: Generates addresses prefixed with 1. yPub: Generates addresses prefixed with 3 (SegWit). zPub: Generates Bech32 addresses prefixed with bc1 (SegWit).
I had assumed that the HD wallets were based on a sequence of consecutive hashes, to make it impossible to break all the wallet's addresses from one public key But I think I'm wrong, after scanning the BIP. https://bips.dev/32/ The existence of an xPUB, that knows all the addresses in the wallet, suggests that it's all breakable
Actually any string in any language can be a seed in BIP39 seed mnemonic, but a well formed mnemonic consists only of words in the wordlist used and part of the last word is a checksum of the original seed entropy. Each BIP39 wordlist (yes there is multiple, and more are allowed) consists of exactly 2048 words, and each word in a well formed BIP39 seed mnemonic comes from 11 bits of data. The above is to allow the use of different wordlist (language or what not). Even if a wallet software or device does not recognise the words it can still recover the wallet seed, but not verify the seed mnempnic checksum. But using a non-standard seed mnemonic is NOT recommended. And neither is using a non-english wordlist for the mnemonic. To guarantee that the mnenpnic will be accepted and recovered by future device or software stick to a well former BIP39 seed mnemonic with. 12 or 24 words using the default English wordlist.
And I’m not saying it doesn’t negate the need to transition. I’m hoping we see great progress on BIP-360 in the next year or two.
That's correct, people should be moving assets to secure wallets. However, there is about 25% of supply, most from Satoshi era, that is likely not under ownership. And those could be taken/dumped. This is one of the decisions that has to be dealt with. Opinions vary which is why we need to keep talking about it and reach consensus. Like I say, there are big challenges but I think it's best if it gets sorted. No one is building these changes, they are just proposals. And there are performance and downtime decisions. Jameson Lopp, who is on one of those BIP, huge bitcoin advocate, is not shy about raising these issues. Need more people to listen to him...
Stick to Bitcoin. It’s currently quantum safe if you don’t re-use your addresses (and avoid using taproot) and BIP-300 will provide quantum safe addresses too.
I just did some quick digging and it looks like btc core developers are working on it under the surface. This is from ChatGPT I’m too lazy to find the articles but I’m sure you could. It acknowledges that while btc, govt and military are preparing for quantum computers, none of them see it as a valid threat at any near point in the future, right now it’s pure speculation and the truth is quantum computing has not even got close to a meaningful point at all, it can barely crack anything right now and that says a lot. I know people say FUD and all that, but it’s true that a lot of the articles you see are fud. I do agree with you though, any threat, no matter how small should be addressed, that goes for every industry and asset. I have no doubt that crypto in the future will be secure from quantum computing. Key Media Coverage & Reports • Cointelegraph (July 16, 2025) A new Bitcoin Improvement Proposal (BIP) named “Post Quantum Migration and Legacy Signature Sunset” outlines a phased plan to transition away from legacy signature schemes (ECDSA/Schnorr) in favor of quantum-resistant algorithms, aiming for gradual upgrade completion by 2030. Contributors include Jameson Lopp and Christian Papathanasiou.  • CoinDesk (April 5, 2025) A developer proposed a draft BIP called QRAMP (Quantum-Resistant Address Migration Protocol). It envisions a hard fork requiring users to migrate their funds from legacy, quantum-vulnerable wallets to ones protected by post-quantum cryptography before a preset cutoff. 
I noted it's a worldwide issue. And banks and governments are working on this. It has their full attention. The point is it *might* be a small risk, but being secure means accounting for any small risk. And just about any BIP will take 4 years to gain consensus and implement. Very few systems will run on quantum computers. They can do some things extremely well, but won't be for every day use. So classical systems need to be secured. We have those solutions. They need to be implemented now, with care. This will become a bigger issue the longer it is ignored
I think you are probably screwed but I will share my knowledge since I dealt in the past with similar things and I was familiar with the code. [Blockchain.com](http://Blockchain.com) wallet stores a an encrypted json on their servers. And as you know the password is used to encrypt it. If you know the UUID of the wallet you can just download it. You might need to approve an email as a 2FA, but I dont remember that. You can download their javascript open source code and run it from node in your computer to download the encrypted json. I think the top level function you might need is this one: [https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/network/walletApi.js#L57-L68](https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/network/walletApi.js#L57-L68) This would fetch and decrypt the json in memory. Inside the json you must have a field containing the seed which is a BIP39 12 world seed if the wallet is new enough. (maybe after 2014 or 15... who knows) If you want to look at the decryption function it starts here: [https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/walletCrypto/index.ts#L253-L259](https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/walletCrypto/index.ts#L253-L259) Note that, there are different attempts since blockchain had historically different types of encrypted payloads and this must be backwards compatible. Now, to make it more fun, they had a feature that used another password to encrypt the mnemonic (only) inside that json. So, you might find yourself that when you find the right password, if your dad/victim used that feature you might need to start a second round of cracking that password too. I believe the purpose of that was that the mnemonic was not stored in the browser memory decrypted all the time and only decrypted when the wallet really needed to sign something. Good luck but I think you are in a dark place.
No one knows. My 2 cents: the seed phrase backup is made according to a certain BIP protocol: I would choose a protocol that supported by Trezor, but not exclusively/proprietary supported by Trezor. Today, for me that would be BIP39. Even if Trezor would go out of business, and if your Trezor would ever stop working, chances are high you can restore a BIP39 seed phrase on some other platform. Then the funds could be transferred to a wallet supported by the then current protocol.
Great idea. I would buy something like a Trezor Safe 3. The backup is most important so perhaps also record the date and the BIP protocol along which the wallet was created. And a detailed instruction letter.
Hopefully, in 2026 I'll be able to release a tool that I and another have been building for 5+ years now. Also, no, I will no longer answer questions about it ... But BIP39 style wallets that are human generated can be cracked. No, it's not an exploit. And here comes the trolls. I'm posting this to say don't give up. That's it.
The Raw Entropy mode directly encodes the entropy. If you provide your own entropy, the words it generates will be directly correlated with the length of the entropy provided. If you don't provide 128, 192, or 256 bits of entropy, then the mnemonic will be a non-standard length and therefore incompatible with wallet software. With one of the provided word lengths, the entropy will be hashed first which normalizes the length. This lets you provide non-standard length entropy but still get a valid mnemonic. Of course, this also means that if you provide less entropy than normal for a length, the mnemonic will not have as much security as would be suggested by its length. Ultimately, both modes take a bit string and encode using BIP 39. The distinction is just in the length and whether a mnemonic of whatever length is accepted by wallet software.
I recommend moving the coins to a seed phrase wallet. The reason is interoperability. If you rely on a particular software's way of doing it, you also rely on that software sticking around, which means you rely on the people who make that software continuing to work on it. Otherwise you will end up issuing old and unsupported software, and that's probably insecure. So I recommend moving off that software before any of that happens. When you use a BIP-39 seed phrase, you can take that seed phrase anywhere, at any time.
Some wallet software (e.g. Electrum) had come up with heuro-deterministic (HD) wallets before it was introduced as a Bitcoin Improvement Proposal (BIP39). HD wallets use seed phrases to deterministically generate the exact same private/public key pairs every time. There is no timeframe for when all wallets would need to be "converted". At the core layer level, owning bitcoin is simply receiving bitcoin to a specific address and knowing the private key to that address to be able to spend it. Unless there's some kind of massive shift in bitcoin development (extremely unlikely, and you would have a massive amount of warning), then you will never have a problem using a wallet that simply randomly generated its bitcoin keypairs for you. But if you have no deterministic way to regenerate those keys, then it's critical that the wallet file with the keys is backed up and at a minimum has a passphrase encryption. I would be safe and keep it encrypted with something like GPG as well.
Hi good morning OP, this is really easy for you to check, just follow this steps please: - In your PC or smartphone, install the app Electrum; - Open the app and click on create wallet ---> give a name to your wallet ---> next, choice Standard Wallet ---> next, choice I already have the seed ---> next, text word by word your entire seed phrase (space between the words)**, click on FINISH ---> next, gonna appear a message asking if you want to extend your seed phrase, dont click in nothing, just press the NEXT ---> next, click on detect existing accounts ---> if you some account there, it is yours, just click on FINISH!* * Depending the volume of all transactions this gonna take one second or some minutes to load everything, in the final you will be able to see all your balance and do whatever you want. ** If for some reason when you are putting word by word of your seed phrase, in the final you can't press the finish button and he stills grey and not white, just go up in the word Electrum (the little box saying Electrum in the right side), and switch to the option BIP39. This will be fine! Please OP after it if you are rich now, sent 1 Bitcoin, just 1 it's ok for me... Ok i m joking calm down or maybe i m not!? Ok ok, if you feel and want to give me some donation its very appreciated: bc1qaav46tarnkcn7grqgvt5f8mss05ajk09ram0rj Thank you.
Dude , you should look into BIP85. On Coldcard Q it is easy to set up. Not sure about other wallet but BIP 85 is made for that.
If the BIP119 (its 119?) will come real and markable and infectious BTC spread around then you were right. Then the marked BTC will no loger usable at markets, exchanges, .... And yes, maybe a guy from Blackrock could make this BIP again and no one realize it. And then it can happen. Thats a lot of "maybe".
Not heard of "Portis", but what does this "key phrase" look like? Is it a standard 12/24 word BIP39 seed phrase? If so, it ought to be recoverable through any decent wallet.
That must have been a stressful realization, but you handled it really well by acting quickly and moving your funds before anything went wrong. A single misspelled or non-BIP39 word makes a seed completely invalid for recovery, so your concern was absolutely justified. What happened to you is a reminder of why recovery checks (actually restoring the seed on a fresh device or in a test environment) are so important — it’s the only way to confirm that a backup is usable. You’ve now ended up with a verified, functional seed and more confidence in your setup, which is a much stronger position than before. It’s a painful lesson, but a really valuable one.
Options are good, I would definately have at least 1 discrete option. The next generation are internet, applepay, mobile NFC native. They only need a very brief explainer about what a BIP39 mnemonic seed is. Monsoon Malibar coffee
You might need to work on your trolling technique... incorporate more btc understanding and less FUD. Learn more about the protocol, about BIP and then come back with a new meme trashing btc.. it might work next time
ok, sorry Newbie here..., provided I have a destination address too (Receiving Addresse) , so it just works, right ? To be more specific : let's take another exemple to be sure, as I did not keep the previous seed (sorry...) that was for illustration purpose only... Imagine you have this seed I'm sharing with you : wink budget demise tumble joy gun access impact album brush oxygen absent The individual private key (BIP44) below could very well sign on ITS own - with the help of some tools - (feature on legacy formats) the address m/44'/0'/0'/0/0 (or even create a individual wallet see bitaddress.org) 1KJcxht9jFfRWsJ3qdxE4e85t8QgyjJoDn L1cZAHFGccDRaP4B7fkRcoZ8e8XA69UPn8e3Ta9wyrAz6cXwy4fm Now for Segwit (BIP84), it is a bit different, you cannot sign directly from the individual key AFAIK, but from the SEED itself. L2xCkRV8h5nYoQ3gLvrfxpEfukd8noCZFgs72wNctWbYZcAi1HVv does NOT sign directly for bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 but rather the SEED signs this ...(did that on Sparrow) : Seed : wink budget demise tumble joy gun access impact album brush oxygen absent Addresse : bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 Message signed and verified : I own address bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 Signature: HyoGawzQRHydYLGHJifhrPKdV4HYPqw+mufXj6CmnNUmNG6oYFj8+yBY9Nul2TVro0D61jWF6bBhaTOOEdiz6/Q= Hence question : then some day when I need to SPEND it and I am able to prove it to the network, then I can spend it legitimaly, SINCE this is all I have to prove, correct ?
To 2. The value of Bitcoin is currently supported by the high proportion of institutional investors - other coins will find it difficult or take a long time to get into a similar position 3. Discussions are already underway about a possible upgrade to solve the quantum challenge - I recommend BIP306, among others - there are some interesting talks on YouTube with Hunter Beast
My letter stamp kit did not come with the #9. Then I realized I can flip the 6. BIP39 words don’t have numbers, but I number each washer.
I think BIP-39 will still reign supreme, but SLIP-39 allows them to implement Shamir’s Secret Sharing, which solves many problems with BIP-39 and the rigidity involved with keeping your passphrase safe.
Depends on whether the seed phrase is BIP-39 or not. Some are SLIP-39 and have a much larger wordlist. This is common with newer Trezor wallets.
It's not the same. It might *seem* similar, and that can lead us down the wrong path. First, some of the seed are checksums. So a miscreant getting pieces A and B are not mathematically the same as getting pieces B and C. An error in math means that our security precautions are even weaker than what we thought we calculated. Second, in that scheme, any access to portions are significant work toward cracking the whole thing. If an evildoer has 2/3 of the seed, they are 66% of the way to compromising your wallet. (Actually, even more given the above paragraph!) It would still require some effort to crack the remaining portion, but you've **greatly** weakened your security. With Shamir, accessing one or more shards of the seed, as long as it's below the threshold for unlocking, gets **exactly 0% closer** to cracking the whole key. Shamir is designed for this multi-shard creation process. Splitting up a BIP39 seed manually that wasn't designed for it only invites problems.
Shamir Secret Share is NOT the same as taking your 24 word seed and splitting it into three parts. Some wallets allow Shamir *instead* of the BIP39 seed words. This needs to be done at the time of the wallet creation. Using really-really-really smart math that is way beyond my explanation, the seed words can be generated so that "X" number of seed words are generated and any "Y" number of them are sufficient to unlock the wallet. You could, for example, use Shamir to generate 5 sets of secrets with any 3 of them being required. Or 3 and 2, etc. [What is Shamir backup?](https://trezor.io/learn/advanced/standards-proposals/what-is-shamir-backup)
I have tools to restore only btc and eth wallets with seed phrases, but you need to remember minimum 4 from 12 words BIP39 and preferrible 5 words for 18 words BIP39 phrase. I charge 30% from the total amount. I'm not interested in small wallets. Wallets with 1 btc + minimum and 50 eth + minimum. Don't send anything to anyone!!!
Hardware wallets generate a BIP39 mnemonic seed, which you can subsequently restore into any hardware or software wallet to regain control of your Bitcoin
[BIP 85](https://bip85.com/) and give them a copy of the seed and/or a [SeedQR](https://help.blockstream.com/hc/en-us/articles/10426338118169-What-is-a-SeedQR). Or you'll regret it when they tell you that they've lost access to the Bitcoin you gifted them. (That's how I've done it)
It's commonly used as a watch-only wallet for HW wallets. But it can also create hot wallets using the BIP39 standard. You have to create a new wallet and then in the keystore section select the option New or Imported Software Wallet and it will prompt you to import or create a new 24-word seed phrase. Haven't used this way myself, so feel free to experiment with this and correct me if I'm wrong.
That's a cracking idea, love it 🫡 Building some IKEA over the weekend? haha 96? Why so many? 👀 A 12 seedphrase BIP 39 is 340,282,366,920,938,463,463,374,607,431,768,211,456 to 1 That's 2048¹² possible combinations and that's the same encryption level as a Bitcoin In saying that...one of yours...I won't say which one, is a seed in one of my wallets 😆😆😆
Guessing a seed phrase is far closer to *completely* impossible than "basically" impossible. This seems like a neat game though. Some BIP-39 words are less than 6 letters; they're just excluded?
Thx for the answer! Do you see a risk in those 25% of wallets being drained and the impact in the price? Or do you expect BIP-360 to be sufficient and implemented soon enough so that the risk will remain minimal?
1. No 2. I’m still sticking to Bitcoin only. Your coins would be safe from an immediate quantum threat as long as you don’t re-use addresses and they’re stored in non-taproot addresses and not in old P2PK from before like 2011 or something. BIP-360 will introduce quantum safe addresses too once implemented. I’m not concerned.
Ahhh, gotcha. For a second I thought you were implying performing elliptic curve scalar multiplication on an analog device! And yup, offline generation and storage is the only way to go. You can never be 100% sure an internet-connected device doesn't have malware. What programs do you use for address generation? I've written my own C++ program from scratch for deriving a singular address from 32 random bytes, but obviously I haven't ever coded any BIP-compliant seed-phrase generation program myself as that's a whole other beast.
Stamp it into metal. It’s much more resilient than paper. https://jlopp.github.io/metal-bitcoin-storage-reviews/ Dont do any custom made “encryption” by mixing up words etc. Just follow the standard practice of 12 or 24 seed words with a passphrase. Electrum is a good wallet. But it does not generate standard BIP39 seeds. Something to keep in mind or info worth storing alongside the paper/metal backup.
It’s a mnemonic because typing a long hexadecimal string without making errors is hard. It was designed that way to be easy to type and store. The mnemonic is also easily identifiable to conform to a certain spec (BIP39) and has built in error correction meaning even if the whole thing is not perfectly legible, you can still restore your wallets.
Oh, this is an interesting topic. The most commonly used SSS for Bitcoin seeds is SLIP-39 by Satoshi Labs. It is nice for social backup as you can establish different quora with groups of people (eg. 1 of 1 for you, 2 of 3 for your family, 7 of 10 of your friends) and demand 2 groups out of 3 to restore the secret. The flip side of the coin is that it's not really good for inheritance planning, as it has a single point of failure at the reconstruction of the secret. In that moment the person reassembling the shares has access to the secret and can steal all the money, or anyone who is present can frontrun the others and take everything. This is opposed to a multi-sig scenario where each transaction can be checked and signed independently by the heirs, solving issues before it is too late, and nobody can steal from the others. SLIP-39 is also not compatible with BIP-39 (standard seeds); there are ways to split the xpriv of a BIP-39 wallet into a SPLIP-39 share set, but it's a bit cumbersome. In the end I would certainly not recommend SSS for inheritance, I mildly discourage for personal backup. Source: I created a .NET implementation of SPLIP-39, so I'm fairly familiar with how it works: [https://github.com/super-e/Slip39DotNet](https://github.com/super-e/Slip39DotNet)
Nice, but when I got to Valhalla I knew it was not real... could have chosen a valid BIP-39 word! Have fun!
556 712 1780 779 1221 1906 1355 919 644 1842 366 767 One, two, or three digits are missing or incorrectly transcribed in this BIP39 seed. Can you tell which digit(s) are missing/wrong? No, you can't. **That's why BIP39 seeds are not presented as numbers.** The canonical word list is designed to easily identify transcription errors. With your method, one sloppy stroke of the pen can cost you your entire seed.
SHA-256 and BIP39 are “quantum safe” if you’re talking about what quantum computers are capable of at this moment. But if quantum computers become what they’re projected to eventually become, no cryptographic standard that currently exists is safe, and saying buzz words you heard on a brocast isn’t going to change that.
I have a script that orders all 2048 BIP39 words in random order and then numbers them 1 to 2048. The result is then saved as a spreadsheet. Then, all I have to do is finding the corresponding number to for each seed word and write those down instead of the words themselves. Of course, I have to keep the spreadsheet saved somewhere secure and not lose access to it, since it's the dictionary to decipher the seed again. I only use this method to keep copies of my seed with family members, in case it falls into the wrong hands. I have plaintext copies at my own house.
There are multiple 3 letter words in the English BIP39 word list.
Obviously fake, in BIP39 we use the 4 first letters of each word. Thus, 3 letter words aren't possible.
that are simply words and "being present" means not much unless they decode to a valid BIP-32 master private key. Eg todays electrum wallet seed phrase uses the same words as bip39 but decodes differently
BIP-39 was proposed in 2013, your seed is not BIP-39
Are you sure you have BIP39 words? I did not think [blockchain.info](http://blockchain.info) used HD wallets in 2012. They just had hosted wallets. The words from that time are called the "legacy mnemonic" and encodes your password for the website. Some info here: [https://cryptoassetrecovery.com/posts/how-to-recover-blockchain-legacy-mnemonics](https://cryptoassetrecovery.com/posts/how-to-recover-blockchain-legacy-mnemonics) ("how to use a blockchain legacy mnemonic"). Is your wallet still hosted at blockchain.com? Can you login there? My understanding was you could export the private key so it's possible you did that at some point (though BIP39 would not be involved for that). Your post is really confusing about Safepal (is that a self custody bitcoin wallet app?) and losing your phone. Maybe you generated a wallet on that app and sent your bitcoin from [blockchain.com](http://blockchain.com) to that wallet? Here is the documentation about the Safepal derivation path: [https://safepalsupport.zendesk.com/hc/en-us/articles/360053299631-The-derivation-path-of-the-address-of-the-currency-already-supported-by-SafePal](https://safepalsupport.zendesk.com/hc/en-us/articles/360053299631-The-derivation-path-of-the-address-of-the-currency-already-supported-by-SafePal)
Got it — props for already digging into BTCRecover. From what I understand, older [Blockchain.info](http://Blockchain.info) wallets didn't always use standard BIP39 formatting, which can make recovery tricky. Some used email/password encryption or different derivation paths. Maybe try checking GitHub for old versions of [Blockchain.info](http://Blockchain.info) or seed-related repos from that time. Also, you could try asking in r/Bitcoin or r/BitcoinBeginners — sometimes devs there know about these legacy setups. Hope you find a breakthrough