Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
I don't think there will ever be consensus to implement BIP-361. But hypothetically speaking let's pretend that there was consensus and it was implemented, it would only result in a chain split if there were some people still running nodes and mining bitcoin without following the new rules. Otherwise it would not result in "an extra coin" as you put it. Even though there will probably never be consensus to implement BIP-361, if some people want it enough then they can fork off and create their own version of Bitcoin with its own blockchain where millions of coins can't be stolen by people with quantum computers as long as some people are willing to mine it. That would result in a new cryptocurrency or "an extra coin" as you put it. Bitcoin does not solve wealth inequality. And this isn't Eat The Rich Coin. "Lost" bitcoins probably will get recovered by people that have access to powerful quantum computers in the future because I don't think there will ever be consensus to implement something like BIP-361.
Since it's a gift, you can keep a copy of the seed, so if he loses it, you can give it to him again. Maybe even use BIP85. If he really wants to start stacking, he'll make his own wallet, and the paper you give him does not matter in the long run.
If this is high-stakes, I would not carry a recoverable seed phrase through airport security at all. X-ray scanners are not the main risk; loss, theft, or being forced to disclose it are bigger problems. Safer patterns are a fresh travel wallet with a small amount of funds, or a separate BIP39 passphrase if you know how to recover it. If you move any backup, make sure it is not the only copy of the wallet.
3 is even worse than 2. Because that will change two rules instead of one, in a bad way. If it's 2140 now and whole coiners are rare, how would you respond to a BIP saying "miners need reward, wholecoiners will potentially cause shock, so let's take half from any wallet >1coin and use them to fund mining"?
> I won’t be joining, I’ll keep my node allowing all valid blocks. That's fine as long as you realize that you won't actually be participating in Bitcoin anymore if the majority mining power accepts BIP-361. You will be effectively blocked from mining on the canonical chain. This is similar to soft forks that eliminated certain Bitcoin Script opcodes. They're soft forks, but they cause a split between old and new clients.
Statements like this show your lack of understanding of the subject outside of incendiary headlines. Already there is BIP-360 (Pay-to-Merkle-Root) on BTQ Bitcoin Quantum testnet; post-quantum signatures (e.g., NIST ML-DSA, SPHINCS+) on Blockstream Liquid sidechain. And if you just hold and have not spent your BTC you’ve never exposed your public keys and thus are not currently at risk. But thanks for spreading FUD
You are hung up on "semantics", but even so by the time all of the coins are frozen (phase a, phase b, phase c), a hard fork will almost certainly have taken place if they go down the path of BIP-361...
Cryptographically Relevant Quantum Computers (CRQCs) don't exist yet, so there's still a bit of time, but the goal is to implement P2MR (Pay to Merkle Root) as proposed in BIP-360 which prevents public keys from being revealed in transactions. Users would then send their coins to these new bc1z addresses.
So you don’t see much benefits in switching to P2MR (what BIP 360 is about if I understand correctly)? Are there other solutions you favour more?
Bitcoin rules was never about even distribution, that’s up to the users. Bitcoin rules is however NOT censorship or centralization of power. I will not personally signal for this BIP if it were to happen today.
You seem to be operating under the false assumption that this is being proposed for activation. There is no timeline set on BIP-361; it's a draft of a contingency plan that may not ever be needed.
Perhaps you mean "chain split." BIP-361 is a soft fork, and I explained a year ago why I don't think opposition would be sufficient to resist it with a hard fork. https://blog.lopp.net/against-quantum-recovery-of-bitcoin/
I'm the author of BIP-361 and you clearly haven't read the BIP. It's a soft fork, as it only restricts spending conditions. Tightening of consensus rules is always a soft fork.
All I read in that BIP-361 proposal is: "BTC Devs are in control of your bitcoin" and Satoshi's social experiment will come to an end, which ever way the "bitcoin devs" go with.
Anyone else think a contentious Bitcoin hard fork (BIP 361) leads to this cycle’s black swan?
Yes, that will be the only way once BIP-360 is ready. Fees should be minimal though. Right now where sitting at 2 sats/vB which is about $0.19 per transaction.
Newbie here, let's suppose that I'm on Legacy, the only way to "upgrade" to BIP-360 is creating a new wallet and doing a transaction paying the fee? Or is there any way to just update my old legacy wallet?
Close: - Legacy (P2PKH) is 1 - P2SH is 3 (this can indeed wrap a legacy segwit address, but is not limited to it) - Native segwit (bech32) is bc1q - Taproot (bech32m) is bc1p - P2MR (BIP-360) is bc1z All of these address types except Taproot (bc1p) are quantum resistant as long as you haven't spent. Yes, even Legacy. The problem arises when the public key is exposed (as soon as a spending transaction makes it to the mempool), which happens for all types except P2MR. Also, very early transactions used the public key directly (P2PK). Those are vulnerable even if they never spent because they were used as is when sent to. Right now the best thing you can do to protect against quantum attacks is to move any coins you have on a P2PK key or Taproot address (bc1p) to any other type. Native Segwit (bc1q) is generally the best option. If you're on a Legacy (1) or P2SH (3) address, then you could move to Native Segwit, but it's not strictly necessary. Of course, never reuse your addresses. When you spend, send change to a new address. Good wallets do this automatically. Then watch the space for progress on BIP-360. Don't jump on bc1z the moment it releases, there will be bugs. But keep your eyes peeled to eventually make the move.
u/miamiair92 you got the BIP number wrong. It's BIP-361. There's currently a thread about it on the top of r\/Bitcoin right now: https://www.reddit.com/r/Bitcoin/comments/1sn2cuo/bitcoin_quantum_migration_plan_that_would_freeze/
Ideally, they cant't without community support. But in reality Blockstream devs control all of Bitcoin Core, BitcoinTalk, and rBitcoin. They have censored opinions that don't align with their own. BIP-361 is not a Blockstream proposal, and Adam Back of Blockstream has proposed other measures. We'll see how this plays out as we could see Bitcoin Wars 2.0. I will fight for the side that doesn't censor honest discussions.
Interesting discussion around BIP 361 and Hourglass for quantum-resistant Bitcoin upgrades. Personally, I'm not a fan of freezing coins, but it's good to be aware of these options. Anyone know more about Adam Back's push for optional quantum-resistant upgrades? Let's see what u/statoshi has to say!
They cant freeze it themselves, they can propose to do so through a BIP and eventually the node clients will have to run the upgraded software implementation and miners will have to signal for it too.
They can't consensus doesn't work like that. A proposal is just "A guy said something in a fancy paper". Having a BIP number doesn't mean that it will be activated, not even endorsement. Consensus is an incredibly messy process and getting a BIP numbers is just the first step in building consensus.
Can people please read the BIP? In the Abstract it states 3 phases: **Phase A**: Disallows sending of any funds to quantum-vulnerable addresses, hastening the adoption of PQ address types. **Phase B**: Renders ECDSA/Schnorr spends invalid, preventing all spending of funds in quantum-vulnerable UTXOs. This is triggered by a well-publicized flag-day five years after activation. **Phase C** (TBD): Pending further research, a separate BIP proposing a method to allow quantum safe recovery of legacy UTXOs, likely via zero knowledge proof of possession of a corresponding BIP-39 seed phrase. While Phase C is only usable with BIP-39 keys so far that doesn't mean that the ultimate solution is to freeze the coins, the idea is to literally not freeze the coins but the change the way they can be spent at a consensus level (for the user there wouldn't be any change). On top of all of that, developers don't decide what goes into Bitcoin, they propose, they develop, they iterate, but they can't unilaterally activate things unless users adopt changes and miners mine using the activation client and enforce the new rules (this applies for both soft-forks and hard-forks). The other reason why this will never happen is because the whole BIP is dependant on a roadmap, nothing with a roadmap is going to fully activate ever in Bitcoin because the consensus process is too messy for roadmaps to be fully fleshed out.
From the article (for those who only read titles): > *"BIP-361 will freeze approximately 34% of the BTC supply if implemented on the network."* The 34% of BTC being referenced here are those stored in potentially vulnerable addresses. These users would have to move their coins to new types of address that are secured with quantum resistant signiatures. The type of signiature hasn't yet been decided, but there are 3 possibilities being considered (FALCON512, Dilithium2 or Dilithium5). The problem with all of these however is that they are much bigger than the currently used ECDSA one... between 9.7x and 64x bigger. This means that each bitcoin block can fit a lot less transactions, which increases costs for the user and reduces TPS. The disadvantage with increasing transaction cost is obvious, but the reduced TPS is much more important. Bitcoin already has a very slow throughput, and if all of the vulnerable coins need to be moved then this would take around 2 years, assuming that they used 25% of the network's capacity. Obviously if every other Bitcoin user agreed to stop using the chain then this migration could be done in a few months... but that seems unlikely. So in summary the plan being laid out involves: * setting a 5 year countdown for migration of 34% of all BTC to new addresses that of with a signature standard that hasn't yet been decided; * if you don't move in time then your coins will be locked forever (with the vague hope of using ZK to maybe prove ownership in the future); * moving all the BTC that needs to be migrated will take around 2 years to process all the required transactions; * and after migration transactions will be 9x to 60x more expensive, with the chain able to process an order of magnitude less TPS. Sounds great, nothing to worry about!
This completely fucks the "permanent asset / digital gold" premise. Bitcoin forever, it's immutable.. bunch of nerds vote to fuck billions out of the system. The BIP vote holder now become the new government.
El problema puede ser que Coinwallet 2013 no usaba BIP39, ese estándar recién se estaba definiendo, así que buscar 12 palabras en orden probablemente no va a funcionar. Ese archivo de 30k palabras es lo más valioso que tenés. Si fue creado por alguien técnico, la seed puede estar ahí como string completa tipo hex, base64, o brainwallet (SHA256 de una frase). Eso se puede atacar programáticamente contra tu dirección conocida de Coinbase. Me pasó algo así una vez, hablame al privado que te ayudo!
Yes, if this BIP is adopted P2PK transactions will be disallowed from the network, which effectively "dumps" legacy wallets like Satoshi's.
I don’t know what you are talking about with examples and precursors. ECDSA on P-256 will be the first cryptography that is broken, because it has the smallest key size and most efficient algorithm. RSA and everything else will take longer. This BIP _is_ the solution that the community is going to come to consensus on.
Post is by: jkl2035 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1smdnqr/hunter_beast_on_qrl_show_about_bip360_how_to/ https://m.youtube.com/watch?v=0PoTq0kWVs0&pp=ygUQSHVudGVyIGJlYXN0IHFybA%3D%3D Great talk, I personally like Hunter - great to hear that momentum is growing on quantum side of BTC, they want to form several teams in the next weeks to drive BIP360 further *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*
Only if blocks with transactions from deprecated addresses are still accepted by BIP conforming miners. If not, any blocks they find will simply be orphaned.
That’s not strictly correct. Miners are the ones who decide which transactions ultimately make it into a block. In this case, if they adopted this BIP they would simply reject all transactions using deprecated wallet formats, regardless of what the nodes broadcast.
Now that twitter has been completely destroyed by Elon and turned into a hateful version of tik tok / instagram for people to go and get outraged, I hope to find more of this here in good old r/Bitcoin I feel like u/[rnvk](https://www.reddit.com/user/rnvk/) missed the most important "keeps me up at night" point though: BIP360 won't make BTC quantum proof. It's just a first step. Implementing actual quantum proof signatures will completely wreck Bitcoin and would either reduce capacity by 40 times or require 40 times bigger blocks. So the only real hope is that Quantum Computers won't exist for at least another 30-50 years. Which really isn't great...
Here's the BIP39 wordlist: [https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt) \*Employ\* should be the closest word to that one, maybe try it that way.
Phoenix and Aqua block external seed imports due to their strict reliance on proprietary derivation paths and server-side routing states. Phoenix requires synchronized channel data with ACINQ nodes to manage inbound liquidity. Aqua requires specific Liquid Network sub-account paths. A generic BIP-85 child seed lacks this prerequisite historical state data, causing their automated recovery protocols to fail. Additionally, LND-based Lightning wallets like Blixt or Breez utilize the proprietary aezeed format. BIP-85 generates standard BIP-39 mnemonics. These cryptographic standards are mathematically incompatible. This is a limitation of highly abstracted mobile wallets, not the Lightning protocol itself. To initialize a Lightning node using a BIP-85 child seed, you must use software that processes raw BIP-39 entropy without enforcing centralized state checks. Viable alternatives capable of this exact function: Zeus. When configured in embedded LDK (Lightning Development Kit) mode, it natively accepts standard 12-word or 24-word BIP-39 seed imports. Electrum. The client allows direct BIP-39 restoration via the Options toggle during setup and operates a built-in Lightning node. Mutiny Wallet. Built entirely on LDK, it accepts standard BIP-39 child seeds directly upon initialization. Do not load the same BIP-85 child seed into multiple Lightning wallets simultaneously. Lightning nodes demand exclusive local control over their UTXOs to negotiate commitment transactions. Duplicating the active seed across multiple environments guarantees state desynchronization, triggering forced channel closures or permanent loss of capital through penalty transactions.
BIP-360 IS the solution -- its a question of when will we adopt it as a community. Sooner is better so these alarmists will shut up.
if BIP-110 is not implemented then Bitcoin has the biggest threat to its existance to date. And it could die if BIP-110 is not implemented.
This is exactly the kind of post this community needs more of. The distinction you make right at the top — that Bitcoin uses digital signatures, not encryption — is something that gets butchered in almost every mainstream article on this topic, and it invalidates half the fearmongering before it even gets started. The fact that you led with that tells me you actually did the work. The point about the 6.26 million BTC with exposed public keys is the one I think deserves the most attention going forward. It's not a sky-is-falling number, but it's not nothing either — and the people holding those coins range from lost wallets to early adopters to Satoshi's own stash, which makes any community conversation about it genuinely complicated. The BIP-360 mention is encouraging. Bitcoin has navigated hard upgrades before and come out stronger. The bigger question is whether the governance process can move at the pace the qubit timeline now seems to demand. That feels like the real race. Genuinely appreciate the no-hype framing. Bookmarking this for the next time someone sends me a "quantum computer will destroy Bitcoin" headline. Will have more as I read more but this is my first pass after reading segment 1 - great research...:)
So to reiterate: - the 12 words of the seed phrase appear in the correct order in the book, hidden among and separated by other “normal” text. - they are not standard BIP39 words, but custom words - they are differentiated from other text by using a similar but different font - the pdf has been flattened to conceal code details about font types within the document file.
So you have 12 words that are NOT in the BIP39 list? Perhaps that's the reason why nobody opened the wallet.
They're chronological, and it's only 12, before BIP39 was implemented. Importable most reliably into an electrum wallet.
A BIP is a proposal. It could be implemented tomorrow. This is the discussion period. They will discuss and poke at the ideas and either adopt or reject the proposal
Could be you are using the wrong derivation path. Electrum seed phrase derivation paths depend on the wallet version, address type (Legacy, SegWit, Native SegWit), and seed type (Electrum vs. BIP39). Modern Electrum (4.x+) typically defaults to native SegWit (bech32) using path m/84'/0'/0', while older wallets used legacy m/44'/0'/0' or m/0'. If you use the wrong path, it will show zero balance, because the addresses are different.
Not at all, you're reading too much into it. The extreme opinion you describe is a loud minority on social media, I'm certain most people won't agree with those statements. Also calling someone based is always admitting that the person aligns with your values & worldview, otherwise you wouldn't call them that, simple logic. So yes, I agree with his opinions on the Zionist anti-human regime. I said that because I feel like the whole debate about the recent BIP-110 drama has really shown who is an arrogant elitist resting on their cypherpunk title and who is still righteous in their cause. Adam for example has turned out to be quite a little crybaby, acting all smug & dismissing a big part of the community that once admired him very much. He's also on the list, which is very telling, you know what list. I won't follow someone like that anymore, anywhere. And also no one who's still rallying behind him, I sort those out immediately. People really showed their true colors during this g€nocide, expressed their opinion through deafening silence or shameless support and I can't help but judge people for their stance on this issue. If I can't trust you on this, I will never trust you on Bitcoin. Peter Todd is the sole reason I'm running BIP-110 right now. Just out of spite. I digress, I hope you get my point.
Knots. BIP110. Solo miner on my own public pool (no fee). The other paid for hash is mining with ocean.
tldr; Bitcoin developers unveiled two prototype quantum-resistant wallet recovery methods: Lightning Labs CTO Olaoluwa Osuntokun proposed a zk-STARK-based recovery path for BIP-86 Taproot wallets, while StarkWare researcher Avihu Levy outlined a no-softfork scheme that may fit within Bitcoin’s current script limits. The prototypes offer concrete migration options for existing wallets amid rising concern after Google warned quantum attacks on secp256k1 may be easier than thought, though they are not yet deployed solutions. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Gavin left when BIP-100, 102, snd 103 were censored on Bitcoin forums
I expect $58K by June 7th or 8th. And I don't see BTC breaking that trend line in the summer, which is typically "sell in May and go away" season. So I expect sub-$50K by September. There's also BIP-110 and the child exploitation content issue, and a looming soft fork over it. If that hits normie news in August before the deadline, it'll drive price lower too. Hold your powder.
My own analysis suggests $58K by June 8th. Summer is usually not a pump season, so I expect sub-$50K by September/October. Especially if BIP-110 starts hitting normie news and everyone starts hearing about embedding the kiddy pr0nz in the blockchain, or a contentious soft fork over the issue.
\>Electrum uses a proprietary seed format and deliberately does not support BIP-39 — the standard your hardware wallet uses. Electrum is open source software so it can't be a proprietary seed format. It's supported by some other wallets like blue wallet. Electrum's seed format is superior because it does not require the user to select a derivation path. Electrum automatically uses the correct derivation path. \>To get it working you have to click a hidden “Options” button during seed entry, select “BIP39 seed,” then manually enter the derivation path your original wallet used. The options button isn't hidden. It's visible plain as day on the seed entry step. You don't have to manually enter the derivation path. You can select from some options or click on the "detect existing accounts" button to have it search for the correct one automatically. \>Without those steps, Electrum opens a valid empty wallet with no explanation. If you enter a bip39 seed and do not click on options and check bip39 then electrum won't let you proceed to the next step. It won't open an empty wallet. It just won't let you proceed.
Yeah, thank but no thanks. Of course I relise that of a multisig scheme 2-of-3 is the most forgiving. What I meant is: what BIP, and with what hardware devices? iPhone, Trezor, Coldcard Q and or one or more Tapsigner cards. Infinite plus kodos for those who mention SLIP-39 in their quality reply.
Really? I thought Ethereum was structrually more vulnerable because address are re-used and public keys exposed. With BIP360, I would assume that Bitcoin is the main choice of quantum-resistant wealth accumulation going forward. However, such an attack is still a theoretical thought experiment. Cracking ECC (with SHA256 still out of reach) is at the end of the adoption curve, no matter what algorithm you use. And there is no company working towards this, as other use-cases come with economic incentives.
BIP-360 only protects against new long-range attacks for anyone who migrates. It doesn't solve short range mempool attacks or longer-range attacks for stuck BTC in P2PK addresses and other early addresses used more than once.
That's not what BIP 360 does. It only fixes taproot transactions so they don't put public key on-chain. There is no BIP to add post-quantum signatures.
Banks can patch their systems overnight. Bitcoin requires ecosystem-wide consensus for any cryptographic upgrade, and one paper estimated ~76 days of downtime just for the transition. SWIFT and US federal agencies are already on post-quantum timelines. Bitcoin’s leading proposal (BIP 360) is still on testnet. On top of that, 6.9M BTC already have public keys exposed on an immutable ledger. Adversaries can harvest that data now and crack it later.
So it should be really easy for you to tell us which BIP it is then right? Certainly you aren’t just making it up entirely?
… so can Bitcoin? The BIP already exists
*Your funds are very likely not lost — this is a classic MultiBit change address issue.* *When you sent the $10 test transaction, Electrum created a change address using its own derivation path. But MultiBit used a completely different wallet format (not BIP44 standard), so the remaining balance went to a change address that Electrum doesn't see with the same seed.* *What you should try:* *1. In Electrum, go to Wallet → Private Keys → Export — check if there are addresses with balance you don't recognise* *2. Try importing the seed into MultiBit Classic (if you can find it) or Multibit HD* *3. Check the blockchain explorer with your old receiving address — trace where the change went* *The transaction is on-chain, the funds exist somewhere. They're just in an address your current Electrum setup isn't showing.* *Don't send any more transactions until you locate the change address.*
Seed phrases were introduced in BIP39, which was adopted late 2013. It's possible OPs wallet address predates that.
also, try using a BIP 39 generator once
BIP 360 has already been proposed to fix this before it becomes an issue. By what I’ve read the coins are safe unless a transaction is broadcast also.
Yes, the original wallet was online. I searched using Electrum and the Atomic wallets; however, neither of those wallets could import my old wallet using my BIP39 seed code. I actually found it on the Apollo exchange, and was able to access Apollo and Artimus, which I vaguely recall that the Artimus token was part of the original Apollo coin. Anyway, I swapped it all for Bitcoin, and the wallet shows that it was completed properly. I would like to move the Bitcoin to Coinbase, but when I add my Coinbase Bitcoin wallet address, it says the address is invalid. So I think it has something to do with this being an outdated wallet, and I'm trying to figure out how to move it or update it...
The '9-minute' headline is great for clicks, but the real technical nightmare isn't the hardware scaling—it’s the **social consensus** of 10 million 'lost' coins. Sure, we can patch the protocol with BIP-360, but how do you migrate **Satoshi’s 1.1 million BTC** or the billions in 'zombie wallets' that don't have an active user to sign a transition transaction? If we don't migrate them, they become a permanent 'bounty' for the first state-actor with a stable Qubit array. If we *do* hard-fork to burn or lock them, we’ve just turned Bitcoin into a centralized database managed by a committee. The 'Gods' of cryptography are basically telling us we have a choice: 1. Maintain 'Immutability' and let Quantum computers slowly drain the foundations of the network. 2. Maintain 'Security' and admit that the 'Code is Law' era died the moment we had to manually intervene to stop a Shor’s algorithm exploit. I’m looking forward to the 2028 'Civil War' where half the network refuses to upgrade because 'Quantum isn't real' while the other half watches their cold storage turn into a public donation. At least the **Symmetric encryption** crowd can laugh at us from their AES-256 bunkers while we're arguing over which multi-sig flavor tastes less like defeat. Is Bitcoin actually 'un-hackable' if the only way to save it is to break its primary promise of decentralization?
Would we have to do anything as BTC owners if it went BIP360?
Academic is on the SLIP 39 list - Shamir secret from Trezor (authors of original BIP39) https://trezor.io/slip39
Agreed, BIP360 is a solid move, but the real challenge will be achieving network consensus and ensuring a safe migration for all users.
Time to react now - BIP360 is there
We have computers to help us. With a book's PDF version, a program can give us all 2048 words' locations. Then you pick 12 and verify them in the paper book before write down. Also, the 4 letters criteria IS in BIP39 spec itself.
You technically can, but think about the practical side: with a letter-based approach for 12 words, you're looking at up to 48 code sets. For 24 words, that's up to 96. Now add a second wallet — you're encoding and verifying 192 individual letter references. The chance of making a single mistake while encoding or decoding goes up significantly with every additional reference, and one wrong letter means a wrong word means a wrong seed. Also, using only the first 4 letters is not recommended — BIP39 has word pairs that share the first 4 characters (like "work" and "world", or "sea" and "search"). You'd want full words to be safe, which makes the letter approach even longer. A purpose-built book with a word index lets you look up each seed word directly and get one code per word — 24 codes for 24 words, done. Less room for error, faster to encode and verify.
The 500,000 qubit estimate needs context because it obscures the real engineering gap. Current quantum computers have thousands of physical qubits but extremely few logical qubits. The difference matters enormously. You need many physical qubits to create one error-corrected logical qubit that can actually run algorithms reliably. The 500,000 number is likely physical qubits, and the ratio of physical to logical is currently terrible, somewhere around 1000:1 for useful error correction. So you're really talking about needing machines orders of magnitude more capable than what exists. The 6.9 million vulnerable BTC framing is somewhat misleading. These are coins in addresses where the public key has been exposed, meaning the address has been spent from at least once. Coins sitting in addresses that have only received and never sent are protected by an additional hash layer. The real vulnerability window is between when you broadcast a transaction and when it confirms, because your public key is exposed during that period. A sufficiently fast quantum computer could theoretically derive your private key and submit a competing transaction. The timeline uncertainty is the honest answer. Quantum hardware progress isn't linear or predictable. Could be 10 years, could be 25. Anyone giving confident dates is guessing. What actually matters practically. The cryptographic community has post-quantum signature schemes ready. The migration is a coordination problem not a research problem. Bitcoin's BIP-360 and similar proposals exist. The transition will be messy but the path exists. The chains that drag their feet on migration will have problems, but the industry has time to execute if it starts moving seriously.
BIP 47 (PayNyms) already have this covered. They aren’t great for privacy, though.
In Bitcoin we have Payment Requests (implemented by BitBix and Trezor), BIP-353 addresses (human readable addresses), QR codes, contacts, Silent Payment Addresses and a million more solutions, also Breez (a Lightning wallet) used to have something exactly like what you are proposing but nobody actually used it because this causes more problems that those it solves. This problem was solved years ago, just use a wallet the implements good UX/UI stuff.
> The timeline for quantum computers threatening Bitcoin's elliptic curve cryptography is uncertain. it's actually not that uncertain anymore. NSA set a 2030-2033 deadline and Google has recently advanced Q-day to 2029. IBM is investing 150 billion in quantum computing. this softfork is beneficial but it should have been activated long ago, along with other technical improvements like BIP 118. let's not delay an urgent quantum softfork with something that was not prioritized for several years.
For more information about BIP 54, see Mike's website that was recently shared here. [https://www.reddit.com/r/Bitcoin/comments/1sbea6t/bip54org\_informational\_site\_for\_bip54s\_consensus/](https://www.reddit.com/r/Bitcoin/comments/1sbea6t/bip54org_informational_site_for_bip54s_consensus/)
I tried to address that here: [https://bip54.org/#faq-quantum](https://bip54.org/#faq-quantum) "*Quantum computing resistance is a separate concern from the vulnerabilities BIP54 addresses. BIP54 is about fixing specific bugs and attack vectors in Bitcoin's existing consensus rules: timewarp, slow validation, merkle tree exploits, and duplicate transactions.* *Quantum-resistant cryptography would require a different set of changes (possibly a new address format and signature algorithm) and is still an area of active research. The timeline for quantum computers threatening Bitcoin's elliptic curve cryptography is uncertain.* *BIP54 should be evaluated on its own merits as a security upgrade. It neither helps nor hinders future quantum resistance efforts, and there's no reason to delay fixing known vulnerabilities while waiting for quantum-resistant proposals to mature.*"
Think it will be more an early to mid 2030 thing, but we have to Act now to be ready. BIP360 is there for BTC
The 9 minutes headline is doing a lot of work that the actual research doesn’t support. The gap between ‘theoretically possible with X qubits’ and ‘practically achievable with real hardware’ is where most of these threat timelines fall apart. The more honest framing is that quantum risk to Bitcoin is a Schelling point problem as much as a technical one. The moment credible quantum capability looks close, the rational move is to move coins to quantum-resistant addresses before you’re forced to. Which means the actual attack window on vulnerable wallets is narrower than the hardware timeline suggests anyone paying attention will migrate. The 6.9 million BTC in vulnerable wallets is the real number worth watching. A significant chunk of that is provably lost coins Satoshi’s wallets, early miners, dead keys. Quantum unlocking genuinely lost Bitcoin would be economically chaotic in a way that’s completely separate from the security threat to active users. BIP-360 moving forward is the right signal to watch. The Bitcoin development process is slow by design so the fact it’s already in testing suggests the people closest to the protocol think the timeline is serious enough to act now rather than later. The actual unknown isn’t whether quantum gets there it’s whether the upgrade coordination happens fast enough across an ecosystem with no central authority to mandate migration.
BIP-360 Fix: If quantum computer = NO
You can use the Ian Coleman BIP39 tool to check those phrases. For safety, download the bip39-standalone.html file from his GitHub(https://github.com/iancoleman/bip39/releases) and run it offline. Once you input your seed phrase, look at the 'Derived Addresses' section. You can then copy those addresses and check their balances on a blockchain explorer. If you remember your addresses starting with 'bc1...', you'll need to select the 'BIP84' tab under the Derivation Path section.
Maybe it is, maybe it isn't. There are BIP's out there adressing this issue, all you can do is run a node and run the software you would like to see for now. My question is, what bearing does AA have on this issue? From my point of view, it's none or very minimal.
I don’t think anyone truly believes quantum isn’t, at least theoretically, a threat. Some folks believe it won’t ever come to fruition, others think it’s far away, and far fewer think it’s right on the doorstep which is a common narrative lately. The only case where alarm bells should be going off (global alarm bells, not just Bitcoin ones) is that last case, where quantum is almost here and nobody had time to prepare. That’s three does not appear to be the case. So either: 1. Quantum won’t ever come to fruition (possible but doubtful, scientific breakthroughs and innovations will continue) in which case Bitcoin is fine 2. Quantum won’t come anytime soon, which gives plenty of time to layer in solutions, like BIP-360 and undoubtedly others as the threat unfolds.
Update: there's now a second book. A few people asked about alternatives to the children's book — especially for those traveling solo or anyone who'd rather not have a kids' book on their nightstand without kids in the house. "777 Wisdoms for Every Day" just went live on Amazon. Same concept: all 2,048 BIP39 words, works as a book cipher the exact same way. But instead of a children's story, it's a collection of 777 numbered daily wisdoms — the kind of book that fits on any shelf, in any bag, anywhere. [https://www.bip39books.com/777-wisdoms/](https://www.bip39books.com/777-wisdoms/)
Living under a rock, I see. Even if someone did have a powerful enough quantum computer, today, only the legacy addresses and those who had spent (exposing their public key) would be at high risk. Anyone who doesn't reuse addresses and switched to Segwit (bc1q...) is largely safe. And then there's BIP-360: [https://bip360.org/](https://bip360.org/)
I understand being worried, but yes, it's worked on. BIP-360 includes a quantum resistant address type. It's been merged into the BIP repo, but it's not accepted on the mainnet. I think other quantum resistant solutions are proposed too, so we'll see. But it's worked on, yes. When Satoshi's wallet sends money somewhere we know it's been cracked.
So I’m a boring sod and I actually read the report this is based on. Ignore all this quantum can/cannot in the next decade for now, the report basically suggests: - SegWit is safe until the wallet broadcasts a spend - the attack for SegWit is a mempool attack, or comes from reading legacy mempool data and taking time to decrypt. I have to presume a quantum computer is pretty expensive. Like, enough that there isn’t one ready to attack every address in the mempool at once. Logically, that means they’re targeting big wallets rather than mine. So my plan: 1. Adopt BIP 360 and whatever follows that up to make BTC quantum resistant. 2. If it hasn’t happened at Q Day, send everything to a fresh SegWit wallet in separate small transactions, have a pint, and wait for this all to blow over. Perfect? No. But I reckon miners will adopt a quantum fork pretty damn quickly if it comes to it. That’s even assuming the stable logical qubits can be generated, which is a maybe.
The thing is that the timeline is also shrinking mainly based on assumptions and not a lot of tangible improvement towards this attack angle. It became more plausible that a quantum attack could happen in the future, but it is not a certainty. But in general I agree. There already is a draft change proposal with BIP 360 that already has been tested and now needs approval and consensus to rollout.
Published by eth foundation lol. Yes they have. For years. BIP 360
Es geht nicht um „schützen“, das geht m.e. gegen das BTC Konzept, BIP360 liefert eine Antwort wie mit diesen Wallets umgegangen werden kann…
How will BIP360 protect those?
BIP-360 doesn't introduce quantum-safe signatures. It's as secure as P2PKH.
That's nonsense. If addresses created since 2017 were "very quantum safe" people could just transfer BTC from their old wallets to a new address and BIP360 would be unnecessary.
For others , here is an easier way to do this with dice With BIP39 , part of the last word includes the checksum which makes sure the seed word is valid and no typos or misordering occurs. Thus with this feature you can generate a valid 12th or 24th word checksum by entering either 11 words or 23 words that you generate with your own source of entropy with something like using dice or flipping a coin. Some people do this because they are paranoid with the software wallet so they prefer to generate their own seed offline. Ideally , its better to do this in a hardware wallet like - https://help.blockstream.com/hc/en-us/articles/20177648363545-Create-a-recovery-phrase-using-dice https://help.blockstream.com/hc/en-us/article_attachments/21328564164505 but if you don't want to use a hardware wallet and want a free option than blue wallet can work. Thus after installing blue you would turn off wifi and data on your phone to insure its offline and use this feature after rolling dice Some guides- https://bitbox.swiss/blog/roll-the-dice-generate-your-own-seed/ https://bitbox.swiss/bitbox02/BitBox_Diceware_LookupTable.pdf?ref=bitbox.swiss or https://help.blockstream.com/hc/en-us/articles/20177648363545-Create-a-recovery-phrase-using-dice https://help.blockstream.com/hc/en-us/article_attachments/21328564164505 or https://www.youtube.com/watch?v=j5nejoEGWFw Than you enter in the 11 or 23 words into blue wallet "generate the final Mnemonic word" to generate the last word . This can all be done offline so you don't need to trust blue wallet. Another way of doing it is using Blue wallets built in Diceware feature discussed here : https://bluewallet.io/docs/manual-entropy/ or https://www.whatisbitcoin.com/security/generate-your-seed-phrase
Per community notes- There was no confirmed breakthrough or imminent threat. The recent Google quantum headlines are about future risk planning, not current capability, there is no machine today that can break any encryption, let alone Bitcoin. We are at ~1,000 noisy qubits today. 500K fault-tolerant qubits is a decade+ away minimum. BIP-360 and post-quantum testnets are already live. The real story here is Google publishing scary numbers to justify their quantum budget, not an actual threat to BTC.
The 2026 Solution: BIP360 (Pay-to-Merkle-Root) Bitcoin developers aren't sitting still. A major proposal called BIP360 is currently the leading strategy for quantum resistance: Quantum-Resistant Signatures: It introduces new signature types (like "Lattice-based" or "Lamport" signatures) that are built with math problems that quantum computers cannot solve efficiently. The Migration: Users will likely have to move their funds from "Old Bitcoin" addresses to "Quantum-Safe" addresses. This is similar to moving your money from an old wooden box to a modern high-security vault.
Agree that it’s Not a tomorrow story, but looking at the roadmaps of the leading quantum labs it might be closer than you think. My worry esp for BTC is that the threat is not taken serious. Looking at the current BIP360 proposal it might take 3-4y to do a migration
People are being censored. You can't even discuss certain BIP proposals in this sub.
People are being censored. You can't even discuss certain BIP proposals in this sub.
It’s true, just read out BIP360 by Hunter Beast, quite neutral View by him on that topic imho