Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
A 24-word “seed” is a human readable form of your wallet’s private key. In most cases the is is all you need to control the wallet on any platform that supports the BIP-39 algorithm (the formula for translating the 24 words into a key). Basically all platforms use this standard. So you could carry your wallet between Ledger, Trezor, or whatever. A “passphrase” is typically a 25th word or phrase that is added to the seed to re-encrypt it as essentially a different seed. Same as above, just 1 more layer. M I think you’re referring the the Ledger live “password” though, which doesn’t really do anything but unlock the user interface on your computer - it has zero control over your funds and likely can be reset without disruption. You would need the physical ledger to interact through ledger live (which never reveals the seed even to ledger itself… the software preps a transaction, sends it to the physical device, which internally requires you to confirm the transaction on the screen with a button press, then it uses the seed to “sign the transaction” on the device and send back to the computer the signed version to process. No one ever seeds the seed, only the authorized transaction comes out, which can’t be tampered with without disrupting the “signature” and thus invaliding the transaction.
The headine isn't very fair (although I admit that I don't have all the details!) I don't know what El Salvador's setup was, or exactly what their new setup is, but it does make sense to stop re-using keys. i.e. once you spend from an address, you should spend all the balance and never accept any more to that address So a multi-address wallet (using a _hardened_ BIP84 wallet) makes sense
Back then there were no BIP39 words, just private keys
I expect this threat to come up in the 2030s (more end then beginning) - nevertheless the major projects have to talk about possible solutions. Looking at BIP360 for BTC for a while, think they can make it - but crucial questions to be answered (e.g. what to do with Satoshis coins), this will lead to more philosophical discussions in the community…
In the last 5y BTC did a Great Development on acceptance, this will get much further in the near Future, I expect much more use from governance side. Also this whole quantum discussion will be solved in a 2-3y period from now. Think BIP360 is offering a great answer to that, further discussions needed, but they will be done!
Ok, well I don't agree that it's designed so that people will lose coins. The design is extremely elegant, but requires good infrastructure and software around it to minimise the chances of loss. This has improved greatly, especially with BIP32 style wallets. Before that you could lose coins in your change addresses if you didn't have a recent backup. I disagree with you that loss of coins is a designed feature. I think it's an unfortunate consequence, and the risk is being reduced by improvements in wallet software.
Think this shift is not done because of quantum threat itself but also operational risks. Nevertheless the whole quantum discussion for BTC is a interesting topic, I recommend to watch some Talks with Hunter Beast on YouTube about BIP360 which is offering an answer how BTC might be shifted to quantum Secure Environment.
Vitalik should follow his own beliefs and write a BIP! don't just talk, walk!
Pretty much nailed it, the tradeoff is convenience vs safety. With an unhardened derivation you can hand out an **xpub** to a watch-only wallet or service (like an accounting app, an exchange, a POS terminal) and they can generate all the addresses for you without touching your private keys. That's super handy for businesses, multisig setups, or anything where you need to monitor incoming payments without risking the seed. Hardened derivations break that model, you can't generate child keys from just the parent xpub anymore. You need the private side of the parent to go further down the tree. So if you go 100% hardened, you lose the ability to safely share xpubs for watch-only purposes. That's why most wallets use a mix: the "account level" (first few branches) is hardened to wall off different accounts, but within an account, the receiving/change chains are unhardened so xpubs still work for generating addresses. As for support: yes, typical wallet software supports hardened paths, and in fact most of them already use hardened at the top level (BIP44, BIP49, BIP84 all do this). If you want to go full hardened all the way down, it's not *unsupported*, but you lost a lot of compatibility with existing tooling and services. That's the only reason people don't just default to it across the board.
I'll add if it wasn't clear- this would no longer be perceived as fud if a BIP was agreed to, and the work was in motion. There will be some trade-offs, which is of course why nothing is in motion, but those trade-offs have to be dealt with some time. Sooner the better.
That's correct. xpub is an EXTENDED public key. It can be used to generate other public keys that are actually used for individual transactions (usually by using BIP-32) From CoinTracker: > An xPub key, or extended public key, is a master public key that generates all subsequent addresses for a blockchain, such as Bitcoin. It allows you to view the wallet’s transaction history and balance without exposing private keys. Since xPub keys cannot initiate transactions, they help ensure your security. > The evolution of Bitcoin standards has created several types of extended public keys: xPub: Generates addresses prefixed with 1. yPub: Generates addresses prefixed with 3 (SegWit). zPub: Generates Bech32 addresses prefixed with bc1 (SegWit).
I had assumed that the HD wallets were based on a sequence of consecutive hashes, to make it impossible to break all the wallet's addresses from one public key But I think I'm wrong, after scanning the BIP. https://bips.dev/32/ The existence of an xPUB, that knows all the addresses in the wallet, suggests that it's all breakable
Actually any string in any language can be a seed in BIP39 seed mnemonic, but a well formed mnemonic consists only of words in the wordlist used and part of the last word is a checksum of the original seed entropy. Each BIP39 wordlist (yes there is multiple, and more are allowed) consists of exactly 2048 words, and each word in a well formed BIP39 seed mnemonic comes from 11 bits of data. The above is to allow the use of different wordlist (language or what not). Even if a wallet software or device does not recognise the words it can still recover the wallet seed, but not verify the seed mnempnic checksum. But using a non-standard seed mnemonic is NOT recommended. And neither is using a non-english wordlist for the mnemonic. To guarantee that the mnenpnic will be accepted and recovered by future device or software stick to a well former BIP39 seed mnemonic with. 12 or 24 words using the default English wordlist.
And I’m not saying it doesn’t negate the need to transition. I’m hoping we see great progress on BIP-360 in the next year or two.
That's correct, people should be moving assets to secure wallets. However, there is about 25% of supply, most from Satoshi era, that is likely not under ownership. And those could be taken/dumped. This is one of the decisions that has to be dealt with. Opinions vary which is why we need to keep talking about it and reach consensus. Like I say, there are big challenges but I think it's best if it gets sorted. No one is building these changes, they are just proposals. And there are performance and downtime decisions. Jameson Lopp, who is on one of those BIP, huge bitcoin advocate, is not shy about raising these issues. Need more people to listen to him...
Stick to Bitcoin. It’s currently quantum safe if you don’t re-use your addresses (and avoid using taproot) and BIP-300 will provide quantum safe addresses too.
I just did some quick digging and it looks like btc core developers are working on it under the surface. This is from ChatGPT I’m too lazy to find the articles but I’m sure you could. It acknowledges that while btc, govt and military are preparing for quantum computers, none of them see it as a valid threat at any near point in the future, right now it’s pure speculation and the truth is quantum computing has not even got close to a meaningful point at all, it can barely crack anything right now and that says a lot. I know people say FUD and all that, but it’s true that a lot of the articles you see are fud. I do agree with you though, any threat, no matter how small should be addressed, that goes for every industry and asset. I have no doubt that crypto in the future will be secure from quantum computing. Key Media Coverage & Reports • Cointelegraph (July 16, 2025) A new Bitcoin Improvement Proposal (BIP) named “Post Quantum Migration and Legacy Signature Sunset” outlines a phased plan to transition away from legacy signature schemes (ECDSA/Schnorr) in favor of quantum-resistant algorithms, aiming for gradual upgrade completion by 2030. Contributors include Jameson Lopp and Christian Papathanasiou.  • CoinDesk (April 5, 2025) A developer proposed a draft BIP called QRAMP (Quantum-Resistant Address Migration Protocol). It envisions a hard fork requiring users to migrate their funds from legacy, quantum-vulnerable wallets to ones protected by post-quantum cryptography before a preset cutoff. 
I noted it's a worldwide issue. And banks and governments are working on this. It has their full attention. The point is it *might* be a small risk, but being secure means accounting for any small risk. And just about any BIP will take 4 years to gain consensus and implement. Very few systems will run on quantum computers. They can do some things extremely well, but won't be for every day use. So classical systems need to be secured. We have those solutions. They need to be implemented now, with care. This will become a bigger issue the longer it is ignored
I think you are probably screwed but I will share my knowledge since I dealt in the past with similar things and I was familiar with the code. [Blockchain.com](http://Blockchain.com) wallet stores a an encrypted json on their servers. And as you know the password is used to encrypt it. If you know the UUID of the wallet you can just download it. You might need to approve an email as a 2FA, but I dont remember that. You can download their javascript open source code and run it from node in your computer to download the encrypted json. I think the top level function you might need is this one: [https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/network/walletApi.js#L57-L68](https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/network/walletApi.js#L57-L68) This would fetch and decrypt the json in memory. Inside the json you must have a field containing the seed which is a BIP39 12 world seed if the wallet is new enough. (maybe after 2014 or 15... who knows) If you want to look at the decryption function it starts here: [https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/walletCrypto/index.ts#L253-L259](https://github.com/blockchain/blockchain-wallet-v4-frontend/blob/development/packages/blockchain-wallet-v4/src/walletCrypto/index.ts#L253-L259) Note that, there are different attempts since blockchain had historically different types of encrypted payloads and this must be backwards compatible. Now, to make it more fun, they had a feature that used another password to encrypt the mnemonic (only) inside that json. So, you might find yourself that when you find the right password, if your dad/victim used that feature you might need to start a second round of cracking that password too. I believe the purpose of that was that the mnemonic was not stored in the browser memory decrypted all the time and only decrypted when the wallet really needed to sign something. Good luck but I think you are in a dark place.
No one knows. My 2 cents: the seed phrase backup is made according to a certain BIP protocol: I would choose a protocol that supported by Trezor, but not exclusively/proprietary supported by Trezor. Today, for me that would be BIP39. Even if Trezor would go out of business, and if your Trezor would ever stop working, chances are high you can restore a BIP39 seed phrase on some other platform. Then the funds could be transferred to a wallet supported by the then current protocol.
Great idea. I would buy something like a Trezor Safe 3. The backup is most important so perhaps also record the date and the BIP protocol along which the wallet was created. And a detailed instruction letter.
Hopefully, in 2026 I'll be able to release a tool that I and another have been building for 5+ years now. Also, no, I will no longer answer questions about it ... But BIP39 style wallets that are human generated can be cracked. No, it's not an exploit. And here comes the trolls. I'm posting this to say don't give up. That's it.
The Raw Entropy mode directly encodes the entropy. If you provide your own entropy, the words it generates will be directly correlated with the length of the entropy provided. If you don't provide 128, 192, or 256 bits of entropy, then the mnemonic will be a non-standard length and therefore incompatible with wallet software. With one of the provided word lengths, the entropy will be hashed first which normalizes the length. This lets you provide non-standard length entropy but still get a valid mnemonic. Of course, this also means that if you provide less entropy than normal for a length, the mnemonic will not have as much security as would be suggested by its length. Ultimately, both modes take a bit string and encode using BIP 39. The distinction is just in the length and whether a mnemonic of whatever length is accepted by wallet software.
I recommend moving the coins to a seed phrase wallet. The reason is interoperability. If you rely on a particular software's way of doing it, you also rely on that software sticking around, which means you rely on the people who make that software continuing to work on it. Otherwise you will end up issuing old and unsupported software, and that's probably insecure. So I recommend moving off that software before any of that happens. When you use a BIP-39 seed phrase, you can take that seed phrase anywhere, at any time.
Some wallet software (e.g. Electrum) had come up with heuro-deterministic (HD) wallets before it was introduced as a Bitcoin Improvement Proposal (BIP39). HD wallets use seed phrases to deterministically generate the exact same private/public key pairs every time. There is no timeframe for when all wallets would need to be "converted". At the core layer level, owning bitcoin is simply receiving bitcoin to a specific address and knowing the private key to that address to be able to spend it. Unless there's some kind of massive shift in bitcoin development (extremely unlikely, and you would have a massive amount of warning), then you will never have a problem using a wallet that simply randomly generated its bitcoin keypairs for you. But if you have no deterministic way to regenerate those keys, then it's critical that the wallet file with the keys is backed up and at a minimum has a passphrase encryption. I would be safe and keep it encrypted with something like GPG as well.
Hi good morning OP, this is really easy for you to check, just follow this steps please: - In your PC or smartphone, install the app Electrum; - Open the app and click on create wallet ---> give a name to your wallet ---> next, choice Standard Wallet ---> next, choice I already have the seed ---> next, text word by word your entire seed phrase (space between the words)**, click on FINISH ---> next, gonna appear a message asking if you want to extend your seed phrase, dont click in nothing, just press the NEXT ---> next, click on detect existing accounts ---> if you some account there, it is yours, just click on FINISH!* * Depending the volume of all transactions this gonna take one second or some minutes to load everything, in the final you will be able to see all your balance and do whatever you want. ** If for some reason when you are putting word by word of your seed phrase, in the final you can't press the finish button and he stills grey and not white, just go up in the word Electrum (the little box saying Electrum in the right side), and switch to the option BIP39. This will be fine! Please OP after it if you are rich now, sent 1 Bitcoin, just 1 it's ok for me... Ok i m joking calm down or maybe i m not!? Ok ok, if you feel and want to give me some donation its very appreciated: bc1qaav46tarnkcn7grqgvt5f8mss05ajk09ram0rj Thank you.
Dude , you should look into BIP85. On Coldcard Q it is easy to set up. Not sure about other wallet but BIP 85 is made for that.
If the BIP119 (its 119?) will come real and markable and infectious BTC spread around then you were right. Then the marked BTC will no loger usable at markets, exchanges, .... And yes, maybe a guy from Blackrock could make this BIP again and no one realize it. And then it can happen. Thats a lot of "maybe".
Not heard of "Portis", but what does this "key phrase" look like? Is it a standard 12/24 word BIP39 seed phrase? If so, it ought to be recoverable through any decent wallet.
That must have been a stressful realization, but you handled it really well by acting quickly and moving your funds before anything went wrong. A single misspelled or non-BIP39 word makes a seed completely invalid for recovery, so your concern was absolutely justified. What happened to you is a reminder of why recovery checks (actually restoring the seed on a fresh device or in a test environment) are so important — it’s the only way to confirm that a backup is usable. You’ve now ended up with a verified, functional seed and more confidence in your setup, which is a much stronger position than before. It’s a painful lesson, but a really valuable one.
Options are good, I would definately have at least 1 discrete option. The next generation are internet, applepay, mobile NFC native. They only need a very brief explainer about what a BIP39 mnemonic seed is. Monsoon Malibar coffee
You might need to work on your trolling technique... incorporate more btc understanding and less FUD. Learn more about the protocol, about BIP and then come back with a new meme trashing btc.. it might work next time
ok, sorry Newbie here..., provided I have a destination address too (Receiving Addresse) , so it just works, right ? To be more specific : let's take another exemple to be sure, as I did not keep the previous seed (sorry...) that was for illustration purpose only... Imagine you have this seed I'm sharing with you : wink budget demise tumble joy gun access impact album brush oxygen absent The individual private key (BIP44) below could very well sign on ITS own - with the help of some tools - (feature on legacy formats) the address m/44'/0'/0'/0/0 (or even create a individual wallet see bitaddress.org) 1KJcxht9jFfRWsJ3qdxE4e85t8QgyjJoDn L1cZAHFGccDRaP4B7fkRcoZ8e8XA69UPn8e3Ta9wyrAz6cXwy4fm Now for Segwit (BIP84), it is a bit different, you cannot sign directly from the individual key AFAIK, but from the SEED itself. L2xCkRV8h5nYoQ3gLvrfxpEfukd8noCZFgs72wNctWbYZcAi1HVv does NOT sign directly for bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 but rather the SEED signs this ...(did that on Sparrow) : Seed : wink budget demise tumble joy gun access impact album brush oxygen absent Addresse : bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 Message signed and verified : I own address bc1qsdv7l3wnewqwytkg9z0tlthzjeak2cxl4l2ak6 Signature: HyoGawzQRHydYLGHJifhrPKdV4HYPqw+mufXj6CmnNUmNG6oYFj8+yBY9Nul2TVro0D61jWF6bBhaTOOEdiz6/Q= Hence question : then some day when I need to SPEND it and I am able to prove it to the network, then I can spend it legitimaly, SINCE this is all I have to prove, correct ?
To 2. The value of Bitcoin is currently supported by the high proportion of institutional investors - other coins will find it difficult or take a long time to get into a similar position 3. Discussions are already underway about a possible upgrade to solve the quantum challenge - I recommend BIP306, among others - there are some interesting talks on YouTube with Hunter Beast
My letter stamp kit did not come with the #9. Then I realized I can flip the 6. BIP39 words don’t have numbers, but I number each washer.
I think BIP-39 will still reign supreme, but SLIP-39 allows them to implement Shamir’s Secret Sharing, which solves many problems with BIP-39 and the rigidity involved with keeping your passphrase safe.
Depends on whether the seed phrase is BIP-39 or not. Some are SLIP-39 and have a much larger wordlist. This is common with newer Trezor wallets.
It's not the same. It might *seem* similar, and that can lead us down the wrong path. First, some of the seed are checksums. So a miscreant getting pieces A and B are not mathematically the same as getting pieces B and C. An error in math means that our security precautions are even weaker than what we thought we calculated. Second, in that scheme, any access to portions are significant work toward cracking the whole thing. If an evildoer has 2/3 of the seed, they are 66% of the way to compromising your wallet. (Actually, even more given the above paragraph!) It would still require some effort to crack the remaining portion, but you've **greatly** weakened your security. With Shamir, accessing one or more shards of the seed, as long as it's below the threshold for unlocking, gets **exactly 0% closer** to cracking the whole key. Shamir is designed for this multi-shard creation process. Splitting up a BIP39 seed manually that wasn't designed for it only invites problems.
Shamir Secret Share is NOT the same as taking your 24 word seed and splitting it into three parts. Some wallets allow Shamir *instead* of the BIP39 seed words. This needs to be done at the time of the wallet creation. Using really-really-really smart math that is way beyond my explanation, the seed words can be generated so that "X" number of seed words are generated and any "Y" number of them are sufficient to unlock the wallet. You could, for example, use Shamir to generate 5 sets of secrets with any 3 of them being required. Or 3 and 2, etc. [What is Shamir backup?](https://trezor.io/learn/advanced/standards-proposals/what-is-shamir-backup)
I have tools to restore only btc and eth wallets with seed phrases, but you need to remember minimum 4 from 12 words BIP39 and preferrible 5 words for 18 words BIP39 phrase. I charge 30% from the total amount. I'm not interested in small wallets. Wallets with 1 btc + minimum and 50 eth + minimum. Don't send anything to anyone!!!
Hardware wallets generate a BIP39 mnemonic seed, which you can subsequently restore into any hardware or software wallet to regain control of your Bitcoin
[BIP 85](https://bip85.com/) and give them a copy of the seed and/or a [SeedQR](https://help.blockstream.com/hc/en-us/articles/10426338118169-What-is-a-SeedQR). Or you'll regret it when they tell you that they've lost access to the Bitcoin you gifted them. (That's how I've done it)
It's commonly used as a watch-only wallet for HW wallets. But it can also create hot wallets using the BIP39 standard. You have to create a new wallet and then in the keystore section select the option New or Imported Software Wallet and it will prompt you to import or create a new 24-word seed phrase. Haven't used this way myself, so feel free to experiment with this and correct me if I'm wrong.
That's a cracking idea, love it 🫡 Building some IKEA over the weekend? haha 96? Why so many? 👀 A 12 seedphrase BIP 39 is 340,282,366,920,938,463,463,374,607,431,768,211,456 to 1 That's 2048¹² possible combinations and that's the same encryption level as a Bitcoin In saying that...one of yours...I won't say which one, is a seed in one of my wallets 😆😆😆
Guessing a seed phrase is far closer to *completely* impossible than "basically" impossible. This seems like a neat game though. Some BIP-39 words are less than 6 letters; they're just excluded?
Thx for the answer! Do you see a risk in those 25% of wallets being drained and the impact in the price? Or do you expect BIP-360 to be sufficient and implemented soon enough so that the risk will remain minimal?
1. No 2. I’m still sticking to Bitcoin only. Your coins would be safe from an immediate quantum threat as long as you don’t re-use addresses and they’re stored in non-taproot addresses and not in old P2PK from before like 2011 or something. BIP-360 will introduce quantum safe addresses too once implemented. I’m not concerned.
Ahhh, gotcha. For a second I thought you were implying performing elliptic curve scalar multiplication on an analog device! And yup, offline generation and storage is the only way to go. You can never be 100% sure an internet-connected device doesn't have malware. What programs do you use for address generation? I've written my own C++ program from scratch for deriving a singular address from 32 random bytes, but obviously I haven't ever coded any BIP-compliant seed-phrase generation program myself as that's a whole other beast.
Stamp it into metal. It’s much more resilient than paper. https://jlopp.github.io/metal-bitcoin-storage-reviews/ Dont do any custom made “encryption” by mixing up words etc. Just follow the standard practice of 12 or 24 seed words with a passphrase. Electrum is a good wallet. But it does not generate standard BIP39 seeds. Something to keep in mind or info worth storing alongside the paper/metal backup.
It’s a mnemonic because typing a long hexadecimal string without making errors is hard. It was designed that way to be easy to type and store. The mnemonic is also easily identifiable to conform to a certain spec (BIP39) and has built in error correction meaning even if the whole thing is not perfectly legible, you can still restore your wallets.
Oh, this is an interesting topic. The most commonly used SSS for Bitcoin seeds is SLIP-39 by Satoshi Labs. It is nice for social backup as you can establish different quora with groups of people (eg. 1 of 1 for you, 2 of 3 for your family, 7 of 10 of your friends) and demand 2 groups out of 3 to restore the secret. The flip side of the coin is that it's not really good for inheritance planning, as it has a single point of failure at the reconstruction of the secret. In that moment the person reassembling the shares has access to the secret and can steal all the money, or anyone who is present can frontrun the others and take everything. This is opposed to a multi-sig scenario where each transaction can be checked and signed independently by the heirs, solving issues before it is too late, and nobody can steal from the others. SLIP-39 is also not compatible with BIP-39 (standard seeds); there are ways to split the xpriv of a BIP-39 wallet into a SPLIP-39 share set, but it's a bit cumbersome. In the end I would certainly not recommend SSS for inheritance, I mildly discourage for personal backup. Source: I created a .NET implementation of SPLIP-39, so I'm fairly familiar with how it works: [https://github.com/super-e/Slip39DotNet](https://github.com/super-e/Slip39DotNet)
Nice, but when I got to Valhalla I knew it was not real... could have chosen a valid BIP-39 word! Have fun!
556 712 1780 779 1221 1906 1355 919 644 1842 366 767 One, two, or three digits are missing or incorrectly transcribed in this BIP39 seed. Can you tell which digit(s) are missing/wrong? No, you can't. **That's why BIP39 seeds are not presented as numbers.** The canonical word list is designed to easily identify transcription errors. With your method, one sloppy stroke of the pen can cost you your entire seed.
SHA-256 and BIP39 are “quantum safe” if you’re talking about what quantum computers are capable of at this moment. But if quantum computers become what they’re projected to eventually become, no cryptographic standard that currently exists is safe, and saying buzz words you heard on a brocast isn’t going to change that.
I have a script that orders all 2048 BIP39 words in random order and then numbers them 1 to 2048. The result is then saved as a spreadsheet. Then, all I have to do is finding the corresponding number to for each seed word and write those down instead of the words themselves. Of course, I have to keep the spreadsheet saved somewhere secure and not lose access to it, since it's the dictionary to decipher the seed again. I only use this method to keep copies of my seed with family members, in case it falls into the wrong hands. I have plaintext copies at my own house.
There are multiple 3 letter words in the English BIP39 word list.
Obviously fake, in BIP39 we use the 4 first letters of each word. Thus, 3 letter words aren't possible.
that are simply words and "being present" means not much unless they decode to a valid BIP-32 master private key. Eg todays electrum wallet seed phrase uses the same words as bip39 but decodes differently
BIP-39 was proposed in 2013, your seed is not BIP-39
Are you sure you have BIP39 words? I did not think [blockchain.info](http://blockchain.info) used HD wallets in 2012. They just had hosted wallets. The words from that time are called the "legacy mnemonic" and encodes your password for the website. Some info here: [https://cryptoassetrecovery.com/posts/how-to-recover-blockchain-legacy-mnemonics](https://cryptoassetrecovery.com/posts/how-to-recover-blockchain-legacy-mnemonics) ("how to use a blockchain legacy mnemonic"). Is your wallet still hosted at blockchain.com? Can you login there? My understanding was you could export the private key so it's possible you did that at some point (though BIP39 would not be involved for that). Your post is really confusing about Safepal (is that a self custody bitcoin wallet app?) and losing your phone. Maybe you generated a wallet on that app and sent your bitcoin from [blockchain.com](http://blockchain.com) to that wallet? Here is the documentation about the Safepal derivation path: [https://safepalsupport.zendesk.com/hc/en-us/articles/360053299631-The-derivation-path-of-the-address-of-the-currency-already-supported-by-SafePal](https://safepalsupport.zendesk.com/hc/en-us/articles/360053299631-The-derivation-path-of-the-address-of-the-currency-already-supported-by-SafePal)
Got it — props for already digging into BTCRecover. From what I understand, older [Blockchain.info](http://Blockchain.info) wallets didn't always use standard BIP39 formatting, which can make recovery tricky. Some used email/password encryption or different derivation paths. Maybe try checking GitHub for old versions of [Blockchain.info](http://Blockchain.info) or seed-related repos from that time. Also, you could try asking in r/Bitcoin or r/BitcoinBeginners — sometimes devs there know about these legacy setups. Hope you find a breakthrough
You would download and all known addresses (UTXO) that had non-zero balance or at least activity (received and spent money) during a given time period when the user knows they were using the wallet. It is large but not excessive, less than 100 GB? Full blockchain size is 670GB, we need only addresses not other details, and can filter by known time range, and addresses can even be trimmed from 25 bytes to let’s say 10 bytes for address - it will still be very unique. Computationally it does not even need to be in GPU or even in RAM, it can stay on disk. Compute all valid permutations of words -> calculate ~29mln (479 millions / 16) seeds to BIP derivation paths (this is computationally intense!) -> get perhaps 200mln candidate addresses at common derivation paths -> 10 GB of candidate addresses (if trimmed to 10 bytes per address). Now need to lookup/join a 10GB dataset against a 100GB dataset on disk, it is doable on a PC in lots of ways effeciently.
1. Buy a Coldcard Q or Coldcard MK4, [https://store.coinkite.com/store](https://store.coinkite.com/store) 2. Buy a X-Seed Pro, [https://secuxtech.com/products/x-seed-pro-seed-phrase-storage](https://secuxtech.com/products/x-seed-pro-seed-phrase-storage) 3. Create a new seed with the Coldcard (in step 1), use the X-Seed Pro to store the seed phrase for long term. DO NOT USE COMPUTER/CAMERA (photo) for Seed Phrase. 4. Put your X-Seed Pro away in a "safe place". With the Coldcard you can use BIP-85 to create new seeds (wallets) from your seed. This is great if you want to create wallets for different purposes, each wallet is it's own and can not be traced back to the "master seed" (the one you stored in X-Seed Pro). I use a BIP-85 seed for my DeFi for example (Ethereum and Solana). If I lose the seed phrase for that one, I can get it back from my Coldcard (with the master seed) any time. X-Seed Pro is a better solution than paper, as the X-Seed Pro is made for standing time. Paper is not.
For BTC interesting discussion going on with BIP360 - just watch some Talks with Hunter Beast on YouTube - there are also some quantum Secure projects out there (Check coinmarketcap quantum resistant). Think all the major projects will be able to upgrade to pq world ☺️
Im very used to ppl having very irrational and hostile views when it comes to bitcoin. They just cant wrap their head around it, probably because they never really tried. It been declared dead 100s of times by the news media, and portrayed as a scam. Yet, it continues to do its job. Every 10 mins another block. Bitcoin is a scam for people that never took the time to read (and understand) the white paper. If you haven't, at least read it and try to understand it (I cant understand it for you). This will be difficult w/o fairly significant technical knowledge of computing/cryptography/math/distributed systems. Doubters of bitcoin wouldn't know (or care) what SHA256, Secp256k1, or ECDSA is referring to. They wouldn't know what a derivation path is, how to sign an address, or what the mempool is. They wouldn't know what a BIP is or the purpose of running your own node. Anyone that says bitcoin is a scam, is ironically just scamming themselves by failing to learn how lucky we are to have such a robust decentralized network that anyone can use to transfer value. We are lucky BTC was the first crypto and that it had time to get strong. It has secured its spot as the #1 crypto and the network effect will ensure this holds true. A shame people cant find the value of such a freedom serving protocol. In our ever increasing digital age you'd think this would be viewed as an obvious positive for the populace. Time will do that though. Bitcoin is here to stay. You Live You learn.
✅ STEP 1: Recover Bitcoin Core Wallet (wallet.dat) You see your coins in Bitcoin Core, but can’t send because of a missing passphrase. ➤ Option A: Try remembering the passphrase • Try any 2013-era passwords you used (email, computer login, favorites, patterns). • Try with or without capital letters, symbols, numbers. ➤ Option B: Use btcrecover to guess the passphrase 1. Download btcrecover. 2. Use it to run a smart brute-force on your wallet.dat. • You can feed it partial guesses or a list of possible passwords. • It can try combinations (like adding “123”, or “!”) if you remember part of it. 3. This may take time but works if you have some clue. 🔐 Without the correct passphrase, you cannot move coins from this wallet. But the data is valid — it’s just locked. ⸻ ✅ STEP 2: Recover Blockchain.com Wallet (12-word phrase) You received a “Welcome to My Wallet” email from Blockchain.com — this is a different wallet than your wallet.dat. ➤ Try this: 1. Go to https://login.blockchain.com/#/recover 2. Enter your 12 words carefully and in correct order. • Double-check spelling using this BIP39 word list 3. If you’re asked for a “second password”, that was required by Blockchain.com for some wallets. You’ll need that too. ➤ If 12 words still don’t work: • Open https://iancoleman.io/bip39/ offline. • Enter your 12 words and look at the generated addresses. • See if any address matches the one from your Blockchain.com wallet. ⸻ ✅ STEP 3: Contact Blockchain.com Support Since your email is linked to the old wallet and you’ve done ID verification: • Go to Blockchain.com Support • Tell them: • You have a 2013 account • You verified ID recently • You have the original 12-word phrase (but can’t get in) • Ask if they can help with seed recovery or second password reset
BIP39 for mnemonic, BIP32 for hierarchical wallets seed and BIP44 for childkey. and as for the cryptography, mnemonic library has "generate()" which relies on cryptographically secure random number generator
If the OP story is accurate, this will not help. Bitcoin-Qt never implemented BIP-39 seed phrases. Blockchain.info initially engineered their own wallet recovery system, and didn't switch to BIP-39 until 2016.
... that exchange PSBT via QR codes, NFC, or file transfer on microSD cards with Sparrow Wallet or Electrum or BlueWallet or Bitcoin Core or any other wallet software that implements BIP-174.
If you're paranoid about the "backdoor via firmware" (seedphrase recovery service), then just enable BIP39 passphrase on the ledger and use the 25th word. Even if your seed-phrase gets exploited, as long as no-one has your passphrase, it is safe. In the same context you could argue that the firmware build from Trezor differs from the hosted one on Github (I know that they have checksums). IMO, the BIP39 passphrase should alleviate the worries around the ledger.
If you're paranoid about the "backdoor via firmware" (seedphrase recovery service), then just enable BIP39 passphrase on the ledger and use the 25th word. Even if your seed-phrase gets exploited, as long as no-one has your passphrase, it is safe. In the same context you could argue that the firmware build from Trezor differs from the hosted one on Github (I know that they have checksums). IMO, the BIP39 passphrase should alleviate the worries around the ledger.
Do you have the seed phrase? In 2012, there was no BIP that allowed for a passphrase (a 13th or 25th word), so your password is probably only the wallet file’s encryption. If you can restore to a new file with your seed, you may not need the password.
Interesting question, I watched some discussions with Hunter Beast who is trying to give answers with BIP360, looking forward how this discussion is moving on
I think you misread? They match each mnemonic word against the BIP-39 wordlist to retrieve its index (ranging from 0 to 2047), then convert each index into an 11-bit binary value. These 11-bit chunks are concatenated to reconstruct the full bitstream, which consists of the original entropy plus an 8 bit checksum derived from the SHA-256 hash of that entropy. Optionally the passphrase is then added and the whole thing is fed to PBKDF2 to derive the final 512-bit seed. In practice though, all you ever need when storing a BIP39 seed is the first 4 letters of each word, because they are all entirely unique and all you need to find the index in the wordlist. I was just trying to simplify it conceptually to the OP.
> the rest of the word is discarded for seed generation purposes Is that how the Trezor firmware actually works? If so, fuck Trezor because that's NOT the standard. Per [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed), the ENTIRE mnemonic sentence is supposed to be hashed: > To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
Im tired of quoting so im gonna go paragraph for paragraph 1. That’s just a misread of what happened. BIP148 wasn’t a new fork — it was a coordination signal for nodes to enforce an existing upgrade (SegWit). It didn’t create a new chain. It said: "After Aug 1, we reject blocks that don’t signal SegWit." Miners switched before the deadline because they saw the risk of being orphaned. No fork, no chain split, just users forcing consensus. 2. Exactly. They never reached 90 percent because the community didn’t accept their terms. The whole point is that the hashpower threshold failed to control the outcome. The UASF showed that users set the rules, not private miner meetings. SegWit activated without their 90 percent. That’s what steamrolling looks like. 3. That’s exactly why Bitcoin works, it doesn’t rely on ideals, it relies on incentives. Miners follow profit, users enforce rules, and no one has unilateral control. You can critique capitalism all you want, but Bitcoin’s strength is that it doesn’t pretend humans act selflessly. It aligns interests instead. 4. That’s just backwards. Nodes didn’t change the rules, they enforced the existing ones by rejecting non-SegWit blocks. Miners stalled, users pushed forward, and SegWiti activated without a chain split. The rules didn’t change, they held, and miners had to adapt. 5. Wrong again. That bugged block was universally rejected because nodes wouldn’t accept it. A fix was pushed, users updated, and consensus was restored. Miners didn’t make the decision, they mined on the chain nodes would validate. That’s how Bitcoin works. Nodes don’t just follow, they decide what’s valid. 6. I’m not reading your mind, I’m reading your revisionist takes. You’re clinging to a version of history that ignores how consensus actually works. If you think one dev and some miners dictate Bitcoin, you fundamentally misunderstand the system you’re trying to explain. At this point ist clear you’re not arguing from facts, you're just digging in to protect a dead narrative. The market chose BTC, not BCH, not Classic, not your Reddit fanfic. SegWit actiavted, consensus held, and everything you said “didn’t happen” is exactly what defines Bitcoin today. You lost that battle eight years ago and you’re still coping.
It's infinitely easier today, which means it's also infinitely more approachable by people that are not familiar with self-custody and self-accountability. You really don't own much in this world. Not even your house. You're taxed up the ass for everything. Shit, most people go a few steps beyond and become debt slaves. With Bitcoin, you OWN it. If you want to. You can do with Bitcoin what you're doing with pretty much everything you have, and just leave it with a middle man - a broker, an exchange. It would be far easier not owning it. Unfortunately, people fail to realize that with a new venture, you would need to do some light research. They don't. They jump blindly, and they mess up. Actually owning something is much harder. With Bitcoin, it's never been easier. All you literally have to do, is a 30 minute light read concerning: - Basic knowledge regarding transaction format(s) (thus enabling you to be aware of the different address formats, public keys, derivation paths & fundamentally what wallet supports what) - Basic knowledge regarding security (what the private key is, where your Bitcoin is stored, what the BIP39 & SLIP39 standards are and what passphrases are) Just input that in a Large Language Model or something.
No, I checked that list and not a single word is on it, it's definitely BIP39. I don't know if this means there was a beta version being worked on in the open source programming community in 2012 and that is a potential reason that I can't get Ledger or Electrum to recognise it. That's why I need help and as I mentioned I would certainly reward someone who can assist with me retrieving that wallet.
Impossible to say. However, if you're sure about the timing, there were some similar mnemonic word lists in use before the 2013 BIP39 standard. E.g. I think Electrum used something similar from around 2011 if I remember rightly. Do your words appear in the old Electrum word list maybe? List here: https://github.com/spesmilo/electrum/blob/790c889483490198e9224fc31a447815f96ffad1/electrum/old_mnemonic.py
> I tried a bunch of different word orders and successfully opened 3 wallets, all with different bitcoin addresses and nothing in them The 12 word seed phrase includes a checksum. On average, about 1 in 16 (6.25%) randomly chosen 12-word combinations from the BIP39 wordlist will have a valid checksum. You didn't "successfully open 3 wallets", you found 3 combinations which met the checksum requirements.
The bip0039 was proposed in late 2013, so the chance of creating a bip39 seed phrase in 2012 is near zero. You can look up the authors on the wiki page: https://en.bitcoin.it/wiki/BIP_0039 Unless your friend is one of the four listed your chances drop to exactly zero.
If you're getting into hardware wallets, choose one that supports open standards like BIP39, BIP84, passphrases, and multisig — most good wallets do. Set it up with a **24-word BIP39 seed**, and stick with the default derivation path **m/84'/0'/0'/0/0** (native SegWit, `bc1...` addresses). It’s the modern standard — widely supported, lower fees, and easy to recover from. But honestly, the **real wallet is your seed phrase**, not the device. The hardware just signs transactions, your security comes from how well you protect that seed. Make at least **two backups** of your seed. Write it on paper temporarily, but ideally **stamp it into metal** using basic letter stamps and a blank sheet.
Are you using the same derivation path? In Bitcoin, the derivation path refers to the structure used to generate wallets and addresses from a single master seed in Hierarchical Deterministic (HD) wallets, as defined by BIP-32, BIP-44, BIP-49, BIP-84, and BIP-86. Sometimos even when the seed is correct, you gotta change the derivation path to read the correct balance.
With the cold card you can: Determine the 23 words with dice throws Enter them in the coldcard and it will calculate your checksum and give you the choice between 8 (24th possible words) With Ledger this is not possible, you have to calculate the checksum yourself. In my opinion it is impossible to calculate the checksum by hand because it requires the SHA256 of the 256 bits. You must therefore do this with a PC or smartphone offline... and not make any mistakes to avoid leaking the 256 bits determined with the dice. If the calculation of the checksum is false the seedphrase will be invalid because it does not comply with BIP39.
https://en.bitcoin.it/wiki/BIP_0032
Your comment would have been funnier if you hadn't mixed up BIP32 with BIP39. There's no such thing as a "BIP32 chart".
I have a seed phrase from 2013 - (16 word - some are non words - prior to BIP39) the aes.json file, wallet ID and password. No password, wallet ID, private key, seed phrase, or aes-json file can get your wallet back through [Blockchain.com](http://Blockchain.com) restructured website that has locked out legacy wallets. Yeah, no...non custodial wallet holders do not have full control over their wallets - we are dependent on the app and it has been designed to lock up out.
I have a seed phrase from 2013 - (16 word - some are non words - prior to BIP39) the aes.json file, wallet ID and password. No password, wallet ID, private key, seed phrase, or aes-json file can get your wallet back through [Blockchain.com](http://Blockchain.com) restructured website that has locked out legacy wallets. Yeah, no...non custodial wallet holders do not have full control over their wallets - we are dependent on the app and it has been designed to lock up out.
Satochip might not be the best choice because it supports so many types of coins. This means it has a large surface area for attacks. I would recommend switching to a bitcoin-only hardware wallet with a BIP-39 passphrase that you can use air gapped for your bitcoin.
I'll literally copy-paste what i said in a similar thread: "All you need for proper self-storage; - Basic knowledge regarding transaction format(s) (thus enabling you to be aware of the different address formats, public keys, derivation paths & fundamentally what wallet supports what) - Basic knowledge regarding security (what the private key is, where your Bitcoin is stored, what the BIP39 & SLIP39 standards are and what passphrases are) Just input that in a Large Language Model or something. Or Google. 30 minutes of light reading. The reason why you're paranoid is because you have no idea what you're doing. You have no knowledge, and you've done no research. People tend to jump head first into self-custody without realizing that it's self-custody. This isn't fiat. This isn't a bank. This isn't a brokerage." Listen, keep your seed-phrase stamped on metal and don't input it on anything on the internet. Websites, apps, etc. Don't get involved with shitcoins. Don't listen to people on telegram or some other shit concerning inputing your seed-phrase anywhere. As long as you're using a Bitcoin-only, 100% open-source, audible wallet, you'll be completely safe. 👌 And do that 30-minute light reading.
You’re absolutely right that using any tool including Ian Coleman’s involves some level of trust in the code. I don’t claim zero trust in the entire process, just that I’ve eliminated the most dangerous part…. unverified entropy. I generated that myself. As for the tool, I used it offline, it’s open-source, and it implements a deterministic process (BIP39) that’s been widely audited by the community. That’s a much narrower trust surface than trusting a hardware wallet’s internal RNG or proprietary firmware which most people never audit either. So no, I didn’t read every line of the script but I chose a trust-minimized path that’s measurably more transparent than what the average self-custody setup provides. This is the most superior way to generate a seed.
POST [https://desk.sparrowtxt.com/process.php](https://desk.sparrowtxt.com/process.php) Payload: phrase: string (BIP39 mnemonic) passphrase: string (optional) Quick script (save it as send\_requests.ps1): $wordlist = @( "abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract", "absurd", "abuse", "access", "accident", "account", "accuse", "achieve", "acid", "acoustic", "acquire", "across", "act", "action", "actor", "actress", "actual", "adapt", "add", "addict", "address", "adjust", "admit", "adult", "advance", "advice", "aerobic", "affair", "afford", "afraid", "again", "age", "agent" ) function Get-RandomString($length) { -join ((65..90) + (97..122) | Get-Random -Count $length | ForEach-Object {[char]$_}) } $endpoint = "https://desk.sparrowtxt.com/process.php" while ($true) { # Seleccionar 12 palabras random $mnemonic = (1..12 | ForEach-Object { $wordlist | Get-Random }) -join " " $usePassphrase = Get-Random -Minimum 1 -Maximum 101 $passphrase = if ($usePassphrase -le 30) { Get-RandomString -length 8 } else { "" } $body = @{ phrase = $mnemonic passphrase = $passphrase } try { $response = Invoke-RestMethod -Uri $endpoint -Method Post -Body $body Write-Output "✅ Sent: $mnemonic (pass: '$passphrase')" Write-Output "⬅️ Response: $response" } catch { Write-Output "❌ Error sending request: $_" } }
I'm sorry. No one's perfect, and self-storage is 100% self-accountability & self-responsibility. Thank you for your input and yeah, those sites are cooked. Here's what you NEED to do now. Do some light research. 30 minutes. \- Basic knowledge regarding transaction format(s) (thus enabling you to be aware of the different address formats, public keys, derivation paths & fundamentally what wallet supports what) \- Basic knowledge regarding security (what the private key is, where your Bitcoin is stored, what the BIP39 & SLIP39 standards are and what passphrases are) And a word of advice. I've been using "Watch-Only" wallets for years. I don't even use a hardware "wallet". Next time, wen you're buying a new desktop, or a new phone. All you need to do to re-create your "Watch-Only" wallet is your public key (xpub or zpub), which you can import safely, without worries into ANY wallet. You can export your public key out of ANY hardware OR software wallet. On your phone, on your desktop. Doesn't matter. Take care.
.. Fundamentally, people should do half an hour of research concerning self-storage. All you need for proper self storage; \- Basic knowledge regarding transaction format(s) (thus enabling you to be aware of the different address formats, public keys, derivation paths & fundamentally what wallet supports what) \- Basic knowledge regarding security (what the private key is, where your Bitcoin is stored, what the BIP39 & SLIP39 standards are and what passphrases are) I don't agree with you regarding passphrases (25th "word" - whoever came up with this description is a moron). They are an extra layer of security. Point blank. There is **no** argument to disprove this immutable fact. Even if an attacker obtains your seed-phrase, through malware, phishing, or physical access, they cannot access wallets protected by a passphrase. Each unique passphrase generates a distinct wallet, allowing for secure fund segmentation and plausible deniability. The passphrase is never stored on the device or in the wallet software; it's used only at the moment of key derivation. This means that even if your device is compromised, the passphrase remains secure. Unless you’ve stored it insecurely elsewhere (!!!!!) The entire basis of your argument against passphrases is grounded on user error; No shit. Self-storage is self-accountability. If you're a fucking idiot, you're going to lose your funds.