Reddit Posts
FORMAL DECLARATION OF ARCHITECTURAL INTENT: Index No. 153119/2026 (Noah Doe v. John Does) ( should i send this pls vote .. help )
BTC - time to act, we have to consider BIP360/361 more serious
18 Btc!! Reward for the person who can help find reconstruct a encrypted BIP38 private key passphrase 18 BTC Bounty or a equivalent of US $170K REPOST
BOUNTY ALERT!!! 18 Btc!! Reward for the person who can help find reconstruct a encrypted BIP38 private key passphrase 18 BTC Bounty or a equivalent of US $170K
[BOUNTY] 18 Btc!! Reward for the person who can help find reconstruct a encrypted BIP38 private key passphrase 18 BTC Bounty or a equivalent of US $170K REPOST
Is it safer to close my lighting channels and refrain from doing transactions for now?
A Post-Quantum Replacement for Bitcoin and Ethereum
Silent Payments (BIP352): a way to share a static Bitcoin address without destroying your privacy
Inbound node connections, BIP322 - Bitcoin Optech Newsletter #406 Recap Podcast
Import Seed phrase from Blockstream (green) phone app into Sparrow FAILS?
500bn in BTC vulnerable for quantum attack
BIP322, TCP hole punching, ecosystem software - Bitcoin Optech Newsletter #406
16 years ago, Bitcoin had its worst day. Five hours later, it was fixed.
Bitcoin Core CVE, AssumeUTXO - Bitcoin Optech Newsletter #405 Recap Podcast
Satoshi's Coins: Freezing or Seizing? How do we respond to Quantum Supremacy in the coming years.
CVE-2024-52911, UTXO set P2P sharing - Bitcoin Optech Newsletter #405
Your seed phrase is more likely to wipe your stack than any regulated CEX in 2026
A real story of one laptop, some curiosity, and a deep dive into how Bitcoin private keys are born
Compact blocks, changing consensus - Bitcoin Optech Newsletter #403
Successful recovery from invalid MetaMask seed phrase in Czech language
Consensus spec work, Onion message attack - Bitcoin Optech Newsletter #402
BIP361 - Bitcoin quantum migration plan that would freeze legacy coins
YSK: The proposal to freeze Satoshi's coins and invalidate old transaction signatures is actually a SOFT FORK. Soft Forks can still cause reorgs and chain splits, and they can cause new clients to be incompatible with old clients.
Bitcoin Quantum Migration Plan That Would Freeze Legacy Coins - BIP 361 Discussion
Charles Hoskinson on Bitcoin, Quantum Threats, and the Need for Upgrades
Bitcoin Devs Propose BIP-361 to Protect Against Quantum Computing
BIP 361: Welcome to ShitcoinLand, Bitcoin
Hunter Beast on QRL show about BIP360 & how to tackle quantum threat for BTC
Fallback Solution for BTC in case of Q-day
Slow block validation on Signet: BIP-54 demo stream (2nd & 3rd run)
Live stream of slow blocks demo (BIP 54 / Consensus Cleanup) - YouTube
Demonstration Of "Attack Blocks" On Bitcoin's Signet Test Network
You set up a hardware wallet and wrote down your seed phrase. Here’s what most guides don’t tell you.
BIP360 was merged in February but 7M BTC in legacy addresses are still quantum-vulnerable. Here's the full breakdown.
Update: I made a second book cipher book — this time for adults. Here's what changed based on your feedback.
Slow blocks and a reorg on Signet on Wednesday (BIP 54 / Consensus Cleanup)
bip54.org - Informational site for BIP54's “Consensus Cleanup” softfork proposal
Payjoin, Changing Consensus - Bitcoin Optech Newsletter #399
Google Quantum Threat Accelerates Bitcoin BIP-360 Fix
Quantum resistant migration (BIP 361)- Read the proposed migration strategy here.
I built a CLI tool for Bitcoin cold wallets & offline transaction signing — fully open source, no network access
Bitcoin could be broken by quantum computing google researchers conclude
How Bitcoin's Path to Quantum-Resistance Could Look
Bitrequest.io an open-source app to accept crypto payments anywhere, no middleman, no KYC
Quantum Resistant Bitcoin? BTQ Deploys First Working BIP 360 Implementation on Bitcoin Quantum Testnet
VTXOs, Quantum, TemplateHash - Bitcoin Optech Newsletter #395 Recap Podcast
Trying to recover a July 2012 Bitcoin wallet need advice
BIP-0360 and what it says about Taproot improvements
Changing consensus, VTXOs, nVersion nonce space - Bitcoin Optech Newsletter #395
¿Es viable construir una cold wallet casera usando software open-source en vez de comprar un Trezor o Ledger?
I designed a small titanium seed backup plate for my cold storage setup
Descriptor annotations, ASMap, Q&A - Bitcoin Optech Newsletter #394 Recap Podcast
The BCH Bullet - Layla NFT - BIP-37 research - Kallisti & 00TATTS joined KennBosakLIVE
Developer embeds image on Bitcoin as a single transaction, challenging BIP-110's core claims
Descriptor annotations, ASMap, Q&A - Bitcoin Optech Newsletter #394
I built a Bitcoin wallet backed by a YubiHSM 2 hardware security module
I wrote a children's book containing all 2,048 BIP39 seed words – here's why
[Technical Question] Why do Hot Wallets (Phoenix, AQUA) warn against importing external BIP39 seeds, even if they are "clean" BIP85 child seeds?
Alternative ways to store your seed
UltrafastSecp256k1 — open-source C++20 library: 4.88M ECDSA signs/sec on a single GPU, zero dependencies, 12+ platforms (CUDA/Metal/OpenCL/WASM/ESP32/STM32)
Could Miners Block Bitcoin’s Quantum Defense?
Bitcoin Developers Bring BIP 360 Soft Fork For Quantum Proofing - Das Crypto
Could Miners Block Bitcoin’s Quantum Defense?
Solution worse than problem? Adam Back opposes BIP-110 Ordinals fix
Title: Open-source C++ secp256k1 library with full Bitcoin stack: Taproot, Silent Payments, MuSig2, FROST, BIP-32/44, and GPU acceleration
I researched the relationship between energy prices and mining costs. I wondered what you guys think about the viability of crypto when miners transition to AI services for bigtech as mining becomes too expensive.
The Post-Quantum Dawn: Bitcoin, BIP-360, and the War of Signatures. From the P2MR shield to the SPHINCS+ revolution: An in-depth look at how the network is arming itself against the inevitable quantum threat.
What new & improved BIPs should become reality?
BIP-360 (the quantum computer resistant algorithm) proposal was merged
Jonas Nick, Antoine Poinsot & more - Bitcoin Optech Newsletter #391 Recap Podcast
The Battle for Bitcoin's Soul: BIP-110 and the Bitcoin Knots Offensive. Is Bitcoin a neutral protocol or a strictly monetary tool? ⚔️
Consider to migrate from Bitcoin to Monero after Epstein files
For those who are sensitive to the Bitcoin to Epstein link, crushing the Bitcoin reputation: consider to migrate to Monero
For those who are sensitive to the Bitcoin to Epstein link, crushing the Bitcoin reputation: consider to migrate to Monero
Changing consensus and more - Bitcoin Optech Newsletter #391
Talk with Hunter Beast (Author of BIP360) on quantum threat
Bitrequest is now fully bip39 compatible. Accept 10 different cryptocurrencies within one minute.
Can cold wallet created with Electrum be moved to another application?
[Technical Alert] BIP39 Entropy-Drain Vector & 2026-02-01 Incident Report (Translated)
[Technical Alert] BIP39 Entropy-Drain Vector & 2026-02-01 Incident Report (Translated)
Is there an algorithm that allows to shorten private key at the expense of confirmation time?
Wallstreet Analyst - Bitcoins quantum threat is „real but distant“
Garbled circuits, LN-Symmetry, Q&A - Bitcoin Optech Newsletter #390
Mentions
We’ll see with what ends up happening with BIP110. My biggest mistake could still be ahead of me…
You can already do this yourself. Create a BIP39 wallet on a hardware wallet, send your bitcoins to it, and then backup only 8 out of the 12 words and wipe the hardware wallet. It would take roughly 10 years to bruteforce the missing 4 words on a normal computer.
Everyone's talking about price, which is why I'm still less than bullish. There is a ton going on in the world as it relates to BTC: BIP-110 fiasco and risk. Quantum computing advancements. Countries shutting down the use of BTC. It being much less pseudononymous as more CEX's are working w authorities to identify wallets to create paper trails. Miners and mining pool consolidation. Hashrate stagnation/drop. Power being more competitive due to AI needs. Future security budget concerns. My worry isn't that these risks exist, there will always be risks w anything. My worry is that the MAJORITY of Bitcoiners don't know or care about these risks. That's the fact pattern I worry, and until we see some change there, I have paused my DCA. I even sold a few BTC when Saylor sold earlier this week... first time I have sold BTC in over 7 years.
BIP-360 only protects new addresses and only when at rest. On-spend, these addresses are still vulnerable. The time the addresses exposed during transaction is 10 minutes, Google’s March 31 paper says 500000 physical qubits can break public key in 9 minutes. BIP-361 is in discussion only, including about freezing coins.
I have around 4-6m BTC in mind Hunter Beast (author of BIP360) was mentioning
good question but worth separating two things. Google/Microsoft 2029 is general-purpose quantum. cryptographically-relevant quantum (CRQC = enough qubits to break secp256k1) is a separate threshold, most credible estimates land 2030s+. BIP360 is the signature scheme proposal, BIP361 covers migration logistics. dev work isn't stalled, it's at Brink stage. realistic risk window is P2PK + reused P2PKH UTXOs first (\~2M BTC), not active addresses.
Regarding phase B of BIP361, frankly five years from even today is too long. There is a trade off where a tail of users who cannot afford the competitive fees of upgrading (given the massive rush to do so) will be left behind permanently, but also quantum computers may arrive faster than that date, leaving remaining wallet vulnerable (again the “lost” wallets e.g. satoshi). There is no perfect solution here. People crying centralisation over this simply don’t understand the tradeoff here imo.
\> One thing that attracted me to Bitcoin originally was the idea that controversial rule changes would only happen with overwhelming social consensus. My impression was that maintainers acted conservatively and avoided pushing changes that large parts of the ecosystem strongly disagreed with. In this case the "Twitter mob" didn't get to decide. The meritocratic nature of Bitcoin is that knowledgable people get to decide. In this case all the OG devs believes this is the best way for Bitcoin and to save decentralisation. ( Open letter [https://bitcoincore.org/en/2025/06/06/relay-statement/](https://bitcoincore.org/en/2025/06/06/relay-statement/) ). The whole narrative that this relay policy change is somehow a deep conspiracy to invite spam is largely just that, a created narrative that isn't based on the fact and reasons for the change. It's easy to read and understand why. Bitcoin requires consensus which BIP110 doesn't have. So Bitcoin work just as intended. If a angry Twitter Mob shouting "Censor transactions I don't like! Fire the core devs!" gets to decide. Then we are truly in trouble.
You did not import "someone's wallet". You created a valid seed for a new wallet. One out of every 16 combinations of twelve words from the BIP-39 word list is a valid BIP-39 mnemonic. Congratulations, you found one of the 340,282,366,920,938,463,463,374,607,431,768,211,456 valid combinations.
Quantum is a threat to all security. But here's the difference. If I own my house, I can just change the locks. If you and I and thousands of others all have own a small stake in a house, it's difficult to get everyone to agree on changing the locks. What kind of new lock are you gonna put on it? Who's gonna get a copy of the new key? Which vendor are you gonna use? It's disingenous to say that banks and the NYSE will have a harder time adopting quantum resistance than the Bitcoin blockchain. Look at what's happening w BIP-110 as we speak. August is approaching fast... tick tock.
No but you said digital assets are the future, not "blockchain assets" are the future. And while I agree in some cases let's not pretend there are risks: 1. BIP110 soft/hard fork 2. Quantum computing 3. Security budget. Sincerely, a BTC Maxi who's losing conviction because 75% of the community chatter has become "the cycle" and "go up or down?". What happened to debating the benefits of centralization? Block size? Shielded vs unshielded addresses? Incorporating ZK capability onto BTC's chain? What happened?!?!
AI is not speculative. We use it every day. I used to use BTC much more than I do now. Especially back when no one tracked it or had KYC. And not only that there are 3 major issues which lack clear solutions, in order of near term risk: 1. BIP-110 potential soft or hard fork, 2. Quantum Computing advancement being accelerated by AI and 3. Security budget when 2/3 more halvings occur.
If BIP110 creates their altcoin and forks off you would settle with your altcoin token and bitcoin token on both chains separately. A reorg concern is not a problem with lightning specifically but all transactions which is different entirely. This is why we typically want at least 90% of hashrate support to signal the remaining 10% of miners to upgrade before activation. Any softfork that requires less than at least 80% signalling is reckless and should be considered an attack on Bitcoin that disregards the safety of the users.
Same. Unless inflation picks up into 10% territory, which is possible, I just don't see where the demand will come from. Retail by and large lost $$ in BTC but even more in empty promises known as alts. Hard to clean up the crypto reputation... will take a long time. And the current BIP-110 situation and acceleration of Quantum Computing advancement are not helping...
It would be foolish to close your channels because BIP110 should not be taken seriously and is more of a joke with almost no miner support . Even if they were successful your lightning channels would be fine on the original chain regardless. >Since they have progressively been finding more blocks This is not true . 0.1% signalling is so insignificant and there is no evidence its growing.
You seem to base your conviction in what other people say. While ignoring the fact that their movement keeps growing. Just last night another miner started signaling for BIP110. I think is safer to close LN channels close to mandatory signaling day.
I bought a new machine yesterday to run a BIP-110 node, I’ll be joining
Awesome. Let's go BIP110 💪🚀🚀
I can give you the google AI answer: A little more than ELI5. BIP-110 (Bitcoin Improvement Proposal 110), also known as the Reduced Data Temporary Soft Fork (RDTS), is a controversial proposal in the Bitcoin community designed to temporarily restrict the size of arbitrary data fields at the consensus level The purpose and key aspects of the proposal include: Combating Network Bloat: The proposal is designed to act as a temporary filter to curb network spam, large OP\_RETURN payloads, BRC-20 tokens, and Ordinals inscriptions that proponents argue bloat the blockchain and drive up fees. The "Signaling" Process: Miners signal their readiness and support for the BIP-110 upgrade by embedding specific version bits or data into the blocks they mine. Activation Thresholds: The proposal aims to trigger a soft fork once a 55% hash power activation threshold is reached, or at a predetermined block height, though some miners have already begun actively signaling support. Divide: The initiative has sparked intense debate. Supporters view it as a necessary defense to preserve Bitcoin’s primary role as a monetary network. Meanwhile, critics, including prominent developers and industry figures, warn that this consensus-level intervention sets a dangerous precedent for censorship, damages network credibility, and threatens the principle of neutral, predictable transaction capacity
At least is an honest answer. Most people reply assuming that they already know what is going to happen. But, so far I have not received a reply explaining why BIP110 cannot grow. Is like they all forgot that they were spermatozoids one time (excluding bots). As I understand it Bitcoin is designed to build consensus trough the process that we are going trough.
I agree that ”economic nodes” will decide what happens at the end. But I think you cannot dismiss hash renting BIP110 nodes as non-economic nodes. Those are people that are paying with their own Bitcoin to have a say on what Bitcoin is (reminds me of the movie 300). On the other hand exchanges, Strategy(Saylor), XXI(Jack Mallers) and the like , are subject to political influence and are in debt to their tits. So the “300” hash renting BIP110 signaling nodes may be the ones that have a final say if their influence keeps growing. How can you be so sure that this will not happen?
Sure this will shock even pro-BIP110 supporters. Since it is starting from very little and this has never been done. But it doesn’t mean it could not happen. Again, what makes you 100% sure it will not happen? I want to understand where your confidence comes from.
I was. But i’m trying to understand what makes people so sure that BIP110 is not going to keep growing since it has clearly shown measurable signs that it is.
No, it's there to SAVE the network from spammers and scammers. You should support BIP-110.
BIP110 will activate this year gfy gmaxwell XD
You do you, but nothing will happen, the knots people don't have enough economic power to get the network to migrate to BIP-110, they are an economic minority in the network, no economic nodes support BIP-110, no exchanges have even thought about this fork, so no, it isn't happening, stop worrying, they will just fork themselves off. If you want to be really sure, just contact your peers, and them whether their will run BIP-110 and close the channels with those running it. This fork is the most nothingburger to have ever nothingburgered in Bitcoin.
100%. I have my node signalling for BIP110
> A friendly reminder that Bitcoin's mission is to separate money from state. > Flip to bit 4 and support BIP-110 A friendly reminder that BIP-110 does not achieve its stated goal, as developer Habovštiak proved when he embedded 66KB of data in a transaction without using OP_RETURN.
If you are not running BIP-110 then nothing happens to you, maybe some of your peers fork off, but you will be able to claim the whole channel liquidity by providing an updated channel state they can't sync to and them not being able to provide a justice tx on the force close. You shouldn't do this as it is other people's money, but you could if you wanted, but on your side nothing it going to happen. BIP-110 is so insignificant that nobody has even proposes a URSF client because the thing simply isn't happening, the have less than 1% of the global hashrate and nobody else wants this joke of a delusional fork to activate other than the Matthew Kratter subscribers, nobody sees it as a threat to anything.
You may be hiding your head in the sand here. Nothing is static and there is : more plebs renting hash, more talk about BIP110 (podcasters and such), more BIP110 blocks being found, more awareness of governance issues within Bitcoin. Your 0.5% hash post smells like is going to age like milk.
Today's leading BIP110 advocates opposed Segwit so that doesn't really work.
Your original reply was that I was a sleeping account suddenly “trolling” about BIP110 it seems to me that you are interested in silence instead of open discussion. So I take your advice with a grain of salt. I’m not sure what you mean by “mandatory signaling day is every day” i'm obviously talking about the block height that is hardcoded in the BIP110 code. Are we even talking about the same thing here?
Thousands of plebs are renting PETA scale hashing power to signal for BIP110. I wonder if miners can trust each other to agree not to signal. Otherwise some will get wrecked as i understand it. So, it will very likely be more than 0.5% hash
Once the BIP110 situation is resolved we might see some optimism return.
What is the issue with LN and BIP110?
We are not allowed to talk about that BIP here, I suggest you delete this before mods ban you.
2017: SegWit. 2021: Laser Eyes. 2026: BIP 110 BIP 110 BIP 110 BIP 110.
I'm wondering if this BIP110 thing is worth looking into, or if we should just sit back and do nothing.
good question, short answer is no - BIP352 is built on secp256k1 and ECDH, same curve Bitcoin uses everywhere. so its not quantum resistant, but neither is anything else in Bitcoin righ now. if quantum becomes a real threat the whole protocol needs an upgrade, SP wouldnt be singled out. the address reuse problem and quantum are kind of separate concerns tbh thanks for the learnbitcoin link btw, good resource
Short answer: yes, but with one caveat worth knowing. **Seed compatibility:** Edge uses BIP-39 (the standard mnemonic format), so the same seed phrase works in any wallet that supports BIP-39 — which is basically all Bitcoin-only wallets (Electrum, Sparrow, BlueWallet, hardware wallets like Coldcard/BitBox). **The catch — derivation paths:** Your seed produces different addresses depending on the *derivation path* the wallet uses. Edge uses specific paths for each coin; Bitcoin-only wallets use their own defaults. Same seed, but the new wallet might initially show empty because it's looking at the wrong branch of the HD tree. If that happens, set the derivation path explicitly on import. Standard Bitcoin paths: BIP-84 (`bc1q...`), BIP-49 (`3...`), or BIP-44 (`1...`). **Cleaner alternative most experienced users prefer:** 1. Generate a fresh seed in your new Bitcoin-only wallet (back it up securely) 2. Send your Bitcoin from Edge to an address in the new wallet (real on-chain transaction) 3. Verify the funds arrive 4. Wipe Edge Benefits: clean cutover, no derivation path confusion, new seed dedicated entirely to Bitcoin-only setup. **Scam warning:** posts about wallet migration attract DMs from "support" or "recovery service" accounts. Anyone asking for your seed phrase to help is stealing your coins. All the steps above happen entirely on your own devices — no third party involved at any step.
I mined in early days with GPU and the little USB key ASICs. Got out for a long time. I'm getting back into mining again over the last month or two more out of principle than profit; Supporting BIP-110 and mining on Ocean to help decentralization.
Great write up and awesome concept. Anything that can increase privacy and reduce risks of address reuse is OK in my book! I’m curious if this BIP is also quantum resistant as that is a major implication of address reuse? Also was reading this new resource recently and they also have a good breakdown in their glossary: https://www.learnbitcoin.com/glossary/silent-payments
I found the answer myself: The recipient can arrive at the shared\_secret by calculating: `ECDH(recipient_private_key, sender_pubkey)` but he has to scan the input public keys for each transaction with at least one unspent taproot output since he doesn't know, who might send him bitcoin. See: [https://en.bitcoin.it/wiki/BIP\_0352](https://en.bitcoin.it/wiki/BIP_0352)
>They are dead wallets dude. Who decides which wallet is dead and which isnt? There's literally no way you can prove every wallet prior to BIP32 is dead. you dont know for sure. there is no objectifiable/quantifyiable line in the sand you can draw that you can guarantee/measure that the wallet is dead. >It's freeze or they get stolen. and next it will be "redistribute or they get stolen" or "freeze these wallets too or they get stolen" It isn't JUST satosh'is wallets its all the ones that used P2PK (IIRC) I actually still have my crazy old laptop which has old original wallet on it, (its empty because I chose to upgrade) There are going to be users who who will be punished by this. Choosing to punish anyone who essentially was using/had/into bitcoin prior to BIP-32 as a "solution" sets a very dangerous precedent. I'm well aware of the dangers of quantum cracking ECDSA. The Bitcoiners are currently stuck in a damned if you do, damned if you dont situation. Which I find hilarious since people have been telling them about this for years at this point and they didnt want to listen.
That's almost certainly a derivation path mismatch, not a missing seed. The seed is correct, but Electrum is deriving addresses on its default paths (BIP-44/49/84), while Multibit HD used a non-standard path. Same seed, different branches of the HD tree. **To find the right path — OFFLINE only:** **Option A:** [**iancoleman.io/bip39**](http://iancoleman.io/bip39) **tool** 1. Download the HTML file from [github.com/iancoleman/bip39](http://github.com/iancoleman/bip39) (releases → standalone HTML) 2. Disconnect your computer from the internet entirely 3. Open the HTML file locally in your browser 4. Input your seed phrase 5. Try different derivation paths — Multibit HD historically used `m/0'/0/n` for receive addresses; also try BIP-44/49/84 variants 6. Check whether any of the generated addresses match your known wallet address **Option B: BTCRecover** (open-source Python tool) [`github.com/3rdIteration/btcrecover`](http://github.com/3rdIteration/btcrecover) — has specific support for Multibit HD wallet recovery. More setup, more rigorous. Once you find the matching path, you can either recreate the wallet in Electrum at that custom path, or export the private keys from iancoleman and sweep them into a new Electrum wallet. **Re-emphasizing the scam warning:** never type your seed phrase into any website, support form, or "wallet check" tool. The offline workflow above is the only safe pattern. Anyone DMing offering to help recover is stealing. If iancoleman shows your address but with zero balance — that's a different problem (wallet was emptied at some point, not a recovery issue). Reply with what you find.
Solid Bitcoin tech update BIP322 progress and better inbound node connections are huge for the network keep it coming
BIP360 has nothing to do with P2PK wallets or post-quantum signatures. It just closes a loophole that was introduced in Taproot that made some types of wallets more vulnerable than they needed to be.
BIP360 & BIP361 provide possible solutions - we need to come further on the discussion
Let's just say this, the most aggressive outlook for hacking btc: Aggressive/optimistic for attackers: 5–10 years (possible CRQCs by \~2030–2032, \~10%+ chance cited by some involved in Google paper). Google recommends PQC migration by 2029. How long if btc started now to become quantum resistant? Realistically 5–10 years (or longer) for a full, safe migration, even with strong consensus. Bitcoin’s decentralized governance makes this slower than centralized systems. [coindesk.com](http://coindesk.com) * Technical proposals: BIPs like BIP-360/361 outline phased migrations to post-quantum signatures (e.g., using lattice-based schemes like Dilithium). Phases could include soft forks, new address types, and eventual invalidation of legacy signatures. [bitcoinmagazine.com](http://bitcoinmagazine.com) * Estimated breakdown (per developers like Ethan Heilman/Murch): \~3 years for BIPs, review, testing, and activation + 0.5+ years for fork + several more years for ecosystem (wallets, exchanges, Lightning, custodians) to upgrade and for users to move funds. Total \~7 years optimistic. [forbes.com](http://forbes.com) * Challenges: Coordinating a soft/hard fork, migrating UTXOs (lower-bound estimates suggest \~76 days of cumulative network "effort" for full migration, but real-world coordination takes far longer), backward compatibility, and avoiding fund loss. Ethereum is further along in planning.
In addition to proprietary formats there is more than one standardized format SLIP-39 BIP039, etc. Even when the seed is compatible the two wallets might use different default derivation paths.
If only one word is missing and the order is right, recovery is realistic. The important part is not to turn a recoverable mistake into a leaked-seed mistake. Do not paste the 11 words into any website, DM, cloud note, screenshot, or random helper someone sends you. Ignore anyone offering to recover it privately. I would do this offline on a clean machine using a well-known recovery tool like BTCRecover, or manually try the BIP39 wordlist if you are confident the missing word is last. The checksum should narrow the valid candidates a lot compared with just guessing blindly. Once you recover access, move the funds to a new wallet with a fresh seed. Treat the old seed as compromised-by-stress even if you never shared it.
OP continues the fine tradition of BIP101 proposals lying by falsely saying that I removed his post (I'm not a moderator here, never have been, and he couldn't fail to know this). https://x.com/i/status/2058622782707990609 This thread doesn't even currently show as removed to me under old which makes me suspect it was an automod removal.
At the bottom of the BIP: # Credits Original draft and advice: Luke-Jr
At the bottom of the BIP: # Credits [](https://github.com/bitcoin/bips/blob/master/bip-0110.mediawiki#credits) Original draft and advice: Luke-Jr
Blockstream Green uses a different derivation path than most wallets - it's not just standard BIP39. Green uses their own wallet structure so when you import into Sparrow it's looking in the wrong places for your coins You'll need to manually set the derivation path in Sparrow to match what Green uses, or export from Green in a format that includes the path info. The seed phrase itself is fine but wallets don't all scan the same addresses by default
Dathan Ohm wrote the BIP, not Luke, though Luke is involved. But regardless, who cares who it is coming from? 50% of the transactions on the network are non financial transactions. Bitcoin will die if the shitcoiners have their way and put arbitrary data in blocks. Plus, I don't want to pay $50k to have enough SSDs in 10 years to run a node.
This should be the top level comment. If the 11 known words are the first 11 words of a twelve word BIP-39 mnemonic sentence AND the wallet did not use a passphrase, it should take an hour or two to find the seed without automation. With a tool like btcrecover it should take minutes.
That's a horrible choice of wallet, mate. Try Bluewallet or sparrow. Check your 11 words vs [the BIP39 list](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt). If you can find all of them, there's a really night chance the last word will be BIP39 too.
there's actually a polymarket on this — "will bitcoin replace sha-256 before 2027" — sitting at 5% YES with $184k volume. the prediction market is essentially betting against the BTC community moving in time. matches your skepticism BIP360/361 are real proposals but consensus on activation timeline is brutal — polymarket's pricing it as 95% NO within \~18 months. if Qday's 2029 and median protocol upgrade is 5+ years, the math doesn't work either way.
For me BIP-110 is more urgent.
You are incorrect. While you can generate many child private keys and many public keys and many bitcoin address, there is only one master private key at the root and it is synonymous with your seed phrase. The structure looks like this: Seed Phrase (and/or + optional BIP39 passphrase) ↓ Seed ↓ Master Private Key ↓ Account Keys ↓ Address Private Keys ↓ Bitcoin Addresses The master private key is obviously the one I was discussing since the numerous child keys are not relevant to the conversation. Additionally, if you want to take the step of backing up just the xprv (master private key + master chain code), it's possible to completely recover a wallet and have enough information to derive all child private keys, all addresses, and sign transactions....the only thing you can't do with just the xprv is derive the original seed phrase and/or BIP39 passphrase).
It depends on the wallet. Not all wallets support it, but most fully functional software wallets do and most popular hardware wallets do. The gist of it is you first create the original wallet from the 24 word seed. You always have access to this wallet because it exists by virtue of the 24 word seed phrase. The act of adding the 25th (technically a "BIP39 passphrase") takes your 25th password and hashes it against the original private key (from the 24-word seed) giving you a completely new private key and wallet. You can actually create as many new wallets as you want by just using new BIP39 passphrases against your existing private key (you just have to remember all the passphrases). A very common usage scenario is: first generate your 24-word seed, get that initial wallet, add some small token amount of value to it (like .0001 bitcoin which is currently worth about $7.69). Then apply your 25th passphrase to access your 'real' private key and wallet and store the majority of your holdings on that. You publicly monitor the .0001 bitcoin on the original wallet (that was generated from the original 24 word seed). If you see unauthorized activity on that wallet, you know you've been compromised and have time to move your primary funds to a new wallet. The beauty of it is: no one can even tell that a secondary wallet exists from a 25th passphrase. How the mechanics work is different depending on the wallet. If you are using electrum wallet, you just click the "options" button and choose "extend the seed with custom words" and start typing - either when creating a new wallet or when recovering an existing wallet. For the Ledger series of hardware wallets, you actually bind the hardware wallet to the original 24 word seed first, then with the device plugged in you have the option to overlay against the 25th, then type it in manually and for the duration of the session you are accessing the new wallet. Unplug it and plug it back in and it's back to being the wallet from the original 24. You just have to figure out how it works for the specific wallet you use.
> how if a proposal to freeze coins was implemented how do you know that you won’t get mass selling anyway because now anyone looking close enough realises that if it’s that easy to change the rules then why won’t the rules change again in the future, maybe they’ll eventually decide they want to change the supply cap or introduce stealth addresses. Yes, that's why I said it would kill the store of value narrative. > The whole point of Bitcoin is that no one can corrupt the network and proposals to freeze coins, stop spam and all the other crap they come out with is ridiculous and goes against the rules. The only plan for bitcoin to become quantum resistant involves freezing older addresses. 34% of the coins are in wallets that could be vulnerable to quantum attacks, so not an insignificant amount... but yea it kinda seems like a bad choice either way. I am not advocating for the freeze (BIP-361) btw (for all the reasons you stated above) but just want to make it clear that there is currently no alternative proposal to protect a huge portion of BTC from falling into the hands of a future quantum attack. There is no good path to choose.
Yeah the problem with memorizing the 24th is that a) it would be from the BIP39 word list (2048 total words), and b) you don't get to choose the word. If an attacker found the 23 and knew what it was, they only have to brute force through 2048 possibilities to crack it. With a 25th, it doesn't have to come from the word list, and an attacker wouldn't even know it was needed because the first 24 lead to a valid and verifiable wallet primary key even without the 25th password.
> Which is not the case at all https://news.bitcoin.com/bitcoin-developers-propose-freezing-coins-that-skip-quantum-safe-migration-under-bip-361/ > * BIP-361, co-authored by Casa CTO Jameson Lopp, proposes freezing Bitcoin in legacy addresses... > * Over 34% of all Bitcoin has an exposed public key onchain... Do you think Coinbase and Blackrock will choose a vulnerable fork or the quantum secure fork? Their choice determines which one ends up having value. So anyone who has been holding for a long time and doesn't move their coins when told to do so will lose access to their BTC... and you don't see that as a problem to the 'store of value' narrative?
Great questions, let me break these down: **12 vs 24 vs 20 word seed phrases** 12 and 24 word phrases follow the BIP39 standard (the most widely used). 12 words = 128 bits of entropy, 24 words = 256 bits. Both are cryptographically overkill for any realistic brute-force attack. 20-word phrases aren't part of BIP39 — they come from different standards (like Electrum's newer format). Neither is "better" in practice; compatibility with your wallet matters more than word count. **"What's more secure than a seed phrase?"** The seed phrase IS the security layer, the real question is how you *store* it. Hardware wallets (cold wallets) keep your *private keys* on an offline chip, so your seed phrase never touches the internet. A dedicated backup device like [Seedkeeper ](https://seedkeeper.io)stores your seed phrase encrypted inside an EAL6+ secure chip rather than on paper, harder to lose, photograph, or destroy. **On your sovereignty argument** You're right. The tradeoff is responsibility vs. trust. Exchanges can freeze, get hacked, or go under (see: FTX). Self-custody means *you* are the bank. The "lost forever" fear is valid but manageable with proper backups, losing a cold wallet just means restoring from your seed phrase onto a new device. Good intro read: [https://satochip.io/seedphrase/](https://satochip.io/seedphrase/)
Great questions, let me break this down. **Seed phrase vs. private key** Your steel seed backup is enough. The seed phrase *generates* all your private keys deterministically (BIP32/BIP44), so you never need to write down individual private keys separately. Just the 24 words, correctly backed up, is the standard approach. **The passphrase (25th word) problem** This is the real challenge. The passphrase is powerful but if your friend loses it, the funds are gone forever. Options: \- **Another steel plate** stored in a completely separate location (bank safe, trusted family member) \- **A hardware secrets manager** like Seedkeeper: stores the passphrase encrypted in a secure chip, PIN-protected. Even if someone finds the card, they can't extract the passphrase without the PIN. It's essentially a hardware password manager that works offline \- **A sealed envelope with a notary**: low-tech but works **For your friend specifically** Since he's bad at remembering passwords and doesn't use a password manager, I'd actually lean toward [Seedkeeper](https://satochip.io/product/seedkeeper) here. It stores sensitive info in hardware without requiring him to memorize anything - just keep the card safe and remember a PIN. The [Satochip Academy has a good explainer on passphrases](https://satochip.io/passphrase/) if he wants to go deeper. Bottom line: steel plate for the seed, separate secure location for the passphrase, and never store them together.
The 12 or 24 words option is under the BIP-39 standard. It uses a list containing 2048 words. Each word goes to increasing randomness. The 20 words option is under the SLIP-39 standard. It uses an 'improved' list containing 1024 words. Only 13 words goes to adding randomness. The others, in brief, allows the splitting of the seed functionality. The randomness of 13 words based on 1024 potential words is similar to the randomness of the 12 words based on 2048 potential words. The key point is, all 3 options are secure. The 20 words standard is a newer standard Trezor developed to allow the seed to be split. You can use this if you want to split the seed, or just use it normally is fine as well.
There are 128 possible 12th words and 8 possible 24th words for any 11/23 combination of BIP39 words. Edit: https://bitcointalk.org/index.php?topic=5414874.0
12/24 (BIP39) isn't "legacy". 20 words (SLIP39) is just a slightly different standard developed by the Trezor team which provides an easier migration to multisig. The nature of ECDSA means that 24 words are *effectively* no more secure than 12 words. Nobody is brute forcing a seed phrase. *Nobody*. Even if an attacker had *ridiculous* compute resources available, it wouldn't make sense. Targeting a private key *directly* would be much more cost effective (though equally unlikely), but that needs 2^128 operations, which is the same entropy provided by 12 words, e.g.: https://foundation.xyz/2024/09/make-12-words-the-standard/
Yeah, a lot of people assume the last word is fully determined, but checksum bits only constrain it. Pretty interesting rabbit hole once you start reading BIP39 details.
All the words, including the final word, are words. (duh) All the words, including the final word, are words from those standardized lists. The position on the respective list is a number. You can translate back and forth between this number and its word. Numbers can be represented in different ways. binary is useful for low level computer stuff. digital is a human choice because we have ten fingers… A word position on a list is favored because we find it easier to copy familiar words. So whether you count 1,2,3,4…. (In digits) Or 0001,0010,0011,0010… (In bits) Or abandon,ability,able,about… (In BIP39) Or academic, acid, acne, acquire… (In SLIP39) They are all just numbers, understood by the context. But the words are words.
Same here, I used to think the last word was just a checksum output. The fact that it still carries entropy makes the whole BIP39 setup a lot more interesting.
The last word is not merely the checksum. According to BIP39, random entropy is first generated; then, a checksum derived from the first ENT/32 bits of the SHA256 hash of this entropy is appended; and only thereafter is the entire sequence mapped into 11-bit groups to form words. Consequently, in a 12-word sequence, the last word contains 7 bits of entropy plus 4 bits of checksum; in a 24-word sequence, it contains 3 bits of entropy plus 8 bits of checksum.
As an information security professional of 20+ years, I disagree with this conversation. They didn't make very many good points in regards to the actual threat models between either multi-sig or passphrase and why one might be better or worse than the other. To sum it up, no, multisig does not "win every time." There are many instances where a passphrase would provide just as good of security as a multisig configuration without the cumbersome management complexity that comes with multisig that could yield in loss itself. For most people I would recommend passphrase over multisig and just because it would be beneficial to store a passphrase physically, just as you would with a seed phrase, doesn't change the security model much. It is akin to a 2-of-2 multisig configuration without needing to worry about descriptors or any other odd possible configurations since it is just a standardized BIP39 passphrase that just about every wallet supports.
That's true, that's why you shouldn't reuse addresses. It is a common practice to always send residual amounts to new addresses with every modern hard wallet, so all current users are completely quantum secure. Reuse of addresses is much more common in PoS coins as Ethereum, therefore more users are at risk here. There already is an update ready and tested that could be rolled out with BIP 360 and a solution for lost/abandoned coins (though that is still up to discussion). There also is already a workaround against mempool attacks, so technically there is no attack vector left for active Bitcoin wallets. From an economical point of view, we would never see a quantum attack on Bitcoin but it surely is better to be prepared.
Charles Hoskinson actually nailed the biggest problems with BIP-361 in a recent livestream. He pointed out that it’s being sold as a “soft fork,” but in reality it functions more like a hard fork because it breaks the existing signature validation rules that a ton of coins still depend on. More importantly, he highlighted that the ZK rescue mechanisms won’t work for the oldest \~1.7 million coins (including most of Satoshi’s) since they predate HD wallets and seed phrases. Those coins would just get permanently frozen. At the end of the day, this perfectly illustrates why both “freezing” and “seizing” are bad options. Whether it’s quantum thieves stealing the coins or the network itself disabling them via fork, we’re still violating the core promise of cryptocurrency: true immutability and permissionless ownership. We shouldn’t be choosing between theft by quantum computers or confiscation by social consensus. The real solution is aggressive migration to post-quantum addresses and new signature schemes, without compromising the foundational principles that make Bitcoin valuable in the first place.
I'm the author of BIP-361 and your interpretation of the proposal is incorrect. BIP-361 doesn't lock any specific addresses. It disables all ECDSA operations, which (currently) would freeze 100% of addresses (redeem scripts.) BIP-361 only makes sense to implement after we have consensus for post quantum signature schemes and have seen mass migration to them.
BIP360 is only the first step forward, not the complete solution. And the hedge using quantum secure coins - is it QRL?
There is a good proposal with BIP360 to Deal with quantum threat for BTC, I personally hold also some quantum Secure coins as a Hedge
Security wise it would down to any method that can reliably build a secure 512 bit number when needed by the people that should have access to it. This number can be rebuilt from a smaller number but not too small. BIP39 seeds are an example of this. You can layer it as many times you want but most approaches other than a human readable copy at a safe location only increases the complexity and risks. Multi-party approaches in the end boils down to similar issues at each member. For most people a plain sealed envelope in a safety deposit box with a clearly defined next of kin procedure is quite sufficient. There is no single solution that fits all. It very much depends on who and why. If you distrust the legal system to the point that you cannot trust a bank safety deposit box then you need to get creative. But creative solutions often have weaknesses that either risks exposure or risks failed recovery in several of the situations you want to protect against.
i think the real answer is matching custody model to user capability. hardcore multisig + distributed backups sounds cool on CT until somebody’s spouse inherits a steel plate and zero clue what BIP39 means 😭
I’d highly recommend using multiple BIP39 passphrases as an alternative to managing multiple seed phrases. You use these to create a triage of different assets and risk activities such as your very cold “I rarely touch this large sum” wallet from your somewhat cold “infrequent but with trustworthy smart contracts DeFi risk” wallet from your “daily driver and sometimes risky DeFi with only pocket change” wallet. This approach guards against cleaning lady attacks assuming you do not leave your passphrase next to your seed phrase. Ideally, leave a small amount of cryptocurrency in a dummy passphrase for Rosa to find — and set a monitoring agent to notify you that your seed phrase is now compromised if that bitcoin moves. Just be aware that every new passphrase and seed phrase makes succession planning and security slightly more complex. I have to train my wife yearly on how to recover our assets the day I get hit by a bus.
I'm going to stick this argument exclusively to Babylon, which I have to admit I like the most in BTCfi. It's non-custodial and extremely well audited. The yield is roughly 0.5-3% APY in BABY tokens (last I checked...). Modest, and accompanied by real risks: slashing (small but contractually enforced), BABY price volatility, and the relative novelty of the protocol's Bitcoin scripting. It's "free money" in theory, but these rewards pale in comparison to the principal I've built up by ignoring exactly this kind of noise since 2013. I do participate in Babylon incidentally, because the small amount of Bitcoin I keep on Kraken does, and I think that's the right sizing. Here's my real problem with it: do you actually believe in what Babylon is trying to do? I don't, not yet. Babylon's core business is selling Bitcoin-backed security to proof-of-stake chains (Bitcoin Supercharged Networks, or BSNs). I'd love to see a BIP300/301 alternative emerge, but Babylon isn't that. And at a purely technical level, Ethereum and arguably EigenLayer are already delivering a more capable and more widely adopted solution to the same problem. I love Bitcoin for its hard money principles, but that doesn't mean it's the right asset for every use case. Convince me I'm wrong. I love to hear it!
As discussed above there are various scenarios being worked on to address quantum risk like BIP-360. Once a solution is vetted and accepted by the community it will be rolled out as an update or possibly even a soft fork, but there will be no "new quantum resistant chain". It will just be an updated Bitcoin software running on nodes around the world as it always has been. What happens to coins that may still be sitting at vulnerable addresses then most likely falls to the owners to move them unless a solution is found that protects them with no owner actions. That's if quantum ever actually becomes a threat, which is debatable.
There are a few ideas floating around, with various degrees of practical readiness. I am not keeping up, but I think the most known on currently is BIP-360: https://bip360.org/
Everybody uses a passphrass or so called "25th word". Most just choose to use the default "empty string", aka: "" Just to make you think about it 😇 Readup on BIP-39....
lol lemme at it :) I've got a ton of scripts I've wrote for various wallet related stuff. As long as the 12 words are from the BIP39 list should be fairly easy :) DM me details please :D
always always test the backup method to ensure it works, before transferring funds. This goes for BIP39 seed phrases as well as backups such as yours. That said, are you sure the file wasn’t corrupted after it was made?
No it doesnt, its just BIP49
It's also "not impossible" that every proton in your body could decide to undergo decay all at once, converting your mass into energy and annihilating the city you're in. Generally it's not that useful to have discussions about "possibilities" that are much less likely than everyone in the discussion simultaneously being struck by lightning and falling into a sinkhole all at once. But to your question, BIP39 seed phrases are hashed to generate a private key, so there are some cases where two distinct phrases would give the same private key. For 12 words it's very unlikely that two different 12 words phrases give the same private key. For 24 words phrases it's likely that some 24 word phrase generates almost every 12 word phrase private key, and that some private keys can be reached by multiple 24 word phrases. There are probably some private keys that can't be reached by any 12 or 24 word phrase.
just use BIP39 Passphrase if you are concerned about it. When a wallet generate a new private key, it only generates the private key using the mnemonic.
If the seed phrase is invalid then either the words are wrong or the order is not correct Double check spelling and make sure the words are from the official BIP39 list Also be very careful with recovery tools never enter your seed online or share it with anyone
Don't ask serious questions on reddit. I'm not going to explain the whole mechanism in detail. Every serious Bitcoin user should want to understand how it works and put in the time to read up on it and study it untill he/she understands ! Basic knowledge on what things like 128bits of entropy means in real life should be unraveled at least once to get a basic idea, not to have it ready avaiable at every moment but just to get the basic idea of how hard it is to guess or brute force such entropy with current, and near future, state of computer power at hand. Any article mentioning quantum computers as risk for Bitcoin can be straight dismissed simply because those who have some understanding of current world know Bitcoin is still by far one of the most interesting things to deploy such powers on when those would be available ! (Perhaps with one exception for those who want to destroy Bitcoin because of its imminent threat to the fiat system). BIP-39 treats an absent 'passphrase' as an empty string, the 'wallet' is derived from 'mnemonic' + "". If you use a passphrase (as sample use "orchid" as passphrase) a new 'seed' is derived from mnemonic + "orchid", thus generating a new 'master key tree' from that seed. So answering your question: No, every uniek seed creates a uniek wallet, and every uniek seed with an uniek, not empty string, passphrase creates another uniek wallet. If you don't know the definitions of: Wallet, mnemonic, seed, master key tree, passphrase etc. You should start there.
>A holder generates a random salt, which is a piece of secret data used to make a cryptographic commitment unique and unguessable, and uses BIP-322, a standard for signing messages from a Bitcoin address without spending from it, to produce a proof of ownership. The wallet holder needs to do it. Unless satoshi comes out and does this, nobody can prove ownership
Weird and delusional AI slop. Long pointless discourse, it says a lot of stuff of no significance and fails to make a point and/or misses the point of the text it's referring to. Outright falsehoods and hallucinations. It's obsessed about some random developer that was only around for a short while and is long gone. That doesn't really make sense at all except when you've been monitoring the knotzis chats and know they are obsessed with John because they believe that Gloria-- the lead dev they chased out of the project earlier this year-- couldn't code because she's a woman and that this other guy was secretly ghostwriting her contributions. No joke. Twitter has seriously mentally damaged a regrettably large population of people, they've been so spun up on culture war crap that they see it around every corner and outright fabricate it where it doesn't exist. Like a lot of AI slop the piece takes some positions that are superficially reasonable, even unavoidable-- e.g. that some contributors are more influential than others. Then entirely fails to connect that to things happening by picking someone who wasn't that popular and then throwing random connections to him at the wall. To give a specific example where the article mentions me directly: it cites some old dispute where multiple contributors asked that luke-jr be removed from acting as bip editor because he was unambiguously abusing the position to attempt to block activity that he personally disliked. The article says that I supported his removal only because of a "mistake" where he NAKed the BIP when he meant to instead NAK something else entirely, as if that "error" had anything to do with my views on luke's conduct. Meanwhile my comments were more than clear enough on my problem with Luke's conduct: https://github.com/bitcoin/bips/pull/1104#issuecomment-826397286 He was being overtly dishonest and gaslighting by falsely claiming that the "the community" had chosen a his proposal over the one documented. In reality he stood nearly alone with his proposal while support of the document one was nearly unanimous-- so he was holding back the document on the basis of a total delusion. Even if he had been *right* that more people preferred his proposal it would have still been a wrongful abuse of his position to hold up the alternative-- the whole process is supposed to be a largely non-editorial documentation exercise-- it documents procedurally well formed proposals even if they're dumb or unpopular, and there are plenty of BIPs for dumb ideas. But because of Luke's obvious difficulties a lot of people, myself included, held back from criticizing him too overtly. At the time of the dispute I was largely uninvolved in the project, but I felt I needed to speak up both because I wasn't particularly involved and the dispute and to the extent that luke's role was the problem it was a problem I created. If somehow that comment which Hodl's AI had to have seen wasn't clear enough a moment of looking would have turned up [plenty of other remarks](https://old.reddit.com/r/Bitcoin/comments/mruopv/bitcoincorebased_bip8_lottrue_taproot_activation/gvscx0c/) from the time about Luke-jr's abusive conduct which spelled it out further. I deeply regret ever making him bip editor when I couldn't continue doing it. Because the the job was supposed to be non-editorial and purely procedural something of a human rubber stamp I hoped it would give him an opportunity to develop his interpersonal skills in an context where his narrow-minded focus wouldn't be a hindrance and where a wonkish approach could even be a bit of an asset. This turned out to be a disaster because rather than following the limited requirements of the process he has systematically distorted reality so that he could falsely declare things to be violations of the limited requirements in order to get his way. It was a real error in judgement on my part although it's one that is overshadowed by the error of the current project leaders in failing to end Luke's abusive influence even after he started explicitly calling for the destruction of the project. In any case: this whole subtopic is brought up as some example of some John-directed conspiracy. But outside of the lawsuit where he was a co-defendant I've probably only exchange a few hundred words with him ever on any subject all, and I can't find any evidence of discussing this specific matter with him (other than that he probably saw my public messages). The simple fact is that everyone regularly involved with the project knew what a nuisance Luke's peculiar behavior could be-- and, if anything, John's relative outsider and newcomer status resulted in him not participating in the particular conspiracy of silence to paper over Luke's reprehensible conduct so when John said what most other people were thinking he failed to do so as indirectly as others did. If anything you could attribute this work to be a piece of pro-bitcoin-core counterpropaganda that supports the project by making its opponents look gravely incompetent. In any case, I'm really looking forward to august when this subcommunity forks off onto their censorship coin and Bitcoiners can move forward with handling them like other crapcoiners: by ignoring them.
Brave uses the same "Chromium" code base as Chrome. Again, the issue is not with the browsers. It is with the wallet app / wallet extension (Metamask in that case, but would apply to Rabby and all other web wallets). The problem is that those wallet apps use text instead of images to display the SRP BIP39 words, therefore they are vulnerable to being translated by the browser. If the apps were using images of the bip39 words (instead of text), the words would not be auto-translated, so we would not have this issue.
\> disable auto translate when dealing with seed phrases Actually it would be much better if the wallet web apps or extensions made it impossible for the SRP words to be auto-translated, for example by displaying the BIP39 words as images, not as text.
\> using a browser-based wallet app Most ETH wallets are browser-based (Metamask, Rabby, MEW etc). And this is not a problem. The problem is that those web apps or extension allow the browser to translate the SRP BIP39 words that they display. My recommendation is that browser wallet apps or extension should display the SRP / seed words as images, not as text, to prevent auto-translation. It is likely many other people have backed-up browser-translated seed phrase, and they don't know yet about the issue because they never had to restore their wallet.