Reddit Posts
I lost ALL my BTC yesterday, this is my story so it won't happen to you
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Tuesday December 19th 2023. 7 am EST (6.5 hours from this post). On Kahoot and YouTube Live!
Blockstream jade - what happens if you lose your SeedQR?
Self custody wallet planning for stacking (now) and spending (later)
Gigantix Wallet - The New Era OF Secured Cold Wallet
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday November 20th 2023. 9.30 pm EST. On Kahoot and YouTube Live!
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Please help me with this MetaMask/ Trezor problem.
How to Secure Your Crypto Wallet from Attack and Protect Your funds
Multi-Sig vs. Shamir Secret Sharing: Which Path Will You Choose to Safeguard Your Crypto?
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday 2 October 2023. EDT - 9.30 pm. On Kahoot and YouTube Live!
Is it possible for someone hack/steal from my hardware wallet?Or is it almost impossible?
Reminder to all the Celsius bankruptcy victims
A 96 yo woman’s letter to her bank. This is why we crypto.
$13,000,000 and victims of Sim Swap 2023
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
After almost 3 years of work, our small startup launched Chaindeck today! Introducing a new way to store and encrypt seed phrases using a unique deck of cards, completely offline and analog.
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
Blockstream Jade has new firmware. It looks like a nice improvement on an already great device.
Scam protection. It’s up to you and you only.
An Updated SUPER-Beginner’s Guide to Swapping, Bridging and Exchanging MOONs (the complicated way)
New user looking for a good hardware wallet, few questions
Only once you have paid for something with cryptocurrency do you realize how completely insanely insecure credit cards and bank transfers are
The BIP39 Passphrase, and how even the best hardware wallets let us down
The BIP39 Passphrase, and how even the best hardware wallets let us down
Bitbox02: A hardware wallet and it's solution to the open-source closed-source dilemma
How come no one ever mentions the Arculus cold wallet?
"If you opt-in for the service, as a user, you'll have to enter your PIN and consent to the backup process. Then the OS will encrypt and split the shards to send them to 3 different parties." - Ledger CTO
Set up your crypto-recovery plan with your spouse TODAY (STORY)
Everybody always recommends a hardware wallet like a silver bullet, and they're great until you realise that factory pre-sale tampering and fakes can leave you hugely exposed. It's even more plausible recent spate of wallet hacks
Exciting News - LocalMonero / AgoraDesk Free and Open Source Mobile Apps are Now Officially Out of Beta! Happy Birthday Monero!
Today is World Backup Day. Let's make sure your seed is secure and backed up.
How to avoid getting scammed and not lose your coin
Identity solution in Web3: What solution do you use?
what is happening with erc20 transactions ?
My Exchange (will all my savings) was hacked into.
It happened to me! My phone with my wallets was destroyed!
Sorry if this isn’t the right place to ask but I have a few questions.
An Achilles heel of the Cryptocurrency
Hardware wallet/mnemonic seed phrase (extra) security guide, don’t just write it down 1,2,3,4…24
Storing recovery phrases - How to do it right?
Some basic knowledge for new hardware wallets users
Top Quality USA AAA+ fresh DUMPS with Pin, CVVs and fullz also available. Hacking services also available.
Ledger Nano S Plus Cold Wallet button broke... how do I reset it before returning it?
So Coinbase let a hacker trade on my account and offered me 'what is left' from the original $165,000 balance, over 11 days.
Arculus - New Cold Storage - Safe?
An anecdote on how relying on banks is less than ideal...
Blackhole inside Binance. How I was scammed and all my money was stolen. Please, I need your help! Spread the word
I created a free and open source Bitcoin Time Capsule called BTCapsule. It uses the timestamp from the Bitcoin blockchain, and allows you to enter your private keys and check them without exposure to the internet
Vault Finance updates for October 2022! New competitions/AMAs/marketing/developments! Vault is ready for the stratosphere! Their Launchpad & Exchange Novation is picking up steam and quickly becoming the go to platform for all BSC trading! Launchpad is also fully live! Do not miss this project!
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
Digital wallet app development is a major trend in the world of technology these days
Can nyone help me with a blockchain.com fiasco I’m in?
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google play and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
Two critical weaknesses of hardware wallets you need to consider
my lesson with a Seed Phrase...
Protect yourself against SIM card swap attacks by setting up a SIM card PIN
Is a Trezor Model One good enough to HODL BTC compared to Model T?
List of the coolest meatspace bitcoin products available:
Privacy tokens only account for 0.59% of the total crypto market cap and their evangelical communities don't want to talk about it because it is not profitable to do that...!
Watch out for this (new?) BTC scam
My experience with 'cold wallets' after trying almost all of them
Introducing Zeus: A remote mobile lightning wallet that lets you connect to and manage your own node on the go!
A use case of blockchain without internet connectivity
This is my trustless bulletproof inheritance strategy:
How Coinbase Global, Inc.& Verizon Wireless Allowed Someone to Steal $70k from my Crypto Wallet
Beware! Likely Trezor phising scam going on!
"Trezor has experienced a security incident involving data belonging to 106,856 of our customers"
Mentions
AI coins IMO will pump hard if this bull run gets going DSYNC, GPU, PALM, PIN, PAI
You can store seeds, wallet descriptors, etc, and use it with SeedSigner. (Or an offline phone/PC) It's basically like a USB stick but a lot more durable and also has hardware protection like a PIN that wipes after a set number of attempts, so you aren't fully dependent on the strength of the encryption key.
You are trusting them with USB drives that are ultimately protected by at best, a 20-character numerical PIN. Assuming the PINs were selected randomly, that's less than 67 bits of entropy, equivalent to a 10 characters (upper/lower/numeric/symbols) passphrase. Practically, this is less safety than splitting a 24-words mnemonic in two 12-words sequences, distributing one half to the heirs and the other to the DMS service.
Yeah, the PIN alone wont let you change the policy limits
Yes. I use deadmansswitch.net. It's just a one-time payment, and they accept Bitcoin. HOWEVER do not ever use this to distribute your seed phrase directly. I gave my family an encrypted USB stick, one of those with a physical keypad on it. If my dead man's switch is ever triggered, it will simply send the PIN-code for the USB stick. On the USB stick, there are PDF files with detailed instructions on how to find my seed and reclaim the funds.
The purpose is to limit how fast the Coldcard can be drained if it was stolen along with the PIN?
But, but, almost everybody carries a bank card and a PIN in their head. Surely this would be easier for a person in distress to remember. Four numbers versus 12 words.
Also, any cold wallet is good, none is better than the other, they all do the same thing: keeping your keys. Just keep your PIN and seed phrases OFF the Internet.
Yes but they need the PIN code to unlock the trezor.
I have an Android, so can't speak for iPhone. The app works fine in that you can access and view your balances, etc. Its just a Lite version of the desktop version. I haven't looked in to sending or receiving from it however as I just prefer to use the computer. I'm wary of using my phone, as although I'm 99.9% certain I've not accessed anything dodgy, you never know what might have something built within an app/website that compared to a computer with anti-virus/malware could hopefully pick up on. Obviously, as long as the seed is stored sensibly, the PIN is entered via the Trezor, so any issues are unlikely... I just don't. A passphrase wallet is also accessed via the Trezor too btw. There is an option to enter it via the keyboard - but that seems to defeat the purpose of security/passphrase. There was a news article a week or so about a cache of seemingly new legit-looking Android devices found that were all pre-loaded with crypto-stealing software.
Good on you for protecting your bitcoin the way you are. My method is and I’m not saying you should do the same is I use slip 39. My shares are distributed in various private underground vaults geographically independent from one another I have one share with me a passphrase and the shares are on a steel plate. I keep my hard wallet with me with an extra PIN number I can enter if necessary which will wipe the wallet. Trezor5
You are way over reacting to the tiny future risk of quantum computing and way under reacting to the small but current risk of having your cold storage balance carried around with you on your phone, and thereby being targeted for a wrench attack. Don't have your main stack knowable on your phone unless you have no other option and also are using a wallet with some kind of decoy password or PIN (Nunchuk or Bluewallet are good for this).
"It is the Ledger of my brother, I don't know the PIN"
That’s a lot of money to have for someone who listens to astrologers. I would think people like this could be easily scammed. Personally I would tell your mother to buy like $100 worth and practice sending it from an exchange, to a hot wallet and back to the exchange and then to a cold wallet. And so on and so forth. I would tell her to research hardware wallets, and what a seed phrase, passphrase, PIN number are and proper ways to secure them. The do’s and donts. Then I would try to teach her about possible scams and how to avoid them. Then I would teacher about different hacks. After she can use bitcoin and properly store it. She needs to know that it could go down tomorrow to $60k and there could be a buying frenzy between governments that makes it go through the roof. Nobody knows. But what we all know is that if she holds it for 4 years she will be in the green. Bitcoin is a long term investment. But it’s extremely volitile.
Exactly. The PIN within a bitcoin wallet is only tied to that instance of that wallet & is unrelated to the seed phrase. If you have the seed phrase it will be valid without the PIN.
Do whatever works for you. Don’t bother caring what people here think. In many ways an ETF is a far safer bet than holding actual BTC and it will give you the same leverage. In another post in this subreddit I’m helping a guy whose senile grandma threw out the seed to allegedly 40 BTC. She thinks she might know the PIN to her Ledger, but if she’s wrong, millions of dollars will evaporate after three tries. Personally, I have a pretty elaborate set up to ensure both the security of my wallet seed and the ability to pass it to my children/family if both me and my spouse die. If grandma or I had all IBIT, none of this would be a problem.
If the Ledger device still works and has not been erased the funds are fully recoverable with the PIN. It is important to get the funds off of the device asap as it is likely several years old now and is the sole access point for the Bitcoin. If the device fails, the funds are gone which is why it’s important to secure the 24 words as a backup. I would honestly just send the funds back to Coinbase for now, so you’ll need to get into her Coinbase account and find a wallet address to send the funds to. Once the funds are on Coinbase, you can erase the Ledger and generate a new seed, which generates a new list of 24 words. Write those down and keep them somewhere fireproof and safe, and then transfer the BTC back to the device if you don’t want to keep it on Coinbase. There are some common issues that arise when using an old Ledger. They came with a Micro-USB to USB-A cable. Many newer computers don’t have a USB-A port, and a convertor (from A to C) will not allow the Ledger to authenticate. It needs to be a Micro-USB to USB-C cable. You’ll need to install Ledger Live onto the computer. Make sure you get it directly from Ledger’s website. Ledger Live might want to force a firmware update on the Ledger. This is extremely risky since a failed update might erase the device. I’m not sure if there is a way around the update. I’d have to look into it. At the very least, you can confirm the PIN works by powering on the device with a USB cable and trying to unlock it.
Hi, My mom finally responded and said she has memorized the PIN, it’s the 24 words she accidentally threw out. Does this change anything?
It’s probably a Ledger Nano that needs to be plugged into a computer with a USB cable to function. So there are two passwords to look for. The first one is a PIN. It’s likely to be either 4 digits or 8 digits. Ask her if there is a 4 or 8 digit number she would typically use. I would try the PIN to her ATM card first. People might also use a birthday or the code to something like a safe or garage door. You can try some PINs but the device will eventually erase itself after to many incorrect tries. The second password to look for is a 12 or 24 word list. This is the recover phrase for the wallet. You can literally erase the ledger and still be able to recover the wallet if you find this list. Ledgers come with little cards that these words are expected to be written on. One might keep that card in the original box, a safe, or a safety deposit box. It will look like this: https://cryptopotato.com/wp-content/uploads/2018/01/ledger_nano_s_4.jpg The recovery words are only words on this list: https://www.blockplate.com/pages/bip-39-wordlist So if she saved these 12 or 24 words on her computer (which is a terrible idea btw), she might have saved the BTC after all. Perform a search on the computer for literally every word on that list until you find a document with a list of them.
For the average person to safely store their own Bitcoin we need to move away from Seed Phrases, and make Wallets more like a Credit Card with a PIN. Tangem Wallet is a good start.
Something you could do is to buy one cold wallet for each one of your heirs. You set up the wallets and imput in them the amount of BTC you want to donate. You can give them the wallets and you tell each one of them that the PIN, SEED PHRASE AND PASSPHRASE will be send to them 2 months after your death in an e-mail. All you will have to do is to use the ´Innactive Settings´ of Google to automatic send them an e-mail with all information needed to disclose the wealth (seed phrase, passphrase, pins etc) if your main e-mail stays innactive for 2 months for example (nobody leaves a main e-mail innactive for such a long time, do you agree with me?) You won´t have to spend no money at all. They will have the cold wallets in their hands and you solved the situation in a way that there will be no arguments, quarrels,, discussions etc. Hope I have helped you...
Even if I can set the PIN code and the recovery phrase?m, buddy?
Even if I can set the PIN code and the recovery phrase?
Even if I can set the PIN code and the recovery phrase?
The first question is more or less answered by others below and is a basic guess, not to mention it is possible to upgrade Bitcoin before that treat becomes a reality. Your last question; it will be as safe as you taping your bankpass with the PIN written on it on an ATM. The whole Bitcoin system is based on you doing some thinking yourself. Not just assuming things or believing others but to verify. You can formulate the right questions after some help, so you can think. Especially that last question is rather straightforward, isn't it ?
Trezor is cheap, good and secure. Coldcard, Jade or some others are more expensive and offer airgap functionality, make it just a bit more secure. Just choose what suits best. Are you gonna put your life savings on it? I would go for an airgapped one... I have a Trezor one and a Coldcard Q. The coldcard is 4 times the price of the Trezor one, but has a lot of extras like the mentioned airgap, but also secure notes and Duress PIN setups.
No problem. Do not set up PIN that is shorter than 4 digits. If somebody steals your Trezor, it will factory reset after I think 14 unsuccessful attempts, which is why you will have your physical backup in place. (Always test it before sending any Sats there - this will make sure you didn’t make a typo). Trezor also has a functionality that will factory reset after entering specific PIN. So set it to e.g. 1234, 0000 or something truly stupid that thief may try first. I can also recommend Panzer glass privacy that blurs the screen from other than direct angle, if you plan to use it outside. And don’t forget to read and study little bit about passphrase functionality and Shamir backup which I personally consider as the best approach in case you plan to invest/save longterm in btc. Respinsibility comes with the power, fingers crossed 😉
Physical control of an air-gapped wallet doesn't make it a forgone conclusion they will be breached. There are various ways to use air-gapped wallets and I'm not aware of any that don't also rely on a PIN or passcode of some sort or actually being devoid of private keys entirely until used as a temporary signer via QR seed or manual recovery seed entry.
Can someone give me some insight? Been with Coinbase for a long time, yesterday I went to the app and I was logged out. They also removed my PIN code that’s required to get into my app bro, every sketchy from Coinbase and not sure if I should transfer my portfolio to another exchange that this will not happen on.
And every Windows computer in the world encodes the user PIN with it as well.
A good hardware wallet keep your private keys on the device at all times. It is secured with a PIN and/or passphrase. The seed is your back-up and it should be stored separate from the wallet. If you have all that properly in place, losing your hardware wallet is hardly a problem.
Thanks! I will investigate what a duress PIN feature is!
First, never trust your memory, which also works poorly after you've been hit by a bus. Memorizing your hardware wallet PIN is ok, a private key or even worse a brain wallet is a no-no. Please do not listen to anyone suggesting DIY was of generating seeds, concealing your words, splitting them 12/12, etc. these are in the best case useless mambowambo, in the worst, more realist, case a good recipe for disaster. Stick to the standards: BIP 39 seed (12 or 24 words) generated with GOOD entropy (either a secure element or throwing dice yourself, without shortcuts), add a passphrase if you want, but remember that's a critical piece of information that you must protect, keep safe and separate from the seed. You should store those two pieces of information on steal, possibly create multiple copies geographically distributed (friends, families, your properties in different jurisdictions). Instruct your family, heirs, lawyer where these things are located, remember the bus chasing you. Consider multi-sig, use standard patterns like 2-of-3 or 3-of-5, don't get too creative. You can have multiple copies of the seeds and multiple instances of each hardware wallet used for signing. Same as before, distribute geographically, leave instructions for your heirs. The items below are promising/interesting but I would not recommend quite yet because they are either not battle-tested or not standard enough at present time: \- software like Liana, which uses smart contracts for enforcing "complex" rules, like a dead-man switch \- seed in SLIP-39 format, where you can assign Shamir-Share-Secret shares with different quorums (quora?) to different groups of people (partner, familiy, friends, etc.) As for initial posting, I'd be nervous leaving a seed in a safety box in a bank without a passphrase, in principle they can access it (even legally).
Ok, so "signed back into the same wallet", I'm not sure what that means. Exchanges like coinbase have a login, but don't typically give a seed phrase for the coins they hold because those are custodial wallets (coinbase or whatever exchange controls the coins on your behalf and you don't have direct access to the private keys). On the other hand some mobile apps will generate seed phrases and give you full control. This is generally safe for small amounts of coins but can be pretty risky for larger amounts. These apps generally have a 4-8 digit PIN to let you login. Also "already deleted it" -> I assume you wrote down the words first :) Anyway, I guess as long as you have access to the coins now, and can successfully move them to an exchange you trust to sell them (assuming this is what you want to do), then you should be fine if you do that quickly. If you plan to hold a good amount of coins for a while, I would recommend a hardware wallet. Have you tried moving/selling any coins yet?
Use a steel backup. This makes physical destruction extremely unlikely. Use a *strong* passphrase (or do multisig). Don't store the seed words together with the passphrase. This makes burglary impossible. *Don't* memorize your seed words. Use a hardware device with duress PIN features. This makes robbery unlikely to succeed. Sleep well at night.
If you know what you're doing you can use an old device where you disable any wireless communications. You'll be missing the secure element that destroys the seed phrase after too many incorrect PIN guesses, though.
Get into an account that holds all your spare money, more like... If you have a bank account, if you forget your PIN you can validate yourself with documents, IDs etc. to the account the bank holds for you, but in the case of BTC, your "password" (seed + passphrase) IS your account.
Yes. You don’t need to connect your wallet to receive crypto. It’s like giving someone your PIN or bank login details to access your account in order for them to pay you - you don’t do it.
If you found a wallet w/ and ATM card and a PIN number on the back, it would be illegal to withdraw funds too. Maybe we should go to r/askalawyer
Tangem works on apple and does not store your crypto just your seed which has a PIN number to access like a regular debit card they also do a ring with the cards now which I think are rather cool 😎
You're right that it doesn't automatically expose the seed. I should have worded it more clearly. What I meant was, when you connect a cold storage drive to a computer and enter your PIN, the wallet can become during that time vulnerable to whatever software is on your computer. The fake Ledger Chrome plug-in a few years ago took advantage of this and stole from unsuspecting and inexperienced Ledger users. So yes, it's caused by user error not a flaw in the cold storage itself, but I think it good to mention this to users who might be new to cold storage and might assume that it's bulletproof to being hacked.
In such case, you only need 9 or fewer than 9 attempts to successfully brute force the full PIN code.
Also, please add your ATM PIN. If you aren't comfortable stating the actual number, just give the first 3 digits.
Possible Causes Derivation Path Differences: Many wallets use hierarchical deterministic (HD) structures that can generate multiple sets of addresses (e.g., following BIP44, BIP49, BIP84, etc.). If your original wallet used a non-default derivation path, the restored wallet might be scanning a different one. Passphrase/Secondary Factor: If you set an extra passphrase (sometimes called a 13th or 25th word) during the original setup, failing to enter it during recovery will produce a different wallet with no funds. Multiple Wallet Accounts: The prompt to “switch wallets” suggests your seed might generate more than one account. It’s possible your funds reside in a different account or wallet instance that isn’t currently selected. Network Settings: Ensure you’re on the correct network (Bitcoin mainnet) rather than a test network or a different configuration, as that could affect which transactions and balances are visible. *Troubleshooting Steps* 1. Double-Check Your Seed Phrase: Verify that you’re using the exact seed phrase from your original wallet. Even a small error can lead to restoring an entirely different wallet. 2. Consider an Extra Passphrase: Reflect on whether you might have set up an additional passphrase or PIN. If so, try restoring again with that exact passphrase. 3. Review Wallet Options: Look into the wallet app’s settings to see if it lets you choose between multiple accounts or derivation paths. Try switching accounts if that option is available. 4. Verify Addresses on a Blockchain Explorer: If you have any of your original Bitcoin addresses or transaction IDs, check them on a reputable blockchain explorer. This will confirm if the funds are still on the chain and help identify which address(es) hold your bitcoin. 5. Consult Support/Documentation: Since issues like this are not uncommon, review the official documentation for your cold wallet and the associated app (such as the “Green” app) or reach out to their support team. They may have specific recovery instructions or known issues that match your situation.
A public key can be shared with anyone. All it does is allow money to go to your address. A private key is allowing money to leave your wallet. A private key is like your bank PIN number. Don’t share your private key. Only share your public key/ bitcoin address.
I at least use Metamask and a passphrase on my Trezor, as extra layers of protection. Lockup periods on staking. It's pretty hard to hack a randomized PIN, passphrase, Metamask login, and an additional 20 digit password on top of using Trevor Suite w/ anti-keylog. I don't even have to worry. If you have serious cash in crypto, airgapping it is pretty much a necessity.
Here’s an ultra-simplified version of the wallet creation flow, written in pseudocode: def create_wallet(): # Step 1: Ask user to set a PIN or use biometric auth user_auth = get_user_authentication() # Simple PIN or biometric if user_auth is successful: # Step 2: Generate wallet (behind the scenes) wallet = generate_new_wallet() # Step 3: Encrypt wallet with PIN/biometric key encrypted_wallet = encrypt_wallet(wallet, user_auth) # Step 4: Store encrypted wallet locally and in secure backup store_wallet_locally(encrypted_wallet) store_backup_in_cloud(encrypted_wallet) # Step 5: Notify user wallet is set up and ready to use return “Your wallet is ready! You can now send and receive Bitcoin easily.” def send_bitcoin(wallet, recipient, amount): # Step 1: Check available balance balance = wallet.get_balance() if balance >= amount: # Step 2: Calculate optimal fee (using Lightning if possible) fee = calculate_optimal_fee(amount) # Step 3: Send Bitcoin transaction = initiate_transaction(wallet, recipient, amount, fee) if transaction is successful: return “Transaction sent successfully!” else: return “Error sending transaction.” else: return “Insufficient funds.” def receive_bitcoin(wallet): # Step 1: Display unique QR code for wallet address qr_code = generate_qr_code(wallet.get_address()) return qr_code Conclusion: • Backend Code: The backend handles all technical details, including wallet generation, secure storage, transaction fee calculation, and Lightning Network management. • Frontend Experience: The frontend offers a beautiful, simple UI with no technical jargon, guiding the user through each action with a clear and friendly interface. • User-Friendly Yet Fully Sovereign: The user can manage Bitcoin in a completely self-sovereign way without needing to understand the complexities behind it. Everything is abstracted to make it feel like using any other mobile payment app. If I were to turn this into an actual app, it would definitely require strong attention to user experience design, continuous testing, and real-world feedback from non-technical users to get the balance between simplicity and functionality just right. But with the right design approach, it could be done, and it could empower people to use Bitcoin just as easily as they use any other payment system.
What about just kidnapping you and forcing you to give away your passphrase or your PIN ?
Using a passphrase is important, the PIN is a way to make your base seed hard to access. [https://www.ledger.com/blog/unfixable-key-extraction-attack-on-trezor](https://www.ledger.com/blog/unfixable-key-extraction-attack-on-trezor)
They're correct though. Having your device stolen and then PIN hacked is extremely unlikely.
The two part PIN can be as short as 4 total digits though so it can be equal to the Trezor. I recommend using at least 8 digits.
Why would you trade the entropy of a seed phrase for the (lesser) entropy of a PIN? Wipe your device and reenter the seed phrase.
My ledger PIN is 8 digits long, and random. Good luck brute forcing it in 3 attempts.
There are 10,000 possible 4 digit PIN combinations and most devices only give you a few guesses before locking. You are worried about nothing.
You are worried about the PIN but not the stamped metal sheet with your word list is safe? I'm not sure you even understand what you are doing.
You can use a longer PIN than 4 digits. But also the "PIN Pad" on the Safe 5 device mixes up the location of the numbers every time, so someone can't see a pattern either.
Nobody is guessing or brute-forcing your pin. I don´t know Trezor, but Ledger: > If you enter an incorrect PIN 3 times, your ledger will reset and erase its seed, so make sure you have your seed
As others have said, a Trezor will wipe after a certain amount of incorrect guesses, and I think the necessary elapsed time between guesses becomes longer as well (someone correct me if I'm wrong). Combine this with a good PIN, and you're golden IMO. i.e don't use a short easy pin - use a longer PIN which avoids obvious/typical patterns.
Neither. Those are safely stored in stamped metal. The concern was around someone accessing the device and figuring out the pin on it to make transactions. To be honest, I’ve only ever used my cold wallet to receive funds from my exchanges, I’ve never sent anything from it. So my only experience with receiving funds is to put the pin on my CW to get access to the device. I’m assuming (maybe incorrectly) it’s the same process to send funds - meaning the PIN number security is just as important as seed phrase security.
A passphrase can be brute forced with millions of tries per second. A PIN wipes your seed phrase after 16 wrong guesses and requires someone with physical access to the hardware wallet. You can use both.
Get you a ten-sided die and randomly roll your PIN. The RPG nerds get it right sometimes.
Exactly. Although Ledger does provide passphrase-pinning to a specific PIN. In in that case knowing the PIN is enough to confirm a transaction.
ColdCard uses a 2-part PIN, no way someone is going to guess that. I know you have a Trezor, I'm just saying, it's not as easy as you may think.
>a short device PIN seems like the easiest way for someone to hack into your account. They also would have to have physical access to the device. If you make this difficult it becomes less of a concern.
That’s good to know, and relieves some stress. But after spending way longer than I wanted stamping a safe pass phrase on steel, a short device PIN seems like the easiest way for someone to hack into your account. I guess the strategy is to pick totally random numbers for your pin.
Most hardware wallets have a function that discourages PIN guessing. ie it will require longer and longer between guesses or it will brick itself after too many failed attempts.
Yeah, it's the air-gapped portion that sets Cold Card, Jade, SeedSigner and a few others apart from Trezor for me. But always a trade-off. Using an air-gapped wallet can be done in different ways like the Blind Oracle provided PIN option for an initialized Jade. You are giving some trust to Blockstream, dealing with having to launch their PIN site or having to run your own instance. It gets around the non-open source secure element problem but introduces these other things. You can use each of these devices as a temporary signer but then you are dealing with having to manually enter your seed phrases every time you want to sign a transaction which is a massive PITA or you are relying on QR codes that you have to manually create and then keep up with. They are on paper and you have to have them readily available if you spend from that particular wallet. Or you can use SD card functionality but then you are going back and forth with the drive and it introduces a chance that malicious things can manipulate the data on the card. Trezor makes great wallets but the necessity of having to physically connect them to a phone or PC is a trade-off.
Air-gapped transactions – Fully offline signing via microSD, without ever connecting to a computer. PSBT (Partially Signed Bitcoin Transactions) – Native support for PSBT, enhancing interoperability with other software. Duress wallet – Hidden wallets with different PINs for plausible deniability. Brick-me PIN – Self-destruct feature to erase the device if an incorrect PIN is entered. Open-source secure element – More transparency compared to closed-source secure elements in other wallets. Passphrase management on-device – No need to enter passphrases on a connected computer. Dice-roll entropy – Manually generate your seed with physical dice rolls for extra randomness. Full transaction verification – The screen shows full transaction details, preventing address replacement attacks. Cold-power mode – View balance and receive addresses without unlocking the device. MicroPython scripting – Advanced users can customize operations with scripts. And I could go on and on...
I personally like this.. Since it WILL add coins to the forever lost pool, increasing the value of my sats... Lots and LOTS of people lose their 4 digital PIN, computer passwords, phone passwords and so on.. And you advise to memorizing 12 or 24 words ? Even if you have and will keep a good memory, how about getting a head injury, getting really ill, or just die ? But be my guest !
Yes my PIN is correct and I use it while accessing Green Wallet BTC I dont have Green on my PC 😩
You can have multiple pins for each wallet on green....ie 1234 for BTC wallet and 4321 for Liquid wallet. Your PIN is also machine specific so are you trying your PIN on just the new iPhone or on the old one too....your post is unclear....did you set a different pin on the new iPhone during setup (or biometric) Also do you have a second instance of green on a PC by chance? Finally are you 100% sure on your PIN?....I would keep your old iPhone and keep trying options......and this is why you write down your 12 words
When I click the … buttons top right is get option to show recovery phrase, when I click it than I get emergency recovery phrase restore message stating you can recover phrase using your PIN/Biometrics than click OK brings me to enter PIN, when I enter the PIN it gives me the message on my original post…
Unfortunately, i didn’t use Jade. I had no problem accessing Green with just my PIN in the past And Yes I still have my Old Phone and the Green Wallet does show my Bitcoin Wallet in it but accessing it is another story
Show him the article of a guy looking for his hard drive with 700 million worth of bitcoin. If people could access it that easily he wouldn’t be spending a fortune looking for it. Bitcoin always exists in cyberspace. Your wallet is only the keys to access those coins. Even devices like Tezor and ledger only hold the security but not the coins themselves. Each bitcoin or satoshi resides on an address until transferred to another address. Your public key is your wallet address and anyone can send money to that address. Your private key and 12 word seed phrase is like your atm PIN number. Anyone who guesses that will have access to the coins on your bitcoin wallet address. A private key and 12 word seed phrase is impossible to guess. But with regular bank accounts you or someone pretending to be you can just call the bank and say you forgot your pin they would grant access to your account. However with bitcoin there is no one to call. You are the banker and if you forget your keys you are out of luck.
We always do this.... Cold Card, Blockstream Jade (plus) and Trezor. Those are the gold standards. Each has their own trade-offs. If you are completely out of your mind psycho, go Cold Card. If you want the middle ground for air gapped with SD card and or QR, go Jade (can also go the PIN blind Oracle route). Trezor (Bitcoin only load) if you want simple old school open source dependable USB connected cold storage. I'd say tapsigner if you want to play with NFC. Not Tangem because fuck shitcoin support. For interfacing you will go with Sparrow for desktop, Blue wallet, Nunchuk or Blockstream Green for mobile. Anything else is mostly just noise. How'd I do guys? Can we just get a sticky at this point?
You might be misunderstanding. There are three things here: PIN code on the device, 12 word seed phrase and additional passphrase. You’re right, the PIN code on the device decrypts your 12 word seed phrase every time you use the device. I’m referring to setting an additional passphrase which creates a “hidden wallet” that no one can access with just your 12 word seed phrase. It adds an extra layer of security.
A Seedkeeper can be used in SIM card format (plus it's protected by a PIN code)
A Seedkeeper can be used in SIM card format (plus it's protected by a PIN code)
Use a Seedkeeper: it's an open-source smartcard that stores the seed in the secure chip memory, protected by a PIN code : very discreet and secure against eavesdropping. https://youtu.be/nwMteSphmro?si=g6j13wuH-tMmQr6X
If you use multiple seed backups, you decrease the risk of loosing your seed, but you increase the risk that someone finds one of them. That's why I avoid plaintext backups. Instead, I use Seedkeeper: it's a open-source smartcard that stores seed(s) and passwords inside the secure chip memory, protected by a PIN code. So even if somebody finds your Seedkeeper, without the PIN code, it is useless. And I use TailOS (offline) to interact with the card, so that no secret info can leak during use. https://youtu.be/nwMteSphmro?si=g6j13wuH-tMmQr6X
The PIN and the passphrase are two different things. I think you are conflating them. The PIN secures the hardware wallet from physical access. The passphrase creates a new set of wallets when combined with the seed phrase.
Buy yourself a hardware wallet like a Trezor Safe 3, ideally the bitcoin only version. Trezor walks you through the whole setup via their app. The device will generate a 12 word phrase that you will want to keep safe. This is used to access your funds in case you lose your hardware wallet or it gets destroyed. Stamp your words into a titanium plate or washers (look at YouTube for bitcoin key phrase washers) and keep it in a safe place. Additionally you’ll generate a PIN code for accessing your device. At this point, the ways to access your funds are: - Trezor device with PIN code - 12 word seed phrase Start by sending a small transaction of 0.001 BTC from your exchange to your wallet to get the hang of it and build confidence. Once you feel comfortable, transfer the rest. While this may seem like a burden, it’s worth it. Bitcoin is all about self sovereignty and taking self custody is a major part of that. Once you get comfortable with this, you’ll feel a new sense of empowerment knowing only you have total control over your assets. Another thing to consider would be setting a passphrase as well as the 12 word phrase. This can be done during initial set up of the device. This essentially allows you to not worry about keeping the 12 word phrase in an ultra secure location as long as you have your passphrase memorized. Alternatively, keep your 12 word phrase in a separate location to your passphrase and you essentially have a multi-sig wallet. Hope this helps!
Cash out monthly what you absolutely need is what most people here would probably recommend, and I agree. But there's other half-way options if you don't want to assume the risk of keeping that much value in BTC. Hedge your bets... Think of it this way. If you cash out enough today to cover your mortgage for the next year or two, at least you can put that cash in a good savings instrument to get some interest returned while having the peace of mind that your mortgage is covered for the foreseeable future. What's that? Maybe 1btc? Then, you at least have the chance to realize gains on the remaining BTC in the future. If BTC goes to zero, then damn, you took a risk but you still realized 100k of gains by cashing some today. But of course, if BTC appreciates, two years from now you can make the same choice, cash out enough to get the security of knowing your mortgage is covered while still having the opportunity to realize gains in the future again. Then, cold (hardware) wallet the rest. Honestly, it'll take you a maximum of a couple of weeks to read and become a relative expert on Bitcoin. When you have this much, educating yourself is 1000% going to be worth it even if you decide to sell all of it. But please, be very careful. Learn about hardware wallets, learn about the common ways people lose their coins. NEVER put your seed words on an Internet connected device. Get your hardware wallet WRITE DOWN YOU'RE SEE PHRASE AND PASSWORD / PIN. Maybe stamp it on steel. If someone comes across you're seed words they can take your Bitcoin, so my advice is to scramble your words in a way that you can unscramble them. That way even if someone finds your words, they're useless without knowing how to understandable them. Store your stamped steel in a safe place (ideally two separate physical locations). Or.. cash out out, forget about BTC, take your peace of mind and you'll likely be kicking yourself a couple years from now.
Reset is easy in case of Ledger just by entering wrong PIN code three times. However "reflashing" the SE would still not be possible since the secure OS is retained and any attempt to change the firmware requires the secret keys only known by Ledger. The Nano S firmware versions few years ago had a vulnerability however that has been eliminated. Needless to say any tampering with the device erases sensitive data including the PIN and seed. The result is again a device which is in a reset state or does not recognize the original PIN.
With an 8-digit PIN, they would have a 1 in 33 million chance
They can’t do anything without the PIN.
Bin recht sicher dass er seine 12/24 Wörter mitgeteilt/online eingegeben hat. Das ist wie wenn er seine Bankkarte mit PIN jemandem ausgehändigt hätte…
Summary: The first step is to purchase a Cryptonow gift card from a retailer or online. Once you have the card, you can activate it by entering your 6-digit wallet ID and PIN code. You will then receive an SMS with a mTAN, which you will need to enter to confirm your identity. After that, you can exchange the value of the gift card for cryptocurrency at the current Cryptonow reference rate. Once the exchange is complete, your coins will be sent to your Cryptonow wallet.
You can lose your password though and still be okay, so long as you have your device and PIN number.
No, do not type them on your pc by any means while setting up. When you're setting it up, the seedwords will show up on your device, not on your pc screen. Do not type them and print. Seedword must enter your pc only for recovery purpose (in case you lose or break your device). You must go full offline with your seedword and save it on paper first and later you either memorize them and stamp them on a metal piece. To access regularly you will set a PIN number, so your seed words are stricly used for recovery.
This link should help: [https://rewallet.de/blog/schildbach-wallet/](https://rewallet.de/blog/schildbach-wallet/) Schildbach Wallet is a hot wallet on android. Your keys are stored in a unique "wallet.dat" only compatible with this app. This file is only secured via 4 digit PIN. You could even create a backup and store it in the cloud. So the hacker had your "wallet.dat" file and just tried every possible combination.
Telling your wife is bad. I did the same. A few years later she divorced and claimed half. A 6 yr legal battle ensued. Best method: a combo of encryption ledger and deadmans switch for the PIN code along with your instructions.
If you are stupid enough to "slap the seed phrase on *anything*" then there is indeed no point. But if you are slightly less stupid and realize, that you should only ever "slap" your seed phrase on a cold storage device (=a device that was never and will never be connected to the internet) then it suddenly makes sense and you see the point again. Of course, you have to secure the written down seed phrase against theft and loss in exactly the same fashion as you secure the device itself (or even more so, as the device is usually protected by additional measures, like a PIN). But that is just a basic self custody thing and something that you have to do with any seed phrase, cold storage just like hot storage.
If he didn't have a PIN on his Trezor then I'd say it's not safe at all to be anywhere but in close proximity. Even with a PIN older model Trezors had security flaws that made it possible to extract the PIN.
there are ten thousand possible 4-digit PIN combinations there are five duodecillion four hundred forty-four undecillion five hundred seventeen decillion nine hundred nonillion possible 12-word mnemonic combinations they're incomparable
I mean, yeah, of course there is a chance. It is possible someone could randomly just guess your seed phrase. Just like someone could guess your phone PIN or bank password,or your SSN. It is highly highly unlikely, but of course it is possible.
IF you loose your memory you will not have a PIN
How? I mean legitimately, how is this even feasible? You get a car description and license plate, even photo of your driver. While you're in the vehicle you can see the trip live from your phone. As for Coinbase, how is he able to access it? You have to enter a PIN to even open the app, and you're telling me he was able to manipulate people into providing their PIN, handing them his phone without eyes on what he was doing with it, and there were enough people with Coinbase for this to have been done multiple times?
XYO is the first and only real DE PIN