Reddit Posts
I lost ALL my BTC yesterday, this is my story so it won't happen to you
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Tuesday December 19th 2023. 7 am EST (6.5 hours from this post). On Kahoot and YouTube Live!
Blockstream jade - what happens if you lose your SeedQR?
Self custody wallet planning for stacking (now) and spending (later)
Gigantix Wallet - The New Era OF Secured Cold Wallet
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday November 20th 2023. 9.30 pm EST. On Kahoot and YouTube Live!
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Please help me with this MetaMask/ Trezor problem.
How to Secure Your Crypto Wallet from Attack and Protect Your funds
Multi-Sig vs. Shamir Secret Sharing: Which Path Will You Choose to Safeguard Your Crypto?
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday 2 October 2023. EDT - 9.30 pm. On Kahoot and YouTube Live!
Is it possible for someone hack/steal from my hardware wallet?Or is it almost impossible?
Reminder to all the Celsius bankruptcy victims
A 96 yo woman’s letter to her bank. This is why we crypto.
$13,000,000 and victims of Sim Swap 2023
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
After almost 3 years of work, our small startup launched Chaindeck today! Introducing a new way to store and encrypt seed phrases using a unique deck of cards, completely offline and analog.
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
Blockstream Jade has new firmware. It looks like a nice improvement on an already great device.
Scam protection. It’s up to you and you only.
An Updated SUPER-Beginner’s Guide to Swapping, Bridging and Exchanging MOONs (the complicated way)
New user looking for a good hardware wallet, few questions
Only once you have paid for something with cryptocurrency do you realize how completely insanely insecure credit cards and bank transfers are
The BIP39 Passphrase, and how even the best hardware wallets let us down
The BIP39 Passphrase, and how even the best hardware wallets let us down
Bitbox02: A hardware wallet and it's solution to the open-source closed-source dilemma
How come no one ever mentions the Arculus cold wallet?
"If you opt-in for the service, as a user, you'll have to enter your PIN and consent to the backup process. Then the OS will encrypt and split the shards to send them to 3 different parties." - Ledger CTO
Set up your crypto-recovery plan with your spouse TODAY (STORY)
Everybody always recommends a hardware wallet like a silver bullet, and they're great until you realise that factory pre-sale tampering and fakes can leave you hugely exposed. It's even more plausible recent spate of wallet hacks
Exciting News - LocalMonero / AgoraDesk Free and Open Source Mobile Apps are Now Officially Out of Beta! Happy Birthday Monero!
Today is World Backup Day. Let's make sure your seed is secure and backed up.
How to avoid getting scammed and not lose your coin
Identity solution in Web3: What solution do you use?
what is happening with erc20 transactions ?
My Exchange (will all my savings) was hacked into.
It happened to me! My phone with my wallets was destroyed!
Sorry if this isn’t the right place to ask but I have a few questions.
An Achilles heel of the Cryptocurrency
Hardware wallet/mnemonic seed phrase (extra) security guide, don’t just write it down 1,2,3,4…24
Storing recovery phrases - How to do it right?
Some basic knowledge for new hardware wallets users
Top Quality USA AAA+ fresh DUMPS with Pin, CVVs and fullz also available. Hacking services also available.
Ledger Nano S Plus Cold Wallet button broke... how do I reset it before returning it?
So Coinbase let a hacker trade on my account and offered me 'what is left' from the original $165,000 balance, over 11 days.
Arculus - New Cold Storage - Safe?
An anecdote on how relying on banks is less than ideal...
Blackhole inside Binance. How I was scammed and all my money was stolen. Please, I need your help! Spread the word
I created a free and open source Bitcoin Time Capsule called BTCapsule. It uses the timestamp from the Bitcoin blockchain, and allows you to enter your private keys and check them without exposure to the internet
Vault Finance updates for October 2022! New competitions/AMAs/marketing/developments! Vault is ready for the stratosphere! Their Launchpad & Exchange Novation is picking up steam and quickly becoming the go to platform for all BSC trading! Launchpad is also fully live! Do not miss this project!
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
Digital wallet app development is a major trend in the world of technology these days
Can nyone help me with a blockchain.com fiasco I’m in?
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google play and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
Two critical weaknesses of hardware wallets you need to consider
my lesson with a Seed Phrase...
Protect yourself against SIM card swap attacks by setting up a SIM card PIN
Is a Trezor Model One good enough to HODL BTC compared to Model T?
List of the coolest meatspace bitcoin products available:
Privacy tokens only account for 0.59% of the total crypto market cap and their evangelical communities don't want to talk about it because it is not profitable to do that...!
Watch out for this (new?) BTC scam
My experience with 'cold wallets' after trying almost all of them
Introducing Zeus: A remote mobile lightning wallet that lets you connect to and manage your own node on the go!
A use case of blockchain without internet connectivity
This is my trustless bulletproof inheritance strategy:
How Coinbase Global, Inc.& Verizon Wireless Allowed Someone to Steal $70k from my Crypto Wallet
Beware! Likely Trezor phising scam going on!
"Trezor has experienced a security incident involving data belonging to 106,856 of our customers"
Mentions
I went with Best Wallet for day to day because it felt intuitive, then I added a hardware wallet for long term storage. My routine is seed phrase on paper, app locked with PIN and biometrics, and a small test send before any larger move. I also keep a written restore checklist so I’m not guessing under stress. Starting simple and upgrading in steps made the whole process less scary. That approach may work if you’re just getting set up.
I settled on Best Wallet for hot use since it’s simple and supports strong app locks. For security, I keep it as a spending wallet with small balances, store the seed offline, and enable a PIN plus biometrics. I always double check the address and do a tiny first transaction. Keeping big holdings separate from a hot wallet has helped me sleep better. It may not be perfect, but that setup has been reliable for me.
From my experience, Best Wallet handles my hot funds while a Ledger stays offline for savings. If you stick with Ledger, consider adding a passphrase, turn on PIN auto-lock, and practice a restore on a spare device before loading real funds. I also create a watch-only wallet so I can verify deposits without plugging the hardware in. Metal backups for the seed can reduce the risk of water or fire damage.
When I compared different wallets, Best Wallet consistently stood out for a clean UI and straightforward fee controls. For a hot wallet I want quick sends, good backup, and clear address display, and this one checks those boxes for me. I keep only what I’m comfortable with on mobile and use basic hygiene like PIN, biometrics, and no screenshots of seeds. If you’re moving larger amounts, you can split funds across wallets to reduce risk.
I could not find any independent third-party verification (e.g., security advisories, CVE entries) confirming the exact vulnerability as described (constant digest + nonce reuse in Delta PIN mode) by other researchers or by Coldcard/Coinkite themselves. The blog also appears on a site that strongly markets unrelated products (VPNs, “Vitamin-K”, etc.). That commercial overlay lowers credibility. The tone and style of the blog post is highly dramatic, overly simplified, and oriented toward crypto-fear, which can be consistent with marketing or scam tactics. The vendor (Coldcard) firmware changelog does not publicly reference that specific issue (as per the publicly visible change logs I reviewed). That doesn’t guarantee non-existence, but it means it lacks official acknowledgement.
Trezor Safe 3 solves the mist important problems (the typing on the desktop and the PIN stealing w/o the 2FA). Airgapping seems an overkill for me but YMMV.
I get your point, but that’s not how Tangem works. Your keys are generated and stored securely on the chip inside the card, they never touch the internet or your phone. The app is just an interface, kind of like mirroring your phone screen to a TV, the TV shows what’s happening, but can’t actually control your phone. Also, Tangem isn’t a blind signer, you can clearly see all transaction details in the interface before approving anything. Honestly, it’s safer than tiny hardware screens where it’s easy to make a mistake. Here’s the flow: you review your transaction, tap the card to your phone, then enter your PIN. Everything has to be confirmed step-by-step, so there’s no way to accidentally send funds. Not saying Cypherock is bad, just that with Tangem, your keys are stored inside the card, not in the app and it’s definitely not a blind signer. You can verify every detail before you approve.
Get a Trezor, jump through the hoops with respect to creating a new wallet with a recovery phrase and all that… and just hand it all over to them; the codes and the PIN for the Trezor. You could also keep a copy of the recovery phrase in a safe place in case they lose it all.
#WELL NOW WE KNOW WHO TO PIN THIS ON ^/sitwasalreadyobvious
Hello! It seems your Trezor is now in anti-brute-force mode. This security feature activates when multiple incorrect PIN attempts are made (even accidentally). Each wrong attempt increases the waiting time exponentially, that’s why it’s showing 1000 seconds to verify your pin. Have you been able to resolve it now?
The Trezor PIN entry system implements an exponentially increasing delay after each failed attempt to prevent brute-force attacks. The delay doubles with every incorrect PIN entry, meaning the wait time follows a power-of-two progression (2, 4, 8, 16, 32 seconds, etc.) After 16 consecutive incorrect PIN attempts, the device automatically wipes itself, rendering the PIN ineffective and requiring the recovery seed to restore access
You’re obviously entering the wrong PIN
Just in case this needs to be repeated: coins are NOT stored in the wallet. The term is historical and we are stuck with it. The coins reside in the cloud (on the Bitcoin network) in the form of a globally accessible ledger file, aka. blockchain. The wallet OTOH is like a web browser mixed with an authenticator: it gives you access to the funds on the network, similar to logging in to your bank page with, say, a USB secure stick (your money in the bank is not stored in that stick!) So it sort of feels like a "wallet" but it's important to know that losing it or damaging it is like losing a web browser: a non-event. The only thing that must be protected is the seed phrase and the PIN used to unlock the "wallet".
I basically set up an old phone with Lineage OS that is all the time offline, they know the PIN to unlock. Inside there is Electrum.
They can't recover seeds, at least according to their website. If you still have your device and PIN, you can recover it, but to my knowledge, no device, no PIN, no seed, it's gone forever
Your data on Web3 is only as safe as your key management, approval habits, and the off-chain stuff you connect to. My playbook: split wallets (burner for mints, hot for daily, cold vault on a Ledger/Trezor), use Safe with 2-of-3 for anything that hurts to lose, and turn on the passphrase/25th word on hardware. Never grant unlimited approvals; set exact amounts and regularly clear with [revoke.cash](http://revoke.cash) or Etherscan’s token approvals. Use a simulator wallet like Rabby or Pocket Universe to spot drainers before you sign. Lock exchange logins with hardware keys (FIDO2), not SMS; add a carrier port-out PIN. For privacy, assume on-chain is public; if you must store sensitive stuff off-chain (IPFS/Arweave), encrypt first (Lit Protocol works). Set address alerts on Etherscan or Tenderly so you know fast if something moves. For ops: I’ve used Safe and Alchemy for wallet/RPC hygiene, and DreamFactory to expose a read-only API with RBAC to off-chain data so a compromised dapp can’t yank everything. Security comes from strict key hygiene, segmented wallets, limited approvals, and cautious infra, not the word “decentralized.
No. Passphrases are generally used for self-custody, like on a Trezor or Ledger. It’s also an option security measure. You will need to create a PIN, but that gives you access to the device. It’s not a backup for the wallet like the 24 words and passphrase would be.
AI is right. Just follow step 1-8, and your ledger will hold the passphrase protected wallet until you turn it off. At this point, you can use it normally, either with ledger live, or an open source 3rd party app like sparrow. When you are done, unplug the ledger. Then you can plug it back in and repeat step 1-8, this time with a different passphrase. The PIN in step 1 has to be the one for your first wallet - with 24 and no passphrase.
That's what I thought. The real deal is this. This new protected wallet needs to be completely isolated and separate from me. It's for a family member who is not subject to the same tax consequences. In essence I want a real gap between us. If I get her her own Ledger device - can I still put her holdings in Ledger Live but just use a different sign in PIN to monitor the balance? THANKS for your kindness (I really am old)
The thread was about the Jade. Jades are Bitcoin only. Not sure where Ledger came into the conversation. If you are working with a Bitcoin only device, using the term "crypto" is obnoxious. Whatever. You can use any hardware signing device to generate unlimited numbers of private keys. Those private keys are derived from generated mnuemonic seed phrases. Whether you use dice or coins or online computer programs or hardware signing devices, same same. You can generate your words via dice and then enter them into a Ledger. You can generate them via coin flips and then enter them into a Trezor. You can use a web tool and then enter them into Sparrow wallet. It's all the same. Some wallets, like Jade and Cold Card, have the ability to sign transactions air-gapped. They use either QR codes or PSBT's transferred back and forth via SD card. The Jade Plus can do both. When it comes to "temporary signing" or "stateless signer" you are talking about using a hardware signing device in such a way that the private key does not stay on the device at all times. Each hardware wallet deals with private key safety in a different way. Most use a secure element chip, like credit cards do. The keys stay on the secure element at all times and you gain access to function via a PIN or password etc. Jades are unique in that they don't have a secure element. Blockstream has what is called a Blind Oracle that functions as a way to protect your private keys without a secure element but that requires authenticating back to Blockstream when you unlock your Jade (assuming you are not using it as a temporary signer). Blind Oracle requires physical connection via USB cable or Bluetooth. This by definition makes the Jade in those modes not air-gapped. To use the Jade, or any other air-gap capable signing device, as a temporary signer means to literally wipe the device after every use. Nothing more secure than a device that doesn't even hold any private keys. Each time you want to use the device, you must restore your private keys to it. You can manually restore via your seed words or you can speed the process along by scanning a QR code of your seed words. Either way, once restored you can use the device to sign transactions. When you shut the device off, it wipes itself. Rinse and repeat. When I recommended you go watch tutorials I was referring to Jade specific tutorials. I feel like you would have a better understanding of how the Jade works specifically since that was the scope of the original post. On the reference to the last word be generated by the Jade. The last word of any seed mnuemonic is always a checksum. Most people don't realize that you can't just smash together BIP39 words at random to produce a valid seed. There is more structure involved in the creation of the seed and the final word is always a checksum. That is not specific to the Jade.
The biggest real risk in 2025 is session/token theft and wallet-drainer kits, and tight basics still stop most of it. What’s working for me: move everything you can to passkeys and FIDO2 security keys, kill SMS 2FA, and use number-matching pushes only. Lock down email since it’s the master key: separate alias for recovery/exchanges, disable auto-forwarding, review filters monthly, add a hardware key to your mailbox. For browsing, bookmark-only access to exchanges/bridges, never ads; separate browser profile (no extensions) for money stuff; enable Chrome Enhanced Protection or NextDNS/Quad9 threat blocking. Crypto: hardware wallet, turn off blind signing, allowlist withdrawal addresses, set daily limits, and keep hot wallets on a separate phone with no sideloaded apps. Defend against AiTM: sign out all sessions monthly, prefer device-bound session tokens where available, and monitor with Have I Been Pwned/1Password Watchtower. SIM swap: carrier port-out PIN and no phone numbers on accounts. At work we use Okta for SSO and Cloudflare Zero Trust for browser isolation; for internal APIs, DreamFactory adds RBAC and per-service keys, which helps given the token-theft trend. Prioritize phishing-resistant auth, session hygiene, and wallet isolation-that’s the sane 2025 stack.
How will you ensure that your children get to it later in the event you/your wife will be somehow incapacitated (I.e. if you die tomorrow, will it be lost? ) I ask because I self custody and I don’t write PIN / seeds around the house..
If you’re holding long term, move to a hardware wallet and practice a full recovery before sending the full amount. For devices: Trezor Safe 3 (open-source, easy UI), Ledger Nano S Plus (secure element, broad app support), or Coldcard/Blockstream Jade (more advanced, great with Sparrow). Buy direct, verify firmware, and set a PIN. Consider a passphrase (25th word) only if you truly understand it and can back it up separately. Do a loss drill: wipe the device, recover from the seed, confirm your receive address matches a watch-only wallet (Sparrow/BlueWallet via xpub). Make two metal backups of the seed stored in different places; never digital. For exchange withdrawals, use TOTP (not SMS), withdrawal whitelist, and a hardware security key; lock your mobile account with a carrier PIN. At work we use Cloudflare Zero Trust for access controls and Bitwarden for secrets, and DreamFactory to gate API keys and roles; same least-privilege mindset keeps your crypto safer. Bottom line: get a reputable hardware wallet, drill recovery, and keep the seed offline.
They haven't seized the crypto then have they, if the fraudsters can still access it. They probably just seized a hardware wallet and don't have the PIN to unlock it, so they can't move the crypto somewhere safe.
This is not how a hardware wallet works. I have a Trezor hardware wallet. If I lose the physical wallet, I can buy a new one and with my 20 seed words it will be the same as my old hardware wallet. It's basically just 2 factor, you have a software like TrezorSuite, your physical Trezor plus your seedphrase (plus PIN and password). The only thing you should never lose is your seed phrases. Honestly I would just learn them by heart, it's 20 words, sounds a lot but I wrote them down over the course of a few days and it's pretty easy to remember.
Things get messy with PIN, because it is in a way same to a seed phsrase you need to store and have "access" to. This is the gap we are tackling at RITREK - we build a self custody solution to this exact problem, with pre signed, timelocked transactions to a fixed destination.
You can't, unless you have still access (with PIN) to a hardware wallet set up with that phrase.
Nah, seed phrase. The PIN just locks the app.
Are you locked out of your current wallet (lost PIN, damaged device) or are you simply wanting to check and see if your seed phrase is correct, but still have functional access to the cold wallet?
If someone steals *any* device, security depends on how it’s set up. * A Sparrow wallet on an air-gapped laptop with a strong passphrase is not “easy to brute force.” * Hardware wallets also rely on a PIN/passphrase — same principle, different packaging.
I like Blue Wallet. Especially the Watch-Only option, and the Duress PIN option.
It would help to say what kind of wallet or exchange it is. If it is a self-custody wallet, and you do not have your PIN/password and also lost your seed phrase, you are out of luck. If you still have the seed phrase, buy a new hardware wallet, enter the seed phrase there, and will have access to your funds.
1. I think it's good to include a pop-up message stating the number of transactions made with the address. like having "0 transaction made with this address" will be a huge help. Another one is having a PIN or Unique signatures. If there's a mismatch then the transaction will not proceed. Can be an OTP. 2. also have the option to block suspicious addresses and spammers also with the assistance of AI flagging across all blockchains. also with a pop-up message or report stating "Address has been flagged for scams and illicit activities" 3. Dumb Human Readable Smart contracts and Anti-blind signing. Will probably reduce user error. AI assisted which converts codes to human readable phrases. 4. Devices that are secured and private. Almost all Phones and PCs are not securely equipped for these types of attacks.
If the payload was stealing bank details instead of corrupting crypto tx it would have gotten a lot further I think. It just needs to be as secure as - throwing your debit card at a web site tbh. Granted you're sharing a high-level take but welking into circle k and buying a coke is more financial risk than your grandparents would have been comfortable with. People don't like the "big numbers" and being told stuff is confusing ... makes it confusing. Don't share your bank account info (printed on those checks in plaintext) and don't share your PIN right? For several of the alst years, Big american banks have paid more in fines for their own fraud than the sum total of all documented crypto scams in that same calendar year. That's before even touching on the amount of fraud they process. I hear you but, "as safe as shoving your bank card in a gas pump without checking for a skimmer" is as secure as most people are going to need. Also, the entire vector an attack here, this isn't even a 'crypto' vulnerability.
One option is a stateless signer where the mnemonic seed isn't stored on the hardware wallet, like Seedsigner. But for normies, choose a reputable open source Bitcoin only hardware wallet with a secure element, and choose a suitably strong unlock PIN
OP: Keep your recovery seed locked away in a bank safe deposit box, then use a passphrase both memorized and written in a separate location. The thief would not likely escort you into the bank with the gun at your head. Tell them the PIN to your HW is also locked in the bank SDBx if you want. Keep weapons in your BR to use in case of a home invasion. But in any case if someone gets inside your house & has a gun at your head, that’s an extreme scenario that could end up with you being dead if you don’t give them something. If you tell them all your BTC is in an EFT & you don’t give them anything, you might be killed. If you feel that’s a reasonable concern, keep some cash on hand to give the thieves so they feel they scored & hopefully leave you. One idea, keep an HW w/ most coins hidden behind a passphrase, keep a small % of your coins in the main wallet, give them the PIN & HW so they can help themselves to the amount they see.
“Im worried about quantum computing and bitcoin.” Meanwhile Bank PIN code: 6969 Bitcoin key: 01101001010001010001010101001010100010101000101100011010101010100011010110100001010101001010101010100010111110101010001111001010100101001010100010100101000101000101001010100010100010001000101010100010101000101010001010100010101010101000001111010101010101010101000001010101010101010100101010101000000111101010101010100100101010001010100101000010010101001010101001010101000101010000101010101001
OP, if she has the physical hardware wallet without your PIN, how would she move the assets? You have the seed phrase access too. Why not just move the assets elsewhere? And since she stole the hardware wallet, the address the assets move to can be anyone’s address. The judge will know you are the most probable person to have the seed, but it could mean that you can get the BTC back and then go do what is necessary.
Your account is somewhat confusing. If I understand correctly, she stole the hardware wallet and the seed phrase? Were they stored together? Or did she look up the seed phrase on the wallet? Was a PIN or password required to access the hardware wallet? There is usually at least one layer of security in addition to the seed phrase. Also, it sounds as though she told you the seed phrase in conversation, after having presumably memorized it. Is this correct?
You need to have a hardware wallet with you, and a copy of seed at somewhere safe. If your hardware wallet is stolen and the thief doesn't know your PIN, it is OK. You just buy another hardware wallet back home and restore it with the seed. If you are a maxi and has no money other than bitcoin, you can put a small portion of it in a hot wallet like Proton. Then you can access it with username and password from any computer. A copy of (pocket money) seed in google drive will do the same.
okay I did get this to work by importing the XPub into Sparrow. I guess it had to be done that way though I don't know exactly why I already had a watch only wallet for that same xpub still this is not exactly a stateless seed signer. I still have to connect to my phone with Bluetooth in order to have it verify my PIN. That's the part I'm trying to avoid.
You’ll need either the recovery phrase or the PIN. There is no other way to recover the funds otherwise.
If a user encrypts a seed phrase with his own passphrase, then he has to write the passphrase somewhere. It's simpler to write the seed phrase But what if there's an encryption method which doesn't require remembering or writing a passphrase? You don't need a LLM. I think the Vault12 Web page answers the questions https://vault12.com/learn/cryptocurrency-security-how-to/seed-phrase-backup/ I'm not advocating this company's services, but the page does (in a biased way) cover your question They're saying that using encryption is a safe way to have a digital copy of the seed phrase. But encryption is only safe if the decryption key can't be guessed. Your "encrypted hard drive" example suffers from the user having a weak password to decrypt his drive. Is there a way to have secure encryption without prompting the user to supply a passphrase? Not really. But there's a partial compromise which is better than most users' idea of secure - the biometrics (face ID or fingerprint) on your phone. Vault12 doesn't say whether they're using this, or some other method Aside: Vault12's "network of Guardians" key sharding method will frighten away most potential customers. But that doesn't matter. The concept of making an encrypted copy of a seed phrase doesn't require sharding You shouldn't be able to screenshot your recovery phrase in an Android wallet. But nothing can stop you photographing the screen with a different device. Either way, this exposes the image to data exfiltration malware, from the moment you make the image until it's encrypted. Also, unless you tell your Android not to store all your images in the cloud, it will be stored in the cloud - probably encrypted, and encrypted using your biometrics. If your device hasn't captured your biometrics, Android falls back to your PIN, password or 9-dot grid pattern To avoid asking the user for a passphrase, "modern" phone security is based on lesser things. Are these encryption methods good enough? So far, they are. I"m not aware of any reports of cloud storage being hacked if encrypted using these methods. The advantages of biometrics are * the user's data isn't exposed to his own weak password/passphrase * the user doesn't have to write or memorize a passphrase * the data is always accessible, even after losing a phone --- There's also the Block BitKey, released in 2024. This is a hardware wallet without a seed phrase. Instead it uses 2-of-3 multisig. One set of keys on the device, one set of keys on the user's pone, one set of keys held by Block. And the device itself relies on biometrics - it has a fingerprint scanner
how can you not remember a simple PIN? idk dude, good luck
Not a technician here, probably there is a certain risk, but what about everything else like stuff that has a four digit PIN or a user and email, that can be hacked way easier with quantum..?
ADA ain't even that risky. but yes it's good along with LINK or SUI for a similar level of risk. To get even riskier take a look at something like POL and CRO For a lottery ticket maybe check out PIN
POL, LINK, ADA, CRO, SUI (and a small bet on the microcap: PIN)
I can't sell, I lost my CC PIN, but I have my seed, so I ordered a new one.
Phantom and MetaMask are convenient for daily use, but for 10–15 years of storage they carry serious risks—if your phone or PC gets hacked or you sign a malicious transaction, your funds can vanish instantly. Hardware wallets keep your keys offline, so even if your computer’s compromised, the attacker can’t steal them without your physical device and PIN. If the device breaks, you usually recover with your seed phrase on a new one, though paper backups can degrade or be lost over time. That’s why some long-term holders prefer solutions like the Cypherock X1, which removes the single seed phrase risk by splitting your private key into five encrypted pieces (1 vault + 4 cards) using Shamir’s Secret Sharing, needing only any two to recover meaning you’re safe even if the main device or some cards are lost or damaged.
You would have to open two safes miles apart in separate locations to recover my wallet. If you stole my hardware wallet, it’s useless without the PIN. I sleep like a baby.
What is the difference between remembering 20 words and remembering a 4 digit PIN? But yes, it is good to think of backups. And you can split up the backups in a creative way in various locations that make it less susceptible.
Exactly what I did with my brother last year. Ten months later, this past weekend, I got him to admit he has no idea where the keywords are. Nor what the PIN to the device was.
VIP must be a big help! I personally use PIN and lighting pay, worth looking into.
Yeah tbf thats actually better than what I remember it. I personally use PIN and lighting pay for DCA.
Just some ideas to consider: * Buy trezor direct, and verify security features intact (box seal, hologram, no pre-loaded firmware etc) * Install BTC only firmware * Crate multi-share backups, preferably stamped/ engraved on metal, distributed across multiple geographic locations. No digital copies whatsoever * Set a strong PIN on the device * Test recovery, and transfer only a small amount to begin * Have dedicated passphrase wallets for different purposes - spending, long-term storage etc * Use exchange wallets only for short-term purposes * Store device securely * Use a dedicated computer for transactions, or at least a separate user account from your day-to-day use * Practice good personal cyber habits * Ignore/ verify any emails from Trezor, and especially don't click on any links * Keep firmware update, but only via the official app * Only ever enter passphrase in the app
It's not that difficult. 1) Get a cheap open source hardware wallet. Define a secure and familiar PIN. Store the device safely with you or close by. Make sure the source and package is legit. Beware of phishing, sponsored links, fake firmware updates. Using BTC only options will help you in that way. 2) Make at least two copies of your seed phrase, store them in different secure locations. Paper is OK. Never store it on notepads, password safes, clouds, photos. Use security seals (void evidence) to know if anyone else have read your words. 3) Define a passphrase that you are familiar with and that you use regularly, so you don't forget it. Make at least two different backups of the passphrase, online synced, on an encrypted file or password manager. Make sure that losing access to one account (Microsoft, Google, Apple, etc) doesn't stop you from getting it back. Don't make any physical copy of it, don't keep it close to the seed. Ideally you will have 3 copies of your seed phrase, all secure and independent of each other, 3 copies of your passphrase, all unlinked from each other and from the seed phrase, and the access to the hardware wallet if everything else fails. If your wallet value is getting uncomfortably high, repeat the process for a new one and split the value between the two. Never type your seeds on a keyboard, always on the hardware wallet device.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access the box after you’re gone.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access the box after you’re gone.
> The thing with hard wallets though, you can lose them, or they’re stolen or get damaged Your seed phrase is the backup of your wallet. The first thing you were supposed to do when you created your wallet is write down your seed words. That's true for hot wallets and cold wallets. If your hardware wallet gets lost or damaged, no worries. Get a new one and restore your wallet by entering your seed phrase. If your hardware wallet gets stolen, a thief will end up with a wiped device after a few incorrect PIN entries.
The main goal of a hardware wallet is to store the private key, so you only need to enter the seed phrases after resetting it. Most hardware wallets do need to enter the PIN code every time the device is booted as an additional layer of protection.
A PIN is only a password to enter a specific hardware wallet. One doesn’t need the seed phrase at all in this case, only the PIN. They just need the original hardware wallet in working condition. A passphrase is a password to enter a specific wallet. You don’t need the original hardware wallet. Never make a succession plan or a seed backup plan that involves a hardware device working. It might not when the time comes.
How is that any different functionally from a PIN? It sounds like you could also send someone your PIN and accomplish the same thing. if they still need your seed phrase to access the wallet then they still need both. It sounds like it's basically a really long PIN.
My trezor has 12 word recovery seed and a PIN #. Am I missing something?
>one PIN that unlocks your 24 words and another PIN that unlocks the wallets behind the 24 words + passphrase Those pins are device specific, right? I have to import the 24 words and passphrase onto a new device sometime soon. I'm pretty sure what the first pin is, but maybe not.
Robbing Bitcoin is not a crime? It is in the UK and US. Where are you from? Also threatening someone's life with a wrench is also a crime in most places. If someone has my wallet and PIN they can drain my bank account before I can do much. If someone has my cash, it's never coming back. If someone takes my car it's not likely coming back either.
The 24 words are standardized, technically you don't need a hardware wallet to access your funds, you can use any tool to get to the private keys derived from the 24-word seed phrase. The passphrase (25th word) is a feature of the BIP39 standard (and probably others) and is optional, but yea it's usually not recommended to use it. I think the best use case is, for example, on ledger you can have one PIN that unlocks your 24 words and another PIN that unlocks the wallets behind the 24 words + passphrase, so if you are forced to unlock the device, you can unlock the "normal" wallets. Would need to have some funds and activity in them to make it believable though.
Your 12 words is your paraphrase. That is enough to recover the coins. The PIN is to use the trezor itself and allow it to sign transactions.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access your box after you’re gone.
You could store your assets in a safety deposit box on a cold storage device with a strong PIN, and then use a [DMS](https://www.deadmanswitch.com) to pass along instructions about how to access it after you’re gone.
Trezor was my very first back in ‘14. Solid device. I now have their **Bitcoin-only version of the Safe 5**. It’s not air-gapped but it **uses PIN & passphrase** so I’m beyond more than comfy w/ it. For everything else tho I’d jumped on the Ledger bandwagon [why? I still don’t know] and rode it for years til I finally was fed up of replacing them cuz of the battery issue and just said “ok enough if that”. So jumped ship on Ledger & grabbed a SafePal in ‘21 after jumping ship on Ledger. Was I interested in it cuz it’s air-gapped. Im kinda hooked on the air-gapped tech now, plus that one is just a solid device all the way around. But as of early last year I’ve now been using the Ellipal Titan 2.0 [airgapped], best I’ve had thus far. And just released last month is the Ellipal X card [also air-gapped]. I’d tried out the Tangem cards & really liked em so I’d been excited for the Elli-X since its announcement. Got a pak, they just arrived last week, SUPER SLICK. Comes w/ a cool little Starter box for using to set-up, duplicate, recover & migrate [supports 12-24 seed].
Model T is better than others even with secure element. Shamir Passphrase SD Card removable that links SD to device physically with encrypted PIN Open Source It's the best choice.
One might store assets in a safety deposit box on a cold storage device with a strong PIN. One might also use a [DMS](https://www.deadmanswitch.com) to pass along instructions about the location and PIN for when one is gone.
a lot easier to social engineer (or guess) someones 4 digit banking PIN out of them if we are being completely honest with ourselves
I don't have a credit card. Don't know what you mean with visa feature. But to be fair, I have configured contactless payment on my bankcards, so it's possible to do transactions under 30 euros with them without PIN.
When was the last time you used a PIN code with a CC purchase? Even debit cards have a visa feature now.
All of them still have a PIN code, so for each of them you have a 3/10000 chance to be able to use it.
These hardware wallets have a sseed phrase just like hot wallets. In fact, if you put the incorrect PIN three times it wipes and you have to enter your seed phrase on it again. You can purchase a new one and enter your seed phrase and everything comes back. You can enter your seed phrase into a hot wallet and it all there. Losing or destroying your hardware wallet means nothing as long as you have your seed phrase.
I had a wallet secured with a 12-word seed phrase and a PIN code. It was eventually compromised through the Exodus wallet app. The only times I ever entered the seed phrase were when I initially used Jaxx, and later when I migrated to Exodus. Exodus never requested the PIN - that may have been specific to Jaxx. When I imported my seed phrase into Exodus, it prompted me to create a new password. After that, I could access the wallet using only the password, without needing the seed again. Unfortunately, in January, my Ethereum Classic (ETC) was drained. I lost around $200. That experience convinced me to stop using software wallets. No matter how careful you are, there’s always a risk your funds can be stolen - and you often won’t know until it’s too late.
*I dropped this into another thread asking a similar question, so just copy pasta'ing it here:* Burner Bitcoin might be worth checking out. It’s a credit card sized NFC wallet with a secure chip, no seed phrase (uses a PIN instead), no firmware to update, and no software to install. Just tap it to your phone and it opens BurnerOS in the browser so you can manage your BTC. It’s on sale for $9 right now (normally $19). I’d grab a second one and make a backup in BurnerOS. I don’t think I can post the link here, but DM me if you need it. Happy to answer any questions. (Disclaimer: I’m on the team that built it, so I’m probably a little biased. But tbh, I do feel it’s a solid option, especially for gifting and onboarding.)
The security of your hardware wallet when it's outside of your possession isn't what you need to be focused on protecting, it's the security of your seed mnemonic Do your roommates know you self custody bitcoin? Do you trust your roommates? I'm assuming you don't -- because this thread you started -- so you shouldn't tell them that you self custody bitcoin Your hardware wallet has a PIN number for access, and should allow for it to factory reset itself after a certain number of incorrect attempts. That will protect your roommates from accessing your coin. But where did you backup your seed mnemonic? Does that also live in your rented room? If your roommates found that, that could be disastrous, there's no PIN on top of a seed mnemonic! Except there is. If you aren't already using a 25th word passphrase, do that. That will protect your seed words from theft. Now you're covered, so just one more question: Are you going to spend any of your bitcoin while travelling? No: leave your hardware wallet at home Yes: leave your hardware wallet at home, bring a hot wallet with a small balance
Because it's not like a gold bar, where someone needs to get past the PIN to actually access it. Because evil maid attacks happen.
Hi, Burner Bitcoin might be worth a look. It’s a credit card sized NFC hardware wallet that uses the same secure chip tech found in more expensive devices. No seed phrases (it uses a PIN code instead), no software to install. Just tap it to your phone and it opens BurnerOS in your browser, where you can manage your BTC. It’s currently on sale for $9 (normally $19). I’d recommend picking up a second one as a backup since you can duplicate them for redundancy. I don’t think I’m allowed to share the website link here, but DM me if you can’t find it. Happy to answer any questions. (Disclaimer: I’m on the team that built it, so I’m probably biased. But I genuinely think it’s a solid option worth considering.)
I'm assuming the initial key exchange still requires people to talk to each other in person to exchange a PIN or something similar. And then they can talk over the phone while standing next to each other.
For your ATM card, do you use a 4-digit PIN or a 6-digit PIN?
Your private key is actually very simple. It’s just a very very large number. That’s it. It’s a 256 bit number, so that’s just 101110101011101 etc etc. All 1s and 0s, 256 digits long. The words are just a human readable representation of this 256 bit number. 256 bit would translate to 24 standard English words (from a standard list), and some wallets choose to use a 128 bit private key (half as long) so that translates to 12 words. Both are plenty secure. Note no SHA256 is involved here. It literally transcribes a random binary number 1011001000101…. into words. Each word represents a 11 bit binary. You can google BIP39 word list and look at the mapping. 00000000000 is ABANDON, 00000000001 is ABILITY, 00000000010 is ABLE, etc etc. You can flip a \[fair\] coin, head being 1, tail being 0, do it 128 or 256 times, write down the result on paper and then manually refer to this word list and find out the English words, then you have your seed phrase aka private key. No SHA is needed. \>shares it safely when I need to authorize a transaction No your cold wallet never \*shares\* your private key, not sharing the key is the whole point of a cold wallet. It \*knows\* your private key but it will never disclose it. When you want to spend your coin, you put together a transaction -- like A (you) send 0.1 BTC to B (on this address). Once you (really it's your software paired with the cold wallet) put together this transaction details, it get sent to the cold wallet for signature. Cold wallet \*signs\* it with the private key, but never tell the software what the key is. Think of it like, your cold wallet is a guy hiding inside a secret room with a secret authorisation code, you slip a piece of paper (the transaction details) under the door, the guy picks it up and use the authorisation code to \*sign\* the paper. Once done, he slips the paper back out to you. You now have a signed transaction, fully authorised, ready to broadcast to the world, but you (your software) never get to see the authorisation code (your private key), you only get to see the final produce which is the signature, the signature can go public to the worlds. You must always make good back up of the words. Write it down on paper, or better yet stamp the words on steel plates. Never type it out on a computer, never take pictures of it with a phone (otherwise it defeats the purpose of using a cold wallet!) If you lose your hardware wallet (which holds your key) that's ok because it's impossible (or at least extremely hard) to extract your keys from the hardware, and your hardware is protect by your PIN, if the person picked up the hardware and key in wrong PIN a number of times your hardware just wipes itself clean. etc. So losing your hardware is ok as long as you have a copy of the words, again, that's your private key. You can buy another hardware wallet (even another brand, most are BIP39 compatible) and restore your private again using your words. so ultimately your 12/24 words are what you need to safekeep, everything else can be replaced, you can buy a new phone, a new cold wallet, new PC... as long as you have your words your coins will be safe. \>that is why I can use them to “restore” my wallet? Except that isn’t really restoring my wallet, just allowing me to authorize a new device to use Yes, you're restoring your private key, into any compatible wallet software or hardware. Your bitcoin is just information, it's not physical. It's just a bunch of words that you can memorise in your head and your coins follows you. And no one in the world can stop you from remembering 12 words.
You’re asking exactly the right questions, and they’re very common when people first get into Bitcoin self-custody — so let’s break it all down step by step, ELI5-style: ⸻ ✅ First, you are correct about this part: My actual crypto/wallet is stored on the blockchain. Viewable publicly, but any transactions from that “wallet” can only happen if I know the “keys”. YES. The Bitcoin lives on the blockchain, not inside your wallet. What your wallet gives you is control over it — by holding the private key. ⸻ 🗝 What are keys and seed phrases? • A private key is like your password to spend BTC. • A public key (derived from the private key) is like your bank account number, used to receive BTC. • The 12 or 24-word seed phrase is a human-readable backup of your private key. So, what determines if you get 12 or 24 words? • It’s usually a setting when creating a new wallet. • 24 words = more entropy = theoretically more secure. • 12 words = still secure, but shorter and easier to write down. • Both are recoverable across most wallet systems. ⸻ 💾 What does the Jade (or any cold wallet) actually store? Your Jade hardware wallet stores the private key, securely. Here’s what it does: 1. Generates and stores the private key inside the device. 2. Never lets it leave the device. 3. Signs transactions within the device. This means you can sign a transaction to send BTC, without exposing your key to the internet. So: • Yes, you set up a PIN on the Jade to prevent someone else from using it. • The Jade stores your key and requires PIN access to use it. ⸻ 🔌 What about plugging the Jade into a computer? Yes, you need to connect it to a computer (or use it wirelessly) to interact with the blockchain via a wallet interface (like Sparrow or the Blockstream Green app). BUT: • The Jade is designed to be “air-gapped”: your private key never leaves the device. • Even though it connects via USB or QR codes, all the signing happens internally. • This means even if your computer has malware, it can’t steal your private key — the Jade never exposes it. ⸻ 🔐 Can I receive or spend BTC without unlocking my Jade? • Receiving BTC? ✅ Yes! You can generate your receive address ahead of time and give it to others to send you BTC. (Your address = derived from your public key = not sensitive.) • Spending BTC? ❌ No, not without unlocking Jade. You must connect and use your PIN to sign any outgoing transaction. ⸻ 🔥 What if my Jade is destroyed in a fire? This is where your 12/24-word backup comes in. That is your wallet. • You buy a new Jade (or any other wallet that supports BIP39 — which is nearly all of them). • You enter your 12/24 words to restore your private key. • Boom: You now have access to all your BTC again. The Bitcoin is still sitting on the blockchain, and your seed phrase is the key to it. ⸻ ❓So… why do I need the Jade if all I need is the seed phrase? Good question — here’s the answer: • You can use the 12/24-word phrase directly in a “hot wallet” (like a phone app), but… • Then the private key lives on an internet-connected device, which can be hacked or infected. The cold wallet (Jade) protects your private key by: • Keeping it offline. • Never exposing it. • Letting you sign safely. So it’s like putting your money in a vault with one tiny opening — you can drop in money (receive BTC), but to take it out, you need your hardware device + PIN. ⸻ TL;DR: Cold wallet basics Thing What It Does Blockchain Stores all Bitcoin balances + transactions. Public ledger. Your wallet address A public identifier that can receive BTC. Anyone can send BTC to it. Private key Gives you control over spending the BTC tied to your address. Keep it safe! Seed phrase (12/24 words) A human-readable backup of your private key. Jade (cold wallet) Stores your private key securely + signs transactions without exposing it. PIN Prevents others from using your Jade even if they steal it. ⸻ 🔐 Why it protects you from online attacks Because: • Your computer or phone never holds the private key. • Only the Jade signs transactions. • So even if a hacker controls your computer, they can’t move your BTC without the Jade and your PIN. ⸻ If you’d like, I can walk you through a step-by-step process of buying BTC on Strike, setting up the Jade, and moving it safely. Let me know if you want that!
As I said, the PIN is entered in a trustless way. The password is not however, you type it right into your computer (the password is optional, but allows for a certain degree of plausible deniability if you use multiple passwords to make multiple wallets, AND allows you to protect your seed further in case someone finds it)
I prefer the Trezor One, simply because it's been out longer and has had more time for people to find vulnerabilities. It's also pretty cheap which is great for newbies. I'm sure all their newer products are great too though, and I really like the idea of transferring the unsigned/signed transactions to/from the device using QR codes for a truly airgapped operation. That's one thing I don't like about Trezor one, you have to plug it in, and you have to enter your password through your computer (not sure if that second one is fixed with newer models), but at least your PIN is entered in a trustless way.
KRUX! https://selfcustody.github.io/krux Krux is my favorite hardware wallet. It's free and fully open source, and it runs on off the shelf K210 devices. Right now, the best devices for Krux are the WonderMV ($65) or the Yahboom K210 Visual Module ($45). They have a touchscreen and a camera. The main difference is the WonderMV is metal and the Yahboom is plastic. **The benefits of using Krux as a hardware wallet:** It's airgapped. You use QR codes and a touchscreen. It's stateless. You can use Krux without saving your seed on the device. It's incredibly easy to use yet very advanced. The best way to use Krux is to save your seed phrase as an encrypted QR code. Then create another QR code with your decryption key. With Krux, you don't have a PIN code to unlock the device, since your wallet isn't on the device. Boot the device. Scan your Encrypted Seed QR. Scan your decryption key (or type it). Done! Your wallet is loaded. It's faster and easier to load your wallet on Krux than it is to enter a PIN code on most hardware wallets. The benefit of having a hardware wallet like this is, if the device gets stolen... no worries. Your wallet isn't on it. And if your QR code gets found, it's just a weird QR code that won't scan unless the thief knows it's encrypted and has an app that handles encrypted QRs... and even then... the thief doesn't know the decryption key, so they can't decrypt it. Use a strong decryption key and you've got rock solid security. Krux is free and open source. It's been around for years, but it's been picking up momentum since 2022. They've received grants from Open Sats and have been recommended by Crypto Guide, NVK of ColdCard, Ben from BTC Sessions, and many others. Krux is still mostly under the radar, but they're legit. Pair Krux up with Sparrow Wallet for desktop and BlueWallet for mobile, and you've got the best Bitcoin hardware wallet money can buy, at any price... and it cost you less than $70.
It’s not an extra door… it’s another function after the same door. PIN and physical access let you do whatever with your funds, now it can also enable “Recovery” and export your seed as shards. So it’s no additional security risk because even without that ability, if an adversary could authenticate this far, they would have been able to empty your wallet anyways.
>Ledger Recovery Key: A physical NFC smart card enabling offline private key storage, allowing users to recover access to their assets by simply tapping the card and entering a PIN. It is built with Secure Element, the same technology used in Ledger wallet devices, and is protected by its own PIN. >Compatibility: The Ledger Recovery Key works specifically with the Ledger Flex and Ledger Stax wallets. It connects directly to the Ledger device via NFC communication, with no intermediary involved. I think it's an improvement.
Your 20 word (or 12, or 24) key (seed phrase) can be used to still access Bitcoin associated with that seed phrase. Just buy a new cold wallet, input your seed phrase, and you'll have access again. Cold wallet (physical devices) holds your seed phrase and makes it easier to access your BTC. It usually has its own protection. Example: you set a PIN when you set your Trezor cold wallet up, so you can unlock it with that PIN instead of having to enter your seed phrase each time, or having a physical device lying around that anyone could use to access your BTC if they got their hands on. Most important thing to understand with BTC management is that no device, program, or software "holds" your BTC. It exists on the block chain and you're accessing it through the use of your seed phrase. Similarly though, if someone got access to your seed phrase they likely can access your BTC (some exceptions, such as using a pass phrase, or multi-sig to increase security)
Self custody has its own risks especially over a long period of time make sure you research them * A family member throwing away your hard wallet during a cleaning * Losing the secret keys and or having them stolen * A family member or friend deliberately stealing from you * The firmware for your device getting outdated and software not existing for you to extract the crypto * Forgetting your PIN or passwords * Getting held hostage (a problem in many parts of the world) Make sure you do research and get mitigation techniques like hiding your crypto on different continents (no joke the "Bitcoin Family" does this and of course they have to deal with the possibility the keys get lost) Now that there is widespread awareness of it, bad actors will try to steal your money. The financial institutions and financial system exist in part to protect your money; act outside it and you will have to handle the security yourself (think of all paranoid situations -- nothing is too evil for example fake wallets malware installed on premade computers or even printers and so on)
I once used my PIN code to buy food, went out and back in. Forgot it. Same code I used for 10+ years almost daily. Cannot remember it to this day 15 days later. I was in the process of changing banks anyways so I just left the card and begun using the new one.
So you installed BRD wallet, made a new wallet, wrote the seed phrase down which was stored in a security box that she only had access to. What happened to the phone that BRD was installed on? Was BRD locked with PIN or biometrics? Assuming she didn’t fall for a scam demanding her seed phrase, and the wallet/phone wasn’t compromised from afar in someway the only avenues for attack would be physically on the security box or the phone.
PIN THIS. People nowadays haven't read even the first sentence of the BTC whitepaper.
Only if you’re using an identity theft service, which has been an unfortunate necessity for me for over seven years now. I’ve been a victim of quite a few major data breaches, so criminals have attempted to use my identity for everything ranging from opening bank accounts and new loans to stupidly attempting to file taxes with it. Luckily, the IRS provides me with a PIN every single year for this very reason and I have multiple identity monitoring services, some provided for no cost due to data breaches and others I pay for, such as Aura, who I have been with for many years now. As for my accounts, every single password I have is completely unique and has never been recycled, so in order to get access to any of my accounts, a hacker would have to have every single one of my passwords. For this reason, I imagine it would be an incredible pain in the ass for them to even remotely try to gain access to my accounts when I have hundreds, all different passwords with most having 2FA. Like others have said, I would not fret too much as much of the recent articles are hype, and we have yet to be presented with any real evidence showing that much of this data hasn’t been compiled from old breaches. As long as you’ve done what’s necessary to secure each individual account and aren’t recycling passwords, I wouldn’t panic… at least, yet. Lol. This isn’t the first time it has happened and will not be the last. As my husband (*an IT Technician*) always says, there’s no such thing as a safe computer.
Lot more effort? Last time I did that, I got my sats from my HW to Binance in 12minutes, including typing PIN in Ledger. When on Binance, it's then sold in 1 second.
For something to be outdated you would need to offer something better and more popular. So what do you suggest? Until then seed words and all its extension are not outdated. All the current alternatives imply more complex and demanding solutions than writing down 12 words, and many of them imply more trust/requirements/risks... but if you prefer them they exist (and unsurprisingly many of them still use seed words and just abstract them at some point, because BIP39 is a great standard): social recovery wallets, HW wallets secured with PIN/Pass, Smart Contract wallets on chains that support them.
Check out Cypherock Cover - it’s a non custodial inheritance service by Cypherock. 1. Setup Process: The user configures their Cypherock X1 device, which includes one X1 Vault and four X1 Cards. For each wallet on the device, the user can set up a distinct estate recovery plan. The user designates a nominee (e.g., family member, lawyer) and provides their email address. One of the X1 Cards is given to the nominee. The user sets a reminder interval (e.g., every 6 months) for activity checks. 2. Inactivity Monitoring: Cypherock sends periodic emails to the user based on the set interval to confirm activity. If the user doesn't respond within a 30-day buffer period, the estate recovery process is initiated. 3. Recovery Process: The nominee receives an email with instructions to begin the recovery. Using the X1 Card provided and a Cypherock X1 Vault (which can be purchased separately), the nominee follows the guided steps. The process involves decrypting the necessary information (e.g., wallet PIN) using the hardware, ensuring that the seed phrase remains secure and is never exposed online.