Reddit Posts
I lost ALL my BTC yesterday, this is my story so it won't happen to you
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Tuesday December 19th 2023. 7 am EST (6.5 hours from this post). On Kahoot and YouTube Live!
Blockstream jade - what happens if you lose your SeedQR?
Self custody wallet planning for stacking (now) and spending (later)
Gigantix Wallet - The New Era OF Secured Cold Wallet
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday November 20th 2023. 9.30 pm EST. On Kahoot and YouTube Live!
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Please help me with this MetaMask/ Trezor problem.
How to Secure Your Crypto Wallet from Attack and Protect Your funds
Multi-Sig vs. Shamir Secret Sharing: Which Path Will You Choose to Safeguard Your Crypto?
TRIVIA for MOONS - Play Trivia for a chance to win from a pool of 1,000 MOONS. Monday 2 October 2023. EDT - 9.30 pm. On Kahoot and YouTube Live!
Is it possible for someone hack/steal from my hardware wallet?Or is it almost impossible?
Reminder to all the Celsius bankruptcy victims
A 96 yo woman’s letter to her bank. This is why we crypto.
$13,000,000 and victims of Sim Swap 2023
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
We're thrilled to introduce an innovative approach to secure seed phrase storage. Chaindeck, an entirely offline and analog solution that uses a unique deck of cards to encrypt information.
After almost 3 years of work, our small startup launched Chaindeck today! Introducing a new way to store and encrypt seed phrases using a unique deck of cards, completely offline and analog.
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
Blockstream Jade has new firmware. It looks like a nice improvement on an already great device.
Scam protection. It’s up to you and you only.
An Updated SUPER-Beginner’s Guide to Swapping, Bridging and Exchanging MOONs (the complicated way)
New user looking for a good hardware wallet, few questions
Only once you have paid for something with cryptocurrency do you realize how completely insanely insecure credit cards and bank transfers are
The BIP39 Passphrase, and how even the best hardware wallets let us down
The BIP39 Passphrase, and how even the best hardware wallets let us down
Bitbox02: A hardware wallet and it's solution to the open-source closed-source dilemma
How come no one ever mentions the Arculus cold wallet?
"If you opt-in for the service, as a user, you'll have to enter your PIN and consent to the backup process. Then the OS will encrypt and split the shards to send them to 3 different parties." - Ledger CTO
Set up your crypto-recovery plan with your spouse TODAY (STORY)
Everybody always recommends a hardware wallet like a silver bullet, and they're great until you realise that factory pre-sale tampering and fakes can leave you hugely exposed. It's even more plausible recent spate of wallet hacks
Exciting News - LocalMonero / AgoraDesk Free and Open Source Mobile Apps are Now Officially Out of Beta! Happy Birthday Monero!
Today is World Backup Day. Let's make sure your seed is secure and backed up.
How to avoid getting scammed and not lose your coin
Identity solution in Web3: What solution do you use?
what is happening with erc20 transactions ?
My Exchange (will all my savings) was hacked into.
It happened to me! My phone with my wallets was destroyed!
Sorry if this isn’t the right place to ask but I have a few questions.
An Achilles heel of the Cryptocurrency
Hardware wallet/mnemonic seed phrase (extra) security guide, don’t just write it down 1,2,3,4…24
Storing recovery phrases - How to do it right?
Some basic knowledge for new hardware wallets users
Top Quality USA AAA+ fresh DUMPS with Pin, CVVs and fullz also available. Hacking services also available.
Ledger Nano S Plus Cold Wallet button broke... how do I reset it before returning it?
So Coinbase let a hacker trade on my account and offered me 'what is left' from the original $165,000 balance, over 11 days.
Arculus - New Cold Storage - Safe?
An anecdote on how relying on banks is less than ideal...
Blackhole inside Binance. How I was scammed and all my money was stolen. Please, I need your help! Spread the word
I created a free and open source Bitcoin Time Capsule called BTCapsule. It uses the timestamp from the Bitcoin blockchain, and allows you to enter your private keys and check them without exposure to the internet
Vault Finance updates for October 2022! New competitions/AMAs/marketing/developments! Vault is ready for the stratosphere! Their Launchpad & Exchange Novation is picking up steam and quickly becoming the go to platform for all BSC trading! Launchpad is also fully live! Do not miss this project!
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
Digital wallet app development is a major trend in the world of technology these days
Can nyone help me with a blockchain.com fiasco I’m in?
PowerMint Token – A brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Sony, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! (Ending soon!) – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/CG listings around the corner.
PowerMint – A new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
PowerMint – A Brand new era for the joy of gifting! – Digital NFT Gift cards – BTC Rewards – Collaborations with; Xbox, Uber, Apple, Google play and more! – Private sale LIVE! – Liquidity LOCKED! – CMC/Coingecko listings around the corner.
Two critical weaknesses of hardware wallets you need to consider
my lesson with a Seed Phrase...
Protect yourself against SIM card swap attacks by setting up a SIM card PIN
Is a Trezor Model One good enough to HODL BTC compared to Model T?
List of the coolest meatspace bitcoin products available:
Privacy tokens only account for 0.59% of the total crypto market cap and their evangelical communities don't want to talk about it because it is not profitable to do that...!
Watch out for this (new?) BTC scam
My experience with 'cold wallets' after trying almost all of them
Introducing Zeus: A remote mobile lightning wallet that lets you connect to and manage your own node on the go!
A use case of blockchain without internet connectivity
This is my trustless bulletproof inheritance strategy:
How Coinbase Global, Inc.& Verizon Wireless Allowed Someone to Steal $70k from my Crypto Wallet
Beware! Likely Trezor phising scam going on!
"Trezor has experienced a security incident involving data belonging to 106,856 of our customers"
Mentions
I know of following (some might be myself, other might be friends) : - entering extra passphrase from memory few times. all worked to generate receiving address. On future attempts to use incoming funds turned out the passphrase I entered that one time was other than I remember. - lost password to encrypted disk - lost disks. they were in RAID, both died at same time - lost disk, no RAID - lost PIN to device (low value) Most of them lost basically "all of it". Be very careful, people. And don't put all eggs in one basket. Also test each few months do you actually remember.
***MOST*** of Ledger's source code should be available on GitHub. Also, I couldn't care less about data leaks and you shouldn't either unless it is putting your life in danger. If you fall for a phishing email, you're just stupid. Everyone here should care about the actual technology and threat model of their devices. For example, Ledger's operating system runs within the secure element. Your PIN, private keys, applications, etc. are all stored within the secure element chip. As for Trezor, this is not the case. The private keys are not stored within the secure element chip(s), your PIN is. The private key is encrypted on your MCU, not on the secure element.
What is the format of the password? Is it 12, 20, or 24 words? You have a seed phrase. To check the balance and send/sell Bitcoin, you’ll need to enter the seed phrase into a hardware wallet like ones sold by Trezor, Coldcard or Ledger - or into a software wallet like Electrum. Is it a number around 4-8 digits? You probably have a PIN to a hardware wallet. Without access to the wallet, the password is useless and worthless. Is it a single word? Could be the password to an account on a website like Coinbase. You need to know the website, associate email address and have access to the whatever device was being used for 2FA (likely the original owner’s cell phone). It also could be a passphrase, which is an extra word typically used with a 24 word seed phrase. Without the additional words, the password is useless and worthless.
I admire the trust in such gadgets. Type in the wring PIN too often and the BTC are gone. Technical malfunction and it is becoming a digital grave.
Everyone assumes the seed backup is shady, and I get it. But it's really just a feature designed for idiots. You can't turn on seed backup without the PIN to the Ledger. Just like you can't send BTC without the PIN to the Ledger. For people who choose to use seed backup, well, I can't really defend that. You've converted your self-custody into shared custody, which is maybe 10% better than just keeping everything on an exchange anyway.
> i guess my 4 digit bank code is useless too? I mean, assuming its just numbers in your PIN, its already easily cracked. You can break 12-digit or less numbers basically as soon as you ask a modern computer to do it. That's only ~1 trillion combinations or so. Even if you have an 8-digit code with all Unicode characters possible its able to be cracked in under a minute.
It's just an extra layer of protection. So if someone does find your seed, they can't access your funds without the passphrase. Mine is a 20 digit alphanumerical passphrase including symbols, which makes it basically as encrypted as it gets. I even have an x digit PIN attached to my passphrase/seed AND Metamask on top. If you're worried about security, more security is always better.
Decent setup, although I'm not a fan of the PIN either. One system I like is just vanilla 2-of-3 multisig. Stamp the mnemonics on metal and distribute geographically. Keep one mnemonic at home, and memorize one or both of the others. Only requires a single hardware wallet. Keep it stateless. Coldcard calls this [temporary seed](https://coldcard.com/docs/temporary-seeds/), but it can be done manually by just wiping any wallet after use. That way your keys are not even stored on it. Memorizing the other mnemonics means that you can still access your funds without traveling. And if you forget them, no biggie, you just go and retrieve them. If you spend Bitcoin regularly (and you should!), just maintain a Lightning wallet with a small sum that you replenish from your income or from your stash, kind of like a spending account. Regarding the duress thing, it's all about balancing how much you keep in the decoy wallet. If it's not enough, your attacker will ask where the rest is, and if it's too much, you risk losing a lot to the attack. You can setup a decoy wallet with multisig too. Just send the funds to the singlesig wallet that's derived from the one mnemonic you keep at home. By any chance, native French speaker?
How did you get any crypto in there? Or are you really saying, you've not lost the PIN but you don't have the wallet?
You don't need the PIN to know how much is in there.
It's not just like the ledger. The Trezor Model One does not use a (closer source) secure element at all. It’s built around a general-purpose MCU, with fully open-source firmware and hardware, and no closed-source chip inside. Its security model prioritizes transparency over physical tamper resistance, which means it’s more vulnerable if an attacker has prolonged physical access. The Trezor Model T adds an (opt in) closed-source secure element, but it does not store private keys. Keys remain handled by open-source firmware on the main MCU, while the secure element is used for defense-in-depth features like PIN enforcement and physical attack hardening. Trezor treats it as an extra layer, not a root of trust. The ledger keeps the private keys inside the closed source secure element.
Eh? You mean a limit he can set himself? We have that on accounts here in Australia, but it's something you can modify yourself in minutes on internet banking - it's only intended as a limiter on some random getting a hold of your card and PIN and draining the account easily. I have mine set at a really low cap ($200) for cash withdrawal and $500 for purchases, and simply up it in my app temporarily if I need to make a larger withdrawal or purchase. Without having to call anyone it's simple in this app to increased the daily cash withdrawal limit to $2000, and it only takes a short phone call to temporarily increase that to up to 10k for 24-48hrs if needed. You can also withdraw up to 10k in branch without much hassle, but anything over that and they want you to call first. Best to give them notice the day before so they can plan to have some fat stacks ready for you 😎👍 They'd probably question you if you're pulling out tens of thousands, but end of the day it is your money 🤷♂️ That amount of hassle over £2.5k ($5k australian) is fucking nuts, even without any notice. Even the kiosk at the mall wouldn't bat an eye at that lol
You are wrong. A hardware wallet may be protected by A PIN or short password, but that's not the same as a *passphrase* used in the creation of a Bitcoin wallet. "Paraphrase" isn't a thing.
Have you been in a under ground bunker or something? That was like 6 months ago, and well discussed already. Supply chain attack can affect all hardware wallets. The solution is the same as always, buy only from the manufacturer itself, test your wallet with multiple transactions (both directions), use pass phrase and PIN, keep your device and your backups same.
No one should be able to find your hard wallet anyway to even attempt it. 2048 seed words possible with a PIN, locked in a safe within a safe or safety deposit box with a combination only you know is all the security you'll need if you are a small time investor.
It is possible that if he was an OG Bitcoiner, some portion of it is in Bitcoin Core on his PC. The bulk of it is likely on a hardware wallet which depending on the model is maybe a little bigger than a flash drive, and should be locked away in a safe or something. Unfortunately for you, it'll be protected by a PIN or password. Hopefully his seed phrase is in that same safe - it'll be 12-24 words. Since this has been several years it's also possible he had it in a paper wallet. In this case it could be handwritten or printed, and there were a couple different formats people used but you'll know that's what it is by finding seemingly random strings of characters. You'll need to look at some examples online to figure out what format he used and what is the private key. Just a tip: if he was ever into 3D printing, it's a somewhat-common trick to embed your secrets in a print.
If quantum is at a point of being a challenge to crypto, then by that point any PIN or password protection is out the window for banking or any other security.
"In 2021, during a law enforcement search of his home in Gainesville, Georgia, agents found hardware containing the private keys to those wallets (including a device hidden in a popcorn tin)." He didn't give it up, they didn't hack it, they got his device and got it from there. I'm guessing no PIN, no duress PIN, no passphrase, no multi-sig etc. Their own security lapses lead to the govt being able to confiscate it.
Trezors are not easy to bruteforce unless your PIN is something like: 1234 or your birthday. Stop spreading misinformation and read about how secure element works.
Yep. It qualifies as 2FA * Something you have: hardware device * Something you know: the PIN to that device This correction gives me more respect for Ledger for taking a step in the right direction. I hope Trezor and more crypto device signers follow too. It'll take many years to clear up confusion.
Are you taking about the PIN? That’s not a passphrase.
Syfra cards store your seed encrypted with AES‑256 inside a secure element. You can create a backup card or split the seed with Shamir’s Secret Sharing (2-of-3, etc.). Recovery is fully offline: the cards perform cryptographic operations locally and release the seed only after PIN verification.
Create a truly RANDOM seed with high entropy (research this, like rolling a die 128 times) & open source software. Write the seed down ONLY on paper / steel. NEVER digitally!! Make a small test transaction. Wipe the device (assuming this is a hardware wallet) & put your seed in. If you see your test transaction, then YOU'RE GOOD. Next steps are to use a BIP-38 passphrase (not a PIN) to generate a NEW wallet, based off that seed. Store your funds in that NEW wallet, and then stamp/engrave your seed into 2 or 3 stainless steel plates, stored in various locations. Let your family know where the seed plate(s) are... but come up with a dead man's switch that gives them a treasure map to where the passphrase & other personal passwords might be.
I went with Best Wallet for day to day because it felt intuitive, then I added a hardware wallet for long term storage. My routine is seed phrase on paper, app locked with PIN and biometrics, and a small test send before any larger move. I also keep a written restore checklist so I’m not guessing under stress. Starting simple and upgrading in steps made the whole process less scary. That approach may work if you’re just getting set up.
I settled on Best Wallet for hot use since it’s simple and supports strong app locks. For security, I keep it as a spending wallet with small balances, store the seed offline, and enable a PIN plus biometrics. I always double check the address and do a tiny first transaction. Keeping big holdings separate from a hot wallet has helped me sleep better. It may not be perfect, but that setup has been reliable for me.
From my experience, Best Wallet handles my hot funds while a Ledger stays offline for savings. If you stick with Ledger, consider adding a passphrase, turn on PIN auto-lock, and practice a restore on a spare device before loading real funds. I also create a watch-only wallet so I can verify deposits without plugging the hardware in. Metal backups for the seed can reduce the risk of water or fire damage.
When I compared different wallets, Best Wallet consistently stood out for a clean UI and straightforward fee controls. For a hot wallet I want quick sends, good backup, and clear address display, and this one checks those boxes for me. I keep only what I’m comfortable with on mobile and use basic hygiene like PIN, biometrics, and no screenshots of seeds. If you’re moving larger amounts, you can split funds across wallets to reduce risk.
I could not find any independent third-party verification (e.g., security advisories, CVE entries) confirming the exact vulnerability as described (constant digest + nonce reuse in Delta PIN mode) by other researchers or by Coldcard/Coinkite themselves. The blog also appears on a site that strongly markets unrelated products (VPNs, “Vitamin-K”, etc.). That commercial overlay lowers credibility. The tone and style of the blog post is highly dramatic, overly simplified, and oriented toward crypto-fear, which can be consistent with marketing or scam tactics. The vendor (Coldcard) firmware changelog does not publicly reference that specific issue (as per the publicly visible change logs I reviewed). That doesn’t guarantee non-existence, but it means it lacks official acknowledgement.
Trezor Safe 3 solves the mist important problems (the typing on the desktop and the PIN stealing w/o the 2FA). Airgapping seems an overkill for me but YMMV.
I get your point, but that’s not how Tangem works. Your keys are generated and stored securely on the chip inside the card, they never touch the internet or your phone. The app is just an interface, kind of like mirroring your phone screen to a TV, the TV shows what’s happening, but can’t actually control your phone. Also, Tangem isn’t a blind signer, you can clearly see all transaction details in the interface before approving anything. Honestly, it’s safer than tiny hardware screens where it’s easy to make a mistake. Here’s the flow: you review your transaction, tap the card to your phone, then enter your PIN. Everything has to be confirmed step-by-step, so there’s no way to accidentally send funds. Not saying Cypherock is bad, just that with Tangem, your keys are stored inside the card, not in the app and it’s definitely not a blind signer. You can verify every detail before you approve.
Get a Trezor, jump through the hoops with respect to creating a new wallet with a recovery phrase and all that… and just hand it all over to them; the codes and the PIN for the Trezor. You could also keep a copy of the recovery phrase in a safe place in case they lose it all.
#WELL NOW WE KNOW WHO TO PIN THIS ON ^/sitwasalreadyobvious
Hello! It seems your Trezor is now in anti-brute-force mode. This security feature activates when multiple incorrect PIN attempts are made (even accidentally). Each wrong attempt increases the waiting time exponentially, that’s why it’s showing 1000 seconds to verify your pin. Have you been able to resolve it now?
The Trezor PIN entry system implements an exponentially increasing delay after each failed attempt to prevent brute-force attacks. The delay doubles with every incorrect PIN entry, meaning the wait time follows a power-of-two progression (2, 4, 8, 16, 32 seconds, etc.) After 16 consecutive incorrect PIN attempts, the device automatically wipes itself, rendering the PIN ineffective and requiring the recovery seed to restore access
You’re obviously entering the wrong PIN
Just in case this needs to be repeated: coins are NOT stored in the wallet. The term is historical and we are stuck with it. The coins reside in the cloud (on the Bitcoin network) in the form of a globally accessible ledger file, aka. blockchain. The wallet OTOH is like a web browser mixed with an authenticator: it gives you access to the funds on the network, similar to logging in to your bank page with, say, a USB secure stick (your money in the bank is not stored in that stick!) So it sort of feels like a "wallet" but it's important to know that losing it or damaging it is like losing a web browser: a non-event. The only thing that must be protected is the seed phrase and the PIN used to unlock the "wallet".
I basically set up an old phone with Lineage OS that is all the time offline, they know the PIN to unlock. Inside there is Electrum.
They can't recover seeds, at least according to their website. If you still have your device and PIN, you can recover it, but to my knowledge, no device, no PIN, no seed, it's gone forever
Your data on Web3 is only as safe as your key management, approval habits, and the off-chain stuff you connect to. My playbook: split wallets (burner for mints, hot for daily, cold vault on a Ledger/Trezor), use Safe with 2-of-3 for anything that hurts to lose, and turn on the passphrase/25th word on hardware. Never grant unlimited approvals; set exact amounts and regularly clear with [revoke.cash](http://revoke.cash) or Etherscan’s token approvals. Use a simulator wallet like Rabby or Pocket Universe to spot drainers before you sign. Lock exchange logins with hardware keys (FIDO2), not SMS; add a carrier port-out PIN. For privacy, assume on-chain is public; if you must store sensitive stuff off-chain (IPFS/Arweave), encrypt first (Lit Protocol works). Set address alerts on Etherscan or Tenderly so you know fast if something moves. For ops: I’ve used Safe and Alchemy for wallet/RPC hygiene, and DreamFactory to expose a read-only API with RBAC to off-chain data so a compromised dapp can’t yank everything. Security comes from strict key hygiene, segmented wallets, limited approvals, and cautious infra, not the word “decentralized.
No. Passphrases are generally used for self-custody, like on a Trezor or Ledger. It’s also an option security measure. You will need to create a PIN, but that gives you access to the device. It’s not a backup for the wallet like the 24 words and passphrase would be.
AI is right. Just follow step 1-8, and your ledger will hold the passphrase protected wallet until you turn it off. At this point, you can use it normally, either with ledger live, or an open source 3rd party app like sparrow. When you are done, unplug the ledger. Then you can plug it back in and repeat step 1-8, this time with a different passphrase. The PIN in step 1 has to be the one for your first wallet - with 24 and no passphrase.
That's what I thought. The real deal is this. This new protected wallet needs to be completely isolated and separate from me. It's for a family member who is not subject to the same tax consequences. In essence I want a real gap between us. If I get her her own Ledger device - can I still put her holdings in Ledger Live but just use a different sign in PIN to monitor the balance? THANKS for your kindness (I really am old)
The thread was about the Jade. Jades are Bitcoin only. Not sure where Ledger came into the conversation. If you are working with a Bitcoin only device, using the term "crypto" is obnoxious. Whatever. You can use any hardware signing device to generate unlimited numbers of private keys. Those private keys are derived from generated mnuemonic seed phrases. Whether you use dice or coins or online computer programs or hardware signing devices, same same. You can generate your words via dice and then enter them into a Ledger. You can generate them via coin flips and then enter them into a Trezor. You can use a web tool and then enter them into Sparrow wallet. It's all the same. Some wallets, like Jade and Cold Card, have the ability to sign transactions air-gapped. They use either QR codes or PSBT's transferred back and forth via SD card. The Jade Plus can do both. When it comes to "temporary signing" or "stateless signer" you are talking about using a hardware signing device in such a way that the private key does not stay on the device at all times. Each hardware wallet deals with private key safety in a different way. Most use a secure element chip, like credit cards do. The keys stay on the secure element at all times and you gain access to function via a PIN or password etc. Jades are unique in that they don't have a secure element. Blockstream has what is called a Blind Oracle that functions as a way to protect your private keys without a secure element but that requires authenticating back to Blockstream when you unlock your Jade (assuming you are not using it as a temporary signer). Blind Oracle requires physical connection via USB cable or Bluetooth. This by definition makes the Jade in those modes not air-gapped. To use the Jade, or any other air-gap capable signing device, as a temporary signer means to literally wipe the device after every use. Nothing more secure than a device that doesn't even hold any private keys. Each time you want to use the device, you must restore your private keys to it. You can manually restore via your seed words or you can speed the process along by scanning a QR code of your seed words. Either way, once restored you can use the device to sign transactions. When you shut the device off, it wipes itself. Rinse and repeat. When I recommended you go watch tutorials I was referring to Jade specific tutorials. I feel like you would have a better understanding of how the Jade works specifically since that was the scope of the original post. On the reference to the last word be generated by the Jade. The last word of any seed mnuemonic is always a checksum. Most people don't realize that you can't just smash together BIP39 words at random to produce a valid seed. There is more structure involved in the creation of the seed and the final word is always a checksum. That is not specific to the Jade.
The biggest real risk in 2025 is session/token theft and wallet-drainer kits, and tight basics still stop most of it. What’s working for me: move everything you can to passkeys and FIDO2 security keys, kill SMS 2FA, and use number-matching pushes only. Lock down email since it’s the master key: separate alias for recovery/exchanges, disable auto-forwarding, review filters monthly, add a hardware key to your mailbox. For browsing, bookmark-only access to exchanges/bridges, never ads; separate browser profile (no extensions) for money stuff; enable Chrome Enhanced Protection or NextDNS/Quad9 threat blocking. Crypto: hardware wallet, turn off blind signing, allowlist withdrawal addresses, set daily limits, and keep hot wallets on a separate phone with no sideloaded apps. Defend against AiTM: sign out all sessions monthly, prefer device-bound session tokens where available, and monitor with Have I Been Pwned/1Password Watchtower. SIM swap: carrier port-out PIN and no phone numbers on accounts. At work we use Okta for SSO and Cloudflare Zero Trust for browser isolation; for internal APIs, DreamFactory adds RBAC and per-service keys, which helps given the token-theft trend. Prioritize phishing-resistant auth, session hygiene, and wallet isolation-that’s the sane 2025 stack.
How will you ensure that your children get to it later in the event you/your wife will be somehow incapacitated (I.e. if you die tomorrow, will it be lost? ) I ask because I self custody and I don’t write PIN / seeds around the house..
If you’re holding long term, move to a hardware wallet and practice a full recovery before sending the full amount. For devices: Trezor Safe 3 (open-source, easy UI), Ledger Nano S Plus (secure element, broad app support), or Coldcard/Blockstream Jade (more advanced, great with Sparrow). Buy direct, verify firmware, and set a PIN. Consider a passphrase (25th word) only if you truly understand it and can back it up separately. Do a loss drill: wipe the device, recover from the seed, confirm your receive address matches a watch-only wallet (Sparrow/BlueWallet via xpub). Make two metal backups of the seed stored in different places; never digital. For exchange withdrawals, use TOTP (not SMS), withdrawal whitelist, and a hardware security key; lock your mobile account with a carrier PIN. At work we use Cloudflare Zero Trust for access controls and Bitwarden for secrets, and DreamFactory to gate API keys and roles; same least-privilege mindset keeps your crypto safer. Bottom line: get a reputable hardware wallet, drill recovery, and keep the seed offline.
They haven't seized the crypto then have they, if the fraudsters can still access it. They probably just seized a hardware wallet and don't have the PIN to unlock it, so they can't move the crypto somewhere safe.
This is not how a hardware wallet works. I have a Trezor hardware wallet. If I lose the physical wallet, I can buy a new one and with my 20 seed words it will be the same as my old hardware wallet. It's basically just 2 factor, you have a software like TrezorSuite, your physical Trezor plus your seedphrase (plus PIN and password). The only thing you should never lose is your seed phrases. Honestly I would just learn them by heart, it's 20 words, sounds a lot but I wrote them down over the course of a few days and it's pretty easy to remember.
Things get messy with PIN, because it is in a way same to a seed phsrase you need to store and have "access" to. This is the gap we are tackling at RITREK - we build a self custody solution to this exact problem, with pre signed, timelocked transactions to a fixed destination.
You can't, unless you have still access (with PIN) to a hardware wallet set up with that phrase.
Nah, seed phrase. The PIN just locks the app.
Are you locked out of your current wallet (lost PIN, damaged device) or are you simply wanting to check and see if your seed phrase is correct, but still have functional access to the cold wallet?
If someone steals *any* device, security depends on how it’s set up. * A Sparrow wallet on an air-gapped laptop with a strong passphrase is not “easy to brute force.” * Hardware wallets also rely on a PIN/passphrase — same principle, different packaging.
I like Blue Wallet. Especially the Watch-Only option, and the Duress PIN option.
It would help to say what kind of wallet or exchange it is. If it is a self-custody wallet, and you do not have your PIN/password and also lost your seed phrase, you are out of luck. If you still have the seed phrase, buy a new hardware wallet, enter the seed phrase there, and will have access to your funds.
1. I think it's good to include a pop-up message stating the number of transactions made with the address. like having "0 transaction made with this address" will be a huge help. Another one is having a PIN or Unique signatures. If there's a mismatch then the transaction will not proceed. Can be an OTP. 2. also have the option to block suspicious addresses and spammers also with the assistance of AI flagging across all blockchains. also with a pop-up message or report stating "Address has been flagged for scams and illicit activities" 3. Dumb Human Readable Smart contracts and Anti-blind signing. Will probably reduce user error. AI assisted which converts codes to human readable phrases. 4. Devices that are secured and private. Almost all Phones and PCs are not securely equipped for these types of attacks.
If the payload was stealing bank details instead of corrupting crypto tx it would have gotten a lot further I think. It just needs to be as secure as - throwing your debit card at a web site tbh. Granted you're sharing a high-level take but welking into circle k and buying a coke is more financial risk than your grandparents would have been comfortable with. People don't like the "big numbers" and being told stuff is confusing ... makes it confusing. Don't share your bank account info (printed on those checks in plaintext) and don't share your PIN right? For several of the alst years, Big american banks have paid more in fines for their own fraud than the sum total of all documented crypto scams in that same calendar year. That's before even touching on the amount of fraud they process. I hear you but, "as safe as shoving your bank card in a gas pump without checking for a skimmer" is as secure as most people are going to need. Also, the entire vector an attack here, this isn't even a 'crypto' vulnerability.
One option is a stateless signer where the mnemonic seed isn't stored on the hardware wallet, like Seedsigner. But for normies, choose a reputable open source Bitcoin only hardware wallet with a secure element, and choose a suitably strong unlock PIN
OP: Keep your recovery seed locked away in a bank safe deposit box, then use a passphrase both memorized and written in a separate location. The thief would not likely escort you into the bank with the gun at your head. Tell them the PIN to your HW is also locked in the bank SDBx if you want. Keep weapons in your BR to use in case of a home invasion. But in any case if someone gets inside your house & has a gun at your head, that’s an extreme scenario that could end up with you being dead if you don’t give them something. If you tell them all your BTC is in an EFT & you don’t give them anything, you might be killed. If you feel that’s a reasonable concern, keep some cash on hand to give the thieves so they feel they scored & hopefully leave you. One idea, keep an HW w/ most coins hidden behind a passphrase, keep a small % of your coins in the main wallet, give them the PIN & HW so they can help themselves to the amount they see.
“Im worried about quantum computing and bitcoin.” Meanwhile Bank PIN code: 6969 Bitcoin key: 01101001010001010001010101001010100010101000101100011010101010100011010110100001010101001010101010100010111110101010001111001010100101001010100010100101000101000101001010100010100010001000101010100010101000101010001010100010101010101000001111010101010101010101000001010101010101010100101010101000000111101010101010100100101010001010100101000010010101001010101001010101000101010000101010101001
OP, if she has the physical hardware wallet without your PIN, how would she move the assets? You have the seed phrase access too. Why not just move the assets elsewhere? And since she stole the hardware wallet, the address the assets move to can be anyone’s address. The judge will know you are the most probable person to have the seed, but it could mean that you can get the BTC back and then go do what is necessary.
Your account is somewhat confusing. If I understand correctly, she stole the hardware wallet and the seed phrase? Were they stored together? Or did she look up the seed phrase on the wallet? Was a PIN or password required to access the hardware wallet? There is usually at least one layer of security in addition to the seed phrase. Also, it sounds as though she told you the seed phrase in conversation, after having presumably memorized it. Is this correct?
You need to have a hardware wallet with you, and a copy of seed at somewhere safe. If your hardware wallet is stolen and the thief doesn't know your PIN, it is OK. You just buy another hardware wallet back home and restore it with the seed. If you are a maxi and has no money other than bitcoin, you can put a small portion of it in a hot wallet like Proton. Then you can access it with username and password from any computer. A copy of (pocket money) seed in google drive will do the same.
okay I did get this to work by importing the XPub into Sparrow. I guess it had to be done that way though I don't know exactly why I already had a watch only wallet for that same xpub still this is not exactly a stateless seed signer. I still have to connect to my phone with Bluetooth in order to have it verify my PIN. That's the part I'm trying to avoid.
You’ll need either the recovery phrase or the PIN. There is no other way to recover the funds otherwise.
If a user encrypts a seed phrase with his own passphrase, then he has to write the passphrase somewhere. It's simpler to write the seed phrase But what if there's an encryption method which doesn't require remembering or writing a passphrase? You don't need a LLM. I think the Vault12 Web page answers the questions https://vault12.com/learn/cryptocurrency-security-how-to/seed-phrase-backup/ I'm not advocating this company's services, but the page does (in a biased way) cover your question They're saying that using encryption is a safe way to have a digital copy of the seed phrase. But encryption is only safe if the decryption key can't be guessed. Your "encrypted hard drive" example suffers from the user having a weak password to decrypt his drive. Is there a way to have secure encryption without prompting the user to supply a passphrase? Not really. But there's a partial compromise which is better than most users' idea of secure - the biometrics (face ID or fingerprint) on your phone. Vault12 doesn't say whether they're using this, or some other method Aside: Vault12's "network of Guardians" key sharding method will frighten away most potential customers. But that doesn't matter. The concept of making an encrypted copy of a seed phrase doesn't require sharding You shouldn't be able to screenshot your recovery phrase in an Android wallet. But nothing can stop you photographing the screen with a different device. Either way, this exposes the image to data exfiltration malware, from the moment you make the image until it's encrypted. Also, unless you tell your Android not to store all your images in the cloud, it will be stored in the cloud - probably encrypted, and encrypted using your biometrics. If your device hasn't captured your biometrics, Android falls back to your PIN, password or 9-dot grid pattern To avoid asking the user for a passphrase, "modern" phone security is based on lesser things. Are these encryption methods good enough? So far, they are. I"m not aware of any reports of cloud storage being hacked if encrypted using these methods. The advantages of biometrics are * the user's data isn't exposed to his own weak password/passphrase * the user doesn't have to write or memorize a passphrase * the data is always accessible, even after losing a phone --- There's also the Block BitKey, released in 2024. This is a hardware wallet without a seed phrase. Instead it uses 2-of-3 multisig. One set of keys on the device, one set of keys on the user's pone, one set of keys held by Block. And the device itself relies on biometrics - it has a fingerprint scanner
how can you not remember a simple PIN? idk dude, good luck
Not a technician here, probably there is a certain risk, but what about everything else like stuff that has a four digit PIN or a user and email, that can be hacked way easier with quantum..?
ADA ain't even that risky. but yes it's good along with LINK or SUI for a similar level of risk. To get even riskier take a look at something like POL and CRO For a lottery ticket maybe check out PIN
POL, LINK, ADA, CRO, SUI (and a small bet on the microcap: PIN)
I can't sell, I lost my CC PIN, but I have my seed, so I ordered a new one.
Phantom and MetaMask are convenient for daily use, but for 10–15 years of storage they carry serious risks—if your phone or PC gets hacked or you sign a malicious transaction, your funds can vanish instantly. Hardware wallets keep your keys offline, so even if your computer’s compromised, the attacker can’t steal them without your physical device and PIN. If the device breaks, you usually recover with your seed phrase on a new one, though paper backups can degrade or be lost over time. That’s why some long-term holders prefer solutions like the Cypherock X1, which removes the single seed phrase risk by splitting your private key into five encrypted pieces (1 vault + 4 cards) using Shamir’s Secret Sharing, needing only any two to recover meaning you’re safe even if the main device or some cards are lost or damaged.
You would have to open two safes miles apart in separate locations to recover my wallet. If you stole my hardware wallet, it’s useless without the PIN. I sleep like a baby.
What is the difference between remembering 20 words and remembering a 4 digit PIN? But yes, it is good to think of backups. And you can split up the backups in a creative way in various locations that make it less susceptible.
Exactly what I did with my brother last year. Ten months later, this past weekend, I got him to admit he has no idea where the keywords are. Nor what the PIN to the device was.
VIP must be a big help! I personally use PIN and lighting pay, worth looking into.
Yeah tbf thats actually better than what I remember it. I personally use PIN and lighting pay for DCA.
Just some ideas to consider: * Buy trezor direct, and verify security features intact (box seal, hologram, no pre-loaded firmware etc) * Install BTC only firmware * Crate multi-share backups, preferably stamped/ engraved on metal, distributed across multiple geographic locations. No digital copies whatsoever * Set a strong PIN on the device * Test recovery, and transfer only a small amount to begin * Have dedicated passphrase wallets for different purposes - spending, long-term storage etc * Use exchange wallets only for short-term purposes * Store device securely * Use a dedicated computer for transactions, or at least a separate user account from your day-to-day use * Practice good personal cyber habits * Ignore/ verify any emails from Trezor, and especially don't click on any links * Keep firmware update, but only via the official app * Only ever enter passphrase in the app
It's not that difficult. 1) Get a cheap open source hardware wallet. Define a secure and familiar PIN. Store the device safely with you or close by. Make sure the source and package is legit. Beware of phishing, sponsored links, fake firmware updates. Using BTC only options will help you in that way. 2) Make at least two copies of your seed phrase, store them in different secure locations. Paper is OK. Never store it on notepads, password safes, clouds, photos. Use security seals (void evidence) to know if anyone else have read your words. 3) Define a passphrase that you are familiar with and that you use regularly, so you don't forget it. Make at least two different backups of the passphrase, online synced, on an encrypted file or password manager. Make sure that losing access to one account (Microsoft, Google, Apple, etc) doesn't stop you from getting it back. Don't make any physical copy of it, don't keep it close to the seed. Ideally you will have 3 copies of your seed phrase, all secure and independent of each other, 3 copies of your passphrase, all unlinked from each other and from the seed phrase, and the access to the hardware wallet if everything else fails. If your wallet value is getting uncomfortably high, repeat the process for a new one and split the value between the two. Never type your seeds on a keyboard, always on the hardware wallet device.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access the box after you’re gone.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access the box after you’re gone.
> The thing with hard wallets though, you can lose them, or they’re stolen or get damaged Your seed phrase is the backup of your wallet. The first thing you were supposed to do when you created your wallet is write down your seed words. That's true for hot wallets and cold wallets. If your hardware wallet gets lost or damaged, no worries. Get a new one and restore your wallet by entering your seed phrase. If your hardware wallet gets stolen, a thief will end up with a wiped device after a few incorrect PIN entries.
The main goal of a hardware wallet is to store the private key, so you only need to enter the seed phrases after resetting it. Most hardware wallets do need to enter the PIN code every time the device is booted as an additional layer of protection.
A PIN is only a password to enter a specific hardware wallet. One doesn’t need the seed phrase at all in this case, only the PIN. They just need the original hardware wallet in working condition. A passphrase is a password to enter a specific wallet. You don’t need the original hardware wallet. Never make a succession plan or a seed backup plan that involves a hardware device working. It might not when the time comes.
How is that any different functionally from a PIN? It sounds like you could also send someone your PIN and accomplish the same thing. if they still need your seed phrase to access the wallet then they still need both. It sounds like it's basically a really long PIN.
My trezor has 12 word recovery seed and a PIN #. Am I missing something?
>one PIN that unlocks your 24 words and another PIN that unlocks the wallets behind the 24 words + passphrase Those pins are device specific, right? I have to import the 24 words and passphrase onto a new device sometime soon. I'm pretty sure what the first pin is, but maybe not.
Robbing Bitcoin is not a crime? It is in the UK and US. Where are you from? Also threatening someone's life with a wrench is also a crime in most places. If someone has my wallet and PIN they can drain my bank account before I can do much. If someone has my cash, it's never coming back. If someone takes my car it's not likely coming back either.
The 24 words are standardized, technically you don't need a hardware wallet to access your funds, you can use any tool to get to the private keys derived from the 24-word seed phrase. The passphrase (25th word) is a feature of the BIP39 standard (and probably others) and is optional, but yea it's usually not recommended to use it. I think the best use case is, for example, on ledger you can have one PIN that unlocks your 24 words and another PIN that unlocks the wallets behind the 24 words + passphrase, so if you are forced to unlock the device, you can unlock the "normal" wallets. Would need to have some funds and activity in them to make it believable though.
Your 12 words is your paraphrase. That is enough to recover the coins. The PIN is to use the trezor itself and allow it to sign transactions.
Store your assets on a cold storage device with a strong PIN in a safety deposit box. One can use a [DMS](https://www.deadmanswitch.com) to communicate how to access your box after you’re gone.
You could store your assets in a safety deposit box on a cold storage device with a strong PIN, and then use a [DMS](https://www.deadmanswitch.com) to pass along instructions about how to access it after you’re gone.
Trezor was my very first back in ‘14. Solid device. I now have their **Bitcoin-only version of the Safe 5**. It’s not air-gapped but it **uses PIN & passphrase** so I’m beyond more than comfy w/ it. For everything else tho I’d jumped on the Ledger bandwagon [why? I still don’t know] and rode it for years til I finally was fed up of replacing them cuz of the battery issue and just said “ok enough if that”. So jumped ship on Ledger & grabbed a SafePal in ‘21 after jumping ship on Ledger. Was I interested in it cuz it’s air-gapped. Im kinda hooked on the air-gapped tech now, plus that one is just a solid device all the way around. But as of early last year I’ve now been using the Ellipal Titan 2.0 [airgapped], best I’ve had thus far. And just released last month is the Ellipal X card [also air-gapped]. I’d tried out the Tangem cards & really liked em so I’d been excited for the Elli-X since its announcement. Got a pak, they just arrived last week, SUPER SLICK. Comes w/ a cool little Starter box for using to set-up, duplicate, recover & migrate [supports 12-24 seed].
Model T is better than others even with secure element. Shamir Passphrase SD Card removable that links SD to device physically with encrypted PIN Open Source It's the best choice.
One might store assets in a safety deposit box on a cold storage device with a strong PIN. One might also use a [DMS](https://www.deadmanswitch.com) to pass along instructions about the location and PIN for when one is gone.
a lot easier to social engineer (or guess) someones 4 digit banking PIN out of them if we are being completely honest with ourselves
I don't have a credit card. Don't know what you mean with visa feature. But to be fair, I have configured contactless payment on my bankcards, so it's possible to do transactions under 30 euros with them without PIN.
When was the last time you used a PIN code with a CC purchase? Even debit cards have a visa feature now.
All of them still have a PIN code, so for each of them you have a 3/10000 chance to be able to use it.