Based on handling support tickets for several years: the #1 reason people lock themselves out of their wallets is forgotten passphrases.

(Which was one of the main reasons I wrote this essay: https://hugonguyen.medium.com/passphrases-are-not-the-solution-for-bitcoin-custody-4f967a339b1b)

For multisig wallets, it's pretty standard practice now that you must absolutely back up the wallet configuration file (BSMS or Output Descriptors format). Eliminate most of the issues you listed.

Cool and thanks! Our goal is to continue making self-custody easier and more accessible. It's crucial IMHO, especially with the rise of ETFs and governments looking to make self-custody illegal or cost-prohibitive—to effectively close the exit door as the fiat system runs its course.

That link between users and coders is super important. I don’t spend time writing code anymore, but I was an engineer for 10+ years—from working close to bare metal (i.e., firmware & embedded programming on CDMA/GSM chipsets) to front-end consumer applications—so I completely understand what you mean.

For better or worse, devs tend to live in their own world, often lacking empathy for end users. It happens at all levels of the hardware + software stack.

(It’s probably the same autistic tendencies that make certain people exceptionally good at coding, but at the same time, it’s their Achilles' heel.)

This disconnect is so prevalent in tech that a company like Apple can come in and create a trillion-dollar business just by being insanely focused on user experience at all levels of the hardware + software stack. It’s mind-blowing.

I think we’re witnessing the same phenomenon in Bitcoin. A lot of devs like to tinker with cool things, but barely have experience dealing with end users on a day-to-day basis. Most devs hate doing that; they just want to code. As a result, a lot of projects in Bitcoin so far are cool AF from an engineering perspective, but not sustainable long-term because they don't actually solve a real problem for end users. I hope that changes as Bitcoin matures. Voices like yours are important in bringing about that change. Cheers!

P.S. Would love to hear your feedback on Nunchuk when you have a chance.

You said you weren't trained in coding, but one thing that crosses my mind when reading your post, is that you'd probably make a great engineer! I think that fanatical attention to detail would help a lot.

Thanks for sharing your story.

Very interesting insight. Thanks for sharing @kojisan!

Fair point.

OP didn't say if it was a local or remote setup.

If it's a local setup, your wallet can only be operational while staying within the LAN. Some people might be fine with not having your wallet accessible on-the-go. Most users will probably find that too limiting, though.

Another big benefit of using Electrum server is authenticated connection.

Bitcoin Core, otoh, was never designed to be a backend. Connecting to bitcoind directly uses RPC, which is not secure.

Great post!

If someone is looking for a good UTXO management wallet on mobile, check out what we have built at Nunchuk: https://nunchuk.io/blog/coin-control

Video tutorials: https://www.youtube.com/watch?v=BnHLSB08W2M (by Wicked Bitcoin) https://www.youtube.com/watch?v=ugzdX0Q0Cgs (by BTCSessions)

Nice update! Could you please add Nunchuk to the Watch-only support list? (Nunchuk is no different from Sparrow and Keeper in that regard).

High level: Pretty much all modern technologies require energy at their foundation to work. Invite them to sleep on that first.

Secondly, for money in particular, over thousands of years of intense selection pressure, we've learned a few characteristics of what typically makes money. One of those characteristics is "unforgeable costliness" (https://nakamotoinstitute.org/library/shelling-out/). That is, for a thing to be a good money candidate, it must be costly to make, to the extent that it is extremely difficult to make forgeries of.

Then give the concrete example of gold. Ask them why they think vastly different cultures in different eras all converged on using gold as money? (Fiat was an anomaly). Given their age, they probably have a decent understanding of gold themselves and/or they've seen first hand how people flocked to gold in times of uncertainty, such as in wars, recessions, etc.

Answer: The energy to create gold atoms is unfathomably large (collision of neutron stars). It is impossible for humans to forge gold (even with today's technology). This is precisely why gold was able to become good money. Again, this probably will resonate with them given their age and their familiarity with gold.

Bitcoin actually "copies" this characteristic of gold. Bitcoin mining consumes energy in order to ensure that each bitcoin minted (and the Bitcoin ledger in general) is exceedingly difficult to make forgeries of. If you compare the energy required to synthesize gold, to the energy required to create and maintain Bitcoin, Bitcoin is actually orders of magnitude more efficient than gold. It also inherits all properties of digital things and be able to support (almost) instant, borderless transfers, something gold can't do.

So the general approach here is to give them an anchor (gold), then explain Bitcoin from that perspective.

(FWIW, I also wrote the below article a few years back on the Anatomy of Proof-of-Work. Perhaps a bit too technical for grandpas though.) https://medium.com/bitcoin-tech-talk/the-anatomy-of-proof-of-work-98c85b6f6667

You're welcome!

I see what you mean from the end user's perspective.

Vendors can generally make the process of firmware updates more secure and more explicit/transparent. For example, they can clearly label which firmwares have critical security fixes (and well-maintained projects usually do so), and which ones do not. From there, it's up to the user to make the decision whether to upgrade.

About things that you don't strictly need but want to experiment with: as I mentioned in the article, that is fine, but IMO you'd want to use a separate device for that. Have it as your sandbox: put some small of bitcoin in it and try things out. But isolate it from your main savings as much as possible.

Unless a firmware release has critical fixes, you want to delay upgrading until it has been widely deployed. You want to do this not only because it lowers the chance of accidentally installing malicious firmware, but also because (a) newer firmware might have bugs and (b) many vendors disallow firmware downgrade, which makes the process irreversible.

So on the balance there are things vendors can do to make things easier, but there's a certain responsibility on the part of the user that I think is unavoidable. It might be more burdensome than say, upgrading Linux, sure, but IMO that's the cost one has to pay if one truly wants to be sovereign. After all, securing generational wealth is more critical than maintaining your typical software OSes/applications.

Using a non-deterministic nonce is actually quite similar to this attack (and can be categorized under the same attack class) in the sense that they both involve messing with the process of securely generating a random nonce.

Dark Skippy is just more explicit in how it goes about it, e.g., causing the device to leak private key data into the nonce and/or blinding the nonce with a hacker-controlled key.

Right. Companies can definitely screw up w.r.t. cryptography. Sony PS3 is another famous example that comes to mind: https://arstechnica.com/gaming/2010/12/ps3-hacked-through-poor-implementation-of-cryptography/

Even when the cryptography is correct, the signature is only as good as the person/group guarding the private key. So signed firmware significantly mitigate risks, but don't completely eliminate all issues. (This is why if you're super paranoid, multi-vendor multisig is still the most rational solution).

(Author here.)

If a firmware update includes critical security fixes, then I agree 100% that you should upgrade. However, it's worth noting that a lot of firmware updates (and software updates in general) are about adding features (that you may or may not need). So merely by choosing to upgrade when absolutely necessary, you'd lower the risk of installing a malicious firmware.

All things considered, you are much more likely to lose bitcoin due to self-inflicted user errors than to lose bitcoin due to Dark Skippy. So for new users, I also agree that multisig might not be the best start. Better to start them on a singlesig wallet with a small amount of bitcoin, then help them gradually upgrade to multisig only when they're ready / have a significant amount of bitcoin.

This is great!

Just a small addition: Nunchuk can be used (and often used as such) as a watch-only wallet, with all keys being hardware keys. Similar to Sparrow. @Radentor

Does it really sound that weird? haha (I'm a non-native speaker).

Don't people say "coins", "dollars" all the time? i.e. using plural nouns when referring to units of a currency. Why would "bitcoins" be any different?

If you fail to pay, the wallet'd simply downgrade to a free one, with all keys and signing abilities intact. There's just no advanced collaboration features enabled. You'll still be able to sign, export PSBTs, send them to other co-signers to collect signatures (using out-of-band channels such as Signal), broadcast transactions, etc.

And in the absolute worst case where Nunchuk completely disappears for some reason, you can always recover the wallet elsewhere, such as Sparrow: https://nunchuk.io/blog/wallet-recovery-sparrow

The whole thing was designed to never have any single points of failure.

Try our Finney wallet, which we launched recently specifically to address this problem.

If you want, I can set you up with a free Finney wallet to try out.

Full details in our blog post: https://nunchuk.io/blog/finney

What would be a reasonable price to secure generational wealth for you?

For context, in the Western world and increasingly in developing countries as well, a lot of people spend more per year on entertainment (coffees, movies, etc.) than $250 (which is about ~ $20/month). I personally think it's reasonable, considering that securing your long term savings should be more important than those things?

Casa's inheritance protocol has many similarities with Nunchuk's, with some key differences.

I wrote a review / comparison here, for anyone who's interested: https://nunchuk.io/blog/casa