Hello everyone. I’m Hugo Nguyen, the founder of Nunchuk.
Nunchuk is a multisig wallet aimed to make self-custody of bitcoin safe and accessible to millions of people around the world. We recently launched a subscription service called Honey Badger to help Bitcoiners robustly secure their stash while also being able to plan their Bitcoin inheritance in a private, KYC-free manner.
Traditional Bitcoin inheritance solutions have been difficult to set up and to claim. They are often privacy-invasive, expensive, and tightly integrated into existing state institutions. They bear many similarities to a fiat system. While these kinds of solutions have certain benefits and arguably necessary as we slowly transition into hyperbitcoinization, they shouldn’t be the only way or the default way Bitcoin works. With our products and services, we want to change that reality.
I first learned about Bitcoin in 2011. Like most I slept on it for a few years. Started going down the rabbit hole in 2017 and haven’t looked back since. I’ve blogged about Bitcoin, had a couple of commits in Core, and co-authored a BIP on multisig.

I also recently became a dad. Interacting with my newborn gave me an “ah-ha” moment, as it sorta ties everything together / slows things down for me. Kids are probably the lowest time preference thing in life. Who else we are building these tools for, if not our kids? I hope by the time my son turns 18, the term “Bitcoin maximalist” would seem as strange to him as “TCP/IP maximalist” or “Internet maximalist” to us:)
what if nunchuk goes out of business for whatever reason, then what happens with all your multisig wallet setup in nunchuk? where to take the BSMS files to recovery process? Its not like you can use Blockstream Green to recover using BSMS file? can you address this question so your son can recover funds easily, Hugo: thnks
Great question.
We address this in a few ways.
First, Nunchuk was built on open standards. BSMS is a BIP. It is actually a thin wrapper over Output Descriptors, invented by sipa and supported by many popular wallets such as Sparrow and Specter. We also support other wallet configuration formats, such as Coldcard or UR2. This means that you can easily recover wallets created in Nunchuk elsewhere. Here is an example recovery guide.
Secondly, our assisted wallets are all multisig wallets whereas Nunchuk the platform only holds one key, and the other keys are held by the user. That means the user always remains in full control of their funds.
Thirdly, regarding the inheritance planning aspect, we recommend users to use a rolling short timelock. This mitigates the risks of Nunchuk going out of business and also anything unfortunate that might happen to you.
deleted by author
Update on BSMS: Sparrow Wallet now supports it as well !
What's something you believe about bitcoin that few other bitcoiners agree with you on?
S2F was a scam? :)
Seriously though, I think one thing that other Bitcoiners might disagree with me is regarding priorities.
Some Bitcoiners place a high premium on instant payments. Some Bitcoiners place a high premium on privacy.
But I believe without strong technologies to HODL a.k.a. making self-custody safe and accessible to millions of people, none of the other stuff we build matters. Having instant payments or "perfect" privacy is moot if we can't secure bitcoin over multiple generations.
Because Bitcoin is to me primarily a saving technology. It needs to excel at that, first and foremost.
Thanks for your great work and philosophy. I still laugh when I remember that email answer of Nunchuk to some Canadian agency's request on providing customer data.
What is Nunchuk roadmap regarding including lightning in the wallet? Do you plan on expanding the current wallet to also use lightning, or making a completely different one?
It would be badass to see a lightning wallet where you use a Tapsigner to authorize transactions.
Thank you! The Freedom Convoy incident was definitely one of the highlights of the year for us. We are able to laugh about it now, but at the time it was pretty stressful haha.
Integration with LN is definitely a cool idea, and something we've been asked often.
I wouldn't rule that out, but want to stay focused on multisig / solving self-custody challenges first. Once we are satisfied with the state of multisig, we can definitely explore other areas.
The nice thing about waiting is that we'll also get to see LN mature. By the time we choose to integrate, the tech stack and protocol would be a lot more tested and defined. We can build on LDK for example instead of rolling our own ad-hoc solutions.
I love multisig and have it myself! How can we make this more mainstream? Market costs in terms of sats as opposed to Bitcoin?
Multisig ftw!
I don't think it is a matter of costs, but perhaps user education and awareness. Though things have vastly improved, most users still do not self-custody and choose to leave coins on centralized exchanges. That needs to change first before multisig can be more mainstream. So I'd rephrase your question as: how can we make self-custody of bitcoin more mainstream?
I think it will come, but will take time. This is a zero-to-one technology after all. Gold didn't emerge as the dominant form of money over night. It took thousands of years. I don't think Bitcoin adoption will take that long, but we are talking about perhaps decades. (Or who knows? maybe some major fiat currency will collapse tomorrow).
Demand will also naturally rise as the market cap of Bitcoin increases. You'd think twice about leaving a million dollars on a CEX or a singlesig wallet, vs. $50k.
Do you think becoming a dad will affect you/your productivity as a founder?
Great question !
I think becoming a parent is definitely challenging for founders. Raising a baby is a full-time job. Full stop.
On the other hand, it has given me a clear focus and an additional boost of motivation. My time is currently roughly split 50-50 between the baby and building Nunchuk. I've removed all the other distractions out of my life, pretty much out of necessity.
Fortunately my wife and my family has also been super supportive. It also helps that this job allows me to work remotely, so I do have some flexibility. Thank you Bitcoin!
All in all, it's great so far!
As a dad of 2 kids and huge nunchuk fan I can understand that so well, thanks Hugo, you are doing really impressive work here! Dividing my time between my job as a professional musician, my kids and wife and testing nunchuk, giving feedback on github! ;-) (Funman2/Alex71btc)
Hey Alex, great to see you here! :)
Did not know that you’re a professional musician. I was guessing that you work in tech, given the great detailed feedback that you have been giving us. Goes to show how incredible and diverse Bitcoiners are.
And thank you for your continued support of us. At the end of the day, it is Bitcoiners like you that inspire us to keep pushing and improving our products. Cheers!
130 sats \ 1 reply \ @kr 1 Feb 2023
can you elaborate more on how your products fix the problems you see with existing bitcoin inheritance solutions?
Existing Bitcoin inheritance solutions roughly fall into 2 major categories:
  1. Key duplication
  2. Pre-signed transactions
The first one is relatively simple to understand (but not simple to implement), and probably the most common. Basically you would share all your keys and wallet data directly with the beneficiary, as well as the instructions to recreate said keys and wallet from scratch.
The problem with that is that this potentially creates a security vulnerability. You might be confident in your ability to safekeep sensitive key material, but it's hard to say the same for your family. The more copies of the keys you create, the easier you make it for a potential attacker. Furthermore, if the wallet is a multisig or uses a custom setup, the instructions can be quite difficult to follow, especially for someone non-technical. (You can perhaps "mitigate" this complexity by keeping your bitcoin in a singlesig wallet, but this comes at the cost of being more vulnerable to SPOFs).
Pre-signed transactions, on the other hand, require you to lock UTXOs. This technique interferes with your daily wallet usage. Every time you have a new transaction, you'd need to update the pre-signed transactions. You also need to pick transaction fees in advance, which may be problematic as we transition into the fees era, and the fee rate might become more volatile - the pre-signed transactions might get kicked out of the mempool. Last but not least, pre-signed transactions require you to pick the destination address/wallet in advance. This to me is its weakest point. The more time passes, the more uncertain we will be about what happens to the destination wallet. Will the beneficiary still have control over that wallet? Has any of its keys been compromised? etc. A lot can happen in 10-20 years.
Our Honey Badger solution solves this by having a dedicated inheritance key. The beneficiary does not need to know everything about the original wallet/keys in order to claim the inheritance. And we have tried to simplify the process as much as possible. The inheritance key is also time-locked, so you don't have the same vulnerability as the typical key duplication technique.
And of cos with that we are also able to sidestep all the problems with pre-signed transactions, since the inheritance claim happens on-demand on a future date, not now.
Hope this answers your question.
I love the foundation of self-custody you have built. Now it's so easy to onboard anyone. Congrats on becoming a dad Hugo.
Payjoin can improve privacy for everyone and even reduce fee spend in the long term. If there were a tried and tested library to send and receive P2EP payjoin, Would Nunchuk entertain a PR?
Thank you!
Of course and we'd love that. Our built-in encrypted chat might prove useful for the construction of the P2EP transaction. The sender and recipient can exchange UTXOs data securely over the encrypted comm.
Feel free to submit a PR into our core repo: https://github.com/nunchuk-io/libnunchuk/issues
How do you view the other multisig wallets in the space? Are they competition?
I think it's awesome that we have multiple multisig wallets / multisig service providers in Bitcoin. In the past few years, great progress has been made in terms of inter-operability (PSBTs, descriptors, etc.), so that the users don't have to be "locked in" to any particular wallet / vendor. This diversity of choices is great for the end users, and directly contribute to strengthening the entire Bitcoin ecosystem.
If anything, I think multisig is significantly underinvested, especially when compared to something like the Lightning Network. I would love to see more multisig projects / more experimentation in the future.
@hugohanoi Question about security.
I understand with Honey Badger that Nunchuk keeps 1 of 3 keys. But at time of inheritance, with proper authentication, you will unencrypted/unlock the Tapsigner Inheritance key, which you also hold, as well.
It seems that at that time (but only at that time), you will possess two keys, which essentially gives Nunchuk complete control over the multisig wallet and it’s funds (as you will then have 2 keys in a 2 of 4 set up).
So to be clear, at that time, there is at least some counterparty risk, and trust required, that you/Nunchuk will dutifully fulfill your obligation and transfer the funds to the Inheritor, as at that time your are in control. Is that correct?
If so, anything one can do to mitigate that risk, or is that just something that a user of your service would need to be comfortable with?
I like the overall elegance of your solution, but want to be crystal clear on any risks that might exist. Thanks for responding!
The decryption process happens entirely locally on the claimant's device. At no point in time Nunchuk possesses two keys.
Got it.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
Essentially the same process as if you signed a “normal” with your recovery key, along with one signature from your client from one of their keys, to make a transfer.
This makes sense.
Thanks for the transparency and education about your product Hugo!
@hugohanoi Are you able to provide a bit more info here?
When Claimant puts in Magic Words and Backup Password from Tapsigner to unlock, and does this in the Nunchuk app, how does this not potentially give Nunchuk access to this key and your key (giving you 2 of 3)?
Just want to be completely clear on this and appreciate your time.
You got it mostly correct the first time.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
  1. Encrypted file downloaded onto Beneficiary's device
  2. Decryption happens locally
  3. Recovered Tapsigner's private key now is in Beneficiary's device
  4. Beneficiary selects a withdrawal address
  5. Sweep transaction is created
  6. Beneficiary signs the sweep transaction with the recovered Tapsigner key
  7. Platform Key co-signs the sweep transaction
  8. Sweep transaction is broadcast
You can test this flow out on testnet for free by the way.
Fantastic. Thank you Hugo for the more in-depth answer.
I think your overall solution is very well thought out., and applaud you for your efforts.
I’d also encourage you to add more of this info to your website, to allow potential clients of Nunchuk to have a more complete picture, as this should only serve to have people gain more confidence in what you’ve built.
Does taproot play a role in Nunchuk?
Our app currently supports the singlesig version of Taproot. However, Taproot multisig is where the biggest gain will be. It is definitely on our roadmap.
@hugohanoi Any update on Taproot multisig being launched? Your comment above was over a year ago, so curious if this is any closer to fruition? Thx
We're working on it. It does take a bit longer than expected.
Thank you. Any sense of ETA? I understand it’s not a super easy thing to do!
Posted on Twitter but may as well repost here
Why isn’t this scheme marketed as a social recovery product.
Sure inheritance is fine but near term seems like a no brainer to use the same method to allow trusted recovery for onboarding new Bitcoin users.
Can you explain how Honey Badger works?
Sure !
Honey Badger is an 2-of-4 "assisted" multisig wallet. The platform holds one key (the "platform key"), while the owner hold three keys, including a designated inheritance key. The designated inheritance key is exclusively reserved for inheritance planning, and not daily spending.
This design was inspired by the separation-of-concerns principle. The inheritance key allows us to separate daily security concerns from inheritance concerns.
The inheritance key is timelocked, meaning a beneficiary can only access it to claim the inheritance on a future date set by the owner. Currently the timelock is enforced off-chain by Nunchuk the platform. In the future we will also explore the on-chain timelock option.
Honey Badger also has some other powerful features, such as policy control (for the platform key) and scheduled transactions.
deleted by author
I am still confused on how this solves the inheritance issue. If a person has multiple utxos across different private key setups how would this product work? Put all of your Stash into this honey badger product? I was considering using this product because the current setup is lacking but I am confused how this solution would work.
If a person has multiple utxos across different private key setups how would this product work?
The way Honey Badger works is that it is a 2-of-4 multisig wallet. Meaning any spend would require 2 out of the 4 keys.
The platform holds one key. The owner holds three keys, one of which is a designated inheritance key.
It is this inheritance key that will be released to the beneficiary on a date set by the owner. Prior to the date, the inheritance key will not be released no matter what.
Once the beneficiary has access to the inheritance key (again, this happens on a future date set by the owner), they can initiate a transaction that sweeps the original wallet’s balance to a wallet that the beneficiary controls. Like any other spends, this sweep transaction would require 2 signatures. One would come from the inheritance key that the beneficiary now control. The other signature would come from the Nunchuk platform key. That’s how claiming an inheritance works.
This would work regardless of how many UTXOs the wallet has. The sweep transaction will include all UTXOs.
Let me know if anything is unclear and I’ll be happy to elaborate further.
And if Nunchuck goes bust then what happens?
Great question.
First, since it's a 2-of-4 multisig wallet. Nunchuk going out of business won't affect the owner as they still hold three keys and are always in full control of their funds. They can use old versions of Nunchuk which are available as APKs, or can be compiled from source. Alternatively they can use other wallets such as Sparrow to recover their Nunchuk wallet and move their funds. If the owner is still alive, this would be our #1 recommendation.
Second, if that does happen we will do our best to (a) have a long wind-down period and (b) notify our users well in advance, so that they have all the information they need to move their funds.
Third, regarding the inheritance plan, we recommend our users to use a rolling short timelock. In the unlikely event that Nunchuk ceases to exist and the owner has passed away, the short timelock (we recommend a 1- or 2-year timelock) would allow the beneficiary to react in a timely manner and claim their inheritance sooner rather than later.
Hope this answers your question.
Thanks for taking the time to answer my questions. This is something I think about all the time. I know if I die today my stash is as good as gone but I may look into this solution a nice easy button so beneficiaries of my estate can access my BTC
You’re welcome ! Feel free to reach me directly (@hugohanoi on Twitter, or hugo@nunchuk.io) if you have more questions.