What if wallet makers go bust? \ stacker news ~bitcoin

pull down to refresh

636 sats \ 14 comments \ @kilianbuhn 16 Feb bitcoin_beginners

The ecosystem of wallets is really good. But what do we do if this won't be the case forever?

What if you have a Wasabi Wallet or Blue Wallet or Ledger or whatever and it stops being supported, updated. The simple answer, of course, is to remember your 12 words (or 24 or 25). But then what? 🧐

Do we need wallet manufacturers to be not only open source but also open finances such that we know how much money they have, how much money they burn and how long burn rates they have left?
If no, how should people know if their wallet is still being updated? Debanking yourself also means taking responsibility. But are people ready to stay informed if their wallet still is supported?
Do we need all wallets to remember their 12 words and derviation path and BIP so they can recover their Blue Wallet on Wasabi?

What do you guys think? Is this a reasonable topic to worry about?

My question of the day: Have you ever recovered a wallet on a completely different software than where you created it?

Yes, i have63.2%

No, never36.8%

19 votes \ poll ended

view all related items

343 sats \ 7 replies \ @justin_shocknet 16 Feb

Do you consider Bitcoin Core a wallet? Do you have these same concerns with core?

Seed phrases are an open protocol (a dangerous and bad UX that wallets should stop using, Core doesn't use it for good reason, but thats a separate discussion). Therefore individual wallet projects don't matter, because you're using a protocol.

If you're in a position where you're entirely trusting the wallet publisher to stay operational and push updates, then you may as well be trusting a custodial service with your coin.

121 sats \ 4 replies \ @mrsu 16 Feb

Why are seed phrases dangerous? And what is a better alternative?

20 sats \ 3 replies \ @optimism 16 Feb

The main objections are listed here: https://github.com/bitcoin/bips/wiki/Comments:BIP-0039

131 sats \ 2 replies \ @justin_shocknet 16 Feb

Thats a good reference but not what I'm talking about, I'm talking about meeting the end user

#877679

#877702

As for alternatives, what Bitcoin Core does is simply encrypt a dat file... that eliminates most of the stupid ways people lose coin with seed phrases. The people that will forget or fumble an encryption string or fail to backup the file will also fuck up a seed phrase. Compromised devices are a problem no matter what software you use.

0 sats \ 1 reply \ @optimism 16 Feb

Compromised devices are a problem no matter what software you use.

Exactly! And truly securing a device is mostly recurring, time intensive, sometimes high pressure work.

There's definitely something to be said for a security mechanism with less attack surface than your average zero-policy win11 device, but BIP39 offers no security at all in its currently most-deployed form: it is just cleartext. A long-form password to a weakly hashed brainwallet basically (remember those?)

121 sats \ 0 replies \ @justin_shocknet 16 Feb

Yea and I think that's why the HWW cash grab works so well. Setting up a secure device can sound like a daunting task and HWW vendors are happy to sell the self-custody equivalent of a weight-loss pill to users that don't understand the trade-offs (side-effects)

reply on another page

0 sats \ 1 reply \ @kilianbuhn OP 17 Feb

Do you consider Bitcoin Core a wallet? Do you have these same concerns with core?

No because it's unrealistic.

But in theory yes it could have happened in the early days.

If you're in a position where you're entirely trusting the wallet publisher to stay operational and push updates, then you may as well be trusting a custodial service with your coin.

no? what kind of stupid coparison is this 🤣🤣. one can move to a different wallet + literally all other properties of Bitcoin

0 sats \ 0 replies \ @justin_shocknet 17 Feb

No because it's unrealistic.

What do you mean? Lots of people use it directly, and effectively every other wallet app is just an abstraction over it.

in theory

lol wtf are you talking about?

one can move

So why are you worried about wallet makers? You seem very confused.

121 sats \ 0 replies \ @kruw 16 Feb

Recovering funds from Wasabi Wallet into other software is a unique case because Wasabi uses BOTH Segwitv0 and Taproot derivation paths under a unified balance. It's not difficult to recover since it uses BIP39, you simply have to restore your seed twice.

You don't have to worry about recovering your funds if Ledger goes bankrupt: Their project is closed source, so they will simply rug pull your private keys before they let themselves go broke.

The existing friction is that there seems to be additional wallet recovery formats being created as time goes on instead of consensus being formed around one format. Electrum has their own standard, BIP39 is the dominant standard, LND uses 'Aezeed' seeds, and now SLIP39 is being pushed as a replacement of BIP39 by its creators.

105 sats \ 0 replies \ @senf 16 Feb

You can test this yourself. Spin up 12 words and put them into a wallet, and note the first receive address. Put the same words in other software or hardware and note the receive address, it'll be the same. The mempool is pretty empty at the moment too, so you could do it with sats sitting in a UTXO without wasting too much money if you feel like that would be more meaningful.

You do also need the same derivation path, to be clear. That part is usually done in a standard way, but if your first wallet does something different you won't see the same info in other wallets without specifying your derivation path.

0 sats \ 2 replies \ @mister_monster 17 Feb

I've never understood this assumption that software needs to be constantly updated. Something works fine at one time, why change it? It's one thing if something new happens that's pretty cool or better or whatever, but constant updates aren't really a necessity.

Yes, you need to know your derivation path and mnemonic standard in addition to your words. This adds a little complexity, but the truth is most people either don't know there's a difference or assume someone else will remember the details for them.

We have a supply chain issue in bitcoin. You cannot generate a mnemonic without a computer due to the checksum. I've done it, the last step is tedious trial and error that you need a wallet for. You cannot sign a transaction without a computer, which is fine I guess, this is complex cryptography after all, but it means we rely on at the very least hardware wallet manufacturers. These supply chains can be interrupted.

0 sats \ 1 reply \ @kilianbuhn OP 17 Feb

I've never understood this assumption that software needs to be constantly updated. Something works fine at one time, why change it?

because underlying OS APIs change and security holes will be found

there is no such thing in software as doing it once and keeping it forever. 🙅🏻‍♀️

0 sats \ 0 replies \ @mister_monster 17 Feb

I see that, security updates, APIs changing for security reasons and what not, but surely the attack surface of just about every OS has gone up, not down, in the process? Maybe its a bad idea to keep changing things that work all the time?

There are reasons to make things better. You don't want to be stuck with the same thing that was invented a hundred years ago. But this thing, where if you write some software today that, unless you work on it basically full time just to keep it working it just won't work in even 10 years without a full time legacy support team, that's senseless.

0 sats \ 0 replies \ @abe35dbcf0 17 Feb freebie

Hey! That’s an interesting question. I’ve had some experience with recovering wallets, even when switching between different software. It’s a bit tricky, but totally possible if you have the recovery phrase and know what you’re doing. If you’d like, I can share some tips I’ve picked up over time. Feel free to DM me if you want to chat more about it!