Thread
If you view bitcoin as fuck you money and plan to use it to later on more safely, you generate a private key offline and then send sats to that address after jumping through a few hoops. You save your private key the best way you can and never insert it in any wallet for a long time. It's likely that most are compromised and the public isn't aware just yet.
Replies (8)
Can you explain the last part, not sure to understand properly?
Which part exactly?
"It's likely that most are compromised and the public isn't aware just yet."
What do you mean, that an offline generated recovery phrase is likely comprimised without that we know it?
You are talking about booting tails and generating a seed with Electrum without going online? Or also if we use hardware wallet?
I like this answer better
Brisket
Most people lose their Bitcoin not through a compromised hardware device but through being too clever.
They either hand their key over, lose it or transfer their sats to someone (eg to generate a yield).
Your seed words are the most easily compromised part of the equation. Assuming you don't hand them over, it requires someone to physically locate them (a targeted attack).
You are your greatest threat to your Bitcoin.
Maintaining exclusive access to a secret is not something that we humans are skilled at.
Hardware devices are not the threat that you think they are.
View quoted note →
Are people that bad educated?
I mean, sending sats to an exchange or "service" for yield, I guess some might still fall for it, but it has nothing to do with recovery phrase ("seed") that's getting compromised.
Proper management of the recovery can be tricky at first and some might make mistakes but depending on their threat model and amount involved, that's might still be good enough. When the threat model change and amount get more significant, people can take new measure to improve their strategy.
I would say that most people have a recovery that have been compromised, it means (for me) that someone else got access to it ans make a copy, waiting for the value to be high enough to stell the sats. Or that a copy would theoritically be accessible by a hacker, virus or malware hidden in another software, which should not be the case for a wallet generated offline (on a temporary OS or hardware wallet).
Passphrase, multiple wallet, multisign, miniscript wallets, can all be options to improve and mitigate various risks, with each their pro and cons.
How can we improve users knowleadge to help them figure out what is best for their situation?
All valid suggestions. Each will figure out what works for them.
Most people lose their Bitcoin not through a compromised hardware device but through being too clever.
They either hand their key over, lose it or transfer their sats to someone (eg to generate a yield).
Your seed words are the most easily compromised part of the equation. Assuming you don't hand them over, it requires someone to physically locate them (a targeted attack).
You are your greatest threat to your Bitcoin.
Maintaining exclusive access to a secret is not something that we humans are skilled at.
Hardware devices are not the threat that you think they are.
I would never trust a naked seed generated by a single hardware walletβs random number generator
25th word/passphrase at minimum
Multisig quorum with different hardware wallet providers (and 25th words) even better
Offline manual key generation π€
