No, it isn't.

Go ahead and use this. You've been warned multiple times. We can't stop you. But don't expect any sympathy when a bot scanning millions of such addresses each second (as is the case with brain wallets) clears out your funds.

"No one will ever know my address comes from a brain wallet, so I consider it safe." - the owner of every brain wallet, minutes before all their coins were stolen.

Are you honestly asking how an attacker could possibly guess public information which could probably be gathered by anyone in the world in 60 seconds by looking at your social media profiles? Lol.

This is effectively a brain wallet. Literally hundreds of thousands brain wallets have been hacked and had their coins stolen because they are fundamentally insecure.

This is just plain incorrect. Fairly modest hardware is capable of generating in excess of 5 billion keys per second. 11 million is literally nothing.

Remembering seed phrases is risky enough. Remembering individual private keys is another level of stupid.

You are wrong.

The site is absolutely filled with third party trackers and cookies: https://privacyscore.org/site/215742/. Mostly from Google but also from YouTube (lol).

Large parts of the site are plagiarized. Just a couple of examples (there are many more):


The whitepaper link is dead.
The terms and condition link is dead.
There is no onion link despite you saying there is one.

I'm also super curious how you intend to coinjoin 1,000 BTC in a few hours and still provide any shred of privacy. The on-chain volume to do this simply does not exist.

So in summary, this is most likely a scam.

I still don't see what this achieves other than adding additional risk that you either do something wrong and trash your entropy, or you do something wrong and are unable to recover your coins.

If you want to add a note about what your private key is for, then just add a note after the private key? I don't see how this:

Is any better to this:

What are you talking about? The last 5-6 characters are a checksum, meaning you are only have 4 random characters? So you've just reduced the entropy of your private key from 2²⁵⁶ to 58⁴, which is around 11 million, and could be brute forced in under a second.

Vanity private keys are a seriously dumb idea. No one should ever use this.

True, but now I'm splitting up a single output in to 12 UTXOs (for example) up to 12 months in advance, and then signing multiple different timelocked transactions to broadcast later for each one with variable amounts (since the price will definitely change) and variable fees, keeping them all secure, and then choosing which one to broadcast at a later date? And this was supposed to be less work than just making a transaction once a month?

Too easily abused. Merchant can sweep it and then respond "That private key was empty, it must have been compromised on your computer/email provider/whatever."

Yes there is.

Electrum uses PSBTs. This is exactly the kind of thing they are good for. OP can create a watch only wallet containing all the necessary addresses from both his hot wallet and his cold wallet. He can use that to create a transaction, export that unsigned transaction, import it in to the cold wallet, sign the relevant inputs, export this partially signed transaction, import it in to the hot wallet, sign the other inputs, and then broadcast it.

Just like they charge almost nothing to withdraw fake bitcoin tokens on their scam chains. Anything to entice people to leave the actually valuable asset - bitcoin - under Binance's control so they can risk it to make themselves profit.

Maybe ask the users of Celsius, Voyager, BlockFi, and others how that worked out for them.

I could always start using bc1qdeckardxs8jqev30gt6m796spdshr23tt552k2 just to confuse things.

They are fine to use as long as you appreciate their risks and drawbacks. The two main ones are malicious similar addresses as described above (although an attacker can do that for any address, not just vanity addresses) and the fact they encourage address reuse.

Why would I bother when I can't do anything with it?

That's the point I'm making - not that I can't review the code, only that far fewer people will bother to do so since they can't use that code themselves.

Correct. But with increasingly powerful hardware becoming increasingly cheaper, it is becoming increasing easier for attackers to mimic existing addresses.

You'll often see people saying something along the lines of check 3 characters at the start of the address and 3 characters at the end. This is completely insufficient. An attacker can very easily brute force an address which matches this criteria, or even 4 or 5 characters. The only way to be safe is to double check the entire address. It takes <10 seconds to do this, so there really is no excuse for ever falling to such a scam.

The problem with this is that as soon as you change the fee, you change the TXID. And as soon as you change the TXID, any child transactions will no longer be valid. This means you cannot create a chain of timelocked transactions, since as soon as the fee changes on one, all the other ones being held to a future date will no longer be valid.

As I mentioned above, the only way around this at present is to include an additional output to the transaction which can then be used to perform a CPFP. But the additional time and cost involved in doing this negates any benefits gained from creating a chain of timelocked transactions in the first place.

Exactly this. Custodian doesn't want to redeem your token? You've lost everything. Custodian is insolvent? You've lost everything. Custodian exit scams? You've lost everything. Etc. And while you are playing around with your worthless wrapped IOUs, the custodian is most likely lending/investing/risking your bitcoin to make themselves profit, as was the case with Celsius, Voyager, BlockFi, FTX, and every other custodian which has collapsed over the past year or so.

It's all one big centralized scam.

True. It's also closed source. You would do well to avoid it.

Again, I would point people to this post from Greg Maxwell - https://bitcointalk.org/index.php?topic=5324030.msg56590276#msg56590276.

A selection of functions does nothing to address all the underlying issues outlined in the post above. The best solution is to just avoid webpage based wallet/seed/key generators.

There was an individual who managed to brute force 4 words using custom code and renting cloud computing. It cost him $350 and took 30 hours. To scale that up to 5 words, it would cost >$700,000 and take 7 years. And this is of course assuming you are 100% certain about the other 7 words, including their order and position.

So in short, it's almost certainly not worth your time to try to brute force 5 words.

According to their changelog, they first applied MIT-CC on everything that wasn't under GPL, and then worked to remove all GPL code so everything could be under MIT-CC.

It is of course fine if he wants to do that. But it is equally fine for people like me to point out that doing so means fewer eyes on the code therefore less security, as well as pointing out it is bad for the space in general. Bitcoin is about freedom. If I'm buying a hardware wallet, I'm picking a company which aligns with that ethos, not Trezor paying blockchain analysis to spy on you, and not Coinkite locking down their code so it cannot be used by anyone else.

It's really not clear what you are trying to ask here.

Any consolidation transaction you can make via a hot wallet you can make via a cold wallet. If you want to send coins from your cold wallet, you simply create the necessary transaction on your watch only wallet first. Create a transaction sending coins to wherever you want, and consolidate all your other coins in to a single UTXO if you want (just be aware of the privacy implications of doing this). Use your cold wallet to sign it, and your watch only wallet to broadcast it.

Absolutely. All you need is a corresponding watch only wallet on your online computer. Create the consolidation transaction on the watch only wallet as you would on any other hot wallet, export the transaction and transfer it to your cold wallet to be signed, and then export the signed transaction and transfer back to your watch only wallet to be broadcast.