Well, it's not quite as straightforward as that.

A 12 word seed phrase provides 128 bits of entropy. A 24 word seed phrase provides 256 bits of entropy. This much is true. However, all bitcoin private keys provide, at most, 128 bits of security. So the security of the private keys generated by a 24 word seed phrase are identical to the security of the private keys generated by a 12 word seed phrase (provided, of course, that the seed phrases were not generated insecurely).

12! is very easy for most home hardware to bruteforce, as I explained above. Also, ASICs are useless when it comes to brute forcing seed phrases.

Not quite sure how you arrived at your number there, but it's incorrect.

Picking 12 words out of 2048 gives 2048¹² = 5.444*10³⁹
But if you consider the checksum, then the number of valid combinations is 2¹²⁸ = 3.403*10³⁸

There is no point having a multi-sig if all the wallets are on the same device - you don't achieve any additional security. You could set up a multi-sig between your computer and your phone, however.

If you want to use an airgapped wallet, then you will need a second device which can be permanently airgapped (i.e. never connected to the internet at any time). If you can't have a second device, then a somewhat less good alternative (but still better than nothing) would be to use your current computer via a live OS while disconnected from the internet.

Just write down the 12 word seed phrase Electrum gives you. That is all you need to completely restore your private keys and access to your coins. There is no need to back up or even look at your individual private keys. Similarly, you do not need to back up the wallet file, and indeed, doing so adds more risk since it is harder to secure a digital file than it is to secure a piece of paper with 12 words written on it. The only reason you would need to back up the file itself would be if you had added labels to a bunch of addresses or transactions and you wanted to back those up.

Spammy, trash "news" site posts clickbait!? I'm shocked!

12 word seed phrases, when properly secured, are perfectly safe. If you reveal all the words, then of course it becomes unsafe. A scrambled 12 word seed phrase has only 12! = 479,001,600 possibilities. Add in the fact that on average 93.75% of the possibilities can be discarded for having an incorrect checksum, that only leaves 29,937,600 possibilities which require you to derive an address and check for funds. This is an easy task on even fairly modest home hardware.

The moral of the story is don't scramble (or do any other weird "tricks") to your seed phrase. The chances are either you will achieve nothing useful, or you will go too far the other way and lock yourself out of your wallets. Just write them down and store them safely.

Don't take this the wrong way, but have either of you actually used a real DEX before? I often see people on these forums talk about how DEXs are complicated, DEXs are high risk, newbies can't use DEXs, etc., but they have never actually tried one themselves.

DEXs are not any more complicated than CEXs. Different, yes. But that doesn't mean more difficult, it just means different to what you are used to. I would argue that having to create an account on a CEX, and then send off all my documents and a selfie while holding today's newspaper with the name of the CEX written on it, and then wait 5 days for approval, and then have to do a video confirmation, and then wait another 5 days, and then link a bank account, and then wait 3 days for my transfer to clear, etc., etc., is significantly more complicated than opening a DEX and being ready to trade in 5 minutes.

There have been literally billions of dollars worth of crypto stolen via CEXs, and millions of users have had their private information leaked, hacked, shared, or sold, via CEXs. With a DEX, not only have such attacks not happened, but such attacks are largely not even possible since you don't hand over your data or your coins in the first place.

Full nodes do not scan the entire blockchain for every transaction they receive - doing so would be computationally infeasible in a reasonable time frame and the whole network would grind to a halt. Rather, each node checks each new transaction it receives against its UTXO set. This allows the existence of pruned nodes, which download each block from the genesis block in order to verify them and build their UTXO set, but do not need to store them to be able to verify future transactions.

Which was almost entirely luck. This vulnerability could very easily have resulted in millions in losses.

Neither. It's better to keep your coins under your own control by using your own wallet and DEXs, and not have to trust a third party at all.

Have a read of my post here: https://bitcointalk.org/index.php?topic=5415683.msg61049268#msg61049268

I consider any entity which actively works against the privacy of all bitcoin users by funding blockchain analysis, and actively works against bitcoin itself by enforcing government sanctioned blacklists, to be malicious. I do not think such a stance is in any way crazy.

I wouldn't say it is fud. There was a legitimate vulnerability, which thankfully (this time) was picked up when only minimal damage was done. What if the bug went unnoticed for months, and resulted in losses of hundreds of millions which Binance were unable to cover?

This is part of the risk you take when using closed source software like Trust wallet. It can be filled with all kinds of bugs and vulnerabilities, and no one would be any the wiser until it is too late.

When bitcoin was first launched, if you wanted to use it you had to run your own node, which was interacted with via the command line. Far too technical for the average user. Now you can simply download an app on your phone and you are good to go.

Using various scripts manually is perhaps too technical for the average use, but that doesn't mean there is no solution to that problem. In fact, the average user can create timelocked transactions right now using Electrum and by simply typing in a block number they don't want the transaction to be spent before in the relevant box in the GUI.

It's actually 4MB.

The point he is making is that the red words also all appear on the BIP39 word list. And actually Cantsay has missed out "like" and "sound". So in that line of text, you have 23 words which could be part of your seed phrase. There are 1,352,078 ways to pick 12 words out of 23 if you assume you have the correct order. If your order is incorrect, then that becomes up to ~648 trillion possibilities, which is clearly an impossible task.

This isn't true at all. Once you send your coins to a centralized exchange, they have full control over them and you have no freedom whatsoever. You have absolutely no guarantee you will get your coins back and you have no guarantee that the centralized exchange will allow you to use them or spend them in the way that you want.

Have you not been paying attention to the news? FTX, BlockFi, Celsius, Voyager, 3AC, the list goes on. Literally dozens of exchanges in even just the last few months which have collapsed and taken all users' funds with them.

There was a vulnerability in Trust wallet in which it generated key pairs and addresses in a insecure manner, allowing funds to be stolen. It wasn't via social engineering.

People simply don't care until it affects them personally. We see small centralized exchanges collapse or scam all the time. But lots of people on here, Reddit, Twitter, etc., were sure that the likes of Celsius and Voyager were too big to fail and were perfectly safe, right before they lost everything. Then everyone was definitely sure that FTX was too big to fail, right before they lost everything. Now everyone is definitely sure (for real this time!) that Binance is too big to fail.

The same applies to your data. Everyone is happy to send all the documents needed to steal their identity off to literally any random internet stranger that can set up a website or copy the code for some shitcoin. Nobody cares until suddenly their identity is for sale on the dark net and they are now on the hook for $100,000 in debt someone else took out in their name.

No offense, but that's an awful idea.

You shouldn't trust your own memory to remember a seed phrase; you definitely shouldn't trust the memory of a child. Easy for them to mix up a few words and then you've lost access. Also, what will you do when the children stop visiting?

Secondly, you have no idea just how many people will hear them repeat the song. They might go around singing it in public, on a bus, on the street, etc. Simply hoping that no one realizes it is a seed phrase is a recipe for disaster.

You should write them down and find three different secure places to hide them. Even if you hide all three together, this will still be significantly more secure than teaching your seed phrases to a bunch of children.

You don't need to meet at all and the bitcoin being traded can be placed in escrow prior to the trade for safety. There are plenty of platforms such as Bisq and Robosats which have such a system in operation.

Not correct. Trading peer to peer on a CEX is not in the least bit private or secure, since the CEX watches everything you do, reports it all to blockchain analysis companies, and has complete control over your bitcoin while the trade is taking place. You cannot trade peer to peer on a CEX - it is always peer to CEX to peer, with the CEX being a centralized third party. All CEXs which offer "peer to peer" are simply using the term as a marketing gimmick - it isn't actually peer to peer at all.

Absolutely, but my point is you might Google "Which stock to buy" and then read a few articles about a bunch of different stocks. You don't just Google "stocks" and see $WTF pop up and immediately put all your money in to it.

But for some reason people Google "bitcoin wallet", click on the first thing they see, and end up with some trash like blockchain.com or Trust wallet, and do no further research until they run in to problems.

If you have not funded it and haven't copied any of the addresses out of it (so there is no risk that you or someone else send coins to it in the future), then you can delete it. On Electrum for mobile, open the wallet, tap the wallet name at the top left, tap "Wallet details", and then "Delete Wallet" at the bottom. On desktop just open the wallets folder and delete the specific wallet file.

Why not just use Tor? It is very easy to download and install (https://www.torproject.org/download/), is ready to use with zero additional set up, avoids all the problems with clearnet, and most importantly provides you with better privacy.

You would not open a bank account by Googling "bank account" and clicking on a random result.
You would not buy a car by Googling "car for sale" and clicking on a random result.
You would not choose a stock or ETF to invest in by Googling "buy a stock" and clicking on a random result.

Why then would you pick a bitcoin wallet by Googling "bitcoin wallet" and clicking on a random result?

A simple search of this forum would quickly reveal many topics about Trust wallet where people point out it is closed source and a poor choice of wallet.

Meaningless. You have no idea what is happening in the closed source portions of the code. Perhaps they are sending your seed phrase in plain text to Google, as other closed source wallets have done in the past.

So dedicated that Binance have been hacked multiple times and now Trust wallet has a critical vulnerability as well.

I mean, millions of users have lost everything from centralized exchanges scamming, going bankrupt, or simply locking accounts, so not holding your own coins is the biggest risk. There is also the risk to your privacy of course. Not only do you have zero financial privacy with the CEX monitoring everything you do and where your coins come from and go to, but you also have to hand over all the information and documents necessary to steal your identity and ruin your life.

This is just factually incorrect. Binance have been hacked multiple times, both for coins and for data, not to mention the possibility of a bank run or other external event they can't control. Coins on any CEX, Binance included, are never safe.

They are a business which should be focused on self custody and security, and therefore not support protocols or ideas which compromise their users' privacy or aid blockchain analysis companies. We have both agreed in the past how ridiculous it was for Ledger to integrate a KYC credit card - this is the exact same principle.

We know that some VPNs harvest data - that doesn't make all VPNs useless.

Worth remembering that there is no legislation forcing Wasabi to implement blacklists - they are doing it voluntarily. And if you want some real hypocrisy, go and check out some of the documentation on their website. For example:


Yes, imagine checking blacklists and making bitcoin less valuable as money!

That's OK. It's not the most straightforward process.

So yeah, the only thing which you should share between your wallets is your master public keys. These will be long strings of characters which begin with "Zpub". You can either transfer these via QR code, via a file, or typing them by hand (but make sure to triple check you didn't make a mistake).

Once you've successfully set it up the wallet, you should fund it with a very small amount of bitcoin. Ensure you can spend it using your phone and laptop together, and also ensure you cannot spend it using just one device.