There are a lot of issues with such a concept.

Either it is placed on the outside of the device, in which case it could easily get destroyed in such an event as an earthquake, or it is placed inside the device, in which case the range will be very short (if at all) given that the signal needs to penetrate the stainless steel in order to get out. I suppose you could engineer a device encased in stainless steel with just a very small antenna reaching the outside of the device, but you are now adding a lot of cost. You would need to access your back up semi regularly in order to recharge or replace the battery, which increases the risk of it being discovered. And then of course anything which can broadcast a signal can have that signal intercepted or detected by malicious attackers. The last thing I want on my back ups is any kind of wireless connectivity which could be used by an attacker to locate them.

Better to simply have at least two back ups stored geographically separately.

It's on the back of a larger decline. 2 months ago BUSD had a market cap of $22 billion. Today it is only $12 billion.

These are the risks you take if you decide to use a centralized exchange. Centralized coins, centralized tokens, centralized wallets, centralized KYC. You are risking your coins, your data, your money.

Maybe not, but they can be sure to face months of stress, paperwork, and legal costs, in order to clear their name and prove it wasn't them that withdrew a few hundred thousand dollars worth of stolen money. Or maybe instead of laundering money in their name, the criminals just open some credit cards or take out some loan in their name, and wrack up a few hundred thousand dollars worth of debt, which again will take months and a lot of legal costs in order to clear.

Having your identity stolen can literally ruin your life. KYC should not be taken lightly, especially when centralized exchanges have proven time and time again that they are incapable of keeping your data secure.

One of the flaws with BIP39 is that it requires a known wordlist. Another flaw is that if you do not know the wordlist being used then you do not know whether or not what is being entered is a valid BIP39 seed phrase or whether it has a valid checksum. Electrum only displays "BIP39 (unknown wordlist)" if the user manually checks the "BIP39 seed" box. Electrum is assuming the user knows what kind of seed they are using. Electrum is not able to say "This is not a BIP39 seed" because it could very well be a BIP39 seed using a different wordlist.

This is not the fault of Electrum. It is the fault of BIP39, which Electrum is supporting as best as possible given these flaws.

As above. If you enter words from the common English BIP39 word list, then Electrum will indeed show you an invalid checksum warning. But if you enter words not on this wordlist, Electrum (or indeed, any software) is not able to tell you whether or not your checksum is invalid because it does not know the wordlist you are using. This is a flaw in BIP39, not Electrum.

Usually yes, although Bisq also has options for cash via mail or cash deposits at someone else's bank.

It's not so much that they would immediately share it (since they don't collect it in the first place), but rather that if they were required to by law enforcement they would request KYC documents from you. If you don't hand them over, your account is terminated. Although I'm not aware of this ever having happened, it is likely they must include some such statement in their Terms of Use or else they would be shut down. Still, if you don't like those terms, then just use Bisq.

Almost certainly. They don't need a wallet in core, and indeed, they don't even need a full node. A pruned node would suffice. They don't care about blocks or historical transactions at all - by the time a transaction is in a block it is already too late for them to steal. All they really care about is a way of maintaining a well connected mempool in order to quickly receive any newly broadcast transactions. For each incoming transaction, they will presumably have something like a huge lookup table database combined with one or more bloom filters so they can as quickly as possible determine if they have the private key for each address.

For now. No guarantee that won't change. And there are plenty of examples - Terra Luna for example - of centralized shitcoins becoming worthless or being frozen overnight.

But even then, you simply can't force people to run software they don't want to. It's like the CSW nonsense for example. Even if he succeeds in getting a developer to code a method to allow him to steal Satoshi's coins, other developers won't merge it. And even if they do, nodes won't run it. He'll just end up forking himself off to BSV2 while bitcoin will continue on unaffected.

Whereas with centralized shitcoins (like BSV or any of the Binance shitcoins), if the owner decides to start stealing coins which aren't theirs, there is nothing you can do about it.

Meh, let them try. China banned mining and the hash rate dipped for all of what, a month?

They will trawl forums like this one, Reddit, Twitter, etc., on the hunt for private keys which have been shared. Then they import those private keys in to their software, which generates the corresponding addresses and watches them for any incoming transactions.

Other sources of private keys they could import include hacked cloud storage, hacked password manager databases, hacked email accounts, brain wallets, and so on.

Simply search for any 51 character string beginning with "5", or 52 character string beginning with "K" or "L".

Tell me about it! Every time I move some bitcoin to a cold storage wallet, I lose it within 24 hours. Every damn time!

Might as well save yourself some time here and just engrave your seed phrases directly on to your firearms.

What a coincidence! I also lost my boat in an unfortunate boating accident.

I agree with Loyce. If you are already running a device 24/7 anyway to host a node, then it costs you nothing to have a script running on that device watching a database of compromised addresses and waiting to sweep any funds which appear. And when we occasionally see transactions like the one Loyce mentioned of ~0.84 BTC, or the one in the post I linked to above of almost 1 BTC, that is more than enough incentive for several people to continually run bots. Each individual will be hoping that their database contains unique addresses, or even actively seeking out unique brain wallets or less common sources of compromised keys.

This is definitely the case. I remember a few years ago looking more closely at coins being sent to brain wallets being stolen - https://bitcointalk.org/index.php?topic=4768828.msg46603379#msg46603379. In short, within only one or two seconds of a transaction being made to a brain wallet, there are multiple competing transactions detected by different nodes attempting to sweep the coins to another address. And bear in mind that as soon as a node has seen one such non-RBFed transaction, it will reject all others, meaning that although we may only see 3 or 4 such transactions across the entire network, there are likely many more than that which are being rejected. Given that we know there are multiple bots running with huge databases of addresses from brain wallets, it is only logical to assume their databases also include all leaked private keys and seed phrases they can find as well.

Things will get quite interesting once full RBF becomes commonplace. Any such transaction stealing coins from a brain wallet or leaked private key could be replaced by another transaction, regardless of whether or not is opted in to RBF. We could end up seeing different bots broadcasting more and more replacements, each paying a higher and higher fee, trying to steal the coins for themselves. Since there is no incentive for any one such bot to surrender and let another bot win, then such transactions could just escalate until the entire value (or close to it) is paid in fees.

If you use a proper DEX like Bisq, then your money is never deposited to a centralized wallet. They never have control over your coins and so there is never any concern about getting your money out safely. This is in stark contrast to any centralized exchange, which takes full and completely ownership of your coins as soon as you deposit, both practically and legally speaking, and can do anything they like with them.

Using Bisq as an example again, there are both mediators and arbitrators who can get involved in the case of any mistakes or disputes. You will find them much more responsive and much more helpful than any centralized exchange's support desk.

QFT.

People said the same thing about FTX, Celsius, Voyager, BlockFi, and all the other collapsed exchanges. And all these collapsed exchanges were telling their users that everything was just fine right up until the minute they suspended all activities and froze all their users' coins. Any centralized exchange is only ever one bad decision, one hack, one piece of legislation or regulation away from the same fate.

Sure, but my point is that it remains incredibly cheap for a criminal to buy your KYC documents and open an account in your name in order to launder money. KYC does very little to prevent money laundering; all it achieves is shifting the blame on to some innocent person who had all their KYC documents leaked/shared/stolen/sold from some centralized exchange.

Then there is no point in using a brain wallet at all. If you are going to back up your private keys on paper, then backing up the string you used to generate those private keys alongside them provides zero additional redundancy or protection. And so in that case, it is far preferable to use a piece of software like Bitcoin Core to generate a random private key in a cryptographically secure way and back that key up, instead of using a very insecure brain wallet method to generate a key.

Sure, but generating wallets and private keys is not something which should be experimented with. There are provably secure ways of generating wallets and keys, which all good wallets will use. And if you don't trust any software, then you can flip a coin to generate physical entropy. Anything method or scheme you come up with yourself will almost certainly have huge vulnerabilities.

True, which is why after you have written down your xpubs (or indeed, made any back up of anything in any form), you should test your back up by using it to recover from. If you can successfully recover from it, then you know it is correct. The same goes for seed phrases. I would never create a wallet, write down the seed phrase, and then send coins to the wallet before first testing that the seed phrase I wrote down does indeed recover the same wallet.

Having said all that, if you don't want to write down the xpubs then you can of course print them out. In order to generate addresses to send coins to in your multi-sig set up, you must have all the xpubs together on the same device at some point in order to create the wallet in the first place. Attaching a (dumb) printer to that device in order to print out the xpubs introduces very little additional risk.

I certainly hope so! I do think it is important to examine your security set up from every possible angle to protect against loss, disaster, forgetfulness, theft, etc.

Heh. No. of course no attacker will believe that. It's a running joke. Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year.

No. If someone could hack the Github repo and introduce malicious code in to Bitcoin Core, then it would be very quickly picked up and announced in the community and no one would download and use the malicious version, therefore achieving nothing. It is not possible to simultaneously hack every instance of Bitcoin Core which is currently running in order to change the code of every single node. And even if such a thing did happen, the new forked coin would not be bitcoin and every node could just revert to and older non-malicious version of the software and pick up the real bitcoin chain where it was left off.

A 51% attack is a completely different concept and has to do with a single malicious miner controlling a majority of the hashrate. It has nothing to do with hacking Bitcoin Core.

Probably. But there is always the possibility that Binance are banned from operating in a given jurisdiction, and all their customers in said jurisdiction suddenly find themselves with big problems trying to access their money.

We've seen plenty of examples of customers losing their money because of centralized exchanges collapsing or scamming, but don't forget you can also lose your money because of actions of your government.

Well, it doesn't affect me at all because I don't own any centralized shitcoins. Good luck to any US regulators trying to stop bitcoin being mined or trying to freeze my wallets.

I have yet to see any convincing evidence that this is the case, and I've definitely looked for it. It is absolutely trivial for a money launderer to buy the identities and documents of hundreds or even thousands of users on the dark web for only a few bucks, and to use their names and information to open fake accounts in order to launder money. KYC does not prevent laundering - all it does is frame innocent users who have had their data stolen. And given that literally every major centralized exchange has had one or more data breaches in the past, if you go around completing KYC, then chances are your documents will be leaked, stolen, or sold eventually.

I am curious as to what you are trying to achieve by using a VPN and disposable email addresses when you are handing over your real name and information anyway.

Bisq, Robosats, AgoraDesk. More here: https://kycnot.me/

Or until your perfectly legal coins are deemed as "tainted" by some blockchain analysis firm working with the US government, which then puts pressure on Binance to freeze your coins, who are happy to do so since they also buy in to the provably false nonsense of taint.

Unless of course regulators decide that Binance are operating illegally or that the coin in question needs to be shut down. You can quite easily lose everything when dealing with centralized shitcoins through absolutely no fault of your own.

You are just trusting two people instead of one. If you don't want to trust anyone, then trustless solutions are better.

You can spend the coins any time you like. The timelocked transaction can only be mined after the timelock has passed. If you need to spend the funds, then you can do so and then simply replace the timelocked transaction.

Not at all. Create the transaction for 6 months in the future. If you are still alive, invalidate it and create a new one another 6 months in the future.

Maybe it's just me, but it seems absolutely crazy to me that you wouldn't trust your own wife to even know that you own bitcoin, but you are quite happy to trust a bunch of complete strangers (with a track record of terrible security and privacy) to store part of your back ups.