The story you are about to read was inspired by a common real-world attack. Names and identifying details have been changed, but the core message remains the same: in a spear phishing attack, you can’t give up what you don’t have.

Alex is a PhD student and a bitcoin maxi in their mid-30s. They have long been generally interested in monetary history, the evolution of surveillance, and philosophical discussions of freedom and technology. They first really got into bitcoin during the pandemic, and since then have come to see it as the future of money and their best shot at financial independence. They’ve been putting a little bit away, in their exchange account, every time they get paid for about 6 years now. 

They decided to move their stack off exchange and into self-custody for security, based on their own research, and nudged by a few trusted acquaintances in the bitcoin community. They did a deep dive into hardware wallets, narrowed their final list down to three, and ultimately landed on Bitkey. 

“I like that it’s multisig by default” they say. “I also like that, even if I lose both my hardware and my phone, there’s a way back to my wallet. That’s not something that other 2-of-3 multisig setups can say.”

“Someone is trying to login to your exchange account.”

It was the end of a long week of research. Alex had put in what felt like years at the library and was running on fumes and caffeine. They were wrapping up a marathon session when their phone rang. 

Alex answered. An automated voice said: “Someone’s trying to log into your [exchange] account. If this was you, you can ignore this call. If this was not you, press the # key.” 

Alex definitely wasn’t trying to log in to their exchange account. They pressed # and the call ended.

“Are you in Quebec?”

Minutes later, Alex’s phone rang again. This time it was a real person. 

“They asked if I was in Quebec, which I wasn’t. They then asked if I still had an active account with [exchange].”  

Alex said no, they weren’t in Quebec, and while yes, they did still have an active account, most of their bitcoin was in self-custody.

The caller said they’d send a quick  email with important next steps. 

“They really made it seem like it was urgent—like I was in the middle of being scammed and if I didn’t act now, something bad was going to happen.” 

“Please enter your recovery phrase.”

The attacker stayed on the line. An email that appeared to be from their exchange popped into their inbox. The attacker told Alex they’d stay on the line while they worked through all the prompts. 

“Was this login from Quebec you? No. Next. Do you use a hardware wallet? Yes. Next.”

“The last prompt said something like, ‘Please follow the on-screen instructions. In order to verify the security of your recovery phrase, please enter it below.’”

There was an option to toggle between a 12-word seed phrase or a 24-word seed phrase.

“That one gave me pause,” Alex says. They told the caller that their wallet didn’t have a seed phrase, so they couldn’t enter it into the form. The caller asked what kind of wallet Alex was using and listed a number of popular hardware brands.

Alex said “Bitkey” and told the attacker that it didn’t have a recovery phrase. 

The attacker pressed Alex again, insisting that every kind of hardware wallet has a recovery phrase. If they couldn’t provide it, the security of their wallet might be irreversibly compromised.

A little extra friction

When Alex couldn’t produce a recovery phrase, the caller tried a new angle on the same attack: they asked Alex to download an entirely new wallet, transfer their funds, then share the seed phrase for the new wallet. 

At that, the alarm bells started ringing. Alex knew that something really wasn’t right. They correctly assumed that this was a scam and hung up the phone.

In fairness, had Alex set up a new wallet, moved their funds, and handed over that seed as they were prompted, not even Bitkey could have saved them. But that little extra bit of friction meant that, during the first phase of the attempted scam, they couldn’t just give up the master key to their funds as easily as a password or a phone number. The attack failed.

Instead of losing everything, Alex kept control of their bitcoin. 

Post-mortem: “Until it happens to you…”

 “Any time I see something on reddit or X about someone losing their bitcoin to a scammer, I’m like, that is so dumb. That would never happen to me,” Alex said. “But then it very nearly did.”

“It really was the false sense of urgency—this feeling like my bitcoin was in danger, someone was actively trying to scam me, and all I had to do was follow these steps right away to keep my stash protected,” Alex says. “In reality, I was being scammed, just not in the way I originally thought.”

Looking back, the signs were there.

“In hindsight, the whole thing had all the telltale signs of a scam,” said Alex. “But there were also things that made it feel real. Like the caller had me log in to my real exchange account, so I got a legitimate email from them—just totally unrelated to the scam in progress.”

In this case, Bitkey’s design put a moment of pause between that false sense of urgency and an irreversible mistake. Instead of losing everything, Alex walked away with a decent story and their whole stack intact. 

To learn more about Bitkey (or to grab one for yourself), visit bitkey.world.

The easiest way to avoid seed phrase scams? Don’t use a seed phrase.

Since the beginning of time, scammers have found ways to turn the misfortune of others into a payday. 

Unfortunately, bitcoin isn’t immune. Like cash, whoever holds it owns it, a fact that makes it a prime target for scoundrels and thieves. And the legacy wallet backup that many tout as a kind of superpower—the seed phrase—is perhaps the most vulnerable point in the system.

Seed phrase as low-tech attack vector

While the security of the bitcoin network itself has never been compromised, many people and systems that interact with it have been. “Bitcoin hacks” are more accurately “people hacks”—social engineering schemes that trick people into using malware or sharing information that can lead to compromise. 

In a lot of them—phishing, pig butchering, and advance-fee scams to name a few—the weakest link in the chain isn’t technological at all. Often, it’s emotional. It’s you, buying into a false sense of urgency, a promise that’s too good to be true, or even just having genuine goodwill toward someone who appears in need. 

Whatever the motivation, the result is the same: you, giving something of value, willingly to an attacker.

Perhaps the most insidious bitcoin scams prey on people who have otherwise done everything right: security-conscious people who know enough to keep their keys off exchange, in legacy hardware wallets. 

The worst part? They rely on you giving up your seed phrase, ostensibly the hallmark of self-custody for the last decade and the last line of defense between you and your coins.

Anatomy of a seed phrase scam

Picture this: you get an email from the maker of your hardware wallet. It comes from what appears to be a legitimate email address. It’s branded perfectly. There are no weird typos or turns of phrase. Maybe it even shows your name or home address. By most measures, it passes the smell test, at least at first.

It says there’s been a security breach affecting thousands of users, and that your hardware has been impacted. You need to take action now. 

Or it says there’s a problem with the software wallet running on your machine. Again, it’s critical that you fix this immediately, because your funds are at risk. 

Or their system has indicated that you haven’t backed up your seed phrase. If you don’t back it up at such and such a website in the next 24 hours, it can be assigned to someone else, putting your funds at risk. 

Whatever the scenario, to keep your funds safe, you just need to punch your seed phrase into what appears to be an extremely official-looking website or app or other piece of software. Or here, take this new seed phrase and move your funds, because your old one has been compromised. And you need to do it now. 

Of course, the whole thing was a setup from the start. 

Once you’ve given up your seed phrase, your wallet is quickly taken over and emptied. Or if you’ve fallen for the new seed phrase trick, you’ve moved your funds into an attacker’s control. Whatever stack you had isn’t yours anymore, all because you genuinely thought you were doing the right thing. You bought into a version of reality that wasn’t real. And your seed phrase, which should have been your last line of defense, made it way, way too easy to give away what might be significant wealth.

No seed phrase means no seed phrase scams

I can hear you saying, “this would never happen to me. I know to never, ever give up my seed phrase to anyone, no matter who they say they are or what they say the risk is.” But the thing is: it does happen, to people who thought the same thing—people who have otherwise done everything exactly right. 

That’s the reason seed phrase scams continue to proliferate, targeting even those security-conscious enough to self-custody: they work. 

Even hardcore bitcoiners have tales of friends and acquaintances falling prey because “law enforcement” or “my wallet’s customer service” or “my crypto exchange” called them about a made-up security breach with a false sense of urgency. The setup feels real, the urgency feels real, and so they act in haste and make a big, expensive, irreversible mistake. One with very real consequences.

Part of the beauty of Bitkey’s security architecture is that it eliminates the kind of single nuclear password vector that seed phrases enable—a vector that has been essentially standard-issue across bitcoin before now. 

Seed phrase scams become impossible, because you can’t steal what isn’t there. Not only that, but the cost and technical barrier to steal from Bitkey, compared to simply tricking someone into giving up their seed phrase, is much higher. Instead of simply telling customers to essentially “be careful” with a seed phrase, we’ve designed that single point of failure out of the system entirely. 

As scammers become more sophisticated, and AI tools make it harder and harder to parse what’s real from what isn’t, there is an easy step that you can take to both preserve self-custody and make it impossible to succumb to seed phrase scams: use Bitkey, the self-custody setup that doesn’t rely on a seed phrase as the last line of defense. 

Because you can’t give away something you never had to begin with.

Want to learn more about Bitkey? Visit bitkey.world.

Coin Stories host wants you to know that bitcoin is for everyone. (And you’re still very early.)

“Fix the money, fix the world” means a lot of things to a lot of people. For Natalie Brunell, host of Coin Stories and author of Bitcoin is for Everyone, it means more than a hedge against inflation, 24/7 cross-border payments, and censorship-resistance (but it probably means all of those things, too). Money that holds its value means a shift from short-term survival mode to the kind of long-term living that lets people take risks, start new ventures, and look forward to the future. It means equal access to everyone, and it might just be the key to a reset in the way people relate to each other. We sat down with Natalie to talk personal journey, new book, and her complicated relationship with the American Dream. 

Can you tell me about yourself, your upbringing, your background? Who is Natalie Brunell?

Sure. So I'm a first generation immigrant. I was born in Poland and my family came to the United States when I was five years old in pursuit of the American dream. 

My parents grew up under communism. The American dream was something core to their belief system—that we should have more opportunity and more freedom. That's why they sacrificed everything to come here. I watched them work hard during my childhood and that was shaping for me. 

And then I went off to college and the great financial crisis hit and they lost everything. 

They had been able to finally afford a home. The bubble popped and they had to file for bankruptcy. That was a transformational moment for me. It was the first time I lost hope in the American dream.

Can you say more? What do you mean, you lost hope in the American dream?

I felt maybe it doesn't exist, maybe it's not possible for us all to achieve it. And it made me feel the system has an injustice in it. That fueled my drive to become an investigative journalist. I wanted to expose corruption. I felt the system was broken and the institutions got bailed out at the expense of working class people like my family. At the time, I was blaming all of the symptoms, but not the core problem. I didn’t really connect the dots and understand that the money is broken until I learned about bitcoin in 2016 or 2017. And even then it was a years-long journey. 

What were your initial impressions of bitcoin? How did your thinking evolve over time?

I dismissed it. I thought, it's digital, it could be hacked, it could be replicated, all the things that people believe when they first encounter it. And then someone gave me The Bitcoin Standard and that sent me down the rabbit hole. 

Was there a line or a chapter that really made it click? Was there a moment where it all made sense or was it more of a slow burn?

I will never forget closing that book and thinking, why did I never learn this in school? I had no idea what money even was. I never thought about what money is, who issues it, does the supply matter? Why are things getting more expensive? We take for granted why prices go up. And do they have to? We accept inflation as a given. 

When mainstream journalists cover bitcoin now, what do you think they miss? What do they not get? 

I mean, I understand because I was there. You can't really appreciate bitcoin until you have the foundational understanding of how the system works and what's wrong with it. I think a lot of us can recognize the symptoms, but don't connect it to the money. A lot of people think that there are things that can't be changed: government issues money and things get more expensive every year, and just accept it. I think bitcoin makes you question all of that. 

When I encounter journalists who are more negative about bitcoin, I try to meet them where they are. I do think that a lot of journalists speak negatively about bitcoin without doing all the homework. You should at least do the homework if you're going to speak out against it.

Where did the idea for Coin Stories come from? 

When I was working as a journalist, I tried to report on bitcoin, but my beats were different so there wasn’t really the opportunity to do it justice. 

I started the podcast as a hobby, to learn more and speak with as many people as I could about bitcoin. I saw it as a solution to all the problems that I had been reporting on and had experienced with my own family and I wanted to understand it better and share it with others. My podcast took off and found an audience and I reached a fork in the road: I could either continue as a journalist or take a chance on myself and start a media company. And I took a chance on myself and I'm grateful that I did. 

You have a new book coming out, Bitcoin is for Everyone. If prospective readers get one thing out of it, what do you hope it would be?

It would be empowerment. People think bitcoin is technical, it's hard, we're late. And my message is: you're early. You can understand this, you can be empowered, you can change your life. 

I think that, if we were all economically empowered, it would bring out the best in us in terms of how we treat one another. We would be more collaborative. We would be incentivized to work together more and to build together more and to create a better world for each other. The current fiat system pulls us apart and encourages the worst of our behavior, divides us, causes us to compare ourselves to one another. And it's an unfair system. 

The book is really about what you can do and what we can do together. It envisions a better world for all of us. 

A lot of things in the bitcoin space can get boiled down to a kind of sloganeering, and if you're not already bought in, it can be easy for some people to brush that stuff off. How does bitcoin get out of that space and appeal to folks who are maybe put off by kind of superficial, maybe over-simplistic “fix the money, fix the world”-level groupthink? 

What we need most in bitcoin is more storytellers and communicators. I think the easiest way to grasp bitcoin is to identify the problem first, explain how we got there, and then it’s possible to appreciate bitcoin as the solution. 

I remember, after my parents lost everything, I graduated into the recession. I was cutting my teeth as a reporter and trying to learn as fast as I could. And I noticed that a lot of people were feeling what my family was: everything was getting more expensive and income was never catching up to it. Through history, we've ping ponged back and forth between red and blue, but our debt has continued to rise and the average person's standard of living has deteriorated. 

I think if we focused on actually fixing the money, and we created a system where you could not inflate the money supply, you couldn't change the monetary policy on a whim or because we sided with this version of politics versus another, and you couldn't manipulate it, that would be a system that would reward value through competition.

For people who are still skeptical, what do you say to help them see beyond hype and price charts? 

I think it's healthy to be skeptical. If you're not skeptical, I’d be more concerned. Be skeptical, but take the time to learn. Don't be someone who didn't learn and dismisses something entirely. 

If we look at history, every new technology faces resistance at first, but early adopters are almost always rewarded. I encourage people to realize that we are very early and they're not late. 

The fact that a kid in a developing country has as much access to bitcoin as someone who works on Wall Street is incredible. You can't be in a developing country and acquire a fraction of a beachfront property in Miami, but you can acquire a fraction of a bitcoin. I think it's an empowering technology and I want people to take the time to learn about it before they dismiss it.

What do you think keeps people in ETFs or on exchange rather than holding their own keys in self-custody?

I think it's about convenience. And I feel people don't give themselves enough credit. In our system where we've outsourced everything, it's “trust someone else to do it. It'll be fine.” But taking a bit of responsibility is not a bad thing. 

It's funny to me when people say “I could never take self custody.” This is one of the reasons why I love Bitkey. It says yes you can. It's not hard. Anyone can do it. There are solutions that exist where you don't even realize you're interacting with something technical. I mean, today, I drive my car every day, but I don't know how to put together an engine. I don't know everything about TCP/IP, but I use the internet every day. I think that, moving forward, bitcoin will have more tools and applications that make it easier to use it every day. 

Watch Natalie’s Bitkey demo

Any last thoughts? What gives you hope that this is a real movement, that bitcoin and the bitcoin community is building something that will outlast us all?

The people in the space give me a lot of hope. I've seen bitcoin bring together people from all walks of life, all industries, all backgrounds, all ages. I've never seen a technology that empowers the person who is struggling and needs a lifeline as much as the person in the C-suite. When you send a transaction, bitcoin is blind to whether you're a billionaire or you're broke. And I think that's empowering for the average person: there is a tool that can't be politicized and can't be manipulated. I hope it gets embraced as the neutral tool for freedom that it is.  

This interview was lightly edited for length and clarity. To learn more about Bitkey, visit bitkey.world. And for more from Natalie, check out talkingbitcoin.com.

How Bitkey used Chain Code Delegation to create the first private collaborative bitcoin wallet.

Starting today, Bitkey users can enjoy the safety of collaborative multisig without giving up privacy around their wallet balances or transaction history.

It’s a first for multisig wallets—and another step toward making self-custody accessible by everyone who wants to own bitcoin.

Solving a long-standing tradeoff

With Chain Code Delegation, a new Bitcoin Improvement Proposal authored by current and former Bitkey engineers, that tradeoff disappears. By keeping complete chain codes private, Bitkey’s implementation allows the wallet owner to control who else can see their wallet history.

While a wallet’s UTXO set is temporarily exposed to Bitkey’s servers during a wallet recovery, this data is never logged.

We’re working on a server-verifiability feature that will let users independently confirm that their UTXO data is never recorded—further strengthening privacy guarantees.

What this means for Bitkey customers

This improvement allows Bitkey to offer all three pillars of self-custody—security, usability, and privacy—in a multisig wallet. This feature will be rolled out over the next few weeks. You will see an announcement in your app when your update is ready. To upgrade your Bitkey to the new private wallet, just open the app and go to Settings > Private wallet update.

Built on open standards

Bitkey’s implementation is the first of its kind, but the underlying proposal is public. Chain Code Delegation is an open Bitcoin Improvement Proposal, available for anyone to review and build on.

Our hope is that others will adopt it too—so that privacy in collaborative multisig becomes not a feature, but a standard.

Learn more about the BIP and what it means for bitcoin.

Collaborative custody and multisig setups have long faced a tradeoff between safety and privacy. Sharing a key with a third party—whether for recovery, policy enforcement, or convenience—has traditionally meant giving that party visibility into a user’s wallet balance and transaction history.

A new proposal called Chain Code Delegation aims to remove that tradeoff.

Background

The idea behind Chain Code Delegation is simple: users should be able to benefit from collaborative multisig without revealing their wallet balance or transaction history.

Today, when a third party holds one key in a multisig arrangement, they also hold a BIP-32 chain code, which allows them to derive all addresses in a user’s wallet. This lets them scan the blockchain to see the user’s full transaction history—and, by extension, their wallet balances. This is problematic because it exposes users to third-party surveillance and creates the risk that this information could be leaked, hacked, or subpoenaed.

The proposal

Chain Code Delegation modifies how multisig arrangements share information. Instead of giving cosigners access to full chain codes, it withholds them entirely. When a transaction requires a signature, the user shares only the minimal information necessary to sign that transaction.

This means cosigners can still participate in actions like recovery and enabling spending limits—without learning anything about unrelated transactions or overall balances.

Implications

Now, any multi-party wallet—corporate treasuries or family wallets, for example—can have cosigners that cannot access the balance or transaction history. That means collaborative custody providers can offer the same safety and usability benefits as before, but with stronger privacy guarantees—a privacy improvement for the entire Bitcoin ecosystem. 

Chain Code Delegation was authored by current and former members of the Bitkey engineering team and has been proposed as a Bitcoin Improvement Proposal (BIP) for review and discussion. The goal is for it to be an open, community-vetted standard that any wallet or custody provider can adopt.

Implementation

Bitkey plans to be the first to implement Chain Code Delegation in production. This will allow Bitkey users to hold bitcoin in a private collaborative wallet—something that hasn’t been possible until now.

We invest in projects like this because we believe in making bitcoin everyday money, and to do that we need to close the gap between usability, privacy, and security that exists in current self-custody solutions.

Read the full BIP for details.

Hardware is a critical component of self custody. But it only solves part of the problem.

We all know the mantra: Not your keys, not your coins.

It’s long been the rallying cry for bitcoiners to move their keys off exchange into self-custody, a posture that means nobody but you can move your coins.

But holding your keys is a challenge far greater than most people realize. 

The phrase makes it sound like, as long as you alone hold your keys, you’re good. But it’s not enough to simply possess your keys. Self-custody means protecting them from a wide array of attacks, exploits, and mishaps. And that’s no small task.

You need to be able to keep your keys safe from phishing and malware. Your keys need to survive natural disasters, institutional collapse, and corruption. You need to maintain control of them in the face of confiscation attempts, coercive violence, potentially even betrayal by people close to you. 

Eventually—inevitably—they must also find a safe path to the people you want to inherit them.

The true test of self-custody isn’t just whether or not you hold your own keys. It’s whether or not you can protect them from loss, theft, coercion, seizure, and death, and still be able to make transactions when you need to, without a third party intermediary.

And yet, for years, self-custody has largely been conflated with a specific kind of device: the hardware wallet. 

But hardware wallets only solve for secure signing; they don’t even attempt to solve all the other problems at the core of self-custody.  

The difference between a vault and a pen

Imagine you’re buying a literal vault. The salesperson describes all the features that make it a vault: the thick steel door, the tamper-proof keypad, the mechanism that locks out any user who makes too many incorrect attempts to open it. It’s solid, and it will definitely keep attackers out.

But after you've purchased the vault and your secrets are inside, the vault spits out another copy of those secrets, for you to store outside it. You’d probably be asking, isn’t that what the vault is for? To protect that sensitive material?

This is how most hardware wallets work. While they securely hold your private key, they also export a copy of it in the form of a seed phrase.

At that moment, the device gives up the one thing it is ostensibly purpose-built to protect. It gives you, literally, a copy of the vault’s contents to keep safe in some other way.

That’s not a flaw; it’s a design decision. But it also means the hard part (the true vault part, actually protecting the secret) gets passed on to the user to figure out for themselves. 

Once it has given up its secret as a human-readable seed phrase, a wallet is no longer truly a vault; in fact, it’s a lot closer to a pen. Like a pen, the hardware wallet signs your transactions, but it can no longer guarantee that your secret is safe in a way that you and only you can access. 

It leaves that problem—the real problem at the core of self custody—for the end user to solve.

Self-custody shouldn’t stop at key generation. 

A hardware wallet enables secure key generation and usage–both of which are hugely important. But generating and using keys securely is not the same as owning bitcoin safely. The widespread assumption that hardware wallets are “secure by default” because they’re air-gapped and tamper-resistant is technically true, but dangerously incomplete. 

Seeing a hardware wallet as a complete solution has led the industry to overstate what users are actually being given—a hardware signer—and understate what they’re actually being asked to figure out for themselves: the hardest part of the problem, which is solving for key exclusivity, loss, and legacy.

And that gap—the space between signing and self custody—is where countless users have lost bitcoin, lost confidence, and lost trust in their ability to manage ownership at all. And it’s funneled users into the kinds of custodial systems we are all trying to move beyond.

We have to solve the whole problem.

Self-custody—the ability to hold and transact with your own funds without the need for a third party intermediary—is the point of Bitcoin. But self-custody needs to be widespread, and it only becomes widespread if it’s genuinely safe. 

Genuine safety requires solving custody comprehensively across use, loss, theft, coercion, inheritance, and the messy unpredictability of real life. It doesn’t (or at least it shouldn’t) stop at key generation and secure signing. That’s why we designed Bitkey the way that it is: to eliminate the single-points-of-failure that most hardware wallets leave for customers to figure out, to give users multiple routes to asset recovery when life happens, to let customers pass on their assets to beneficiaries when the time comes. And to make all of those things easy to do.

Hardware signers are essential tools and are a critical part of any custody solution. (After all, we also build hardware signers and believe in them deeply.) But they’re insufficient on their own. They are one important piece of the picture, but true self custody means solving for the whole picture.

To unlock the next chapter of self-custody adoption, we can’t stop at the tools, which are insufficient on their own. We have to build complete systems—ones that are flexible, survivable, and safe by default.

If we really care about Bitcoin’s safe adoption and proliferation, we can’t keep handing people pens and telling them they have a vault.

Want to learn more about Bitkey? Visit bitkey.world.

Arguably the most challenging part of bitcoin self custody is the “self” part–the part that means at some level, you’re responsible for keeping your wallet secure. Bitkey’s security architecture already does a lot to remove the risks of human error from the equation, with multiple routes to recover your wallet if something goes wrong, no seed phrase to keep track of (and potentially lose), and one of the easiest interfaces to use on the market.

But how do you know that you’ve done everything you can to keep your funds secure–and how often do you check your setup to make sure everything is up to date? With Bitkey, that part just got a whole lot easier.

Today, we’re pleased to announce Security hub–one place to get a quick, holistic view of your wallet security and take action to improve it if necessary.

The next time you open your Bitkey app, look for the shield icon, which will bring you straight to the hub. If something needs your attention, you’ll see a notification and be able to take quick action to resolve it, making sure your wallet security stays up to date. Here’s what it covers:

To learn more about what’s happening with Bitkey, visit bitkey.world.

Losing your seed phrase is perhaps a bitcoiner’s biggest fear. And for good reason.

When seed phrases came into existence more than a decade ago, they were a vast improvement in user experience compared to managing raw private keys—strings of hex buried in files or password managers. They gave users a compact, portable, human-readable way to manage keys, a straightforward way to recover lost wallets, and they made the impossible possible—for instance, crossing a hostile border with your wealth memorized. 

But they also created something of a community-wide blind spot. 

Because they’re flexible and theoretically empowering, they became the default solution to every self-custody problem. The industry now treats seed phrases not just as a recovery mechanism, but as the very definition of responsible self-custody.

Implicit here is the assumption that ordinary users can—and should—be the ones responsible for building their own secure and resilient custody solutions from raw cryptographic materials. At each level, security breaks down to some version of “you’re on your own.” For most people, even hardcore bitcoiners, better solutions exist.

Seed phrases hand users the hardest part of the problem: securing them.

You know that, when you set up a hardware signing device, that device securely generates your private key and gives you a seed phrase as backup, so you can recreate those private keys if needed.

Your actual keys are exceptionally secure inside your hardware: purpose-built for security, isolated from networks, physically hardened, access-protected, and able to erase itself after too many intrusion attempts. 

But your seed phrase is none of these things. It’s plaintext, human-readable, physically vulnerable, and instantly becomes the most sensitive part of your entire setup. If it’s ever exposed—even momentarily to a camera or another person—your bitcoin is gone.

So what do you do with it?

Store it at home, and you’re covered against device malfunction, but vulnerable to theft, fire, natural disaster–even something as innocuous as aggressive tidying up. Store it elsewhere, and you mitigate some risks but introduce new ones—loss, surveillance, compromise. Multiple copies means more resilience, sure, but it also means a larger attack surface. 

This is the position a seed phrase places users in. And rather than admit we as an industry have handed them the hardest part of the problem, we call it “personal responsibility”—as if it were a moral virtue, not a design failure. In truth, much of the industry has offloaded the most complex part of the security model onto individuals least equipped to carry it.

Beyond physical security, seed phrase management becomes primitive multisig. 

Faced with the burden of securing what can be meaningful wealth, users are forced to develop their own, homespun solutions.

To mitigate against theft and compromise, users layer on additional protections like encrypting the seed, splitting it into parts, or appending a 25th-word passphrase–turning what was a 1-of-1 system into a 2-of-2 system.

At first glance, these strategies look like thoughtful improvements. But under scrutiny, they all reduce to variations of the same 2-of-2 structure. You now have two secrets—call them A and B—and both must be present to recover your wallet. You have what is essentially a primitive, fragile multisig setup, with none of the recovery benefits of traditional multisig.

The downside is obvious: you’ve created two single points of failure. And more single points of failure are still single points of failure. Lose either secret and game over, your funds are gone.

Improvised or protocol-level, multisig compounds the usability problem.

To mitigate the risk of multiple single points of failure, users fall back on redundancy, creating backups for each secret. A and B become AABB—two 1-of-2s nested inside a global 2-of-2. 

Now you’re designing and maintaining a more complex, highly customized, but still essentially improvised multisig system, whether you’ve intended to or not. But what exactly have you built? How should you reason about the recovery and security properties of that arrangement?

And if that’s where this journey leads, you might as well use the real thing: a protocol-level 2-of-3, enforced by the Bitcoin network itself. But that solution brings its own complexity. Now a user is forced to manage three seed phrases and a wallet descriptor—which, in a way, brings us back to where we started: what do you do with it all? 

Far from improving usability, we’ve compounded the problem.

Even “perfect” multisig has usability problems, particularly for your heirs.

Say you’ve done everything perfectly. You’ve set up a 2-of-3 multisig wallet and secured all the pieces. Everything is working as intended.

Then you lose one key. 

One of my favorite questions to ask bitcoiners is, “Do you rebuild the wallet using the two remaining keys and a new third, or generate three new keys from scratch?”

This isn’t a security question. Both approaches are valid. It’s a usability question—probing which path is better supported by today’s wallets.

The answers are revealing. Most users have never executed a lost-key recovery. Not once. Not even as a dry run. And even under ideal conditions, everyone agrees: it’s hard.

But then comes the real question: “Which approach do you think the person someday inheriting your bitcoin will choose?”

Because the truth is, by giving users seed phrases and expecting them to construct secure, recoverable, inheritance-ready custody systems, we’ve quietly outsourced all the hardest parts of bitcoin ownership not just to users—but to their friends, family, and heirs.

Bitkey represents a new model for safety.

This is the fundamental mistake our industry keeps making: we’ve conflated theoretical security with actual safety.

We treat human error as a personal failing rather than a design constraint. And we call the whole setup empowerment, while it quietly demands users become security engineers, disaster planners, and inheritance experts.

We’ve built systems where the success case is “perfect user behavior” and the failure case is “you lose everything forever.” But bitcoin is meant to be held for lifetimes. And over a lifetime, everyone eventually slips.

That’s why we built Bitkey.

Because systems—not individuals—should bear the weight of security.  Bitkey rejects the assumption of a perfect operator. We refuse to offload cryptographic and operational risk onto users, because that’s not empowerment—it’s abdication. And it’s irresponsible.

Seed phrases are powerful cryptographic primitives, but they are not, in and of themselves, self-custody. Security systems that are defeated by their own usability stop being security. 

We built Bitkey to be practically reliable in real life.  Because the safest place to store your bitcoin should make you feel like an expert—it shouldn’t require you to become one. 

Want to learn more about Bitkey? Visit bitkey.world. 

In 2013, seed phrases were a major step forward — replacing private keys and their unwieldy string of numbers and letters with a simple set of real words. They made recovering lost wallets easier and helped bring self-custody to more people. But today, they remain a single point of failure and as Bitcoin becomes more mainstream, a reason people choose not to hold their own Bitcoin.

We’ve seen seed phrases lost, stolen, tossed in the trash, and burned in fires. We’ve heard from people too nervous to set up a wallet because they don’t trust themselves to store one phrase forever. Still, for more than a decade, wallets have continued to build new features on top of that same fragile foundation.

We know there’s not one right way to self-custody. And for some people, seed phrases still make sense. But if Bitcoin is going to be the money of the future, it needs to fit into the lives of the people who will use it. 

That’s why we built Bitkey — to make self-custody work for as many people as possible.

This is just one step forward, and an invitation to continue innovating on a project we all deeply believe in.

To learn how Bitkey recovery works without a seed phrase, head to bitkey.world.

Three routes to recovery are better than one high-value hide-a-key.

You know that spare key your neighbor has, hidden under the mat or a fake rock or in a combination lockbox, in case they get locked out of their home? 

That’s basically what a seed phrase is: a high-value hide-a-key for your bitcoin.

A seed phrase makes it relatively easy for you to recover your wallet when something goes wrong with single-sig hardware, but it also makes it easy for anyone else to do that too. Anyone who even briefly sees your seed phrase could gain access to your wallet–just like anyone who gains access to your neighbor’s hide-a-key can waltz right in through the front door.

On their own, seed phrases represent a fundamental weakness of prevailing self custody models. They’re hard to manage, easy to lose, and attractive targets for even low-tech scammers. 

That’s why Bitkey uses an entirely different recovery model: to make it easy to recover your funds when something goes wrong, and to help reduce the risk of loss associated with having to manage and secure seed phrases themselves. 

Three routes to recovery are better than one

In single-sig models, one key controls everything. And when something goes wrong with your hardware–say, its little screen breaks, you lose it, or it’s stolen–that’s where your seed phrase comes in. It’s the one and only route to recovery, and it’s only as secure as the desk drawer or safe or secret hiding spot you keep it in. If you need it, and something happens to it, too bad. You’re out of luck.

Bitkey is fundamentally different. Multi-sig right out of the box means three distinct keys–none of which can move money on its own–secure your funds. You keep two keys (one in hardware and one in your phone) and Bitkey servers hold a third on your behalf. It takes two keys to move funds, which means no single point of failure. No seed phrase means no seed phrase to keep track of, and a higher technical bar to steal your funds compared to low-tech scams like seed phrase phishing.

The three key model also means three routes to recovery when something goes wrong. 

If you lose or replace your phone, you can use your Bitkey hardware (fingerprint protected), together with the key on Bitkey’s server, to easily regain access to your wallet.

If you lose your hardware, you can use your phone, together with the key on Bitkey’s server, to set up new hardware (after a Delay and Notify period expires, during which Bitkey pushes alerts to your app to alert you of a recovery attempt). 

If you lose access to both your hardware and your phone, you can regain it with a little help from one of your Trusted Contacts–people you know and trust who, through the magic of cryptography, can help you regain access to your wallet, but can’t access your wallet or any of the keys that secure it themselves.

And in the extreme and unlikely case that your Bitkey server key is no longer available–or you just want to exercise your own financial autonomy–you can independently move your funds with the two keys you control, without relying on Bitkey’s server key at all.

If Bitkey holds a key, is it still self custody?

At its core, self custody is the ability to hold and move your funds on your own, without a third party intermediary. With Bitkey, you can do that. And since it takes two keys to do anything, you can always use your two keys to move money without Bitkey servers, and Bitkey can never move money without your instructions. Bitkey’s three key model just also means you’re less likely to be at a total loss if and when something goes wrong.

The best part? The whole thing is about as easy to set up as an email address. 

So, when we say, “there’s no seed phrase,” we mean there’s something different: a way to do self custody easily and securely, without worrying about losing everything over simple mistakes.

Want to learn more? Visit https://bitkey.world/.

On March 16, 1990, just a day after his inauguration, then-president of Brazil Fernando Collor de Mello put an 18-month freeze on every Brazilian savings account with a balance larger than $1200, telling account holders the government had effectively “borrowed” their money. 

The measure affected 80% of all bank deposits, freezing about $115 billion worth of consumer funds with the stroke of a pen.[1]

“Everyone that had money in their savings accounts, it went straight to the government and you couldn't do anything about it,” says bitcoiner Ivy Galindo, whose parents were in their 30s at the time. “This was their way to ‘beat inflation.’”

The program ultimately failed, causing Brazil’s economy to shrink, consumer prices to skyrocket, and a spike in suicides and heart attacks.[2] It’s an event that would come to color Ivy’s view of government and money–and the far-more-than-hypothetical value of self custody.

“I always grew up with that moment in my mind and thought, ‘Oh my God, this is so wrong.’”

Come for the tech, stay for the sound money principles.

An engineer by trade, Ivy first got into bitcoin for the tech. But it wasn’t long before its properties as a currency–deflationary, decentralized, and permissionless–became the main draws.

“As I dug deeper, I realized it also solves most of the economic problems,” she said. “They're not going to print more, there's not going to be inflation."

She became something of a bitcoin evangelist, devoting her career to its proliferation.

Ivy’s father, like many in Brazil, had long used a different tool to beat inflation: real estate. But something about bitcoin just clicked. In an “ah ha” moment of his own, he decided to sell much of his property and get into bitcoin. 

“I was doing custody for them. I kept their key because I thought they might lose it, and with single-sig, they’d never be able to restore it,” she said.

“When they decided to invest more money, I thought it was time to move to a multisig setup.”

From single-sig to multi-sig 

Traditional multi-sig setups offer huge improvements in security and a slightly better chance of recoverability in the case of accidental loss compared to single-sig wallets. But they’re still far too complicated for someone who hasn’t spent hundreds of hours studying bitcoin and developed a high level of technical expertise.

“There’s the traditional multisig setup where you throw the dice, set up your seed, use multiple devices, and have to secure all of that,” says Ivy. “But I thought, ‘How am I going to explain that to my parents?’ If I tried to explain all that, they'd probably say, ‘No, I'm out. Sell everything I have.’ So I was trying to find the easiest way.”

And it’s not like her folks can’t use technology. They use smartphones and online banking and are generally comfortable with new technology. But the risk of accidental loss with single-sig devices, and the sheer complexity of most multi-sig self-custody schemes became too much to weigh against a meaningful bitcoin balance. 

“I would have to go through the whole process of generating keys and writing them down. I didn't want to do that because if something happened to me, how would my parents recover their money? It would be lost with me,” she said. “That's why I thought Bitkey was the best option for them.”

A multi-sig wallet that’s easy to use, with strong recovery tools and an inheritance feature ticked all the “what happens if” boxes.

“My favorite feature is that I can set myself up as their [trusted contact]. So if something happens, I can help them recover their funds,” says Ivy. “Also the inheritance feature. While it's sad to think about, it's going to make things much easier when needed.” 

Bitkey and the future of bitcoin adoption

Today, every single self custody offering forces users to make compromises–whether in privacy, security, safety, usability, or some combination of things. When it comes to mass adoption, particularly in self custody, usability is a real hurdle for a lot of people. When you look at most multi-sig setups, it’s really no mystery as to why.

“I believe that, in the process of Bitcoin adoption, there won’t be many people willing to understand the depth of Bitcoin–how to properly generate entropy with dice, how to stamp metal plates,” says Ivy. “They’re never going to do that.”

That’s part of why we built Bitkey–self custody with strong safety, strong security, and strong recovery tools in a format anyone can use. At the end of the day, the best self custody wallet is the one that people will use. And for an increasing number of people, that wallet is Bitkey.

“I recommend it all the time,” says Ivy. “Every time someone asks about which wallet to start with, I tell them Bitkey is my favorite.” 

[1] https://www.latimes.com/archives/la-xpm-1990-05-20-mn-303-story.html

[2] https://www.nytimes.com/1992/11/08/magazine/looting-brazil.html

Bitcoin custody has always been defined by tradeoffs. Privacy, safety, and usability have been inextricably linked, forcing users to choose which qualities matter most to them, index on those qualities, and put up with compromise on the others. 

Most single-sig hardware offers good privacy, but is hard to use and puts fund safety at risk. Software wallets are easy to use and can be private, but could improve on fund safety. And a lot of third-party collaborative custody models are easy and safe, but force tradeoffs in user privacy. Whatever model you choose today, you can have at best 2 out of 3, but not all 3–at least not yet.

We believe the choice between privacy, safety, and usability is a false choice. Strong safety and privacy should not mean an unusable product, nor should something easy to use require compromises to privacy or safety. Bitcoiners shouldn’t have to simply accept that strength in one area requires weakness in others.

Over Bitkey’s first year serving customers, we’ve heard feedback about all of these tradeoffs – and we want to address them. We want to make Bitkey the first self-custody solution to deliver best-in-class safety, usability, and privacy–all at once. 

Over the next few months at Bitkey, that starts with shipping a few big changes: 

Safety

Safety is a core goal of bitcoin self-custody, and that means both keeping bad actors away from your bitcoin and making sure that you can always access it. Here are a few safety improvements you can expect from Bitkey this year:

• Transaction verification that people use consistently and correctly in practice. Existing solutions, like hardware screens, are hard to use, and as a result often don’t get used correctly, leaving users with a false sense of security. We want to give Bitkey customers easy ways to verify transaction details and other security-critical operations. First up is a software-driven feature we’ll bring to customers mid-year. We’re also evaluating ways to provide even stronger transaction verification with hardware, and an optional cold wallet configuration for customers who don’t mind putting in a little more effort for more security. These are complex projects, and our next step is to publish a technical proposal and solicit feedback – look out for this over the summer. 
• Fingerprint reset. While fingerprints are secure and convenient, they're not foolproof. We never want our customers to risk losing their bitcoin because of a cut on their finger. Bitkey already allows customers to configure multiple fingerprints, but to further help customers regain access to their hardware, we’ll provide a secure mechanism to reset the fingerprint after a security delay. Ships in May.
• Bitkey Security Hub. This new tab in the Bitkey mobile app puts all of Bitkey’s strong safety and security features in one place, helping customers better understand what’s on offer and how to enable them. Ships in May, and we’ll continue to add to this tab beyond that.

Privacy

As we build Bitkey, we’re constantly looking for ways to bring better privacy to our customers. These privacy upgrades are on the near-term horizon:

• Private wallet balances. We can provide the safety of collaborative custody, but without any visibility into your balance or transactions – a major unlock not just for bitcoiners but for all customers who we believe deserve the best privacy features. We’re actively working on this and expect to bring it to customers soon after our transaction verification feature, around mid-year. 
• Private purchasing. We’ll enable customers to purchase a Bitkey device without disclosing their home address and other personal information. This starts with an option to buy without disclosing your home (or billing) address and pick up your Bitkey order in person at thousands of locations in the U.S. We’ll also add an option to buy Bitkey with bitcoin. We’ll ship both of these over the next few months. 

Usability

Bitkey is already the most usable hardware wallet on the market, but there’s always room for improvement. Here are a few ways we’re making the Bitkey experience even better.

• Configurable “delay and notify” time period. Today, when you lose one key, Bitkey helps you recover your wallet and imposes a hard-coded 7 day security delay in the process, giving you the time and opportunity to cancel recovery on the off chance it was triggered by a malicious actor. In a few months, we'll enable customers to configure this delay period — we want Bitkey to enable you to protect your bitcoin, not to decide the parameters for you.  
• Additional exchange partnerships. Bitkey makes it easy to access many of your favorite exchanges to buy, sell, and transfer bitcoin. We’ll continue to add partners so that more Bitkey customers can quickly and easily use their bitcoin how they want. We’re most interested in adding partners who are either bitcoin-only or heavily focused on serving bitcoiners. We’re adding our next partner soon, and anticipate adding other partners later this year. 

We want to hear from you

As we work on this roadmap, we’ll continue to share more about what we’re building, why, and how. Along the way, we’d love to hear what you think about our direction - what are we getting right, and what do you hope we change? If you don’t use Bitkey already, what’s missing that would change your mind? Your input will help us bring better self-custody to bitcoiners this year, and beyond. 

We can’t wait to ship all of this and more to all of you. Self-custody has always been about trade-offs, but we think there’s a path to having privacy, safety, and usability in one product.

Bitkey’s inheritance feature makes it easy and secure for benefactors to not only pass on bitcoin to a friend or loved one, but to also give beneficiaries the same security, usability, and recovery tools that Bitkey offers. Built on top of Bitkey’s strong foundation of recovery tools, inheritance uses many of the same concepts that make it hard to lose access to your bitcoin, outlined in our recovery paper, to protect your funds for your beneficiaries. Here’s a closer look at how it works.

Design properties

• Block never sees the benefactor’s unencrypted private key.
  • Block stores an encrypted copy of the benefactor’s private key and does not have access to the decryption key. Upon completion of an inheritance claim, this encrypted key material is provided to the beneficiary directly, without ever being decrypted on the server. The beneficiary decrypts this key material locally on their device.
• Beneficiary does not receive any key material or the inheritance amount until inheritance is complete.
  • The beneficiary of a Bitkey wallet does not receive any key material or the inheritance amount until an inheritance claim has completed its waiting period.
• Inheritance leverages existing cryptographic structures.
  • By leveraging the same encryption patterns and secure channels exchanged when creating a Trusted Contact for social recovery, Inheritance gains the same design benefits of cryptographic communication without the need for identity verification or secrets to remember.
• Beneficiaries can leverage Bitkey’s recovery mechanisms.
  • Since inheritance requires your beneficiary to have their own Bitkey, beneficiaries have multiple recovery options for the bitcoin they inherit. With Bitkey’s recovery mechanisms, your beneficiary can regain access to their inheritance even if they lose their phone, cloud, or Bitkey device.

Inheritance set-up

To facilitate an inheritance transaction–to transfer your wallet balance to your beneficiary on your behalf–your beneficiary ultimately needs one of your three private keys to use with the Block server key. However, it is crucial that: 

1. Bitkey servers never have access to this key, and 
2. your beneficiary does not have access to this key until the inheritance process is completed.

To ensure the benefactor’s private key material (PKMat) is never accessible to Bitkey’s servers,  the benefactor first encrypts it with a Private Key Encryption Key (PKEK) on their app. Once the private key material key is encrypted, it is safe to upload to Bitkey’s server–an arrangement that also prevents your beneficiary from having access to this key until inheritance is completed. 

To ensure that this PKEK can ultimately be given to the beneficiary in a way that allows for a balance transfer once inheritance is complete, we encrypt the PKEK with the beneficiary’s Trusted Contact Encryption Key (TCEK)–a key that is created during the inheritance invitation process. Both of these encrypted keys (PKMat and PKEK) are now safe to upload to Bitkey’s servers by the benefactor.

This setup allows the process to be reversed by the beneficiary upon completion of the inheritance, at which point their TCEK can decrypt the PKEK, which can ultimately decrypt the benefactor’s PKMat and allow a balance transfer to occur.

Inheritance claims

While Bitkey’s servers cannot access the keys to transfer inheritance funds directly, it does facilitate the dispersal of encrypted keys to a beneficiary. This ensures that beneficiaries do not receive any sensitive information until the inheritance is approved. This entire process is called an inheritance claim.

Claim approval is done via a system we call Delay and Notify. This system, also used in our recovery process, creates a six-month waiting period before the Bitkey server can proceed with an inheritance transaction. During this time, Bitkey attempts to contact the benefactor via all contact methods the benefactor has set up: push notification, SMS, and/or email. If the benefactor denies the claim at any point during the six-month waiting period, the claim stops, no key material is given to the beneficiary, and no inheritance transaction occurs.

If and when the Delay and Notify period expires, Bitkey’s servers provide the beneficiary with the two encrypted keys (PKMat and PKEK). With these keys, the beneficiary can begin the process of transferring the benefactor’s full wallet balance to their own wallet, using the benefactor’s decrypted app key and server key as signers.

Inheritance transfer process

Once the six-month Delay and Notify period has passed, Bitkey provides the beneficiary with the encrypted PKEK and encrypted PKMat data, as well as a wallet descriptor for the benefactor. The beneficiary uses their TCEK private key to decrypt the PKEK and subsequently uses this key to decrypt the benefactor’s PKMat.

At this point, the beneficiary gains access to the benefactor’s wallet information for the first time. The beneficiary uses this information to create a full balance transfer from the benefactor’s wallet to their own, using the benefactor’s decrypted private key (PKMat) to sign it.

Once a transaction has been created and signed in the app, it is sent to Bitkey’s server to be signed by the benefactor’s server key. Bitkey can only cosign a transaction that is both 1) a claim associated with a completed Delay and Notify period and 2) sent to the beneficiary’s wallet address. This dual validation protects your funds from being transferred for any reason other than an approved inheritance claim, to any other address, without requiring full control of the signing process.

Why we require Bitkey hardware

One obvious trade-off in Bitkey’s inheritance system is the requirement of hardware for the beneficiary. This was not a decision made lightly. 

On the one hand, requiring hardware adds a cost to use the feature and few steps to the beneficiary’s user experience. On the other hand, comparable third-party inheritance solutions are typically offered on a monthly or annual subscription basis, and the fee from a one-time hardware purchase is significantly less expensive by comparison. Requiring hardware also saves a beneficiary from the added step of assessing and choosing among many possible means of holding the bitcoin they inherit after you’ve passed, which is particularly beneficial for those beneficiaries who aren’t already knowledgeable about bitcoin when they inherit it.

The design we use for inheritance is called Direct Key Distribution, where we distribute one private key directly to the beneficiary to facilitate the transfer of funds.

In order to safely transfer funds to a beneficiary, there needs to be some proof of the benefactor/beneficiary relationship. In Bitkey’s direct key distribution, we accomplish this by storing a decryption key in the beneficiary’s cloud backup, along with authorization keys that can start the inheritance process. No hardware is technically needed for this to work. So, why do we require it?

For Bitkey wallets, sensitive cloud data is encrypted by Bitkey hardware before it is stored. This ensures no third party can access your wallet in the event that your cloud data is compromised or otherwise accessed by someone other than you. Without a hardware requirement, storing this data for inheritance would be less secure.

Additionally, many customers use the same account for their cloud provider as and their email. This reality presents a unique attack scenario. If a customer's cloud data is compromised, their email could be as well. With only the beneficiary's cloud data as authentication, an attacker with access to the beneficiary's account could restore the account and change the contact information. This could allow an attacker to claim an inheritance without the beneficiary's knowledge. Accounts with hardware, however, are recovered with a key that is encrypted with hardware. When recovering without hardware, a delay period is required. This means an attacker cannot gain access to the account with temporary access, but would need to maintain it through the security delay period, increasing the difficulty of this type of attack. 

Inheritance, by definition, is a feature that needs to last a lifetime, so its design needs to be durable for long periods of time. Over a lifetime, it’s not uncommon for people to change service providers, phones and email accounts. When this happens, users sometimes lose their cloud data. 

Requiring hardware solves all of these problems. It allows us to securely authenticate the beneficiary when starting an inheritance claim, as well as recover user data should they lose their cloud backup, by encrypting their inheritance decryption keys with the hardware before backing up on Bitkeys servers. These backups–which can only be decrypted by Bitkey hardware–allow inheritance relationships to be restored even if the beneficiary’s app and cloud are lost. If the beneficiary’s hardware is lost, we can replace it using our existing recovery mechanisms, keeping the data needed for inheritance safe by re-encrypting it with replacement hardware.

Why we enforce a six-month Delay and Notify period

Inheritance is built on a lot of the technologies that we built for Bitkey’s Social Recovery feature. However, the security model is quite different. Inheritance is, effectively, a reverse social recovery. In social recovery, you, the protected customer, are in control of starting the process. For inheritance, that’s not possible, so the beneficiary is in control of the process.

While a beneficiary should be someone you trust, we can’t simply take the word of anyone who initiates the inheritance process and must have built in protection for the benefactor. While only your beneficiary can start the inheritance process, we want to ensure the benefactor and beneficiary both have an opportunity to indicate they have  not been compromised in some way. This is where the six-month Delay and Notify period fits in. During this time, we use every contact method available to try to reach the benefactor to ensure that the attempt is valid.

Unlike Social Recovery, no access is granted until after the six-month Delay and Notify period is completed. This means that the beneficiary cannot gain any balance information by simply starting the process, keeping you in control of your funds and privacy.

Why we chose Direct Key Distribution

In Bitkey’s Direct Key Distribution model, we distribute one private key directly to the beneficiary to facilitate the transfer of funds when the full inheritance process is complete. Bitkey’s server facilitates the policy for this operation, after being triggered by the beneficiary. During development, we did consider one alternative model: Server-driven Covenants. Here’s why we ultimately chose Direct Key Distribution. 

Server-driven covenants overview

In a Server-driven Covenants approach, the benefactor would generate a set of inheritance transactions whenever they received or sent funds from their wallet. The set of transactions would include:

• An escrow transaction to an ephemeral wallet that is spendable with a short timelock
• A transaction of inheritance funds per beneficiary from the ephemeral wallet to a pre-specified receive address for that beneficiary.

Upon triggering the inheritance claim–which would require a quorum of people to coordinate and inform Block–the escrow transaction would be broadcast and beneficiaries informed. If the claim was illegitimate, the benefactor could claw back the funds into their own account within the transaction timelock period. After the timelock expired,  the server would broadcast the pre-generated transactions from the ephemeral wallet to the pre-specified receive addresses for each beneficiary and broadcast the transaction(s).

Downsides to Server-driven Covenants Approach

The two downsides to Server-driven Covenants are:

1. The beneficiary must ensure the wallet associated with the address receiving the inheritance is always accessible and in their control. In situations where the inheritance transaction is being sent to another wallet or an exchange, this can be a massive footgun.
2. The funds available to the beneficiary are those contained in the benefactor-generated transaction. If the benefactor doesn’t update their inheritance transactions before the inheritance flow is triggered, the beneficiary is left with only part of the inherited funds.

Direct Key Distribution and Bitkey’s hardware requirement eliminates both of these downsides in a way that we believe is better for both benefactors and beneficiaries.

Feedback welcome

At Bitkey, we believe the strongest products come from collaborating with the communities who ultimately use them. That’s why we’re committed to building in the open and sharing designs like this publicly. Bitkey’s inheritance feature is just one part of our broader mission to make bitcoin self-custody as accessible and secure as possible for everyone. 

Have thoughts, questions, or feedback on this feature? Message us at [email protected].

Bitkey’s inheritance feature is the best way to ensure your loved ones get your coins when you’re gone.

For most legacy financial instruments–your stocks, IRA, 401k, even your bank account–there’s a pretty clear process for getting what’s yours to your loved ones when you pass away: you name them as a beneficiary and they get your stuff, give or take a couple legal hurdles in some cases.

Bitcoin doesn’t work like that. Or at least it hasn’t before now. Passing to your friends and family the legal right to your coins in your will is one thing, but making sure they actually get your coins is entirely another.

Hold your keys on any major exchange and there’s no way to name a beneficiary. Each exchange has its own policy–some involve formal appeals, some require a large amount of documentation, some ask that you record your account number somewhere in your will–and the process can take as long as a year in some cases.

Self-custody your keys in most hardware wallets or on paper or steel, and you have few options beyond pricey third-party services or leaving detailed access instructions–instructions that, in the wrong hands, could be used to steal your coins while you’re alive.

Bitkey’s inheritance feature addresses this for bitcoin, letting you name a beneficiary for your coins without the risk of sharing PINs or seed phrases while you’re alive–and without the need for your loved ones to spend months of back-and-forth with an exchange. 

How inheritance works

At its most basic, inheritance is a companion to traditional estate planning, giving you a secure, simple way to pass on your bitcoin. (Always consult an estate planning professional for additional local and/or federal requirements.)

When you name a beneficiary, inheritance 1) encrypts your spending mobile key with a wrapping key and 2) encrypts that wrapping key with your beneficiary's public key. Both encrypted keys are uploaded to Block servers for use in the event of your passing. It’s a bit like putting your wrapped mobile key in a safety deposit box that only your beneficiary has a key to unlock. At no point do we have access to your unencrypted mobile key–and at no point does your beneficiary, before the inheritance and 6 month “Delay and Notify” period is complete.

When you pass away, your beneficiary can trigger the inheritance process through their Bitkey app. Doing so will trigger a 6-month security period, during which you will receive periodic messages to alert you of an inheritance claim–a built-in safeguard that helps protect you in the event that a claim is made while you’re still alive. At any point during those 6 months, you or your beneficiary can stop the inheritance process.

After the 6-month inheritance Delay and Notify period expires, Bitkey relays both the encrypted wrapping key and encrypted mobile key to your beneficiary. The beneficiary’s Bitkey app then uses their private key to decrypt the wrapping key, and the wrapping key to decrypt the mobile key. Your beneficiary can then co-sign a transaction with the key on Bitkey’s servers and transfer funds to their own Bitkey. At no point before this will your beneficiary see your bitcoin balance or access your funds. 

Making Bitcoin inheritance easy

Making bitcoin easy to use and hard to lose has been part of Bitkey’s offer since we started. With inheritance, we’ve brought that same ethos to life in a way that lets you and your loved ones bypass what we see as unnecessary complexity in passing on your bitcoin. 

Trusting hardware you buy online or in retail

As the team expands where customers can purchase Bitkey, it’s a good time to share how we think about the security of the hardware. Specifically, customers want to know whether buying a Bitkey from a retailer introduces new hardware tampering risks. The short answer? We’ve prepared for this.

Bitkey is designed with hardware and firmware security at its core, ensuring robust protection against tampering, counterfeiting, and other threats, whether you buy from our website or through a retailer.  But here’s the key takeaway: even if someone manages to tamper with your Bitkey, it’s not enough to steal your bitcoin. Why? Because of our 2-of-3 multisig design, an attacker would also need to compromise one of the other two keys to access your funds.

Security through design

At Bitkey, security isn’t an afterthought, it’s fundamental. Our hardware and firmware are engineered to address both everyday and advanced attack vectors. Whether purchased from a retailer or directly from us, every Bitkey undergoes a rigorous security-focused process throughout manufacturing, starting with our secure supply chain:

• Unique device certificates: Each Bitkey’s chip is equipped with a secret key specific to that chip prior to manufacturing. This ensures that only authentic devices can interact with the Bitkey app. Counterfeit or maliciously modified devices are immediately detected.
• Secure boot and firmware protections: Bitkey’s hardware enforces a secure boot process, meaning it will only run firmware signed for Bitkey. Bitkey cannot be debugged or reflashed, even by the Bitkey team. The only way to update a Bitkey is through over-the-air firmware updates, which are signed, and also require unlocking the device to begin. Not even Bitkey can update your firmware without you unlocking your device.
• Resistance to physical attacks: The Bitkey microcontroller employs state-of-the-art anti-tamper technology. Critical keys and data are stored in a secure vault leveraging a physical unclonable function (PUF) unique to each device. This means that when the device is off, your keys are encrypted - and there's nothing for an attacker to go after. It's only once the chip is powered on that the PUF makes critical keys usable - and that ensures other protections against physical attacks can be turned on, too. Attempts to extract this information physically would likely render the device inoperable

Although no chip is impervious to the most sophisticated physical attacks with highly advanced lab equipment and expertise, these attacks are inherently not scalable, and generally cost-prohibitive. Moreover, even if Bitkey is tampered with, it’s not enough to steal your bitcoin—an attacker also needs to compromise one of the other two keys forming your multisig wallet.

Returns and resales

The rise of returns or resale markets raises a valid question: What happens if someone returns a device that has been tampered with or already used? Bitkey’s architecture addresses these concerns comprehensively:

• No Refurbishments: Bitkey does not refurbish and resell returned hardware. If a device’s box has been opened, it is permanently retired and will not be shipped out again, ensuring customers only receive untouched, brand new devices. However, if a third party were to sell a previously sold Bitkey device, there are other measures in place to mitigate security risks.
• Secure State Management: Before returning a Bitkey, customers can wipe the device back to its factory state. This process requires the device to be unlocked, meaning only the original owner can perform the wipe. If a returned Bitkey is not wiped, it remains inaccessible—even to Bitkey—due to the device’s robust security protections.
• Immutable Security Features: Even in a resale scenario, the device’s core security features—such as its attestation certificate, secure boot protections, and anti-tamper mechanisms—remain intact and immutable. Our boot process and onboarding checks ensures that the device is still secure and unmodified. A customer will be notified if the device software has been tampered.

Why trust Bitkey?

Bitkey is not just a piece of hardware; it’s part of a multi-layered security system. Even if an attacker were to compromise the hardware, they would still only gain access to one key.  Since two keys are required to move funds, immediate access to your bitcoin is prevented. 

The security architecture is open, and we welcome scrutiny from independent experts who can help validate Bitkey’s security for the benefit of all customers.

Bitkey is built to keep your bitcoin safe—no matter where you buy it. Whether you’re a seasoned developer auditing our open code or new to bitcoin, you can trust that Bitkey’s hardware and firmware have been designed to protect what matters most: your funds.