Bitcoin Magazine
Stop Pretending Bitcoin Self Custody Is Easy, It’s Not
“It’s just writing down 12 words, anyone can do it.”
This is probably one of the most frequently uttered sentences in this ecosystem when it comes to discussing Bitcoin self custody practices. It’s just keeping some words safe, it’s super easy, anyone can do it right? All the criticisms and reasons people give for someone to not self custody are just Fear, Uncertainty, and Doubt. All that FUD can be cut through with that one sentence, right? Get your coins off Coinbase now!
Wrong.
This fallacious framing and line of argumentation is no different than saying “shooting a gun is just pointing and pulling a trigger, anyone can do it.” There is so much more than just pointing and pulling a trigger to shooting a gun safely. To start, there is actually having the appreciation for what a gun is, and the consequences using one can have. Consequences you cannot take back.
A gun is not a toy, it is a tool that can kill people. Without truly appreciating that, people can be careless in handling a gun, and if they were to cause harm to someone else while being careless there is no undo button.
There is no way to wind back time and bring someone back from the dead. Just like there is no way to wind back a bitcoin transaction.
Writing down 12 words doesn’t just solve everything. First users have to actually appreciate what those 12 words are. They have to really understand that those 12 words are their money. That they must be kept secret and secure in order to safeguard their bitcoin. Just having those 12 words written down doesn’t equate to having that appreciation.
Next, they need to actually physically secure that copy of 12 words to keep it secret.
Can they actually physically secure that mnemonic seed anywhere? Do they own a safe? Do they live with other people? Is there a spouse or children to consider? Does living with them mean that other people will be in your residence? Are they trust worthy?
What about con artists, hackers, and social engineers? Is someone aware enough to discern when they are interacting with one of them? Do they understand the lines malicious actors are trying to cross in terms of access to their keys? Do they know how to verify software they download from outside of an Appstore? Are they even observant enough to detect the signs that software in the Appstore is fraudulent and malicious?
What about long term compatibility? Does a certain device or piece of software do anything non-standard? Weird derivation paths? Custom backup schemes? Do users even understand these things to deal with them, or will this inevitably in the long term force them to trust a third party who could defraud them to deal with their wallet or backup not working with modern solutions in ten years?
That’s not even touching on hardware devices. Can someone verify a device’s integrity? Hell, let’s go back before that, can most people even assess whether a hardware device’s architecture and the company producing it are reputable?
I am not saying any of this to scare people away from self custody, or to be defeatist. This is a reality check. Bitcoin needs people to self custody their funds and use them directly to remain decentralized in the long term. People will not do that if it is a terrifying, dangerous, and unfamiliar experience.
It’s that simple. Just telling people over and over again to not fuck up won’t magically stop them from fucking up. Telling people over and over again to not be scared and anxious won’t magically make them stop being scared and anxious. Pretending that very real technical footguns don’t exist because they are trivial for you or I to deal with doesn’t make them stop existing for normal people.
We have a lot of tools to deal with these problems. Multisignature schemes allow key rotation and the potential to have a helping hand to fix mistakes. Schnorr multisignature schemes optimize this even further, creating less extra complexity for users. Both types of multisignature scripts can benefit from other improvements to create privacy.
How user interfaces are designed can do a lot to deal with scammers. The architecture different wallets or devices use can potentially remove attack surfaces entirely, or make them irrelevant if only exploited with one device or piece of software.
To this day, ten years or more after I used a Bitcoin multisignature wallet for the first time, it is still unintuitive, obnoxious, and sometimes not possible to create a multisignature wallet using multiple independent pieces of software.
If we want people to actually self custody at scale, which is necessary for Bitcoin itself to actually maintain real decentralization, these issues need to be addressed. Things need to actually be intuitive. Things need to actually be compatible across vendors and software. Users actually need something analogous to the helping hand they are used to with fiat money services.
If these things do not change, if they are not built and smoothed out, if compatibility doesn’t improve, then people just won’t self custody their funds.
These things need to be experimented with, tested and refined, and ultimately cater to what your average person actually needs to not only feel safe with self custody, but to actually be safe.
If it doesn’t feel safe to them, people just won’t do it.
This post Stop Pretending Bitcoin Self Custody Is Easy, It’s Not first appeared on Bitcoin Magazine and is written by Shinobi.
