I don’t think people fully grok the risk of KYC in Bitcoin.
KYC honeypots & data leaks are already dangerous in the analog world. But zoom out and fast-forward 20 years into a hyper-digitized, hyper-bitcoinized future, and that risk 10x’s.
In the analog, pre-hyperbitcoinized world, if someone gets your family’s name, SSN, and address, what’s the worst the can happen?
Maybe they impersonate you. Maybe they sell your data to ad companies.
It’s bad, but not end-of-the-world bad.
But with Bitcoin — a digital bearer asset — it’s different.
Once someone knows your family holds a large stack, you’re a forever target.
You don’t get spammed. You get hunted.
By North Korean hacker teams and ransomware crews from every corner of the world. Forever.
You do not want a target on your family’s back for eternity.
Zoom out & think long-term. KYC isn’t just a risk. It’s a ticking time bomb.
P.S. Some historical context: KYC was invented before the Internet.
Not only has it failed its objectives, its creators NEVER anticipated a world shaped by the Internet & Bitcoin.
The ramifications of this outdated policy will be insane in the years to come. A lot of people will get hurt.
View quoted note →
hugomofn
npub1qp30...yn58
Founder of nunchuk.io
Self-custody is the cornerstone of Bitcoin. The day self-custody dies, Bitcoin dies with it.
Nunchuk is fully committed to improving free self-custody tools—it’s 1000x more important than our paid services.
Principle over money. View quoted note →
When the Internet was invented, everyone thought it would democratize knowledge. Fast forward 30 years, it got so incredibly centralized and censored that it took one man buying Twitter to (hopefully) save it from itself.
What’s the equivalent of that threat in Bitcoin?
We either continually set and pursue higher goals, or we regress and die mentally. That’s the essence of the saying ‘most people die at 25.’
What I’ve learned is that there’s no in-between. Retirement is a false dream. Stasis is death.
🚫 Do NOT use a hot wallet (mobile or desktop) for main Bitcoin savings
✅ Do use a phone as a watch-only wallet coordinator for distributed multisig for Bitcoin savings — get a second, dedicated phone for this purpose. View quoted note →
Why do some Nostr posts/comments show up on Primal but not Damus (and vice versa)? Relay issue? 🤔
“The majority is not always right” is true for normies but also true for Bitcoiners.
Bitcoiners got many things right, but many things wrong as well. For examples:
1/ Believe in S2F nonsense
2/ Obsessed with scaling payments use case when the killer use case is SoV
3/ Avoid phones for main savings View quoted note →
Insisting on using desktops for Bitcoin savings is like clinging to mainframes in the era of cloud or sticking with search engines in the age of Gen AI. View quoted note →
People who say “don’t use phones for your main Bitcoin savings” never make sense to me.
1/ Security matters: Phones have a much smaller attack surface and are designed with security in mind, unlike desktops burdened with legacy software and hardware. What's easier to crack—a Windows machine or an iPhone?
2/ Dedicated devices: If you're concerned about your main phone being out and about too much, get a second, dedicated phone for your savings. You should also use a dedicated desktop if you're truly serious about security. Avoiding phones but using a non-dedicated desktop filled with software means you don’t care about security as much as you think you do.
3/ Use multisig: If you set your wallet up properly, the phone should hold no private keys—only a watch-only interface. The wallet interface should be the *least* of your worries. Distributed multisig keys are your main defense. Focus your energy on securing the actual keys.
4/ Use a decoy wallet: If you can’t get a second phone, use a decoy wallet. You can use a decoy wallet even if you have a dedicated phone.
So don’t take bad advice, even from Bitcoiners. Think from first principles.
Don’t be stuck in the 20th century. DO use phones for your main Bitcoin savings.
Key quote regarding Yubikey vulnerability: "We estimate that *the vulnerability exists for more than 14 years* in Infineon top secure chips."
32 million Yubikey units have been sold.
Multi-vendor multisig is the only rational setup for your BTC savings.


Ars Technica
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Sophisticated attack breaks security assurances of the most popular FIDO key.
There’s something satisfying about Nostr feeds being deterministic: if you sign in on different Nostr clients or different devices, you most likely will get the same exact feed for a given moment of the day. It’s true even for different moments of the day: if you scroll long enough you will encounter the old set of posts, minus a few new ones for the last X hours.
It’s satisfying because you know the feed is not gamed. That this is the raw, unmanipulated experience. Unlike something like X which increasingly show you garbage that plays on our worst instincts.
On the other hand, once the amount of content on Nostr blows up, some filters will likely be needed. It’d be cool if you can craft your own feed algorithms based on a human-readable language, or a set of commonly-defined control knobs. Something like:
1. Prioritizes posts from people I regularly interact with (with weights I can go in and adjust)
2. Prioritizes posts that have some minimum number of likes/comments from the people I follow
3. For freshness: Occasionally surface posts from accounts from my extended network (friends of friends), provided that they pass some level of quality control (e.g. account older than Y months, minimum likes, etc.).
And you can keep finetuning your algorithms as you go along. Have a few that you quickly switch between. Share your algorithms with others, etc.
In the world of Bitcoin wallets there is a plethora of security threats that you need to stackrank.
What anti-exfil would do is to break 90% of the current wallets’ UX to solve a fundamentally low-risk threat, relative to other threats. When better solutions exist.
A big no-no.
Introducing a new round trip / new interaction every single time a user signs a Bitcoin transaction is a terrible idea from both UX and engineering perspectives.
It violates Single Responsibility Principle. Coordinator should stay purely coordinating. No more, no less.
Calling all self-custody experts!
Have you ever thought about starting a Bitcoin business that focuses on orange-pilling people and helping them self-custody? Putting your passion and skills to good use?
Now you can.
Introducing Byzantine: Collaborative Custody Platform-as-a-Service.
Read more about it here:


Nunchuk
Introducing Byzantine: The Collaborative Custody Platform for Bitcoin Advisors (2026) | Nunchuk
🟠 Are you passionate about orange-pilling others?
🟠 Are you a Bitcoin expert in self-custody and key management?
🟠 Do you dream of startin...
@nostrdirectory Verifying My Public Key: "hugohanoi"
I just published ‘Passphrases Are Not the Solution for Bitcoin Custody’.

Medium
Passphrases Are Not the Solution for Bitcoin Custody
The problems with passphrases
First post. My AMA on Stacker News. Ask me anything about Nunchuk!
https://stacker.news/items/129571