Price:

BITCOIN

Bitcoin keepers turn miniscript into automated estate plans

Sunday, May 17, 2026 · from 2 podcasts
Citadel DispatchWhat Bitcoin Did
  • New wallet designs swap seed phrases for collaborative custody, making single-point failure obsolete.
  • Miniscript absolute time-locks create automatic inheritance, removing lawyers and heirs’ helplessness.
  • Developers target wrench attacks with biometric delays, forcing coercion to fail against time.

The risk model for holding Bitcoin is shifting from losing keys to losing your life. Jonathan Pollock, speaking on What Bitcoin Did, argues that self-custody’s structural flaw is that keys can be coerced under duress - the so-called “wrench attack.” His proposed test for any industry solution is simple: it must protect coins even when an attacker knows your exact setup and you are fully compliant.

Pollock outlines BitKey’s “vault” approach: a 2-of-2 multisig requiring two biometric scans separated by a configurable time delay - days or weeks. The goal is to outlast an attacker’s patience. He cites data showing 99% of documented wrench attacks end within a week. Ironically, he suggests the ultimate escape hatch might be sending funds to a KYC exchange during an attack, moving the conflict from a knife point to an identity-verification process an attacker cannot win.

“If the secret is exportable on paper or metal, the hardware has failed to keep its primary secret.”

- Jonathan Pollock, What Bitcoin Did

Concurrently, a parallel evolution is solving the problem of what happens when you can’t sign. On Citadel Dispatch, Ben Kaufman detailed Bitcoin Keeper’s use of Miniscript to create absolute time-locks for inheritance. Users can grant an heir a key that only activates after a preset date - say, two years. If the owner is alive, they simply refresh the lock with an on-chain transaction. If not, the protocol executes the transfer automatically, turning Bitcoin itself into a self-administering trust.

“An owner can give an heir a key that remains inert for a predetermined time, such as two years.”

- Ben Kaufman, Citadel Dispatch

Both developers are converging on a philosophy that user error and personal catastrophe are greater threats than state-level adversaries. Pollock calls seed phrases an “instant compromise” vector and a “DIY project” that burdens users with perfect execution. Kaufman’s Bitcoin Keeper acts as a graduation path, guiding users from mobile hot wallets up to geographically distributed multisig vaults. The aim is to make sophisticated security the default, not the frontier.

The tools are now arguing that the rational choice is shifting. For Pollock, it’s a question of which catastrophic failure you prefer: the political and business risk of an ETF, or the increasingly manageable technical risk of self-custody. For Kaufman, it’s about providing a bridge from pragmatic needs - like Tether for dollar stability - to sovereign Bitcoin savings. The shared goal is to make holding Bitcoin oneself not just an act of defiance, but one of simple, calculated safety.

#Custody#Protocol#Adoption
TetherBitcoinBitcoin KeeperBitkeyMiniscript

Source Intelligence

- Deep dive into what was said in the episodes

Citadel Dispatch
Citadel Dispatch

CD203: HERMANN AND CAREL - ATTACK ON BITCOIN IN SOUTH AFRICAMay 15

  • Coinbase is rebranding its wallet app as 'Base,' positioning it as a Web3 super app akin to WeChat that will include a shitcoin wallet, a social feed, games, and USDC payments.
  • Spectre Wallet launched in 2020 to simplify multisig by connecting directly to Bitcoin Core, eliminating the need for an Electrum server. Ben Kaufman notes the ecosystem now includes many alternatives like Sparrow, Nunchuk, and Kasu.
  • Bitcoin Keeper is a mobile app that guides users from a single-sig hot wallet up to long-term, multisig cold storage and inheritance planning. It supports ten major hardware wallets via QR, file, NFC, or a companion desktop app for USB connections.
  • Bitcoin Keeper's multisig setup uses encrypted 'magic links' stored briefly on its servers for collaboration. Users can share keys, wallet descriptors, or partially signed transactions via these links, QR codes, or files.
  • Ben Kaufman argues multisig provides superior security and fault tolerance for life savings or corporate treasuries, while a single-sig hardware wallet with a passphrase offers simpler plausible deniability for most users.
  • Ben Kaufman says major hardware wallet theft is rare; the primary risk is users mishandling seed backups or falling for social engineering scams that panic them into entering seeds online.
  • Bitcoin Keeper uses Miniscript for inheritance, allowing users to add a time-locked 'inheritance key' that activates after a set period, turning a 2-of-3 multisig into a 2-of-4 or enabling a single-key emergency spend.
  • Ben Kaufman explains Bitcoin Keeper's inheritance uses absolute time locks set to a future date, not relative locks. Users must create an on-chain transaction to renew the time lock, which the app automates but requires a backup update.
  • Bitcoin Keeper monetizes via a subscription tier model: a free tier offers core features, while paid tiers start at $15/month for automated backups, Miniscript, inheritance planning, and a server-key option with spending limits.
  • Bitcoin Keeper supports USDT on Tron, using a BIP85 child seed from the user's main backup and a service called 'gasfree' to pay fees in USDT. The team plans to add swap functionality and support more chains based on demand.
  • Odell notes Argentina's black market has dollarized into Tether on Tron, and Trust Wallet dominates globally due to its Tether support, creating an opportunity for Bitcoin Keeper to attract international users with strong Bitcoin features.
  • Bitcoin Keeper omits Lightning support to focus on long-term savings, reasoning users should separate spending and storage wallets. Ben Kaufman has not deeply explored self-custody Lightning solutions like Spark or Arc.
  • Ben Kaufman observes Bitcoin's financialization is shifting culture toward paper Bitcoin and away from hardcore self-custody, though absolute user numbers for freedom money are still rising and tools are improving.
  • Bitcoin Keeper is building a contacts feature to enable in-app messaging for collaboration and future social recovery. Ben Kaufman views its current Miniscript inheritance as a form of social recovery where trusted parties hold time-locked keys.
#BTC Markets#Adoption#Stablecoins#Protocol#Custody
What Bitcoin Did
What Bitcoin Did

Danny Knowles

The Future of Owning Bitcoin | Jonathan PollockMay 11

  • Jonathan Pollack argues that wrench attacks exploit a structural flaw in self-custody: when something more valuable than Bitcoin is threatened with violence, security collapses because keys can be coerced.
  • Pollack criticizes duress pins and decoy wallets as flawed solutions, noting they rely on deception and don't end the attack - they merely shift the threat location or potentially escalate the attacker's anger.
  • Pollack proposes the wrench attack test: industry solutions should protect Bitcoin even when an attacker knows your setup and you are fully compliant. He believes seedless architectures and transaction-based exit mechanisms offer more protection than instant-compromise seed phrases.
  • BitKey is a seedless multisig wallet with three keys. Pollack explains users hold two keys: one on the hardware and an encrypted app key uploaded to cloud storage, while Block holds a third key that cannot view transactions due to chaincode delegation.
  • Pollack states BitKey's new hardware wallet features a screen to verify all system actions, including transactions, security settings, and recovery configurations, moving beyond simple transaction signing.
  • Pollack argues self-custody products must balance security, recovery, privacy, and ease of use, noting the biggest threat to Bitcoin is often user error rather than external adversaries.
  • Pollack critiques conflating self-reliance as a virtue with lacking good products. His ethos is to enable permissionless money access through safer, easier solutions rather than DIY complexity.
  • Pollack outlines BitKey's proposed wrench attack vault solution: a two-of-two door requiring biometric checks and a configurable time delay, and a self-custody door unlocked after a preset period like two years.
  • Pollack and Danny Knowles discuss a potential final vault destination for stolen keys, suggesting a KYC exchange address might be optimal despite being custodial, as institutions are not susceptible to physical coercion.
  • Pollack believes ETFs offer permissioned price exposure, not permissionless money utility. He argues users must choose between self-custody key risks and political/business risks like forced conversion, custodial fraud, or market restrictions.
  • Pollack views quantum computing as a supply shock risk rather than an existential threat to Bitcoin, preferring a price crash over protocol changes that confiscate coins and break property rights.
  • Pollack defines a hardware wallet as a system needing internet connectivity for wallet functions, not just an air-gapped signing device. He advocates evaluating self-custody as a holistic system covering security, recovery, privacy, and usability.
  • Pollack argues comparing BitKey's full system to a standalone hardware signer like Coldcard is incomplete; one must include the DIY multisig, recovery, and inheritance setups, which BitKey integrates elegantly.
  • Danny Knowles mentions a wrench attack statistic: approximately 50 attacks per week in France this year, citing a friend's report of a London attack where a significant amount was stolen from an exchange.
  • Pollack references James Lopp's GitHub data on wrench attacks: extending the attack duration beyond one week reduces incidents to 1% of listed cases, and no attacks lasted longer than a month.
#Custody#Adoption#ETFs#Privacy

Related Stories