• Fifteen years of tooling, same result
• The decision gauntlet
• How people actually lose bitcoin
• The industry knows this
• What would actually move the needle
• The uncomfortable truth

§Fifteen years of tooling, same result

#Bitcoin has had self-custody wallets since 2009. Electrum shipped in 2011. Hardware wallets have been around since 2014. Multisig, seed phrases, encrypted backups, air-gapped signing – all of it exists and works. The technology is mature.

And yet most people still keep their coins on exchanges.

The usual explanation is that people are lazy or uneducated. I don’t think that’s it. I think the real problem is that self-custody forces you through a gauntlet of decisions where the wrong answer can cost you everything, and you have no way to know which answer is wrong until it’s too late.

§The decision gauntlet

Try setting up a hardware wallet for the first time. Within ten minutes you’ll face questions like:

Should you use 12 words or 24? The wallet probably picked for you, but some guides say 24 is more secure. Others say 12 is fine. You Google it, find conflicting answers, and pick one without understanding the actual tradeoff (it barely matters for individual users).

Do you want a passphrase? Also called the 25th word. This is where it gets dangerous. Every passphrase is valid. Enter “dog” and you get one wallet. Enter “Dog” and you get a different one. Enter nothing and you get a third. There’s no error message for a wrong passphrase. It just silently opens a different, empty wallet. People have lost their entire stack because they forgot whether they capitalized a word.

Which derivation path? BIP44, BIP49, BIP84, BIP86. If you restore your seed in a different wallet that uses a different default path, your funds are invisible. They still exist on the blockchain, but the wallet doesn’t show them. You think your money is gone. Maybe it is, maybe you’re just looking at the wrong addresses. Good luck figuring out which.

Where do you store the backup? A piece of paper in a drawer? A metal plate in a safe? A bank deposit box you can’t access on weekends? Split across two locations? Each option has a failure mode that only becomes obvious after the house fire, the flood, or the burglary.

Every one of these questions has a right answer that depends on your specific situation, your threat model, and your technical confidence. The wallet doesn’t know any of that. It just asks the question and waits.

§How people actually lose bitcoin

Here’s what bothers me. When #bitcoin gets lost or stolen, the narrative usually focuses on hacks and scams. But the data tells a different story.

Somewhere between 3 and 4 million BTC is permanently inaccessible. That’s roughly 20% of the supply. Gone forever. The vast majority of that isn’t from exchange hacks or phishing attacks. It’s from people who lost their seed phrase, forgot their passphrase, used a derivation path they can’t remember, or died without leaving instructions.

The failure mode is almost always the same: the user made a reasonable choice that turned out to be wrong, and they had no way to recover.

A passphrase that seemed memorable at the time. A backup stored in one location instead of two. A wallet restored on a different device that didn’t find the funds. These aren’t stupid mistakes. They’re the predictable result of asking non-technical people to make technical decisions with permanent consequences.

And then there are the slow-motion #privacy failures. You reuse an address because that’s what felt natural, and now every transaction you’ve ever made with that address is linked together forever. You consolidate your UTXOs during a low-fee period, and you just connected addresses that were supposed to be separate. Nobody warned you. The wallet didn’t object.

§The industry knows this

Look at what shipped in 2024 and 2025. Bitkey from Block builds 2-of-3 multisig into the default setup. You hold two keys, Block holds a third in escrow, and you can always recover even if you lose one. The entire design philosophy is “recovery should be harder to screw up than initial setup.” That’s a direct response to the passphrase/seed-loss problem.

Fedimint launched its community custody model, where you share custody with trusted community members through ecash. The explicit pitch is that users shouldn’t need to know they’re interacting with #bitcoin at all. The privacy comes from ecash, not from careful UTXO management.

Liana wallet uses miniscript to build time-locked recovery paths. Your primary key works normally, but if you don’t use it for three months, a backup key activates. Inheritance without a lawyer. Accident recovery without seed phrase anxiety.

Zengo replaced seed phrases entirely with multi-party computation. Recovery happens through email, a file backup, and biometric verification. No 12 words to write down. No passphrase to remember.

These are all serious projects. But notice what they have in common: each one is a different answer to the same question. And each one requires you to evaluate yet another approach, understand yet another tradeoff, and trust yet another set of assumptions.

The menu of options keeps growing. The ability to choose well stays the same.

§What would actually move the needle

I think the answer is fewer choices, not better ones.

Stop asking users whether they want a passphrase. Default to a setup with a built-in recovery path, like Liana’s time-locked backup. If someone wants to add a passphrase on top of that, let them opt in. But the safe path should be the path of least resistance.

Stop exposing derivation paths. Pick one standard and make it the only option. If a wallet can’t find funds on its default path, it should automatically scan the common alternatives and tell the user where the money is.

Adopt Silent Payments. BIP 352 lets you publish a single reusable address that generates unique on-chain addresses for every sender. No address reuse, no privacy leak, no decision required. Cake Wallet and BitBox already support it. More wallets should follow.

Build wallets around templates instead of settings. “I want to hold bitcoin long-term” gets you one setup. “I want to spend bitcoin regularly” gets you another. “I want my family to inherit this if I die” gets you a third. The user picks a goal, not a derivation path.

And if all of this sounds like removing freedom, consider what that freedom actually costs. Every decision point is a place where someone can permanently lose money. The freedom to pick a derivation path is also the freedom to pick the wrong one and never find your coins again.

§The uncomfortable truth

Self-custody won’t win because it’s more #security-conscious. It won’t win because Bitcoiners keep telling people to take their coins off exchanges. It won’t win by educating the masses about seed phrases and UTXOs.

It’ll win when someone builds a wallet where the default setup is the safe setup and recovery works without heroics. Where the user never has to evaluate a decision they don’t understand.

The technology for all of this exists today. The UX doesn’t. That’s the gap. And until it closes, most people will keep their coins on Coinbase, knowing full well that it’s someone else’s computer. Because at least when Coinbase messes up, there’s a support number to call.

That’s not laziness. That’s a rational response to a system that punishes you for not being an expert.