SLP224 NVK – What Do Most People Get Wrong About Bitcoin Security? Blockclock Mini & Bitcoin Treasuries

Posted in: bitcoin Posted on Posted in: , , ,

What are some common errors that people make when learning how to self custody? Should you use multi signature? Where does NVK agree / disagree with Michael Flaxman? NVK, CEO of CoinKite rejoins me on the show to discuss this and more. 

  • Bitcoin multi signature
  • Bitcoin backups and walletsrecovery.org
  • Bitcoin security
  • Blockclock Mini
  • BitcoinTreasuries.org 

Nvk’s Links:

Sponsors:

Stephan Livera links:

Podcast Transcript:

Stephan Livera:

Rodolfo, welcome back to the show.

NVK:

Hey man. Thanks for having me.

Stephan Livera:

So Rodolfo, there’s been a lot of advancement and development in the recent year or so we have a lot more advancement around, you know, obviously multi signature, so I wanted to get your thoughts on that. I know you have been publicly sort of not anti multisig, but just more cautious to say that it’s more for the advanced users and things like that. So I guess what’s your current thinking on that idea? And at what point do you think it becomes, let’s say accessible for let’s say the intermediate user.

NVK:

Right. So I think I finally sort of like have this more clear mantra right now is if you have to ask, you shouldn’t use it. Because it doesn’t mean you can’t learn and you can’t do it. You totally can, but you’re just not ready to use it right now. Right. And I think a lot of people get caught up in this purgatory between Coinbase, right. And this ultra paranoid set ups that you have to be an expert. Right. So then they end up just staying on Coinbase out of fear. So what I’m trying to sort of like get people on to do now is to get the basics right. Actually, that goes well with that link, I just talked about it actually goes right on this. So I created this quick little sort of very basic rundown.

NVK:

What you should do. It’s Bitcoinsecurity.guide. Okay. So essentially all I’m asking is no matter where you want to go and how far you want to go into security rabbit hole. Okay. Get your coins off exchanges, but do that in a safe, secure, and sort of like a very sort of sane way. Right. But what I’m saying is you essentially you set up a Coldcard, hardwallet, you set up a metal backup seed. Okay. You make a backup seed in metal because I hear the horror stories from support. And then you make a couple of micro SD encrypted backups, just so you have easy recoverability. Right. So what happens here is if you have a very basic backup. Okay and you have a basic setup, that’s an, a hardware wallet, like fairly secure tested right now you can sleep at night. Okay. Yeah. You don’t have the most sort of like anti-fragile system in the world, but against 99% of all the attack surface, all the stuff out there. Okay. You’re safe against. Right. So now you can go and sort of research multisig, you can research services that offer multisig, you can research very complex multisig setups that like truly remove trust from each of the legs. And and you know, you can continue your journey. Right. But like, at least you’re not stuck.

Stephan Livera:

Yeah. That makes a lot of sense. I think it is about progressively taking a person up the levels of security. I suppose someone might say, well, hold on. What about if they just get to a certain level and then, and they, haven’t been kind of taught that, Hey, you need to keep improving your level of security. And maybe that’s where someone like a Michael Flaxman might be coming back and saying, well, hold on, aren’t you leaving yourself vulnerable there to, let’s say the retirement attack let’s say lots of people just trust one hardware wallet manufacturer. And you know, that manufacturer might have put in some kind of deterministic seed generation that the user is unaware of that kind of thing. So I suppose that’s probably the main counter is something like that. But ultimately at the end of the day, you still just have to improve the security and focus on that.

NVK:

Yeah. So and I totally get where he’s coming from. Right. Because that’s kind of like where Coldcard came from. Like I just couldn’t trust anything else. I totally get that issue that he has. Right. it’s fair. Now, I can’t speak for the other wallets, but like we build Coldcard, so you don’t have to trust us. Right. Period. Right. so much so that, like, we just recently released his guide on how to prove to yourself. Right. Verify it and duplicate the dice rolls. Right. So you’re not trusting our silicon period. Okay. So it’s really the last sort of like boundary of tinfoil there that you can go in regards to our hardware. Right. So the retirement attack is like not possible, right. If you duplicate the math on the dice rolls in a separate device.

Stephan Livera:

Yeah. So let’s talk a little bit about that. So I saw the video, you’ve got the rolls.PY can you just talk through, what would that process look like? Let’s say the user wants to do this now. Let’s just know that this is more of an advanced user function. It’s not everyone who can do this, but maybe if you could just talk through what it looks like.

NVK:

Right. Okay. So the idea here is I’ll be very sort of simple in explanation. So the idea here is, right. So on Coldcard, you don’t have to use our random number generator to create your seed. Right even though the math is good, the thing is fine, right? But let’s say you really want to be paranoid. You don’t want to trust. No problem. You can enter your own entropy by throwing dice rolls right now, the criticism of that is while the Coldcard could be lying to you, right. It could be saying, Hey, I’m taking these dice rolls. I’m creating a seed for you from them, but it’s a lie, right. Because they’re not really seeing the code run now, how do you get around that to prove that is not happening? So we created this little mini Python script that you can run on tails. It’s like just a few lines of code literally. And it’s completely verifiable by anyone. And you can use all their tools as well. They’re not this one, but, so what do you do is you, you open tails, right? You have to be really careful if you’re going to do this because you will be exposing the seed to another device. Okay. So let’s say you have tails running on an air gap machine, right. And you have Coldcard beside it. So what you do is you throw the dice, you enter on code card each row. And at the same time you enter each roll on this tool. Right. And you know, these are two separate devices running two different code bases, right. There are different. And both, we will arrive at the same seed. So it proves that debt entropy was used, sorry that the dice entropy was used to generate that seat. Right. You would not be possible for us to know that in advance.

Stephan Livera:

I see. And so how many dice rolls now would be required to make that kind of set up secure? Because like, what if the user just does, like, you know, two or three dice rolls or something like they would have to do enough to make sure it’s actually like sufficient entropy there. Right?

NVK:

So this is the interesting game theory on this stuff. Okay. So, because you’re validating that that portion of the call, the base of the Coldcard is actually like true and honest, right. Like practically you could use like just some rolls right. To make sure that you, added some extra entropy and that should be enough, right. For the practical mind if you’re going to be truly paranoid and do the full entropy it’s 99 dice rolls which is really like, just a few minutes. Right. It’s not the end of the world, but it’s, I don’t believe it’s necessary personally. Because remember, right. Even if we know part of the entropy, we would still have to figure out which of these, like theoretical table of seeds you have, and then sort of figure out the entropy on top of that. Right. And how long that entropy is, like, it gets pretty crazy.

Stephan Livera:

Yeah. I think that makes a sense to me. And I guess, because someone who’s using this, they know that this is just a one-time setup. They might well, just do the 99 dice rolls to make it you know,

NVK:

But what’s nice. Yeah. What’s nice about going through the full entropy process, going through the backup recovery and all that stuff is that if you’ve gone through the full process, right. Like really the full process, you really sleep at night. Right. Because there is no part of that that was not duplicated verified and tested recoverability. Right. So there really is nothing like left in your mind, in terms of concerns about your HODL, like you remember the idea of the whole HODL, it’s pretty hardcore. I mean, like, this is your life savings in a device. Right. So you know, it’s also a fun process to go through the whole setup, but we have videos you can sort of like go through step-by-step it’s not hard. Really. It’s just a time investment. Right? Like you can put a couple hours and be done with it.

Stephan Livera:

Yeah. So with some of the recent conversation around multisignature and that recent episode 215 with Michael Flaxman, I’m curious, cause you had a response thread there. So I guess going back to those ideas, what would you say you agree there? Or what points would you say you disagree on?

NVK:

So it’s kind of funny, like in theory I agree with everything Michael says, right. Like I actually talk to him a lot. So, but the problem is it’s very impractical, right? For most people, even for advanced people, right. Some parts of that set up or are like almost on the edge of you have to be a Bitcoin programmer. Do you know what I mean? It’s like, it’s just deep into that rabbit hole, his second guide is much better. Right. The 10 times more security for, I can’t remember now the name of the guide, but it’s a good guide. And it does like, you know, increase security a lot. I would argue even more than 10 times now again, right. I always go back to this, more complexity means more people will lose money, period. Like that’s just the nature of this stuff. Right. Encryption is great when you have the keys, when you don’t have the keys, encryption sucks.

NVK:

Right. So you know, if you can comfortably follow that guide by all means have fun. Right? I mean, it’s fantastic. Now some of the things that I hear the horror stories, right? From support tickets, because people do email, us in private you know, mentioning some of the things that they come to. I mean, number one is fucking up backups that is for multisig or non-multisig, right? So people need to test recovering the backup before the deposited. Right? You put a little bit of Bitcoin, right? You delete the seed, you recover a seed from your backup. And then you’ll see the Bitcoin showed up again when you recovered a seed, right. And then you tried to sign it out. So if you’ve done the full cycle, you know, that your backups work, so backup is important. Now backup for a multisig is a huge problem, right.

NVK:

Because it’s exponential. So now you have to have you know, like say it’s a two out of three, you have to have three separate backups and these backups cannot be in the same location. So now you need three different locations. Right. Now these locations have to be thought through, right? Like they cannot be easily. You cannot have to have them be easily accessible. Right. It gets three keys. So what are you going to do? Are you going to encrypt those backups? Well, now they’re not like paper or metal anymore. Right. So you’re going to have to have backups of the backups and you’re going to have backups of the encryption keys see, like this thing gets tricky. And then let’s say you use passphrase, right? You have to have backup of the passphrase somewhere else. So it’s amazing how many people get screwed in backups and that’s the backups of the seeds, right?

NVK:

I’m not even talking about backups of the wallet you use. So for Singlesig, this is not as important. It’s still important, not as much today, but you should definitely do it. You have to have a backup of the wallet to use, to generate your wallet. Right. So it, you know is specter, if it’s Electrum, have a backup of the version, the last known working version for you, right? Because time will pass, you will pass and people won’t know how to recover their wallet. Right. They might not know the derivation paths and all that stuff. So with Singlesig is a little bit more simple, right? Cause you could have just a derivation path and you’re good ish. Now with MultiSig, you have to have a copy of the redeem script, right? Because the redeem script may vary, right.

NVK:

There might be some awkward way to develop a, decided to write that. And that will matter with legacy addresses, legacy Bitcoin you had to have the order, correct of the signers for the xPubs, when you’re creating your, redeem script. If I’m not wrong if I remember right we’ve with, at least with now, with bech32 SegWit, you don’t have to have the order right in most scripts. So that’s a little bit better, but still you don’t have a backup USB drive. Doesn’t have to be encrypted, nothing, just put a copy of the current software you using in it. If you’re using Coldcard, you can export your wallet, a skeleton out of Coldcard into the micro SD, encrypted or not. And that’s enough for you for anybody to recover that in case you’re not around, they cannot explain.

NVK:

So that’s a massive one for multisig problems that we hear. It’s like, Oh, I had a multisig on Electrum five years ago. I only have one backup. I have two working wallets. So technically I could sign but I don’t know what script I use and it you know, it gets tricky. And then in did their vision path is important because you still have to also find the coins, right. Some wallets don’t have standard derivation depth. Right? So that could get tricky. You could simply not find the coins, even though you could sign for them.

Stephan Livera:

It’s quite scary. Right. And I think some of these stories are in fairness cases of people using older software, maybe they haven’t been following the discussion as much, and they’re not using the latest stuff and doing the correct kind of backups and things. But I think you’re right. The point is try to use standard setups such that you don’t lose things. But I guess maybe for some of these people it’s that they don’t know what the standard set up is, would you say that’s true or not?

NVK:

Well, I mean the reality, the truth of the matter on this is that in Bitcoin, there is no right way and wrong way. There is best way and worst way, right? I mean, you’re free to do whatever you want, especially as a dev, you’re free to write your software, however you want. If the signature is valid to the network, well, that’s all the network cares about. Right?

Stephan Livera:

Sure.

NVK:

So they may choose to do this however they want. And then like different software have different purposes. Right. For example, Wasabi have non-standard derivation paths because it was designed for you to do mixing. Right. you know, and then you have you know, like we have standards, but you know, they’re more like guidelines right, they’re not like a lot of these standards are not required standards in order for things to work. So you have to be really careful you know, it could be that the dev, especially of a closed source wallet could could do things in a way that’s non-standard and nobody would know until they go away. Right. And it was not malicious or anything, it’s just they thought were doing it right. It’s tricky. Right. So that’s why, you know, we created the wallets recovery.org. Because we just wanted a repository of like derivation paths and ideally some notes about their script.

Stephan Livera:

Yeah walletsrecovery.org is a great site. And yeah. So I guess maybe talking about standards and standard setups for the typical person, who’s just using single signature. They, well, I guess in terms of backups, that person should have a metal seed backup for their hardware wallet. And then they should ideally also have the, like you said, the skeleton wallet files, so they can easily recover it into, you know, Electrum or Specter and things like that. And then they also want to think about if they’ve got a passphrase, is that also backed up?

NVK:

Yeah. So what I have here on that Bitcoin security guide is so keep it simple. And then learn the 10 commandments of self custody. People can go look that up later. And then, so, you know, you get your Coldcard, you set it up, right? Like, can you set it up with the guides that we have that explained to you everything and why? Okay. And then you get your seedplate, you mark your 24 words. Now you have a metal backup right. Then you get the microSD and you make a backup of the Coldcard, because that would also save the wallet details. Right. So that would make our life a lot simpler in case you need to recover due to loss or breakage or path or whatever. And then if you’re going to use a passphrase, great I recommend people using choosing words from BIP39 words for their passphrase.

NVK:

So at least if they get hit their head on a, on a pole it’s gonna be easier for them to remember from a certain subset of words. Right and then, and then have another metal backup of that passphrase in a different geographical location. Okay. Anything that is a key, has to have a backup. And then what you do is you test everything and then you’re going to choose a wallet. Right. I recommend a fully noded Specter Electrum blue wallet or wasabi. There’s a few other ones. They’re still sort of like growing up but these are sort of fairly solid. Right and then you make a backup of those. And then make yeah, you make a backup of that. And then like the key here is after you’re all set up. Okay. You’ll send a little bit of Bitcoin to the wallet, this counts for multisig as well. You send a little bit to the wallet and then you delete the seed from the hardware wallets. You recover the seed from your backups into the hardware wallets, and then you see the amount showed up and then you can sign it. So if you went through that, then you’re good to go, right. Like you really, truly good to go. Because you don’t depend on any part of this in order to have your funds recovered somewhere else.

Stephan Livera:

Right? Yeah. I think that the suggestion there to test your backup before you put in your real you know put in the real money is definitely a good one. I think in practice, a lot of people in the industry just started on, you know, maybe in the early days they just had like a web wallet or a phone wallet, and then they advanced up to having say a Trezor or ledger. And then a lot of them now are trying out Coldcard. And then at that point then, you know, maybe they started to learn putting on passphrases or no passphrase. And then, yeah, potentially once they’ve sort of, they’re feeling comfortable with these things, then the next level could be to use a multisig setup where in the example, if we’re using, you know, Michael Flaxman’s guide, you could have a Coldcard, a Cobo, and then the seed picker.

Stephan Livera:

And then I guess what you could do is because you’re using Multisig, you could sort of say, okay, I’m gonna take a few more simplified assumptions here. Like I’m not going to have a passphrase on that because I’m using multisig anyway. And I guess what you could do is have three metal seed backups, and you could keep each of those with their respective device. AgainsSo long as each of them is in like a safe location. Maybe you’ve got safety deposit boxes, or you have safes in different places. And then for each location you would obviously keep that a wallet backup file as well on like a USB stick with each one. So I guess that would be kind of stepping towards better practice and then even more advanced would be stuff like passphrases and stuff like that. So I guess that’s kind of how I’m thinking of it in terms of progressing through the levels of self sovereign security.

NVK:

Yeah. No, I think that’s perfect, right? Because the beauty of this is that the first step is already secure enough for most people right. For the kind of money that these people are gonna probably put in. And like, I think like a good rule of thumb in Bitcoin is like always set up your security as if the amount of Bitcoin you have is worth 10 to 50 times more. Right. Because that could happen like in a few months. And, then like, you’re not like scrambling right. To do things fast and sort of like you’re not in a rush because it’s like people in a rush fucks up. Right. You really want to sort of put the time and care to get the stuff done. Right.

Stephan Livera:

Absolutely. So let’s chat a little bit about the state of multisignature wallets. What are your thoughts on the current crop of multisig wallets?

NVK:

I think like, I mean, it’s quite amazing how much things have progressed, right. For all the hate on UX. I think things are going forward like, well multisig is not a simple problem, even though it may look that way. We used to have like some reasonably good multisig wallets that are no longer around. Back then and then sort of like there was dispirited where like the only place that you could have like a reasonably compatible Multisig wallet, with multiple hardware wallets was Electrum, Electrum is not necessarily bad. The problem with Electrum is that is not simple. And it does create room for you to fuck up. So that’s why I don’t like recommending it for the average person. Now, I think Specter has done a tremendous job. It’s really good. The multisig is easy.

NVK:

This is young software, so there’s still in old bugs here and there, but they’re not like money losing bugs. And another plus of specter is that is essentially a front end for Bitcoin core. Right. So a lot of the Bitcoin stuff is done actually on the Bitcoin core just via the API. So that’s a great thing. So essentially using your own node and you’re having Bitcoin core, which is fairly well sort of researched software, doing a lot of the hard stuff. And then there is a Lily wallet it’s really cool as well. It’s fairly young, right? It’s still sort of, you could, you should consider it alpha kind of thing. But, but it has a lot of promise. It’s fantastic UI. The software is beautiful. What else? the Blue wallet, it just started to launch something that reminds me a bit of the old retired copay wallet.

Stephan Livera:

Yeah.

NVK:

So Copay wallet was surprisingly good if you didn’t have too many UTXOs then, then it was a disaster. It’s good. Then it was retired, but but yeah, so blue wallet is doing some interesting UI stuff because another concern of multisig is coordination, right? A lot of people think like, you know, you’re thinking multisig just for yourself, but a lot of times multisig is between you and other people. So having coordination of the multisig signing ceremony, if you want to call it is very important. And I think Blue wallet it is really sort of working well in that. Yeah, those are the ones I have played with recently.

Stephan Livera:

Gotcha. Yeah. And then there’s this interesting one Nunchuk by Hugo . So it’ll be interesting to see what comes there?

NVK:

I’m totally looking forward to try it. So another story, another thing that’s important is if you’re going to use a hardware wallet like make sure the hardware wallet is PSBT compatible or at a minimum HWI compatible. Okay. HWI it’s an Andrew Chow project to connect hardware wallet to Bitcoin core. Okay. Because hardware, wallets could go away. They could choose to abandon Bitcoin. Right. And then great. You have this electronic device that now you cannot make it talk to your software wallet to sign transactions. Right. So, I mean, it is my opinion that no one should be using a hardware wallet doesn’t support PSBT anymore. It’s Bitcoin partially signed transaction file. And because at least with that, you know, that’s future compatible, right. You know, that even if the vendor decides not to support Electrum anymore, Electrum supports PSBT. So you’re good to go. Right. we really want to remove this crutches out of this project.

Stephan Livera:

It seems to me like the industry is slowly is getting around to that message. And certainly I’m more, a lot more comfortable using PSBT while it’s myself also, just because it’s just easier to work with other pieces of software in the, in the ecosystem. So in terms of hardware wallets, are you bullish or bearish on QR codes?

NVK:

So QR’s are really cool, right? I mean, I love QR per se. Right? The problem with QRs is data bandwidth right. The data bandwidth from QR is garbage, is very tiny, especially with small screens and the camera resolution. So it’s actually, in my opinion, doomed for multisig because you’re gonna need big screens and you’re going to do animated QRs to do any multisig work because the PSBT files are going to be large. And as the complexity of these multisig setups grow they could become even bigger. Right. So then they won’t fit at all on a QR that fits in a reasonably sized screen of a hardware wallet. Right. so then you’re stuck and you’re not necessarily gaining any more security. The QR are not more secured in micro SD, right? Unlike people love to believe that, but based to data, right?

NVK:

Like you’re passing around data. I could make the case that QR is worst than a micro SD for security, because at least on the micro SD, the data is visible. Right. so you can see the data and you can verify it. You can even sanitise that, or you can use a computer to pass that information to another micro CU or sort of like, you can create some incentives for attackers to know that they’ll be wasting their time. Right. with QRS though, you’re sending the data directly to the device. And one I’ve seen some of the implementations around the QR stuff. They’re trash, nobody’s really checking or doing real security on the data coming through the QR. And to actually there was an attack if I remember correctly, not true, not Bitcoin related, but it was there were some malware going through QR because, or no, actually, no, it was Bitcoin.

NVK:

There was some attack. If I remember it was essentially the, because a lot of wallets out there just sort of fork source code, they, they use the QR generation code that they found them on github. And the attacker changed the, the, the, this, this library to generate, to generate known addresses that were his so yeah, exactly. Right. So it’s tricky, right? Because it is not visible, human skin are read QR Codes. Right. So you’d have to, do you want to double check that QR because you can’t trust it? This is not to FUD it, right. Like the chances of some of this stuff happening, especially in hardware wallets are much lower. Right. But it sort of falls into the same category, same category as micro SDs Right. Is there a gap? Right. So micro SD’s and QR’s are gap.

NVK:

So they do prevent synchronous attacks. Right? So remote attacks you used to have to recover. What do you try to attack? Although with the QR. You could, it’s kind of bad because you could send them like addresses that are not yours. Right. now I still think these things are much better than USB. I mean, you know, harder wallet should be plugged into the USD like period. Okay. It’s just not air gap that is stupid spatially. If the hardware wallet doesn’t have a secure element, right. You’re opening yourself for being attacked as, especially as the price goes up and the reward for the attacker grows USB is a cluster fuck.

Stephan Livera:

Okay. Few things I want to talk about there. So with the QR code, I suppose the counter-argument might be, well, it may be, you know, it’ll be animated gifs and it will just, even if it, with a small screen, it can just still be conveyed that info can still be conveyed to, you know, between a computer and the hardware wallets using the QR codes.

NVK:

Not necessarily if the transaction is big enough, not even animated will do the job.

Stephan Livera:

I see. Yeah. And this would be like, and there’s been discussion about this as well for, I think, multisig where there’s lots of UTXOs that are going into that transaction, making it a big one, and then therefore it’s harder and harder to make it fit and things like that.

NVK:

Yeah. Yeah. But remember, I just this is exponential problem, right? So the file, it’s the redeem script as well, right? It’s the whole signature because you have, it’s quite routing. So you have to have a signature on top of signature and to have a signature, right. So the data grows exponentially

Stephan Livera:

With the QR code, I guess, the attack you were talking about it and maybe that’s sort of analogous to a SQL injection style attack where you know, there’s like a website there and people try to hack it by doing certain codes that might manipulate the database in the background and things like that. And I guess in this case the attacker, I might try to change the way the QR code is operating such that, you know, you’re spending to their address or things like that. And I guess it would I’d hope it would be down to whether the hardware wallet correctly shows the user, Hey, I’m about to sign a transaction for, you know, 0.1 Bitcoin, to this address at that point. Right.

NVK:

It’s more than that. So the attack could be happening on a website, right. Where you want to send the Bitcoin to, which that’s easy, that’s more easier to foil, right. Because if the hardware wallet is doing it right, they’re also showing you the address, right. The transaction, you want to sign the change output, like they’re showing all the stuff right. For you to verify before you sign it. The problem with QRs on the other end, right? So having the QR on a hardware wallet for you to scan from another hardware wallet, for example or even the code reads the QR you, you could try to one, like make fake addresses, show up on the hardware wallet itself, right. So deposit addresses it’s tricky that way. So I think ultimately like the best sanity check for anyone, it doesn’t matter how like advanced or not you are, is before you sign a transaction, always verify the address and either verify the change address, or at least make sure that you have a hardware wallet that does that for you.

NVK:

Very important, because there’s a lot of, like one of the like recently there was a grief attack where you would send the change to a different address. Right it was a trick that they were doing because BIP143 there is an issue with PSBT and a flaw on how SegWit addresses are signed. So you could, you could essentially reconstruct a PSBT with two signatures and sort of show a fake somebody else’s change address. And you would still sort of look valid.

Stephan Livera:

Yeah. Scary stuff. But I think, again, these are, some of these are kind of more in the, you know, the edge case.

NVK:

They totally are. And that’s, I’m saying, right. Like, you’re pretty safe if you’re a device, like, it’s sort of like, think of them as like that’s why the whole Bitcoin 10 commandments of self custody. It’s like, there’s just basic things you do. Right. And you’re like 99.999% safer. Right. It’s like, just check backups, check stuff before you sign. Right. don’t plug the device on a computer, like you know, other, for somebody to foil those very basic things, they have to be like, like nation states, the NSA level people. Right. Like and they would probably need to have physical access to your house. So you can get to that level with very little effort just do the basics.

Stephan Livera:

Okay. And so, in terms of hardware, wallets over the next couple of years, I guess you’re seeing it, like, it’s not like every, it’s not like we’re all going to become QR code maximalists, but it’s more going to be more like maybe people who want to do multisig, will use some combo of different wallets, and some of them might be QR codes and some of them might offer SD card and that’s kind of how you see it developing.

NVK:

Yeah. So you know, having QR codes and cameras do increase the cost, right. You, you cannot make a physically secure device that is truly open source, you know, and sell for less than say 250 or 350, $300. Right. so you know, cheaper devices that offer all the things, you know, it gets tricky right, it’s like you’re kind of getting what you pay for. And then you know, and then depends on also architecture and how people are doing the, openness of their wallet. And and then, you know, like, I don’t believe QR codes are super future proof in the same way that I think micro SDs are, but, you know, I think that you should just support both, right? Like ideally you have a wallet that does both.

NVK:

And then you know, you want wallets that don’t support shitcoins.I think that the touch touch screen FUD is completely overblown. You know, it’s totally like the level that you have to be in, if you’re doing the touch screen right. For you to attack it is too high. So like, it’s totally fine to have touch screens. And then you can have two devices, right? Like you can have like a device that’s like super simple, like Coldcard Mark 3, that does essentially like completely sanitized the things that could be a, an attack factor. And you can also have, you know, some other device that does QR’s, right? Like you wanna with complexity comes more attack surface, right. So if you’re going to have devices that do more things, you have to know that they’re coming from people that, you know, you trusted before security, and, you know, it’s tricky, you don’t want to trust anyone. But you can definitely leverage some trust heuristics, right. To be more practical and know what parts are worth verifying.

Stephan Livera:

Yeah, sure. And, maybe that we see more of a range of different options too. So there may be some that are kind of more at the low end. And then as you were saying that, you know, if you want it to make the kind of device with all the bells and whistles, and that might cost 300 or 350 US dollars, well, for someone who’s storing, you know, millions of dollars, that’s might be well worthwhile for them to have multiple of those kinds of devices.

NVK:

Well, I mean, there’s people who store tens of millions of dollars in paper wallets right. You know, I’ve seen people with millions of dollars in open dimes, you know, I really don’t recommend that. I’ve there’s lots of people who store like fortunes on Coldcards, right? Like, it’s I think what’s important here is, as your HODL grows, you need to sort of like do your own research. Right. You have to figure out and you have to try to really remove the points of failure, right? Like the single points of failure from your setup. One thing that I find cool is that have once a year a little sort of like a tradition of double checking or backups, for example, right? Yeah. Double-Check is there’s still there that that your electronic backups, not just for Bitcoin, right. For everything really, double-check to the things are still sort of recoverable because backups are not useful if they’re not recoverable.

Stephan Livera:

Yeah.Of course. You might find that, you know the USB drive has gone bad or something has gone wrong with it, and yeah, certainly you want to, you want to be regularly testing those things. Anything you can tease in terms of upcoming Coldcard stuff?

NVK:

So we are working on you know more devices, right? Like that never ends for us. We, you know, we took a little block clock mini detour there that, I dunno why we make those products like, I mean, they’re super fun, right? Like they sell and all that, but like, it’s amazing how much, like this kind of stuff really like detracts. Right. so so we do, so our plan is to have a like Coldcard mark three or some revision of it as is because it is freaking secure, right. Like it’s super secure device. So we don’t believe it needs too much change, it will be always fun to sort of make some upgrades here and there. But we believe a device around that price point is important to be around forever. And then we’re building a sort of like a Cadillac kind of thing, right. Where you’d have all the fun features, it’s a product that’s been sort of in the making for a long time, sort of as a side internal project. I hope that who knows maybe a late next year or something, you’ll see it this device will be pretty cool. Yeah. But, you know, we wanna focus on the stuff that people are using of ours and sort of get that maintained and well featured. Of course.

Stephan Livera:

Yeah I’m a big fan as well. And all your listeners, if you’re not aware, make sure you use my code Livera when you’re on Coinkite.com. And also, why don’t you want to chat about the Blockclock mini? So I’ve ordered mine. Tell us a little bit about it.

NVK:

Oh, you haven’t got yours yet. Oh man. So so you know, many people who listen to the show probably know the original Blockclock some refer to it as the OG Blockclock it was sort of like an electrical mechanical device to display Bitcoin data, right. And price, and use those digits that you find in train stations. It was fun but it was bit on the pricey aside. So

Stephan Livera:

Yeah, it was like 10K wasn’t it?

NVK:

Oh, 5K.

NVK:

You know, it’s like handmade it, you know, we went sort of like, listen, we want to make the ultimate device for Bitcoin 10 year anniversary. Right.

Stephan Livera:

Yeah.

NVK:

So we’ve been sort of like as a side project, we were sort of trying to come up with something again novel, right. Because it’s easy to make a screen that shows data. Right. so we wanted something a little bit more more, more novel and we’ve been playing with with e-ink displays. So we’ve decided to make another data display another sort of Bitcoin device that this one sort of uses seven E ink displays beside each other. And they can all be used as like sort of single digits to show price big, or you can have like the you can have all the block data, the height and the difficulty. And we’re going to be adding sort of like more API’s. And this device also has a USB port for you to plug opendimes. And you it’s really cool because you can check the value, you can initialize them, you can verify them. So if you’re using it as like a, you know, if you have kids and it’s like their piggy bank, you can just plug it in to check the balance.

Stephan Livera:

That’s very cool. Yeah. I’m looking forward to getting mine. Yeah,

NVK:

Yeah. It’s a pretty device. That, was the idea. It’s like a sort of like an artistic piece in a way.

Stephan Livera:

Yeah. So it’s got how many digits does it have? I’m just wondering when roughly when we’ll need to get a new one or it’s planned obsolescence, right. You said seven?

NVK:

Yes. Has seven digits.

Stephan Livera:

So that’s good to what a mill or just –

NVK:

Yeah next year. Yeah.Just in case, this is an actual concern for some people we actually have to deal with those problems already. Right. So for example, if you use Japan Yen you know, we have to show big numbers. So the clock knows how to change it into other forms of a number. So we can show mills, we can, you know, we can use that there is some scientific notations there, some options that solve a lot of those problems.

Stephan Livera:

Nice. Yeah. and also we’ve got a chat about Bitcoin treasuries, which is a great website. Tell us how you got that idea.

NVK:

So you know, I started to see like, all these updates right. Companies starting to, you know, you always had GBTC and, you know, those aren’t necessarily treasuries, but, you know it’s non-ignorable sums of Bitcoin. Right. I think there are 4-6 billion worth of BTC now. And then when MicroStrategy announced their HODL, which is also not ignorable I was very curious if there was a place for me to keep track of this. Right. I want it to be able to just go look and among other indicators that I want to know about those companies. So, Hey, and Oh, what would you do when you can’t find something? You make it yourself.

Stephan Livera:

Yeah. And you’re just like our friend, Matt Odell, you’re a bit of a domain name guy. He loved to hoard the domain names, or love to HODL domain names. Oh yeah.

NVK:

It’s fun. It’s fun to have a Bitcoin domains. It’s also good for meaning, right. Like I get tired of, of like repeating myself on Twitter, so you can just go like, you know, everything’s good for bitcoin.com you know, like Bitcoin fixes everything.com.

Stephan Livera:

Well, I think it’s very cool. And what we’re going to see is a lot more companies joining that list. I’m sure. So what kind of criteria do you have, do they need to be public companies or is there a kind of like a certain minimum threshold? Otherwise you’re just going to have companies who are saying, Oh yeah, we’ve got like six Bitcoins let’s can you put us on the list?

NVK:

Yeah. So, so this actually happened. So so I started this with only publicly traded companies. Right. And I had an explanation of why not Tahini’s. Right. and the thing about public companies is that the information is public. Right. And they’re liable for it. So sure. There is some accounting lying that, you know, public companies do, Hello Enron! But you know, but at least it’s a heuristic where like, you have something that like, I can trust ish, right. At least for a non, like a, for entertainment purposes website. So so public traded company is great and it’s really cool because you also have access to very easy to their market capitalization. So, you know, the percentage of the HODL versus their size of the company. So, that part is really fun.

NVK:

So I added, you know, the ones, the public traded companies that were available, they had it, and there’s quite a few actually quite a few actually in Canada. And I think a couple in Australia Canada has a, a very interesting is a polite way of saying how the stock. How companies are public company companies are open in Canada. Most of the time they are reverse takeovers for debt. So anyways so, you know, listed them they’re all there. And then and then there is all the ETF like products, right. I call them ETF like so Greyscale Coinshares, 3Q and UTC group, and some other one there. Those those are sort of like you know, they have a claim on BTC on your behalf, right.

NVK:

They don’t necessarily even have the BTC on custody. I think some of them it’s called assets under management. But the amounts are very big and most of those do have also public numbers, so fun to show right. And then and then there were all, they’re sort of like three companies that, that had you know, like trustworthy, like they’re private company. So, you know, you have to take it with a grain of salt, but these are big sort of trusted ish companies that, or at least, you know, they had to do some certified accounting for the shareholders and they make that public. So I created a little threshold for a private companies, $50 million worth of Bitcoin. And they have to pass the smell test.

NVK:

Even though one did that I think that Tezos foundation, right. I mean, like clearly a scam, but a legal scam. And it’s funny, right. That they hold a ton of BTC. They have $300 million worth of BTC and there’s block one. I can’t even remember what scam that one was, but, you know, they, they have like almost $2 billion worth of BTC.

Stephan Livera:

Yeah, that’s crazy. And then, I mean, the cool, yeah. The cool thing is you show the basis price, what they paid for it, and then what it’s worth today. So really if you send people there, it can really drive some FOMO hey.

NVK:

Yeah. So, so that was like, my, my, my first like need was for me to see it right. To have a place that tracks it. The second purpose was to create FOMO. Right. You know, it’s a tiny little website on the internet, but Hey, you know, it’s like competitive people need scoreboards, right. So you, you know, you want a place for this guy to go and see, Hey, you know, I’m not on the scoreboard or I clearly have too little, right. This is, and there’s a reason why this is the reason why this is sorted by total, today’s total value, right. It’s like, today’s total amount of Bitcoin that this companies have. That’s the sorting there. And then to the right of that, it shows the percentage of all Bitcoin that they have. So MicroStrategy, is at a two basis point a respectable two basis point there?

Stephan Livera:

Yeah. So they’ve got 38,250 Bitcoins and it’s 0.182% of all Bitcoins, is that all of all Bitcoins that will ever exist or the current?

NVK:

The, the total don’t ever exist.

Stephan Livera:

Of the 21 million. Yeah. Or just under, yeah. Right. So, listeners you can go to bitcointreasuries.org, if you want to see this one. But yeah, that’s a very cool one. So Rodolfo, do you have any predictions on what companies might be next out of the big ones?

NVK:

So I think like a much more important announcement than Microstrategy was to the actual, like markets was the Square white paper, right. Because, you know, MicroStrategy is cool and all, but it, you know, he, he’s going to be considered sort of like a smart lunatic. Right. And most companies don’t have cash either. Right. So they don’t have the kind of treasury percentage anyways. But what square did do is super important. This is a monster, right? I mean, like square is like $70 billion company. And that’s not to count Twitter, which is sort of sister company too. Right. So Square buying, even just one basis point in Bitcoin, but with the kind of pull that they have create the framework for other public traded companies to buy Bitcoin is a big deal that investment white paper that they created is a very big deal.

NVK:

And what I think people may not know is that the way this public companies work is like, it’s slow, right. For them to sort of do things special, regular, like the regulatory side the paper does accelerate, but we probably won’t see companies like a large amount of them doing this, like buying Bitcoin on their treasuries up until unless the price goes crazy. Right. If Bitcoin price is like $50,000 next week, we’re gonna probably see like a wave of that. But, you know, the price keeps on sort of like kind of inching up. Those guys are gonna take their time and, you know, we’re gonna probably see this stuff on, like either Q4 this year, like late you’re four, or maybe Q2 next year. You’ll take them a bit of time to sort of catch up and then you’re going to start seeing them trickling in and then the FOMO’s gonna really build.

Stephan Livera:

Yeah. And I think the other important factor is corporate DCA, right? Just regular buying of company, like companies who are buying Bitcoin regularly. So I imagine square, they’re probably not finished with buying Bitcoin, right?

NVK:

Yeah, I mean, like and it’s very possible that they’re not even buying on the market. Right. Like maybe they’re just buying from their users there are selling too, right. It much cheaper way for you to accumulate, then you’re avoiding external fees. Right. so you buy on the behalf of the user, but when the users decide to sell, then you take it off their hands. Right. It just goes back into this pool.I don’t, I haven’t looked enough for how they are doing their treasuries and, and like how they’re managing the BTC of the users either to have an answer here. But are you going to see a lot of that? And I think the main difference now than, the last bull run is you know, last bull run with essentially like, you know, Joe with a hundred bucks buying Bitcoin, right. When you have like large companies and publicly traded companies coming into this space, you know, it’s that one of their purchase is equivalent to that retail that came in last time at the same time, like all of it, right. Like, it’s like these guys can move with all the Joe’s did that day, you know, in a single day plus. Right. I think Saylor was mentioning that you don’t move the market by and last and, you know, $70 million or something per day.

Stephan Livera:

Yeah. It’s wild to think about. Yeah. And do you see it like, well, okay. I think at some point we’re going to see the whole corporate level FOMO. So I wonder if some of these corporates actually going to be really weak hands relative to some of the more hardened individuals in this space?

NVK:

I don’t know. I don’t know, but I don’t think it’s, so it’ll depend on their corporate structures. Right. Because it’s not that simple on this kind of like very complex entities, you know, most most publicly traded companies, the CEO don’t have the kind of power that, you know, Saylor does, or that Jack does inside their companies. Right. They can’t just do whatever they want, so they might have in place some policies about cutting losses. Right. So, that might actually dampen some of the, some of the volatility because you see those just happening. Right. so that’s one thing depending on the timing, right? Like, I mean, you know, if some of these companies, like, let’s say, I don’t know, like let’s say another company comes in buys 5%, 10% of their treasury in Bitcoin.

NVK:

Right. You know, and did they necessarily, they’re not a Bitcoin believer. They don’t care about Bitcoin. Right. Is this just another asset that looks right and you buy it right. Yep. If they’re sort of like forced to hold that with like nice appreciation, right. You know, in Bitcoin terms slow so it’s doubling every year kind of thing. Right they probably wouldn’t they probably wouldn’t touch it. Right. Especially if it’s only 5% of their HODL. Now, if a company like that finds itself in a position where that 10% they have a treasury now goes a 100X and that becomes bigger. Right. Then their actual treasuries are the other 90% of the companies balance sheet. It’s very likely, they would at least liquidate half because like, you know, those guys are not like believers. They’re not just like, that’s just prudent right. In their minds. Right.

Stephan Livera:

They’ll rebalance it back down.

NVK:

Would have some policy to handle that. But I think what’s going to happen is you’re going to see just like, there’ll be the growing pains. Right. Of like public and large entities learning how to deal with Bitcoin on the balance sheet. It’s not a simple problem when it’s not your personal cash. Right. Your personal cash is easy. Right. Like, you know, it sucks. You feel your gut wrench, maybe you shit your pants, right. When the Bitcoin price like, completely like flattens, like it hits the ground. It’s like, you know, after a bull run, right. Like that’s just a personal vomit situation, right? Like, it’s your own personal choice on how to handle that now when it’s a large company or whatever that has like a responsibility to all their their employees and all the do and the creditors and everything else, like they’re going to have to have ways of dealing with that, with that volatility or, or that possible, maybe not daily volatility, but like this sort of like long-term crash cycles. Right they’re going to probably have to figure out how to deal with that. It’s not a simple problem.

Stephan Livera:

Yeah. And I mean, it also does depend on you know, how crazy the cycles get and whether this is the, you know, the final cycle now, I think it’s unlikely, but I guess that, that’s my recent discussion with Preston reminded me of that as well. What’s your view on kind of what’s the earliest you could sort of see it happening and like the latest that you could say that idea of the hitting that knee of the S-curve such that, you know, the four year cycles.

NVK:

Yeah so I don’t buy the final cycle fury, just because I don’t think the MMT people are dumb. I think they’re a very misguided evil or whatever. Right. But I mean, just think about this, right? Like, it’s like, it’s a very evil, but one of the wonders of the world where they managed to, to do for the world, not to end after 2008, right. I mean, you know, they completely rebalanced, right. Like the purchasing power, like they, they screwed where people, but they didn’t cause Wars. Right. it, you know, I completely disagree with how everything was managed. Right. And we’re going to pay for all debt in the long-term, and these guys are playing a different timescale, but you can’t deny right. That they managed to keep the world from ending. And, and that took a lot of skill.

NVK:

So I think with the amount of cash, the amount of power those guys have if bitcoin looks like is entering a kind of like a final cycle kind of situation, I think they can do a lot to control that it could be a slow boiling frog situation. Right. That’s where you end up where they can just manage it. And instead of just letting it go, so that at least they saved their assets on two, three election cycles. Right. And I think most Western countries can save one or two election cycles, even in a sort of end of the world situation financially. You know, you can always invade another country, well, steal their shit right. Like, I mean, this is not new, right. Like go drop some bombs, man. It’s like, you know, they’ll find a way, right.

NVK:

I’m like, dude, guys.

Stephan Livera:

Distracted.

NVK:

This guys are not going down quiet. Right. This is what I think. Maybe people miss this is not going to be pain free. And so anyways I think even though like, you know, I don’t hear chatter anymore between like large older olders about like, sort of like selling price selling price. Right. So like people used to have, especially back in the day, it’s like, Oh, if he reaches X amount, I’m going to probably liquidate, you know, 10, 20%, whatever it was. Right. So that it, you know, I can sort of mitigate some of the Bitcoin risks. Right. Because if you’ve been in Bitcoin for long enough, you remember when Bitcoin was definitely an experiment that will probably end and then slowly switching to my end may not end it’s not likely to end, right.

NVK:

So, you know, people sort of had different risk profiles through this time. So I think a lot of these old coins there were like going to be sold, have been already sold at the last cycle. Right. That’s when you had like individuals dumping a hundred million dollars of personal Bitcoin so that they could, you know, buy a lot of Lamborghinis. So I think that phase of Bitcoin, you know, there’s always going to be some, but I think that phase of Bitcoin in terms of like a large amount is sort of done now right. So that’s one interesting heuristics. That’s an interesting thing because there’s, it means there’s going to be a lot less Bitcoin available, right. To buy, now this Bitcoin might come back as through loans, right. So this guys might be taking Bitcoin backed loans.

NVK:

Right. So their coins might actually be coming back into the market rehypothecate it. Right. And may show up on the exchanges as liquidity. I don’t know I guess some of that will happen. But so anyway so what I think is gonna, like, it’s more likely to happen is we’re going to have a run-up it’s going to be some absurd number. And then if we don’t have a new wave of entities right. For that size now, so like a lot of public companies, or just like very large private funds or some sovereigns coming in to pick up some of that, you might have like an awesome, awesome crash, Bitcoin is like, you know, say not even too crazy. Right. So like $150,000, it crashes all the way down to 25. Right.

Stephan Livera:

And then Peter Schiff will come out and say, Oh, look, Bitcoin is dead guys.

NVK:

That’s right. Right. I think that’s right.That’s a very possible scenario, but again, because it’s a very possible scenario, it’s already in the models that people are building on how they want to trade that out. Right. So it might not happen that way just because it’s impossible to know. It’s just interesting to see you know, as usual, if you’re day trading Bitcoin, and you’re not like a really, really good at that, you’re going to probably lose money. So, you know, just buy Bitcoin and HODL.

Stephan Livera:

That’s all right. Stack them and hold. So listeners, make sure you follow Rodolfo on Twitter @NVK and go to coinkite.com and Rodolfo anything else you want the listeners to know?

NVK:

No, I think it, most of it, like just follow me on Twitter and you know, go check out our products, like Opendime Coldcard and Seedplate and Blockclock mini, and there is more coming. I want your sats.

Stephan Livera:

Awesome. Thanks for joining me.

NVK:

Thank you.

Leave a Reply