Avatar
Adam Dunlap ⚡️ 4mo ago

The solution to wrench attacks is for hardware wallet providers to integrate variable time locks on their devices.

Imagine setting a 7 day / 30 day / multi-month / year+ time lock directly on your Trezor. You can always reset by wiping device and using recovery seed. Base layer doesn't need to be involved. Store recovery seed in a 2nd location.

This allows for various seed storage options while also eliminating the need to trust a 2nd party when doing it. Multi-sig? No longer needed either.

No one needs access to all their Bitcoin 24/7. People just need the ability to get to it within a reasonable time frame. Wallet level time locks give hodlers this optionality while basically eliminating one of the scariest risks of self-custody.

Reply to this note

Please Login to reply.

Discussion

Avatar
HODL 4mo ago

I’m very pro Timelocks

Avatar
DRE 4mo ago

Coldcards have login countdowns.

Love that feature.

Helps a ton, especially if you don’t have good options to geographically distribute keys

Avatar
michael 4mo ago

high level, how does that work?

Avatar
DRE 4mo ago

Which part?

The Coldcard Mk4 and Q have the option to set a login countdown. Say you pick 3 days. Next time you go use it, you enter your pin and a 3 day countdown starts. Once the countdown is over you enter the pin again and are then able to access the device and sign transactions, etc.

Avatar
michael 4mo ago

got it, thanks. dude kidnapped in NYC apt for a week+ earlier this yr (assuming that wasn’t a psyop) would prob argue this feature isn’t perfect. but what is really? finding right risk distribution’s a seemingly endless task

Avatar
Adam Dunlap ⚡️ 4mo ago

I don’t want a login countdown. I just want the coins frozen / unable to send. I want to be able to see it all.

Avatar
DRE 4mo ago

Yeah that’s a different feature. Try Liana

Avatar
Adam Dunlap ⚡️ 4mo ago

I’ve never heard it discussed at the hardware level, but maybe I’m just out of the loop? I’ve only ever heard it discussed in regards to implementation on the main chain. Coding this for a hardware wallet shouldn’t be difficult so I’m confused why this isn’t standard. Time references can be block height.

Avatar
HODL 4mo ago

I think overtime time locks will be more common.

Avatar
DRE 4mo ago

It probably makes more sense to implement at the wallet level not hardware signer level.

Avatar
Adam Dunlap ⚡️ 4mo ago

Not sure what the difference is / what you mean. My premise is do it at the interface. Never touches the chain. The wallet restricts access to sending UTXOs for a certain number of blocks. Basically the ability to lock yourself out of sending on a specific device. It’s super easy to code.

Avatar
DRE 4mo ago

Coinkite has offered this option for many years. Big fan

Avatar
Adam Dunlap ⚡️ 4mo ago

Really? Will pick one up and play with it. I am shocked this isn’t standard on all hardware wallets. I wrote Trezor and they didn’t reply. I wrote cold card and they said “we are working on the idea.”

Avatar
DRE 4mo ago

I skimmed the original post. They offer a login countdown on Coldcards to achieve the same goal: preventing transaction signing for up to 28 days, without technically time-locking UTXOs at a block height.

This assumes seed phrases are stored separately. An attacker could still use the seed on another signer to move the Bitcoin.

Avatar
Adam Dunlap ⚡️ 4mo ago

Yah you don’t want to technically lock anything. You simply want to restrict the ability to send. Using block height is my idea for tracking time in a way that can’t be hacked.

Avatar
DRE 4mo ago

By technically I meant the configuration of the wallet itself not allowing for UTXOs to be moved unless certain conditions are met. You can restrict spending without doing this using login countdown features.