As we celebrate the 10th anniversary of the first hardware wallet, it’s remarkable to see how far Bitcoin security has come. From the early days of precarious self-custody methods to the game-changing creation of the Trezor Model One, this revolution has transformed the way we protect our digital assets. With a decade of this experience behind us, it’s worth revisiting the challenges of early Bitcoin self-custody, the pivotal impact of the first hardware wallet, the essential role of self-custody in today’s Bitcoin landscape, and the innovative advancements continuing to shape the future of crypto security.

The Origin Story

It all began in 2011 when Marek “Slush” Palatinus logged onto his mining pool server and discovered 3,000 BTC were missing. A mining pool is a collective of miners who combine their computational resources to increase their chances of successfully mining Bitcoin blocks. Slushpool, now known as Braiins Pool, was the pioneering mining pool in the Bitcoin community, established in 2010.

This incident highlighted a significant issue: even tech-savvy Bitcoin enthusiasts could fall victim to online attacks. At that time, securing and managing Bitcoin was a daunting task, involving storing private keys on a computer. However, securing information on a computer is difficult; these complex machines are vulnerable to many threats that allow thieves to steal private keys controlling Bitcoin. The hack that cost Palatinus 3,000 BTC was a reminder of these early vulnerabilities.

Recognizing a pressing need for a simple, stand-alone device that could securely store Bitcoin, Slush, along with Pavol “Stick” Rusnák, embarked on creating the world’s first hardware wallet. Their vision was to develop an offline computer specifically designed to store Bitcoin securely and make it accessible to non-technical users. The concept was straightforward yet revolutionary: a small, single-purpose device that would keep private keys in an isolated environment, protected from online threats.

Before Hardware Wallets

Before hardware wallets became widely available, users had to rely on software wallets installed on computers or smartphones, which exposed them to a range of security threats. Malware infections and other attacks were common. Paper wallets were considered more secure but still required a computer to create the wallet. More secure methods, such as using air-gapped computers for cold storage, required significant technical expertise, and even these methods lacked an adequate level of security for larger amounts of Bitcoin.

The usability of early Bitcoin wallets was also a significant issue, with clunky interfaces and complicated backup processes. Many users failed to back up their wallets properly, leading to permanent loss of funds if a device was lost or damaged. Users were frequently unaware of best practices for backups, and the lack of standardized backup methods further increased the risk. A major improvement in backup standardization came with the introduction of Hierarchical Deterministic (HD) Wallets with BIP32 in 2012, allowing for easier and more reliable backups. Despite these advancements, there was still a lack of easy and user-friendly options for newcomers. In short, the period before Hardware Wallets was marked by significant security and usability challenges, making Bitcoin self-custody a complex and risky endeavor.

The First Hardware Wallet

In the years leading up to 2014, various attempts were made to develop simple, single-purpose devices for cryptocurrency storage. However, these efforts failed to gain traction or meet the necessary security standards. Recognizing the need for a robust solution, Slush and Stick monitored the landscape for two years before they finally decided to create their own hardware wallet.

In 2014, they released the Trezor Model One. This device was the first ever hardware wallet, combining user-friendly design, truly random private key generation, and the ability to easily sign transactions completely offline. In addition, it implemented the BIP39 standard, a new standard created by the Trezor creators to back up wallets using a list of 24 words representing the private keys, a standard adopted by many wallets and familiar to anyone who has put their Bitcoin in self-custody.

When the user first connects the device, it guides them through the setup process to create a new wallet. The device generates a recovery seed, which represents a human-readable version of the wallet’s master private key and enables wallet recovery in case of device malfunction. The user is prompted to write down this list of words on a piece of paper, ensuring the wallet is backed up, and the private keys remain offline.

This onboarding process ensures that users create a backup and keep it secure. The user-friendly design offers advanced security, making hardware wallets accessible to both beginners and experienced users.

The Open Source Advantage

A key aspect of Bitcoin is its commitment to open-source principles, and that’s why the founders of Trezor adhered to the same principles when developing the Trezor Model One. This approach has been adopted by most manufacturers in the industry. Open-source software allows the community to audit and verify a system’s integrity. This transparency ensures that potential vulnerabilities can be identified and addressed promptly and allows improvement by the global community. The first hardware wallet was open source, and many in the industry have embraced this approach for transparency, emphasizing the Bitcoin ethos, “Don’t trust; verify.”

The Importance of Self-Custody

Throughout Bitcoin’s life, we have seen many crypto exchanges and custodians collapse or suffer severe security breaches, showing the importance of holding your private keys. The mantra “not your keys, not your coins” emphasizes that relying on third-party institutions means trusting someone else with your assets, which can lead to big problems if the exchange gets hacked, mismanaged, or faces legal issues.

The Mt. Gox incident in 2014, one of the earliest and most notable exchange collapses, saw the loss of 850,000 Bitcoins, valued at hundreds of millions of dollars at the time. This catastrophic failure was due to both hacking and mismanagement, leaving users unable to recover their funds. Bitfinex also suffered a significant hack in 2016, resulting in the theft of nearly 120,000 Bitcoins. QuadrigaCX in 2019 saw users losing access to their funds after the sudden death of its founder, who was the only one with the keys to the exchange’s wallets. Cryptopia faced a debilitating hack in 2019, and Binance, the largest cryptocurrency exchange by volume, has also experienced breaches and faces increasing regulatory scrutiny. More recently, the FTX collapse in 2022 further reinforced the dangers of entrusting assets to centralized entities. Overall, mismanagement and fraudulent activities led to the loss of billions, impacting countless users and shaking confidence in centralized exchanges.

By using hardware wallets, individuals can achieve true financial independence, keeping their digital assets safe from the vulnerabilities of trusted custodians.

The Evolving Landscape of Hardware Wallets

Over the past decade, the hardware wallet industry has greatly expanded, with many companies offering a variety of products and features to meet different needs. User interfaces now range from simple button-based navigation to touchscreens and full keyboards. Many devices now support multiple cryptocurrencies, while some focus exclusively on Bitcoin. This range of devices caters to both beginners and advanced users, ensuring everyone can find a suitable option.

Another advancement has been the inclusion of secure elements—specialized chips designed to protect devices from physical attacks. However, all secure elements currently available on the market are closed-source, which raises transparency concerns. To address this issue, companies like Tropic Square are actively working on developing open-source secure elements to enhance trust and security.

Other significant advancements in the industry aim to enhance the security and robustness of wallet backups. Techniques such as Shamir’s Secret Sharing, Multisignature Wallets, and SeedXOR allow users to remove single points of failure, making it significantly more difficult for thieves to compromise the wallet.

Looking ahead, we can expect more improvements in hardware wallet security and usability. One notable development is the wider implementation of a new enhanced standard, SLIP39, which uses Shamir’s Secret Sharing. This method is becoming preferred over the traditional BIP39 standard due to its enhanced security and user-friendliness. With SLIP39, users start with a single list of words to back up their wallet and can later upgrade to a “sharded” backup with multiple shares. This approach provides a flexible and highly secure solution, making advanced security measures more accessible and practical for a wider range of users.

Looking Forward to the Next Decade

As we celebrate the first Hardware Wallet, it’s clear that this revolution has fundamentally transformed cryptocurrency security. From humble beginnings as a hobby project to becoming a trusted name in the industry, Trezor has pioneered innovations that have empowered countless individuals to take control of their financial future. The journey from the first prototypes to the sophisticated devices that we now use today is a testament to the vision and dedication of the Trezor team.

With the continuous evolution of Hardware Wallet functionality and a commitment to security and transparency, the future looks promising. As we look forward to the next decade, the industry remains dedicated to securing and innovating Bitcoin security and usability, ensuring that self-custody becomes increasingly accessible and secure for all.

This is a guest post by Josef Tetek. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Fractal Bitcoin is a recently launched project that bills itself as “the only native scaling solution completely and instantly compatible with Bitcoin. In essence it is a merge mined system portraying itself as a second layer sidechain for Bitcoin, where multiple levels of “sidechains” can be stacked on top of each other. So think of a sidechain of the mainchain, a sidechain of the sidechain, a sidechain of the sidechain of the sidechain, etc. It is not.

Shitcoins Are Not Second Layers

Firstly, the entire system is built around a new native token, Fractal Bitcoin, that is issued completely independent of Bitcoin. It even comes with a massive pre-mine of 50% of the supply being split between an “ecosystem treasury”, a pre-sale, advisors, grants for the community, and developers. This is essentially the equivalent of the entire first halving period of Bitcoin when the block subsidy was 50 BTC per block. From here the network jumps to 25 Fractal Bitcoin (FB) per block.

Secondly, there is no peg mechanism for moving actual bitcoin into the “sidechain.” Yes, you read that correctly. They are framing themselves as a sidechain/layer two, but there is no actual mechanism to move your bitcoin back and forth between the mainchain and “the sidechain” Fractal Bitcoin. It is a completely independent system with no actual ability to move funds back and forth. One of the core aspects of a sidechain is the ability to peg, or “lock,” your bitcoin from the mainchain and move it into a sidechain system so that you can make use of it there, eventually moving those funds back to the mainchain.

Fractal Bitcoin has no such mechanism, and not only that, the discussion around the topic in their “technical litepaper” is completely incoherent. They discuss Discreet Log Contracts (DLCs) as a mechanism for “bridging” between different levels of Fractal sidechains. DLCs are not a suitable mechanism for a peg at all. DLCs function by pre-defining where coins will be sent based on a signature from an oracle or a set of oracles expected at a given time. They are used for gambling, financial products such as derivatives, etc. between two parties. DLCs are not designed to allow funds to be sent to any arbitrary place based on the outcome of the contract, they are designed to allocate funds to one of two participants, or proportionally to each participant, based on the outcome of some contract or event that an oracle signs off on.

This is not suitable for a sidechain or other system peg, which is ideally architected to allow any current owner of coins in the sidechain or second layer system to freely send coins to any destination they choose so long as they have valid control over them on the other system. So not only is there no functional peg mechanism for the live system, but their hand waving about potential designs for one in their litepaper is just completely incoherent.

The whole “design” is a clown show designed to pump bags for pre-mine holders.

“Cadence” Mining

Another troubling aspect of the system is its variation on merge mining, Cadence mining. The network utilizes SHA256 as the hashing algorithm, and it does support conventional Namecoin style merge mining. But there is a catch. Only one third of the blocks produced on the network are capable of being produced by Bitcoin miners engaged in merge mining. The other two thirds must be mined conventionally by miners switching their hashrate entirely over to Fractal Bitcoin.

This is a poisonous incentive structure. It essentially tries to associate itself with the Bitcoin network calling itself a “merge mined system”, when in reality two thirds of the block production mandates turning hashrate away from securing the Bitcoin network and devoting it exclusively to securing Fractal Bitcoin. Most of the retard is not capturable by miners who continue mining Bitcoin, and the greater the value of FB the greater the incentive for Bitcoin miners to defect and begin mining it instead of bitcoin to increase the share of the FB reward they capture.

It essentially functions as an incentive distortion for Bitcoin miners proportional to the value of the overall system. It also offers no advantage in terms of security at all. By forcing this choice it guarantees that most of the network difficulty must remain low enough that whatever small portion of miners find it profitable to defect from Bitcoin to FB can mine blocks at the targeted 30 second block interval. Conventional merge mining would allow the entire mining network to contribute security without having to deal with the opportunity cost of not mining Bitcoin.

What’s The Point of This?

The ostensible point of the network is to facilitate things like DeFi and Ordinals, that consume large amounts of blockspace, by giving them a system to utilize other than the mainchain. The problem with this logic is the reason those systems are built on the mainchain in the first place is because people value the immutability and security that it provides. Nothing about the architecture of Fractal Bitcoin provides the same security guarantees.

Even if they did, there is no functional pegging mechanism at all to facilitate these assets from being interoperable between the mainchain and the Fractal Bitcoin chain. The entire system is a series of handwaves past important technical details to rush something to market that allows insiders to profit off of the pre-mine involved in the launch.

No peg mechanism, an incoherent “merge mining” scheme that not only creates a poisonous incentive distortion should it continue rising in value, but actually guarantees a lower level of proof of work security, and a bunch of buzzwords. It does have CAT active, but so do testnets in existence. So even the argument as a testing ground for things built using CAT is just incoherent and a half assed rationalization for a pre-mined token pump.

Calling this a sidechain, or a layer of Bitcoin, is beyond ridiculous. It’s a token scheme, pure and simple. 

Stablecoins have so far dominated the crypto payment market, but some Bitcoin developers believe there’s a proposal out there that could offer a legitimate alternative. 

Seven years ago, Dorier, a long-time developer, set out to democratize bitcoin payment processing by launching a free and open-source alternative to the then-dominant BitPay: BTCPay Server. Today, despite the project’s strong grassroots success among Bitcoin enthusiasts and online merchants, the landscape of cryptocurrency payments has evolved dramatically from when Dorier first began his journey. The rise of stablecoins has quickly dominated the space, pushing bitcoin—the world’s largest digital asset—to the sidelines in the payment processing arena.

Fueled by growing demand for stable currency options, particularly US dollars, stablecoins have swiftly taken over the cryptocurrency payments market. This surge has left many Bitcoin enthusiasts struggling to cope with the reality that these dollar-pegged assets could reinforce the very system Bitcoin was designed to challenge—the hegemony of the US dollar. As stablecoins continue to gain traction, Bitcoin promoters find themselves at a crossroads, questioning how to preserve Bitcoin’s vision of financial sovereignty in a market increasingly leaning toward stability over decentralization.

A new proposal emerging from the Lightning ecosystem has caught Dorier’s attention, and the veteran developer believes it could address this obstacle. Speaking to a packed audience at BTCPay Server’s recent annual community gathering in Riga, Dorier introduced the concept of “fiatless fiat”—a Bitcoin-native alternative to treasury-backed stablecoins like Tether and USDC.

Synthetic USD

Back in 2015, BitMEX co-founder and then-CEO Arthur Hayes outlined in a blog post how to use futures contracts to create synthetic US dollars. Although this idea never gained widespread traction, it became a popular strategy among traders seeking to hedge against bitcoin’s volatility without having to sell their underlying bitcoin positions.

For readers less familiar with financial derivatives, a synthetic dollar (or synthetic position) can be created by two parties entering a contract to speculate on the price movement of an underlying asset—in this case, bitcoin. Essentially, by taking an opposite position to their bitcoin holdings in a futures contract, traders can protect themselves from price swings without having to sell their bitcoin or rely on a US dollar instrument.

More recently, services like Blink Wallet have adopted this concept through the Stablesats protocol. Stablesats allows users to peg a portion of their bitcoin balance to a fiat currency, such as the US dollar, without converting it into traditional currency. In this model, the wallet operator acts as a “dealer” by hedging the user’s pegged balance using futures contracts on centralized exchanges. The operator then tracks the respective liabilities, ensuring that the user’s pegged balance maintains its value relative to the chosen currency. (More detailed information about the mechanism can be found on the Stablesats website.)

Obviously, this setup comes with a significant trade-off. By using Stablesats or similar services, users effectively relinquish custody of their funds to the wallet operator. The operator must then manage the hedging process and maintain the necessary contracts to preserve the synthetic peg.

Stable channels and virtual balances

In Riga, Dorier pointed out that a similar effect can be achieved between two parties using a different type of contract: Lightning channels. The idea follows recent work from Bitcoin developer Tony Klaus on a mechanism called stable channels.

Instead of relying on centralized exchanges, stable channels connect users seeking to hedge their Bitcoin exposure with ‘stability providers’ over the Lightning network. A stable channel essentially functions as a shared Bitcoin balance, where funds are allocated according to the desired exposure of the ‘stability receiver.’ Leveraging Lightning’s rapid settlement capabilities, the balance can be continuously adjusted in response to price fluctuations, with sats shifting to either side of the channel as needed to maintain the agreed distribution.

Here’s a simple chart to illustrate what the fund’s breakdown may look like over time:

Clearly, this strategy entails considerable risks. As illustrated above, stability providers taking leveraged long positions on the exchange are exposed to large downside price volatility. Moreover, once the reserves of these stability providers are exhausted, users aiming to lock in their dollar-denominated value will no longer be able to absorb further price declines. While those types of rapid drawdowns are increasingly rare, Bitcoin’s volatility is always unpredictable and it’s conceivable that stability providers may look to hedge their risks in different ways.

On the other hand, the structure of this construct allows participants’ exposure within the channel to be linked to any asset. Provided both parties independently agree on a price, this can facilitate the creation of virtual balances on Lightning, enabling users to gain synthetic exposure to a variety of traditional portfolio instruments, such as stocks and commodities, assuming these assets maintain sufficient liquidity. Researcher Dan Robinson originally proposed an elaborated version of this idea under the name Rainbow Network.

The good, the bad, the ugly

The concept of “fiatless fiat” and stable channels is compelling because of its simplicity. Unlike algorithmic stablecoins that rely on complex and unsustainable economic models involving exogenous assets, the Bitcoin Dollar, as envisioned by Dorier and others, is purely the result of a voluntary, self-custodial agreement between two parties.

This distinction is critical. Stablecoins usually involve a centralized governing body overseeing a global network, while a stable channel is a localized arrangement where risk is contained to the participants involved. Interestingly, it does not even have to rely on network effects: one user can choose to receive USD-equivalent payments from another, and subsequently shift the stability contract to a different provider at their discretion. Stability provision has the potential to become a staple service from various Lightning Service Provider types of entities competing and offering different rates.

This focus on local interactions helps mitigate systemic risk and fosters an environment more conducive to innovation, echoing the original end-to-end principles of the internet.

The protocol allows for a range of implementations and use cases, tailored to different user groups, while both stability providers and receivers maintain full control over their underlying bitcoin. No third party—not even an oracle—can confiscate a user’s funds. Although some existing stablecoins offer a degree of self-custody, they by contrast remain vulnerable to censorship, with operators able to blacklist addresses and effectively render associated funds worthless.

Unfortunately, this approach also inherits several challenges and limitations inherent to self-custodial systems. Building on Lightning and payment channels introduces online requirements, which have been cited as barriers to the widespread adoption of these technologies. Because stable channels monitor price fluctuations through regular and frequent settlements, any party going offline can disrupt the maintenance of the peg, leading to potential instability. In an article further detailing his thoughts on the idea, Dorier entertains various potential solutions to a party going offline, mainly insisting that re-establishing the peg of funds already allocated to a channel “is a cheap operation.”

Another potentially viable solution to the complex management of the peg involves the creation of ecash mints, which would issue stable notes to users and handle the channel relation with the stability provider. This approach already has real-world implementations and could see more rapid adoption due to its superior user experience. The obvious tradeoff is that custodial risks are reintroduced into a system designed to eliminate them. Still, proponents of ecash argue that its strong privacy and censorship-resistant properties make it a vastly superior alternative to popular stablecoins, which are prone to surveillance and control.

Beyond this, the complexity of the Lightning protocol and the inherent security challenges posed by keeping funds at risk in “hot” channels will need careful consideration when scaling operations.

Perhaps the most pressing challenge for this technology is the dynamic nature of the peg, which may attract noncooperative actors seeking to exploit short-term, erratic price movements. Referred to as the “free-option problem,” a malicious participant could cease honoring the peg, leaving their counterparties exposed to volatility and the burden of reestablishing a peg with another provider. In a post on the developer-focused Delving Bitcoin forum, stable channel developer Tony Klaus outlines several strategies to mitigate this issue, offering potential safeguards against these types of opportunistic behaviors.

While no silver bullet exists, the emergence of a market for stability providers could potentially foster reputable counterparties whose long-term business interests will outweigh the short-term gains of defrauding users. As competition increases, these providers will have strong incentives to maintain trust and reliability, creating a more robust and dependable ecosystem for users seeking stability in their transactions.

Concluding his presentation in Riga, Dorier acknowledged the novelty of this experiment but encouraged attendees to also consider its enticing potential.

“It’s very far-fetched, it’s a new idea. It’s a new type of money. You need new business models. You need new protocols and new infrastructure. It’s something more long-term, more forward-looking.”

Users and developers interested to learn or contribute to the technology can find more information on the website or through the public Telegram channel.