Hey all, I had a random idea and I’m curious if anyone’s tried something like this. Please, no “just use Coinbase” or “2-of-3 multisig” replies—those aren’t what I’m talking about. 

Imagine a Bitcoin wallet with an Emergency Access feature, kind of like Proton’s system for email/files: 

• You pick a handful of trusted contacts (friends/family).
• If something happens and you can’t access your wallet, they can request access.
• There’s a wait period (a few days?)—during that time, you could approve or deny. If you do nothing, access is automatically granted.
• Ideally, it would preserve maximum security, so your keys aren’t exposed unnecessarily, but the funds are accessible to your trusted people.
  

I know it sounds wild—maybe it requires some kind of clever cryptography or smart contract wizardry—but I wanted to put it out there and see if anyone has brainstormed anything similar. 

Again: please skip the standard “use multisig” or “use Coinbase” responses—looking for something genuinely new or creative.

Can I get started with "no money down" and guaranteed cash flow too? 
Because that’s about the level this pitch is at. 

@BitHodlers 

Since you seem so confident in your critique… maybe you can explain how the RandomX algorithm works? 

If you don’t know or have to look it up, then it’s clear we’re on roughly the same page — clueless together. 😉

Oh, and Loyce — just let me know the easiest way for me to get you my Bitcoin address. 
If it helps, I can even post it right here in the thread so you’ll know exactly which one to take off the list. 

As many of you know, Loyce publishes blockchain snapshots — 
including the big lists of all Bitcoin addresses with a balance.

While I understand this is all public information on the blockchain, 
I personally feel uncomfortable having my Bitcoin address included in those lists. 

My concern is that it makes my address more visible than it otherwise would be, 
and potentially draws unwanted attention from people who might try to target it. 

So I’d like to respectfully ask: 
Loyce, would you consider making an exception and removing my Bitcoin address from your published lists? 

I know it’s a small request in the grand scheme of things, 
but it would go a long way toward easing my privacy concerns.

Speaking of age… there’s even a whole other thread about it:
Do you want to live a long life of 100 years?

Meanwhile in this thread we’re debating whether LoyceV is 688 years old. 
Funny how 100 years feels like a stretch to most people, yet Loyce is cruising along like it’s nothing.

Haha, I love the idea of LoyceV making it to the year 2525. But let’s weigh the evidence for a second:

Pros for his age being real:
- He’s obviously got the wisdom and sharpness of someone who’s seen centuries of nonsense.
- No one else could survive the forum wars, crypto crashes, and meme floods like he has.

Cons against it:
- If he were truly 688, he probably would’ve invented Bitcoin way earlier than 2009. I mean, come on… centuries of experience, a knack for tech—he’d have been a crypto pioneer centuries ago.
- Also, time travel, extreme longevity, or vampire bloodlines might be required, and I haven’t seen him flaunt either.

But then again… maybe he’s just been playing the long game, waiting for the perfect moment to drop Satoshi-level wisdom. Can’t rule it out entirely!

Hey LoyceV, I might need to appeal to your ancient wisdom here. 
After all, LoyceVmobile is what... 7,975 years old? Older than you, even. Surely with that kind of age and experience, you’ve got some secret workaround for dealing with idiots who spam useless junk in threads. 

I didn’t make this topic self-moderated, and now I totally get why you always do. Is there some hidden trick from the Stone Age of Bitcointalk that lets me fix this, or am I stuck hammering out the clowns one by one? 😅

This kind of spam adds nothing to the discussion. I don't care how long you've been on the forum -- posting unrelated junk in my thread is not appreciated. Please keep replies on-topic.

720 confirmations?! 😳 That sounds like forever! 

And yet… withdrawals are still allowed?? That’s wild. Seems crazy strict on deposits but somehow you can still send your XMR out. 

Honestly, the whole thing makes me wonder — if something like this happened to Bitcoin, the panic would be off the charts. 

Thanks for your response. I respect that you linked some sources, but I’ll stick with the ones that convinced me otherwise: 

1. Kraken halts Monero deposits, citing Qubic seizing 51% hashrate 
2. Cryptodnes: Kraken suspends Monero deposits after 51% attack linked to Qubic Pool 

For me, the fact that a major exchange like Kraken reacted the way it did is enough to take the 51% narrative seriously. 

And regarding LoyceV — I know he didn’t bother to reply directly, since he agreed with your post and simply merited it as a “carbon copy” of his thoughts. That’s fine, but I’ll admit I’m curious: what does it take to earn a merit from Loyce himself? 🙂

This topic has been moved to Bitcoin Discussion.

https://bitcointalk.org/index.php?topic=5553067.0

I appreciate the suggestion to move this to the Web Wallets section—I’ll do that so it reaches the right audience. The 2FA flaws alone are concerning, but the bigger issue is that Blockchain.com’s support disabled 2FA on two of my accounts without proper verification. Even worse, their system allowed unauthorized login attempts to be triggered via email. These aren’t just hypothetical risks; they’re active failures that put users’ funds in danger. The community needs to know.

That’s not really the issue here. Nobody said the 2FA secret “resets automatically.” The point is that Blockchain.com doesn’t provide any proper recovery mechanism (like backup codes), and instead their “solution” is customer support disabling 2FA for you — which completely undermines the security model.

If you think about it, that creates a bigger attack surface than the 2FA secret itself: a social engineering vector. Someone doesn’t need to compromise the authenticator app, they just need to convince support to disable it. That’s exactly the kind of flaw worth pointing out, because it means the 2FA is only as strong as the customer service agent on the other end of the chat.

This isn’t about whether funds should be moved (obviously they should, because Blockchain.com is custodial at its core). It’s about analyzing design flaws so others understand the risks — and this particular one is a big deal.

Kraken just paused Monero (XMR) deposits after a single mining pool crossed 50% of the network's hashrate (source). This isn't just a "theoretical" 51% attack risk - it's actually happening to a top-tier privacy coin.

So let's ask the uncomfortable question: Could Bitcoin face the same? And if so, would exchanges freeze BTC deposits, grinding everything to a halt?


• "But Bitcoin has more hashpower!" Sure - but cost ≠ impossibility. A well-funded adversary (cough nation-state cough) could try.
• Would Proof-of-Stake fix this? Or just replace mining barons with staking cartels?
• Should exchanges decide network integrity? Kraken just set a precedent.

---

P.S. LoyceV - if you're reading this, please prioritize your Electrum server over sleep. Bitcoin might need it sooner than we think.

I actually agree with most of what you said — custodial wallets always carry risks, and the best step is indeed to move funds into a wallet where you hold the keys. 

My opinion: I still think it is important to point out flaws in their system, because those flaws can impact other users who might not realize the risks. For example, they don’t even offer backup codes if someone loses their 2FA. The only fallback is going through “customer service,” which in theory could disable 2FA without much friction, even if the person isn’t the real account owner. That’s a potential weakness worth discussing. 

So yes, moving funds is priority number one — but in my view, identifying and documenting vulnerabilities helps the community as a whole.

That might be what they claim in theory — but my personal experience with the UI says otherwise. 
Once you’re logged in (with the password already entered), there’s literally a “click to reveal” button for the seed phrase. No additional password prompt, no 2FA challenge — nothing. 
So if someone gains access to the account at any point (either through direct compromise or a support blunder), they can grab the seed immediately without knowing or guessing the password again. 

That’s the real issue — even if the underlying storage is encrypted on their servers, the way it’s implemented effectively means your seed is “hot” and ready to hand over to anyone in your session. It defeats the purpose of client-side encryption if the server happily feeds the encrypted blob to anyone logged in and the client auto-decrypts it on demand.


That theory is disturbingly plausible. 
Given the near-zero response window between the “new IP” email and the “2FA removal approved” email, it feels less like a brute-force hack and more like a support-side action (whether mistaken identity or deliberately lax verification). 
If their process allowed someone to remove 2FA without my approval and without any proper waiting period, then the entire “security” model falls apart.

My opinion: Blockchain.com’s support processes are the biggest vulnerability here — not my password strength, not phishing, not some exotic exploit. Once you can social-engineer their support, the rest of their “layers of security” are just decoration.

Yes, I did receive the “new IP” login attempt emails before the 2FA removal emails — but here’s the critical point: 
The 2FA removal request came less than a minute after the “new IP” login attempt notification, and the 2FA removal was approved almost instantly. 
That left me with essentially no time to click decline, even if I was sitting right there staring at my inbox.

In my case, it doesn’t matter that Blockchain.com “always” requires email confirmation for new IPs — because whatever process happened here bypassed any meaningful delay or verification. 

Also, I still had account access afterward, but with 2FA gone, the attacker (or whoever approved it) could have easily retrieved my seed phrase from the account dashboard with a single click. Since Blockchain.com stores your seed server-side and shows it to you after login, that’s the real danger — once someone is in, they can grab your seed and move funds anytime in the future.

As for the withdrawal freeze, if such a delay exists, it didn’t protect me here because the irreversible damage was done the second the seed was exposed.

Thanks for the clarity, Loyce!

It’s impressive how you’ve already anticipated issues I hadn’t even considered yet — like the many address formats and the outdated label problem.
The way you approach meta topics with such foresight really sets the bar for the whole community. You truly are the king of meta topics!

I appreciate you sharing that perspective. It helps me understand the bigger picture behind profile info and why the forum works the way it does.

Haha, well if being a troll means being noticed by you, I'm proud to wear the title! Just here trying to learn and soak up the wisdom of the greats like yourself.