Block’s hardware wallet sparks debate between security and borderline compromises.
The debate ignited after Jack Dorsey publicly supported the superiority of “seedless” wallets over traditional solutions on X.
The Twitter co-founder and Block CEO sustained this by promoting Bitkey, a company that completely eliminates seed phrases, aiming to simplify the user experience and improve security through different recovery options.
The Bitkey model
Bitkey represents a different solution compared to the traditional approach to bitcoin custody. Instead of relying on a single seed phrase, the system implements a 2-of-3 multisig scheme that distributes security across three distinct keys:
- Hardware key: protected by biometric fingerprint on the physical device;
- Mobile key: stored in the smartphone app;
- Server key: managed by Block’s servers.
Any transaction requires two of the three signatures, eliminating the single point of failure represented by traditional seed phrases, the company claims. In its official documents, Bitkey explains how this approach, according to the company, offers three different recovery paths: phone loss, hardware loss, or loss of both through “Trusted Contacts,” pre-set trusted people who can help the user regain wallet access without being able to see the balance or control the private keys.
The seed phrase criticism
For the Bitkey team, the seed phrase paradoxically represents the weakest link in the Bitcoin security chain. While private keys are “exceptionally secure” within the hardware – “designed for security, isolated from networks, physically reinforced” – the seed phrase is “plain text, readable, physically vulnerable,” the company states.
Bitkey developers argue that the industry has “offloaded the most complex part of the security model onto individuals least equipped to handle it.”
System limits and dependencies
However, Bitkey’s simplicity comes at a price. The system introduces a dependency on Block for optimal multisig functionality. Although users always maintain the ability to move funds using the two keys in their possession, recovery procedures and many advanced features require collaboration from the company’s servers.
This architecture presents limitations in terms of flexibility: users cannot use Bitkey with other mobile applications, cannot import the wallet into alternative solutions, and do not have direct access to seed phrases for traditional backup operations.
One of the most frequent criticisms concerns the absence of a screen on the hardware device. Unlike traditional hardware wallets that allow direct verification of destination addresses and transaction amounts on the device display, Bitkey forces users to rely exclusively on the mobile app for these details. This design choice introduces what critics define as a “blind signing risk”: if the mobile app were compromised by malware, users could unknowingly authorize altered transactions without the possibility of independent verification.
Community criticism
Dorsey’s post sparked contrasting reactions in the community. The most orthodox bitcoiners mainly contest two aspects:
- third-party dependency: despite Bitkey maintaining the “self-custody” label, the need to rely on Block’s servers for many operations contradicts the autonomy principles that many bitcoiners consider fundamental;
- loss of technical control: the inability to directly manage the seed phrase or use the device in customized multisig configurations limits the user’s technical sovereignty.
Some users have criticized Block’s hardware wallet. User bamskki highlighted how “the lack of a screen forces users to rely on the app for transaction details. Unlike traditional hardware wallets with screens, Bitkey users cannot verify transactions independently. Users must trust the app as the source of truth.”
Even more critical was user nakadai_mon, who ironized about Dorsey’s strategy writing: “It would be a shame if I influenced you to abandon the seed and locked you into my ecosystem so I can surveil you, sell and share your personal data with government authorities and deny you service.”
Dorsey responded directly to both criticisms. To bamskki he replied:
More articulated was his response to nakadai_mon:
However, privacy concerns are not unfounded. Bitkey’s own documentation clarifies that “because we maintain this key, we are able to identify transaction data on the blockchain related to your Bitkey” and that “this information is collected when you transfer bitcoin to or from your Bitkey.”
Additionally, Block declares using automated decision-making systems, without direct staff involvement, to manage some activities that have legal effects on users. Among these, the application of sanctions restrictions: the system is programmed to automatically prevent the purchase and use of Bitkey by people or countries subject to international sanctions. Finally, the privacy policy specifies that users’ personal data can be shared with law enforcement, government agencies, officials, or authorized third parties in the presence of a warrant, court order, or other legal obligation. Block reserves the right to disclose this information whenever it deems necessary to comply with regulations, legal proceedings, or government requests.
Hardware security and compromises
From a hardware security perspective, Bitkey implements advanced protections including unique device identifiers, secure boot, and anti-tamper technologies. In case the device were compromised, an attacker would still need to access a second key to steal funds.
According to Dorsey’s statements, Bitkey represents an attempt to make self-custody accessible to a broader audience. The company’s roadmap promises improvements in terms of privacy, security, and usability.
