Decoy wallets, duress PINs, and the $5 wrench

Almost every security guide — including ours — is about keeping your keys away from people on the internet: phishing, fake support, malware, dodgy links. But there’s a second kind of threat that no firewall touches: a real person, standing in front of you, who knows you have Bitcoin and can pressure you to hand it over.

Self-custody takes away the bank. It also takes away the bank’s fraud department. So it’s worth knowing the small toolkit built for the human threat — not because it’s likely to happen to you, but because the defenses are cheap and the peace of mind is real.

The threat has a name: the “$5 wrench”

There’s a famous joke in security circles: why spend a fortune trying to crack someone’s encryption when you can buy a $5 wrench and simply ask them to unlock it? It’s funny because it’s true. The strongest cryptography in the world doesn’t help if the attacker skips the math and comes straight for you.

For the overwhelming majority of people this is a remote risk, and the point isn’t to make you paranoid. It’s that the answer to a human threat is never a longer password — it’s arranging things so that handing over what you can reach doesn’t hand over everything you own.

Decoy wallets: hide the real stack in plain sight

Most serious wallets support an optional passphrase — an extra secret word or phrase layered on top of your normal seed phrase (you’ll hear it called the “25th word”). Here’s the clever part: a different passphrase produces an entirely different, separate wallet from the very same seed.

That gives you plausible deniability. You keep a small, believable amount in the ordinary wallet — the one your seed phrase alone unlocks — and your real savings behind a passphrase that lives only in your head. If you’re ever forced to open up, you reveal the decoy. The pressure ends, and the stack that matters stays invisible.

A decoy wallet turns “give me everything” into “give me the part I can afford to lose.”

Duress PINs: a second code that isn’t the real one

Some hardware wallets bake the same idea right into the unlock screen. You set your normal PIN — plus a duress PIN that opens a decoy wallet holding only a token amount. A few devices can even be set so a special code quietly wipes them instead. Under pressure, you tap in the duress code, the attacker sees a small balance, and the real funds were never on that screen to begin with.

Other layers worth knowing

• Privacy is the first defense. The cheapest protection of all is that nobody knows you hold Bitcoin in the first place. Don’t broadcast amounts, don’t flash gains, keep your stack off social media. A threat that never starts beats every clever trick downstream.
• Split spending from savings. Keep a little in a hot wallet on your phone for day-to-day use, and the bulk in cold storage somewhere else. If your phone is taken, what’s on it is pocket money, not your life savings.
• Multisig raises the bar. A multisignature wallet needs several keys to move funds — say two of three — kept in different places. No single device, and no single moment of pressure, can move the money alone. It’s more to manage, but it’s one of the strongest setups there is.

The honest caveats

None of this is magic, and over-clever setups have their own failure mode: you. A passphrase you forget is gone exactly like a lost seed phrase — there’s no reset, and your real wallet goes with it. Decoys only work if the attacker is satisfied with the decoy; someone who knows passphrases exist may just demand the hidden one. And every extra layer is one more thing to back up, remember, and not lock yourself out of.

So match the defense to the real risk. Piling on tricks you half-understand is far more likely to lose your coins than any wrench is.