Crash Courses

How the classes work

Classes are run one-on-one and remotely, by message and voice.
Screen sharing is never necessary — and never asked for. Beware of anyone who asks you to screen-share.
Best setup: one device to work on, a second device to talk on.
Voice only — there are no video calls. Voice is all that is needed.
Free 10-minute consult to start.

Payments

Accepted: PayPal, Wise, L1 (on-chain BTC), L2 (Lightning), or Binance.
Credit & debit cards are accepted too — paid through PayPal, so no PayPal account is needed on your side.
Any currency or coin is fine, as long as the value equals the course cost.
Any transfer / commission fees are paid by the student, on top of the course cost — the full course cost must arrive.

This is the most important class. Be honest with yourself before you spend anything.

This is the most important class. Be honest with yourself before you spend anything.
Reasons it might be for you: you want money no bank or government controls, you can hold for the long term, you are willing to learn and to take responsibility for your own security.
Reasons it might NOT be for you (read carefully):
— The price is volatile — it can drop hard and fast. Only ever use money you can afford to lose.
— There is no undo button. A wrong address or a bad send is gone for good.
— You are your own bank. No support line, no password reset, no chargebacks.
— Scams are everywhere. If you are easily pressured or rushed, that is a real risk.
— If you lose your keys or seed phrase, you lose the money. Permanently.
Quick self-check — answer honestly:
— Can I afford to lose this money without it hurting my life?
— Am I willing to learn and to keep my own keys safe?
— Can I stay calm when the price swings?
— Will I slow down and double-check instead of rushing?
If you cannot answer yes to these, it is okay to wait, start tiny, or step away. No pressure.

I am interestedCC-00

This class is hands-on: we go through real scam schemes together and you learn to spot them.

This class is hands-on: we go through real scam schemes together and you learn to spot them.
Common schemes:
— Fake support / "verification": someone posing as wallet or exchange staff asks for your seed or to "verify". Real support never asks for your seed.
— Giveaway / doubling: "send 1 and get 2 back", celebrity or company impersonation. Always a theft.
— Romance / "pig butchering": a new online friend or partner slowly steers you into a crypto "investment".
— Fake apps and sites: lookalike wallet apps and copycat domains that steal your seed. Download only from official sources.
— Guaranteed-return / signal groups: promises of fixed daily profit; classic Ponzi.
— Screen-share / remote-control: anyone asking to screen-share or install remote tools is attacking you. We never screen-share.
— QR / address swap: malware quietly changes the address you paste. Always check the first and last characters.
— SIM-swap: attacker takes over your phone number to beat SMS codes. Use an app authenticator, not SMS, where possible.
— Your own account as a tool: scammers can route funds from a crypto exchange through your account on to a fresh account — smooth and swift — using you as a stepping stone.
— Beware small transactions: tiny transfers are often used to stay under the radar and avoid drawing attention; it is a classic money-laundering / layering pattern. Small does not mean safe.
Red-flag rules:
— Anyone asking for your seed phrase or passphrase = scam, no exceptions.
— Urgency and pressure are weapons. Slow down. Real opportunities are not "act now".
— If it sounds too good to be true, it is.
— Verify independently — type the official address yourself, do not click links sent to you.
— Test with a tiny amount first, always.
We debate: bring me any message, offer, app, or "opportunity" you are unsure about, and we will pull it apart together before you act.

I am interestedCC-01

What is Bitcoin — money that lives on a network, not in a bank

What is Bitcoin — money that lives on a network, not in a bank
Where it came from — the 2008 whitepaper by Satoshi Nakamoto; the network went live with the genesis block in January 2009
What a blockchain is — a public ledger; a chain of blocks of transactions, each block linked to the one before, copied across thousands of computers
Why it is interesting — no central issuer, capped supply of 21 million, permissionless to use, hard to censor, anyone can verify it
Key word: self-custody — "not your keys, not your coins"

I am interestedCC-02

Bitcoin had ancestors: David Chaum's eCash (1983), Adam Back's hashcash (proof-of-work), and the 1998 proposals b-money (Wei Dai) and bit gold…

Bitcoin had ancestors: David Chaum's eCash (1983), Adam Back's hashcash (proof-of-work), and the 1998 proposals b-money (Wei Dai) and bit gold (Nick Szabo).
Hal Finney built Reusable Proof of Work and received the first ever Bitcoin transaction from Satoshi.
Satoshi Nakamoto is a pseudonym — anonymous, text only. There is no real footage of Satoshi.
The debated "suspects" are mostly that cypherpunk circle: Szabo, Finney, Back, Dai. None confirmed. The 2024 film "Money Electric" points at Peter Todd, who denies it.
Key dates: whitepaper Oct 2008, genesis block Jan 2009, first tx to Hal Finney Jan 2009, Satoshi vanishes ~2011.
Why it matters: an unknown creator means no leader to pressure or arrest — many see that as a strength.
More on the Origins page; the film is on the Bitcoin Films page.

I am interestedCC-03

This is a debate class — no easy answers. We look honestly at the hard questions about Bitcoin.

This is a debate class — no easy answers. We look honestly at the hard questions about Bitcoin.
Halvings — roughly every four years the new-supply reward to miners is cut in half. Debate: does this drive the price cycles, or is that just a story we tell after the fact? What happens to miners as the reward shrinks toward zero?
Who created it — and could that be a risk? Satoshi Nakamoto is anonymous and the early coins they mined have never moved. Debate: is an unknown creator a danger, or a feature (no leader to pressure, bribe, or arrest)? What if those early coins ever moved?
Accumulation & concentration — a lot of BTC sits with a small number of large holders ("whales") and on big exchanges. Debate: how much can a few big players move the price, and what happens if they dump or get hacked?
Exchange custody risk — coins you leave on an exchange are not really yours (remember "not your keys, not your coins"). Exchanges can freeze, fail, or be hacked. This is the strongest argument for self-custody.
Gray / unknown holders — large anonymous wallets whose owners and intentions we cannot see. Debate: how much should that uncertainty worry a small holder?
The "one circle" question — what if big custodians, asset managers, and state actors (for example a Coinbase, a BlackRock, the Fed, governments) end up aligned as effectively one circle of influence over Bitcoin?
— The worry: concentration of holdings, ETFs, and regulation could re-centralize control over something built to be decentralized.
— The counter-argument: the rules are enforced by thousands of independent nodes, the supply cap is fixed, and anyone can verify the chain and self-custody — no single circle can quietly change the money.
We debate: you bring your doubts and theories, and we test them against how the network actually works — no hype, no fear, just honest reasoning.

I am interestedCC-04

The mindset: 1 BTC stays 1 BTC, and 1 sat stays 1 sat, no matter what the fiat price does. You measure your wealth in Bitcoin, not in dollars.

The mindset: 1 BTC stays 1 BTC, and 1 sat stays 1 sat, no matter what the fiat price does. You measure your wealth in Bitcoin, not in dollars.
Why it matters — if you only think in fiat, the price noise rules your emotions. Thinking in BTC/sats keeps you focused on stacking and on the long term.
The supply is fixed at 21 million and divides into 100,000,000 sats per coin — so the unit itself does not get inflated away like printed money.
Why BTC could suit a self-sustaining commune:
— No bank needed: members can hold and send value directly to each other, peer to peer.
— No inflation eroding the community's savings over time — a fixed supply protects what the group stores.
— Borderless: works the same whether the commune is in one place or spread across countries — good for a nomadic or global community.
— Permissionless and censorship-resistant: no outside authority can freeze the group's money or shut its accounts.
— Internal accounting in sats: members can price goods, work, and trade among themselves in a shared, neutral unit.
— Lightning (L2) makes small everyday payments inside the community instant and nearly free.
We debate: the honest counter-side too — price volatility, the learning curve, and the responsibility of self-custody. Is BTC a real foundation for a self-reliant community, or only part of the answer?

I am interestedCC-05

What it is — a list of simple words (usually 12 or 24) that is the human-readable backup of your wallet's private keys.

What it is — a list of simple words (usually 12 or 24) that is the human-readable backup of your wallet's private keys.
The words come from a fixed standard list (BIP-39), so any compatible wallet can restore from them.
The seed phrase IS your money — whoever has the words controls the coins. Lose it and the funds are gone; leak it and they are stolen.
Write it on paper (or metal), in order. Never type it into a website, never photograph it, never store it in cloud, email, or notes apps.
No one legitimate will ever ask for your seed phrase — support, staff, "verification": all scams. Beware.
Keep at least one backup in a separate safe place. Anyone who finds it can take everything.
To restore a lost or broken wallet, you install a compatible wallet and enter the same words in order.

I am interestedCC-06

More than one copy. One backup is a single point of failure (fire, flood, loss). Keep at least two, in separate safe places — ideally…

More than one copy. One backup is a single point of failure (fire, flood, loss). Keep at least two, in separate safe places — ideally different locations, not the same house.
Offline only. Never a photo, never cloud, email or a notes app. The backup lives on a physical object, not on any connected device.
Paper vs metal. Paper is cheap and easy — and easy to destroy fast if you ever need to. Metal (stamped or engraved plates) survives fire and water, which is why it's popular for long-term storage — but that same durability means it is hard to destroy quickly. Neither is simply "best"; it depends on what you are protecting against.
Think about your threat model. Are you guarding mainly against accidents (fire, water, time)? Against a burglar? Against being forced to hand it over? Each points to a different setup — location, metal vs paper, and whether you add a passphrase (see next class).
Geographic separation & the passphrase. Splitting copies across places lowers the chance one event wipes you out. A passphrase (Class 7) means even a found backup is not enough on its own.
Write clearly, in order, and test once. Number the words. Before funding heavily, do a small restore test so you know your backup actually works.
Keep it simple enough to actually do. The fanciest scheme is worthless if you can't follow it under stress or your family can't find it if something happens to you.

I am interestedCC-06b

What it is — an extra secret you choose (often called the "25th word"), added on top of your 12/24-word seed phrase.

What it is — an extra secret you choose (often called the "25th word"), added on top of your 12/24-word seed phrase.
Seed phrase + passphrase = a brand-new, separate wallet. Change the passphrase and you get a totally different wallet.
Advanced use — hidden / decoy wallet: your plain seed (no passphrase) can hold a small "decoy" amount, while your real savings live behind the passphrase. If forced to reveal your seed, only the decoy is exposed.
Strong protection — even someone who finds your written seed words cannot reach the passphrase-protected funds without also knowing the passphrase.
The big danger: if you forget the passphrase, those funds are gone forever — there is no recovery, no reset, no support line.
It is usually not written on your normal seed backup — so you must remember it or back it up separately and just as carefully.
It is case-sensitive and exact — every character, space, and capital matters.
Beginner advice — learn it well before using it; a forgotten passphrase has lost people everything.

I am interestedCC-07

You do not need to buy a whole coin — Bitcoin divides into 100,000,000 sats

You do not need to buy a whole coin — Bitcoin divides into 100,000,000 sats
It is fine to start with a small amount you can afford to lose
DCA = Dollar-Cost Averaging — buy a small fixed amount on a regular schedule instead of one big buy
Why DCA: it removes the pressure of timing the market and smooths out the price swings
Goal at the start is to learn the tools with small amounts, not to get rich
What you need for the first buy — a debit or credit card helps to fund the on-ramp initially (the fiat → BTC purchase on the ramp portal).

I am interestedCC-08

WoS is custodial — they hold the keys, so treat it as a hot spending wallet, never as savings

WoS is custodial — they hold the keys, so treat it as a hot spending wallet, never as savings
Rule: keep only small spending amounts; sweep the balance toward zero regularly into self-custody
Step 1 — open WoS, tap your balance / Send
Step 2 — paste a Lightning invoice or on-chain address from your own self-custody wallet
Step 3 — enter the full balance (or use Max) to empty it
Step 4 — confirm and send; verify the funds arrive in your own wallet
Step 5 — leave WoS at or near zero until you next need to spend

I am interestedCC-09

Electrum — desktop, advanced, full control, coin-control and multisig; the power-user on-chain wallet

Electrum — desktop, advanced, full control, coin-control and multisig; the power-user on-chain wallet
BlueWallet — mobile, simple, supports on-chain and Lightning; good everyday phone wallet
How to vet ANY new wallet before trusting it:
— Is it open-source? Can you see the code?
— Are the builds reproducible / signed?
— Self-custody or custodial? (custodial = they can freeze or lose your funds)
— How long has it existed, how big is the user base, who maintains it?
— Download ONLY from the official site or official app store listing
— Test with a tiny amount first before moving real funds
— Be wary of closed-source or anonymous-team apps for savings
Go deeper: Class 27 is a full software-vetting framework — how to judge any tool before you trust it with your seed.

I am interestedCC-10

What is L1

What is L1
What is L2
Why is L2 faster than L1
Why is L2 like pocket money
What are the risks with L2 vs L1
Are there other L2 systems than LN

I am interestedCC-11

Download app to Android or iOS

Download app to Android or iOS
Why the specific app is used
Register app with an email you do not plan to lose
Why you should not lose your registered email
Guide sends you a small amount on the L2 app via chat app (WA, SIG, VIB)
You send back 99% to the guide via chat app
Guide sends you a small amount via QR code
You send 99% back via QR
Guide demonstrates how to use the app as a POS

I am interestedCC-12

Accepting Bitcoin / crypto is not just a payment option — it is free marketing and a way to win new customers.

Accepting Bitcoin / crypto is not just a payment option — it is free marketing and a way to win new customers.
Why it brings free marketing:
— Bitcoiners actively look for places that accept BTC and put them on public maps and apps (for example BTC Map), so you get found by a motivated audience for free.
— "Bitcoin accepted here" is a talking point — word of mouth, social posts, and community shout-outs you did not pay for.
— It signals you are forward-thinking, which sets you apart from competitors who only take cash or cards.
— It pulls in a loyal, global, often traveling customer base who specifically want to spend their sats — and tend to favor the businesses that let them.
Practical business perks:
— No chargebacks — once a payment confirms, it is final; no card-dispute fraud.
— Lower fees than card networks, especially on Lightning (L2).
— Fast settlement — Lightning payments arrive in seconds.
— Borderless — take payment from anyone, anywhere, without a foreign-card surcharge.
— You choose: keep the BTC, or auto-convert a portion to local currency if you prefer.
Tip — once you accept it (using the POS setup from the previous class), get yourself listed on the Bitcoin merchant maps so the community can find you.

I am interestedCC-13

Use of credit card to fund — drawbacks

Use of credit card to fund — drawbacks
Send from MC to L2 funds — drawbacks
Benefit of running your own L2 node
What is a BTC node and why it beats an L2 centralized hub

I am interestedCC-14

Your phone holds your wallets and your seed entry — a compromised phone can mean stolen funds. Device trust matters.

Your phone holds your wallets and your seed entry — a compromised phone can mean stolen funds. Device trust matters.
The real danger: cheap phones from unofficial sellers can arrive with malware pre-installed at the factory or in the supply chain — you cannot remove it, because it is baked in.
Documented case — budget Android phones sold across Africa (including markets like Nigeria, Ethiopia, Ghana, South Africa) were found shipped with the Triada / xHelper malware that signed users up to paid subscriptions and stole airtime, all invisibly.
Why it is nasty — this kind of pre-installed malware can survive a factory reset, so you cannot simply wipe it away.
Newer cases — counterfeit "name-brand" phones sold cheap online have also carried malware that targets crypto wallets directly.
How to buy safe:
— Buy from official manufacturer stores or authorised, reputable retailers — not street stalls, random online sellers, or "too cheap" deals.
— Be suspicious of unknown ultra-budget brands and of brand-new "flagships" at a fraction of the real price (likely counterfeit).
— Prefer a well-supported device that gets security updates.
— For anything sensitive (keys, seed, large amounts), use a clean trusted device — or do it in Tails on a computer, not a questionable phone.
— Watch for red flags on a new phone: pop-up ads, unknown apps, fast battery/data drain, strange subscriptions.

I am interestedCC-15

What it is — Tails is a privacy operating system that runs from a USB stick and leaves no trace on the computer

What it is — Tails is a privacy operating system that runs from a USB stick and leaves no trace on the computer
Why use it — clean, amnesiac environment for sensitive jobs like generating keys or signing transactions
Step 1 — on a trusted computer, go to tails.net and download the image
Step 2 — verify the download (Tails site walks you through verification)
Step 3 — write it to a USB stick using the installer Tails recommends
Step 4 — restart the computer and boot from the USB stick
Step 5 — Tails starts fresh; nothing is saved unless you set up encrypted Persistent Storage on purpose
Step 6 — do your sensitive work, then shut down; the session is wiped from memory

I am interestedCC-16

Goal — turn a blank USB stick into a bootable Tails drive you can boot any PC from.

Goal — turn a blank USB stick into a bootable Tails drive you can boot any PC from.
You need — a USB stick of at least 8 GB (its contents will be erased) and a trusted computer with internet.
Step 1 — go to tails.net and download the USB image for your system.
Step 2 — verify the download before using it; the Tails site provides a verification step / checksum so you know the file was not tampered with.
Step 3 — get a flashing tool. Tails recommends one during setup; a common cross-platform option is balenaEtcher.
Step 4 — insert the USB stick, open the flasher, pick the downloaded Tails image, pick the USB stick as the target.
Step 5 — double-check you selected the right drive (it will be wiped), then flash and wait for it to finish and verify.
Step 6 — restart the computer and open the boot menu (often F12, Esc, F2, or Del at power-on), then choose the USB stick to boot Tails.
Step 7 — Tails starts fresh and amnesiac; nothing is written to the computer's own disk unless you deliberately set up encrypted Persistent Storage.
Tip — keep this Tails USB only for sensitive work; do not use it as an everyday data stick.

I am interestedCC-17

What it is — iancoleman.io/bip39 is an open-source BIP-39 tool that generates seed phrases and derives addresses entirely in your browser. Run…

What it is — iancoleman.io/bip39 is an open-source BIP-39 tool that generates seed phrases and derives addresses entirely in your browser. Run offline, it is a genuinely secure, real DIY way to create a seed.
Why it is trusted — it is open-source, runs 100% client-side, and sends nothing over the network. It is regularly listed alongside hardware wallets as a "good" method — but only when used correctly.
The safe way (air-gapped):
Step 1 — on a normal computer, download the standalone file bip39-standalone.html from the official iancoleman GitHub releases.
Step 2 — verify its hash (sha256) against the value on the download page, so you know it was not tampered with.
Step 3 — put it on a USB stick and move it to a clean, air-gapped machine — ideally booted into Tails (Class 13), with no internet, WiFi, or Bluetooth.
Step 4 — open the HTML file in the offline browser and generate your seed; write it on paper, never digitally.
Step 5 — shut down; in Tails nothing is saved. Wipe any temporary copies.
The UNSAFE way — beware: typing or generating a real seed on the live website on your everyday online PC or phone. Only do that with throwaway test phrases that hold no money.
Bottom line — air-gapped + verified file + clean OS = quite secure and a real DIY solution. Online on a daily device = not safe.

I am interestedCC-18

Good news — you do not need to buy a dedicated hardware wallet device. An old computer that can run Linux is fine for generating seed phrases.

Good news — you do not need to buy a dedicated hardware wallet device. An old computer that can run Linux is fine for generating seed phrases.
The goal — a machine that nothing can reach over the air, so no signal, malware, or attacker can get in or out wirelessly.
Step 1 — install a clean Linux (or boot Tails) on the old machine.
Step 2 — mechanically remove or disable every radio: the WiFi card / antennas, Bluetooth, and NFC. Physically pulling the wireless card is the strongest move.
Step 3 — never plug it into a network again. No cable, no WiFi, no Bluetooth — fully air-gapped.
Step 4 — run the offline seed tool (Class 15) on it, write the seed on paper, then power down.
Why it works — once the radios are physically gone, nothing enters or leaves the device via electronic waves; it is as isolated as a purpose-built device.
Bottom line — old hardware is still genuinely useful for this, and a DIY air-gapped box works just as well as a bought one.

I am interestedCC-19

What it is — pay many addresses in a single on-chain transaction; saves fees and time vs sending one by one

What it is — pay many addresses in a single on-chain transaction; saves fees and time vs sending one by one
Do it from the clean Tails environment from Class 16
Step 1 — open Electrum inside Tails with your wallet
Step 2 — go to the Send tab and enable "Pay to many"
Step 3 — paste one recipient per line in the form address,amount
Step 4 — check the total and the fee before signing
Step 5 — sign and broadcast the single transaction
Benefit — one fee, one confirmation, all recipients paid together
Check mempool fee levels first

I am interestedCC-20

What it is — your own copy of the Bitcoin blockchain that validates every rule for you, so you trust no one else

What it is — your own copy of the Bitcoin blockchain that validates every rule for you, so you trust no one else
Why — full self-verification, privacy, and you can back your own wallet and Lightning node with it
Path A — manual / DIY: install Bitcoin Core or Bitcoin Knots on a computer; let it download and verify the full chain (the Initial Block Download takes time and disk space)
Path A — point your wallet (e.g. Electrum) at your own node instead of a public server
Path B — plug-and-play box: Umbrel, Start9, or myNode — a pre-built node OS on a small computer (often a Raspberry Pi) with an app store
Path B — flash the box image, connect it to your router, follow the on-screen setup, wait for the chain to sync
Add Lightning — both paths can run a Lightning node on top of your full node, so your L2 is backed by your own L1
Trade-off — DIY = more control and learning; box = easier and faster to get running

I am interestedCC-21

What it is — a Bitcoin key pair printed on paper: a public address to receive, and a private key to spend. Cold, offline storage.

What it is — a Bitcoin key pair printed on paper: a public address to receive, and a private key to spend. Cold, offline storage.
Honest warning: paper wallets are now considered outdated and risky. A modern seed-phrase wallet is safer for most people. Use a paper wallet only if you understand the dangers below.
Risks — single point of failure (one paper = total loss if lost, burned, or soaked), easy to make mistakes, and address-reuse leaks your privacy.
Step 1 — generate it offline only: ideally inside Tails (Class 16), on an air-gapped machine, never on an everyday online phone or PC.
Step 2 — generate, then print or hand-copy the keys. Make at least one backup, stored separately.
Step 3 — to receive, send BTC to the public address. To spend, you must sweep the whole balance into a software wallet — never reuse a paper wallet for change.
WIPE FULLY afterwards — beware, copies hide everywhere:
— Close the browser and clear its cache/history; the keys were on screen.
— Clear the clipboard (anything you copied).
— A printer keeps a copy in its internal memory / spool — clear or power-cycle it, and never use a networked/shared printer.
— If generated on a normal computer, wipe the temp files; this is why Tails (amnesiac, leaves no trace) is the safe way.
— Destroy any failed or test printouts.
Step 4 — verify the funds and your access with a tiny test before trusting it with real value.

I am interestedCC-22

What it is — hiding a secret inside something ordinary so no one even knows a secret is there. For example, concealing a passphrase or message…

What it is — hiding a secret inside something ordinary so no one even knows a secret is there. For example, concealing a passphrase or message inside an image or text file.
Hiding vs scrambling — steganography hides the existence of data; encryption scrambles its contents. They are different jobs.
Best practice: encrypt first, then hide. If someone discovers the hidden data, concealment alone will not protect it. Hiding by itself ("security through obscurity") is weak.
Simple idea — a secret can be tucked into the data of a photo so the picture still looks completely normal to anyone who sees it.
The carrier file must look and behave normally — odd file sizes or artifacts can give it away.
Remember where and how you hid it; if you forget the method or the carrier, the secret is as good as lost.
Reference: Steganography (Wikipedia)

I am interestedCC-23

What it is — a tiny low-power "lottery" miner; realistically it will not find a block, but if it does you win the full reward (a lottery ticket)

What it is — a tiny low-power "lottery" miner; realistically it will not find a block, but if it does you win the full reward (a lottery ticket)
Step 1 — flash the firmware with the DIY Flasher
Step 2 — power it on; it creates its own WiFi access point
Step 3 — connect your phone to that AP and open 192.168.4.1 to enter your home WiFi details
Step 4 — set the pool: web.public-pool.io
Step 5 — set your payout address as the worker: bc1qtcau3jxvq4hy2du53kedttas0wwf09rwqrry9x
Worker name example: worker20251213
Step 6 — watch your worker on public-pool dashboard
Solo alternatives: solo.ckpool.org · pool.nerdminers.org

I am interestedCC-24

Do not over-complicate your security. The fancier your setup, the easier it is to lock yourself out.

Do not over-complicate your security. The fancier your setup, the easier it is to lock yourself out.
Most coins are lost not to hackers, but to people forgetting their own clever scheme — a passphrase they cannot recall, a hiding spot they cannot find, a split backup they cannot reassemble.
If you cannot confidently reconstruct your setup months or years from now, it is too complex.
Follow standard practice: a reputable wallet, a seed phrase written on paper (or metal), stored safely in more than one place.
Add advanced layers (passphrase, multisig, air-gap, steganography) only once you fully understand them and can recover from them.
Test your recovery — practice restoring from your backup with a small amount before you trust it with real value.
Simple and reliable beats clever and forgotten. Every time.

I am interestedCC-25

What it is. A small fireproof/waterproof metal plate (often titanium) that stores your seed phrase by punching holes instead of writing words.…

What it is. A small fireproof/waterproof metal plate (often titanium) that stores your seed phrase by punching holes instead of writing words. Several products on the market use this approach.
Why 11 bits? The BIP39 word list has exactly 2048 words, and 2048 = 2¹¹. So every word can be written as an 11-digit binary number (eleven 1s and 0s). Example: the word "satoshi" is word number 1499, which in binary is 10111111011.
How the plate works. Each row is one seed word. You punch a hole for every "1" and leave the spot empty for every "0" — eleven positions per word. A 12-word seed is 12 rows; 24 words is 24 rows. That is why the plate can be tiny: holes take far less space than stamped letters.
You are not locked to the maker. To read it back you do not need their website or a special chart. Read each row as binary, add it up to get a number from 1–2048, then look that number up in any copy of the open BIP39 word list (it is in the Bitcoin GitHub and printable anywhere).
Care & honesty. Punching by hand means accuracy matters — one wrong hole is a different word and a different wallet, so always do a small test-restore. And like all metal backups it is durable by design: great against fire and water, but hard to destroy quickly if your own situation ever called for that (see Weak Spots).
This is an advanced backup method. If it feels like too much, paper kept safely in more than one place is already a solid start (Class 6b).

DEMO ONLY — this uses your browser's ordinary randomness and is shown on a web page, so it is NOT secure. Never use anything generated here for real Bitcoin. It only shows how the 11-bit punching works.

Seed length:

12 and 24 are by far the most common. 12 = 128-bit, 24 = 256-bit entropy.

# Word No. 11‑bit

I am interestedCC-26

Why this comes first. The moment you put your seed, keys, or coins near a piece of software, you are trusting whoever wrote it and whoever shipped…

Why this comes first. The moment you put your seed, keys, or coins near a piece of software, you are trusting whoever wrote it and whoever shipped it to you. Get that judgement right and everything after it stands on solid ground; get it wrong and even a perfect seed backup cannot save you, because the theft happens upstream. That is why vetting is the foundation, not an afterthought.
The golden rule first. No legitimate Bitcoin software ever needs your seed phrase typed into a website, a chat, a support form, or a "validator/sync/migration" tool. If anything asks for your 12 or 24 words, it is a scam — stop, full stop. Everything below is for the harder cases where it is not that obvious.
1) Is it really open source — fully? "Open source" is used loosely. Check that the actual code is public (a real, browsable repository), not just a marketing word or a half-empty repo. Can anyone read it, build it, and report issues? Closed-source wallets can be fine for tiny amounts, but for anything serious, open and inspectable is the standard.
2) Reproducible builds. The deeper question: does the app you downloaded actually match the public code? Good projects offer reproducible (deterministic) builds so independent people can confirm the binary wasn't tampered with between "source" and "download". If a project markets itself as open but the released app can't be reproduced from the source, that gap is where malware hides.
3) Who is behind it? Known team or fully anonymous? Anonymity isn't automatically bad in Bitcoin (Satoshi was anonymous), but it raises the bar on everything else — track record, code quality, community trust. Look at their other projects, how long they've been around, whether real developers are publicly associated. A faceless project with no history and big promises is a red flag.
4) Age and track record. How long has it existed and held up? New isn't automatically bad, but unproven means untested by time and attackers. Software that has guarded real money for years, through bugs handled in the open, has earned a trust that a three-month-old app simply hasn't yet.
5) Transparency. Do they hide things or work in the open? Public repo, public issue tracker, public discussion, clear changelogs, honest documentation. Secrecy around how something works — especially around security — is the opposite of what you want.
6) Independent audits & how bugs were handled. Has the code been audited by a reputable third party? More telling than "never had a bug" is how they handled the bugs they did have: disclosed openly, fixed quickly, users warned. A project that hides or downplays vulnerabilities is more dangerous than one that admits and fixes them.
7) Origin & jurisdiction — could it be region-driven? Where does it come from, and does that matter here? Consider whether the makers sit in a place known for state pressure on software, sanctions exposure, or a heavy concentration of crypto-scam operations. This is not about prejudice against any nationality — it's a risk input: a tool built under a hostile or lawless jurisdiction can be compromised by force or by fraud in ways an open, accountable project can't. Weigh it together with everything else, not on its own.
8) "If it's free, why?" Most good Bitcoin software is free and open by principle — that's normal and healthy. But always understand the model: who pays for it, and what do they get? Free with no visible funding, no donations, no company, but slick marketing and pressure to deposit — ask hard where the money is really coming from. Sometimes the answer is: you are the product, or your coins are.
9) Distribution & impersonation. Even good software is dangerous if you get it from the wrong place. Verify you're on the real project's official site (typosquatted domains and fake app-store clones are everywhere). Download only from the source the project itself points to. Check the developer name and reviews on app stores — fakes copy the icon and name exactly.
10) Verify what you downloaded. Serious projects publish a checksum/hash and a cryptographic signature (PGP) for each release. Learn to check them: it proves the file wasn't swapped or corrupted in transit. It feels technical the first time and becomes routine — and it's exactly the step attackers count on you skipping.
11) Community & adoption — but think for yourself. Who else trusts it, and why? Long-standing recommendations from independent, reputable voices are a good signal. But beware manufactured hype: paid "reviews", coordinated influencer pushes, swarms of brand-new accounts praising it, fake star ratings. Real adoption is boring and slow; fake adoption is loud and sudden.
The 60-second red-flag list (any one = stop):
— Asks for your seed phrase or private key, in any form, for any reason.
— Pressure and urgency: "act now", "limited", "verify within 24h or lose access".
— Guaranteed returns, doubling, "staking" your Bitcoin for profit.
— No public code, no named people, no history — but big claims.
— You found it via a DM, an ad, a comment, or a "support agent", not via your own research.
— The download link isn't the official site, or the domain is subtly misspelled.
— Reviews are all five stars, all recent, all generic.
Run this checklist on any tool before trusting it:
□ Code is genuinely public and inspectable
□ Builds are reproducible (binary matches the source)
□ The people / team are identifiable or have a strong track record
□ It has existed and held up for a meaningful time
□ It works transparently (open issues, clear docs, changelogs)
□ It has been independently audited; past bugs handled openly
□ Origin / jurisdiction considered as one risk input
□ The funding model makes sense (you understand who pays and why)
□ Downloaded only from the official source; domain verified
□ Checksum and signature of the download verified
□ Adoption looks real, not manufactured
□ It never asks for your seed
Bottom line. "Don't trust, verify" isn't a slogan here — it's the job. The few minutes you spend vetting a tool are the cheapest insurance in all of Bitcoin. When in doubt, slow down, ask, and prefer the boring, open, long-proven option over the exciting new one. We work through real examples together in class.

I am interestedCC-27

Why mempool.space is genuinely cool. It's one of the best windows into Bitcoin: live fee estimates, the transaction backlog, block contents,…

Why mempool.space is genuinely cool. It's one of the best windows into Bitcoin: live fee estimates, the transaction backlog, block contents, confirmations, mining data, and a clean API. It's open source (AGPL), it's been around since 2018, and the Bitcoin community relies on it daily. Nothing here is an attack on it — it's a great tool. (We even use its public API for the live numbers on this site's home page.)
So where's the risk? When you type your address or transaction into their website, you are asking someone else's server a question about your money. That server — and anyone watching it (their hosting provider, their network, whoever they share logs with, or anyone who later compels them) — can see: which addresses you care about, that those addresses probably belong to one person, your approximate balance and history, and the IP address you asked from. That quietly links your coins to your identity. It is exactly the kind of trusted middleman Bitcoin was built to remove.
It's a centralized service, by definition. However good and well-meaning the team is, mempool.space is one organisation running servers you don't control. That means it can go down, be blocked in your country, be served a legal order, change its terms, get hacked, or — in the worst case — show you wrong or manipulated data. You'd have no way to know, because you're trusting their answer instead of checking for yourself. "It's open source" protects the code; it does not protect your privacy when you query their public instance.
The deeper Bitcoin point. The whole promise of Bitcoin is "don't trust, verify" — you shouldn't have to ask a company whether your money is really there. Every time you check your coins on a public explorer, you've handed that verification back to a third party. Convenient, yes. But it's a small surrender of the exact sovereignty you came to Bitcoin for.
The workarounds, from easiest to best:
Good — reduce the leak. Don't paste your real addresses into public explorers out of habit. If you must, use Tor / a VPN so your IP isn't tied to the query, and avoid checking all your addresses from the same session (which links them together). This lowers the metadata leak but you're still trusting their answer.
Better — use your own wallet, not a website. A good wallet (see Class 10) already tells you your balance and confirmations. Letting your wallet answer "did it arrive?" is usually enough — you don't need to open a website at all. (Note: lightweight wallets still ask some server in the background; which one matters.)
Best — run your own node and your own explorer. This is the real Bitcoin answer. If you run your own node (Class 21), you can also self-host mempool.space against it — it installs in one click on node setups like Umbrel, RaspiBlitz or Start9. Then the fee estimates come from your view of the network and address look-ups go through your indexer. Nothing leaves your machine, nobody sees what you ask, and you're verifying against your own copy of the blockchain instead of trusting anyone. Same great tool — pointed at your own node.
The honest catch with self-hosting. It costs real resources and attention: disk space, a synced full node, and upkeep. And a neglected, out-of-date self-hosted instance can actually be worse than a well-run public one, because it can quietly show you stale data. Sovereignty isn't free — it's a responsibility. If your stakes are low and you just want a quick fee estimate, using the public site is a reasonable, eyes-open choice. The mistake is doing it without knowing the trade-off.
Rule of thumb. Public explorer = fine for general curiosity and rough fees. Your own coins, your own privacy = your own node and your own explorer. The point of this class isn't "never use mempool.space" — it's "know what you're handing over when you do, and know that the real Bitcoin way is to verify for yourself." We set up a self-hosted instance together in class if you want it.

I am interestedCC-28

What this class is. "Cloud mining" sites that promise easy daily Bitcoin are one of the most common ways people lose money in crypto. Most are not…

What this class is. "Cloud mining" sites that promise easy daily Bitcoin are one of the most common ways people lose money in crypto. Most are not mining anything — they're a payout illusion. This class walks through exactly how the trap works, using a typical example, so you can spot the next one instantly.
The pitch (why it's tempting). "Mine Bitcoin with no hardware. Sign up and get $100 of free hash power. Earn guaranteed daily profit. Full principal back at the end. Swiss-regulated, audited, green energy, AI-optimised." It looks modern, professional, and safe. That polish is the point.
How the trap actually unfolds — the lifecycle:
1. Free bait. You get "free hash power" and watch a dashboard tick up a dollar or two a day. No deposit yet — it feels risk-free and real.
2. The first small payout (sometimes). Early on, a tiny withdrawal may actually pay out. This is the hook: it "proves" the site is legit and pushes you to put in real money. (Classic Ponzi mechanic — early money comes from later victims, not from mining.)
3. "Buy a bigger plan." Once you trust it, you're nudged to deposit for higher daily returns. The numbers shown grow fast — tens, then hundreds of dollars a day. Your on-screen "balance" balloons.
4. The withdrawal wall. When you try to take real money out, it won't come. Now the excuses start: a "tax" must be paid first, then an "exchange fee", then an "upgrade", then a "verification deposit". This is an advance-fee scam: every fee you pay is just more money gone, and the withdrawal never arrives.
5. The vanish. Often the site simply disappears — or quietly moves to a near-identical domain (.com becomes .co, etc.) — right around the time many users hit the minimum withdrawal. Your "balance" was always just numbers on their screen.
6. The second hit (recovery scam). Soon after, "recovery experts" appear in comments and DMs promising to get your money back for an upfront fee. These are usually the same ring, or its friends, coming back for a second bite. Never pay anyone who contacts you promising recovery.
The red flags, distilled (any one should stop you):
— Guaranteed or fixed daily returns, and "principal fully returned". Real mining income swings with price and difficulty — nobody can guarantee it.
— "Free $100 / free hash power" + a referral programme that pays you to recruit. Free-money hooks plus pay-to-recruit = Ponzi shape.
— A wave of glowing, near-identical "reviews" and sponsored "news" articles with ever-bigger earnings claims. Manufactured hype (see Class 27).
— Any request for a fee, tax, or deposit to unlock a withdrawal. Legitimate platforms deduct fees from what you withdraw — they never ask you to send money in to get money out.
— "Regulated in Switzerland / FINMA" used as a trust badge. Being registered as a company is not the same as being licensed to take public funds — and these claims are often simply false (a struck-off shell in another country, hosting elsewhere).
— You found it via an ad, a DM, an influencer, or a comment — not your own research.
The honest truth about cloud mining. Real, legitimate mining is hard, capital-heavy, low-margin work. A handful of genuine operations exist, but they don't promise guaranteed daily profit, and they certainly don't message you. If you want to actually touch mining, do it to learn, not to get rich — a tiny home device like in Class 24 teaches you how it really works, with no one holding your money.
If you've already paid in: stop sending any further "fees" immediately — they will never release your funds. Save everything: screenshots, the website, transaction IDs, addresses, dates, and any chat logs. Report it to your local police / national cybercrime unit. Then, if it helps, a Scam Trace can map on-chain exactly where the money went and give you a clear report — but be honest with yourself that a trace documents what happened; it does not guarantee getting funds back, and anyone promising to recover them for a fee is the next scam.
One line to remember. If something pays you to join, guarantees daily profit, and then asks for a fee before you can withdraw — it is a scam. Every time. We go through real, current examples together in class.

I am interestedCC-29

Tick the classes you're interested in, then send them to BITMI:

Nothing ticked yet.

Send my interests by email