₿ENOWHERE

👋 I think this ultimately comes down to the question, "why not just allow seed export for the people who want it and know what they're doing?" I think this is very reasonable, and ethos-aligned with self custody. We fundamentally believe hardware devices should protect the key, not just sign with it. So our hardware is designed to never export its secret; the APIs simply don’t exist. That gives us a very powerful security posture: there is only one copy of the HW key in the world, and access to it is gated by a physical device with biometrics. I would hesitate to erode that property. But it’s clear that some customers, like yourself, would prefer to give up that property in exchange for having a direct copy of your key. One way to support that, without weakening Bitkey’s non-exportability posture, would be to let customers set a seed phrase into Bitkey instead of having the hardware generate its own. That would preserve the principle that Bitkey-generated hardware keys are never exported, while still giving power users a way to use the wallet with keys they have access to outside the wallet. Would something like that get at what you’re trying to achieve?

From a security perspective, the safest way to leave a wallet is a transaction. If you use seeds to migrate keys, you carry forward the history of those keys: entropy quality, backup exposure, supply-chain risk, leaked metadata, unknown wallet bugs, etc. The new wallet inherits whatever latent risks existed before. If instead you migrate wallets by transaction, you get fresh keys and a clean security boundary. I agree with you that seed portability does have some convenient aspects to it -- no transaction fees, no consolidation considerations, not having to update your DIY seed-based recovery and inheritance system. But I disagree that there's a sovereignty benefit to seed-based vs transaction-based exits. And most importantly, transaction-based exits are unequivocally more secure than seed-based exits.

The app xpriv is already exportable. The hardware is different. We fundamentally believe hardware devices should protect the key, not just sign with it. So our hardware is designed to never export its secret; the APIs simply don’t exist. That gives us a very powerful security posture: there is only one copy of the HW key in the world, and access to it is gated by a physical device with biometrics. I would hesitate to erode that property. But it’s clear that some customers, like yourself, would prefer to give up that property in exchange for having a direct copy of your xpriv. One way to support that, without weakening Bitkey’s non-exportability posture, would be to let customers set a seed phrase into Bitkey instead of having the hardware generate its own. That would preserve the principle that Bitkey-generated hardware keys are never exported, while still giving power users a way to use the wallet with keys they have access to outside the wallet. Would something like that get at what you’re trying to achieve?

Block and Spiral just launched Loupe, a free AI-powered vulnerability scanner for open-source Bitcoin projects. The tool scans Bitcoin codebases for security flaws across millions of lines of code. It is available as a free "scanning-as-a-service" tool for any open-source Bitcoin developer. As Bitcoin secures hundreds of billions in value and the codebase grows more complex, automated security scanning is no longer optional. Block and Spiral say it is "mission-critical" for the ecosystem, especially as open-source developers face growing pressure to secure infrastructure that most of the world's financial system is increasingly building on.

Block just open-sourced mesh-llm, a peer-to-peer system that lets anyone pool spare GPU compute to run large open-source AI models without relying on any cloud provider. If a model fits on your machine, it runs locally at full speed. If it doesn't, the system automatically splits it across multiple machines on the network. Dense models get split by layers. Mixture-of-experts models like DeepSeek and Qwen3 get split by experts. Zero configuration required. Discovery happens over Nostr. Nodes find each other through relays, score by region and VRAM, and self-organize. No central server coordinates anything. Weights are read from local files, never sent over the network. Dead nodes get replaced in 60 seconds. It exposes a standard OpenAI-compatible API on localhost, meaning any existing AI tool can plug in without modification. Block is building infrastructure for AI that doesn't route through OpenAI, Google, or Anthropic. Frontier-class open models running across a mesh of commodity hardware, discovered via Nostr, with no cloud dependency. That's the direction AI needs to go.