
A note on funding: CypherpunkGuide carries no surveillance advertising — no ad networks, tracking pixels, or sponsored content. It is funded by transparent streams: reader donations now; subscription and editorially-aligned affiliate later. We answer to our readers, not to advertisers.
If you are in danger, your safety comes before any of this. Reading this page can leave a trace on a shared or monitored device. Open it from a device the person you fear cannot reach, and speak with a domestic-violence advocate before you change anything. Sudden changes to shared accounts, devices, or money can alert an abuser — and the period around leaving is the most dangerous (WomensLaw). In the US you can reach the National DV Hotline at 1-800-799-7233; elsewhere, search for a local advocate. Nothing here replaces a safety plan made with a trained person.
Almost every guide to holding your own Bitcoin pictures the same enemy: a hacker somewhere far away, trying to reach across the internet for your keys. So the advice is built for distance — a hardware wallet, a seed phrase written down, a strong PIN. It quietly assumes you are alone in a room no one else controls.
For a great many people that assumption is false, and the gap is widest exactly where the stakes are highest. Economic abuse — a partner controlling, sabotaging, or seizing your money — affects roughly 15% of women, and women experiencing food insecurity are more than four times as likely to face it (Mellar et al., 2024). Self-custody is sold as financial independence, yet the standard playbook never names the adversary who shares your bed, knows your passcode, and can simply demand that you unlock the wallet. (Physical coercion is not a fringe concern even outside the home: recorded physical attacks on Bitcoin holders rose 169% in 2025 — CNBC, citing Jameson Lopp’s database of reported incidents.)
So what changes when the threat lives with you? We read the major self-custody guides and the leading domestic-violence digital-safety resources side by side, and found they almost never meet. This article tries to close that gap — not with a tidy checklist, but with a way to think: an adversary-capability model that starts from what the person near you can actually do, and a staged plan that puts your physical safety ahead of any wallet setting.
We write as privacy researchers, not as survivors or advocates. What follows is a threat model and a set of options, not a prescription — following the trauma-informed principle of offering choices rather than directives (SAMHSA). You know your situation better than any guide can, and some of the “clever” tricks circulating in Bitcoin communities can get someone hurt. We flag those plainly.
Why standard custody advice fails when the threat lives at home#
Standard Bitcoin custody guidance is built around a remote adversary and a physically secure user. Its core moves — keep the seed phrase off the internet, use a hardware wallet, set a PIN — all assume nobody trustworthy-looking is watching you type, holding your phone, or able to apply pressure in person. Intimate partner abuse breaks every one of those assumptions at once, which is why “just use a hardware wallet” can be not only unhelpful but unsafe.
The mismatch is structural, not a matter of one missing tip. Mainstream custody resources optimize against theft (someone takes your keys without your cooperation). Abuse-aware safety planning optimizes against control and coercion (someone makes you act against your own interest, then punishes deviation). A hardware wallet defeats the first and can worsen the second: a visible new device is a question you may not be safe answering.
There is also a quieter failure. Domestic-violence advocates organize their advice around the abuser’s access and leverage; Bitcoin guides organize theirs around tools and procedures. Bridging them means translating “what can the person near me do?” into concrete custody and privacy choices — which is the rest of this article.
The adversary-capability matrix#
Instead of asking “am I a woman / a creator / an activist?”, ask what the person who threatens you can actually do. This is the single most useful shift, because the same defenses map cleanly onto capabilities, and most real situations are a mix of a few. The matrix below is our framing; the defenses are summarized here and expanded in later sections.
| Adversary capability | What it means | First-order defense | Honest limit |
|---|---|---|---|
| 1. Physical device access | They can pick up your phone/laptop, or it is shared | Separate device they cannot reach; screen-lock hygiene | A device they have touched may already be compromised |
| 2. They know your PIN/passcode | Shoulder-surfed, demanded, or shared earlier | A new device with a PIN they do not know | Changing a known PIN — or disabling biometrics — is itself a visible act, and a fingerprint or face can be physically compelled |
| 3. They can force a signature | Violence or threats to make you send funds | Time-delays; not keeping large sums reachable on demand | Cryptography cannot stop a wrench (the “$5 wrench attack”) |
| 4. They track your location | Stalkerware, shared accounts, AirTags | Treat phone as monitored; out-of-band help | Finding a tracker can escalate danger |
| 5. They read your cloud/email/2FA | Shared iCloud/Google, SIM access | New accounts on a safe device, app-based 2FA | Account changes may notify the other party |
| 6. They can dox or expose you | Threats to publish where you went | On-chain and address privacy; redaction | Public ledger history is hard to undo |
The point of the matrix is sequencing. Capabilities 1, 2, 4, and 5 are not Bitcoin problems — they are device-and-account problems that exist before any wallet. If the phone in your pocket is monitored, the most carefully chosen hardware wallet is irrelevant: whatever you set up is seen as you set it up. That is why the order of operations matters more than the choice of wallet, and why the next section comes before any custody advice.
Before Bitcoin: secure the device and the plan first#
Before touching a wallet, establish a device and a safety plan the other person does not control — because every later step assumes a private surface to act on. Stalkerware — apps that silently relay location, messages, photos, and calls — is widespread and built to be hard to spot; the Coalition Against Stalkerware and NNEDV’s Safety Net project document its routine use in abuse — 97% of domestic-violence programs report that abusers misuse technology to stalk, harass, and control (NNEDV Safety Net survey, 2014). If your device might be monitored, assume that anything you do on it is visible.
Crucially, do not rush to “clean” a suspected device. DV advocates warn that removing spyware or a tracker can tip off an abuser and escalate the danger (NNEDV Safety Net). The safer pattern is usually to leave the monitored device behaving normally and move sensitive activity to a separate device the other person cannot access — bought, set up, and kept out of reach.
A practical first sequence, if you suspect monitoring:
- Pause. Do nothing abrupt on the suspect device. Behaving differently is itself a signal.
- Get a separate surface. A cheap phone — or a friend’s device, but only someone you are certain the other person does not contact or monitor — with a new email and an app-based authenticator, not SMS (which can be intercepted via a shared phone plan).
- Reach help out-of-band. Contact an advocate from the safe device or in person, not over channels the other party may read.
- Plan before you change anything reachable. Especially money: a sudden transfer from a watched account can be the trigger, not the escape.
Only once you have a surface the other person does not control does the rest of this guide become safe to act on. Our broader work on how monitoring tools see you and age-verification and vulnerable users covers the device and data side in more depth.
Custody choices under coercion — and their honest limits#
Under coercion, the goal of custody design shifts from “keep thieves out” to “limit what can be taken from you under pressure without putting you in greater danger” — and several popular tricks fail that second test. Self-custody’s hardest truth here is blunt: keeping your keys perfectly does not help if you can be forced to sign. This is the well-known “$5 wrench attack,” and it means custody choices must be judged by what happens to you, not only to your coins.
Below are the options most often suggested, with their real limits in an abuse context. None of these is a recommendation; each is a trade-off that can go wrong.
| Option | The idea | The honest danger in coercion |
|---|---|---|
| Decoy / duress wallet | Show a small “real” balance to satisfy a demand | If suspected or discovered, the lie can trigger worse violence. There is no published DV research validating decoys as safe; advocates warn any noticed deviation can escalate. Treat as high-risk, not clever. |
| Hidden passphrase (an extra secret word on top of your seed phrase — the BIP-39 “25th word”) | One seed, two wallets; the hidden one is plausibly deniable | Technically real (BIP-39), but a forgotten passphrase means permanent loss, and under interrogation deniability can fail. Recoverability and duress risk both rise. |
| Time-delayed / multisig spend | A delay or extra key gives a window to cancel a coerced transaction | The delay only helps if cancelling later is safe. If the other person is present and watching, a cancelled transaction is a noticed deviation. |
| Multisig with a trusted third party | Split keys so no single device holds funds | A hallmark of abuse is isolation — cutting victims off from friends and family (NCDV). The “trusted person” may not exist, may be pressured, or contact with them may itself be dangerous. |
Two principles cut across all of these. First, deception-based defenses are the most dangerous in coercion, because their failure mode is physical retaliation, not lost coins. Second, secrecy fights recoverability: an estimated 11–18% of all Bitcoin is already lost to forgotten keys and missing plans (Chainalysis estimate, via CryptoSlate), and stacking hidden passphrases on geographically split backups can lock you out as easily as anyone else. A plan you cannot safely use is not a plan.
If your situation is “I need to move funds out before I leave,” the cleaner approach is usually not a clever wallet but a new wallet on a safe device, funded deliberately — see acquiring coins privately in buying Bitcoin without KYC (KYC means the identity verification exchanges require), with the caveats below about the public ledger.
Bitcoin’s public ledger is its own exposure#
Beyond keys and devices, Bitcoin carries a privacy risk most newcomers miss: the ledger is public and permanent, so payments can be linked back to you long after they happen. Reusing the same address ties all of its transactions together, and connecting any of them to a KYC exchange withdrawal can attach your real name and address to that history (Bitcoin Wiki: Privacy; Coldcard). For someone trying to leave without being traced, this is not abstract — a withdrawal address handed to an abuser, or recovered from a shared account, can become a tracking handle.
The exposure is broader than addresses. Lightning (Bitcoin’s instant-payment layer) invoices can reveal the recipient’s node public key — a persistent identifier an attacker can search to help identify you (Casa). Shipping addresses for hardware, PO boxes, and exchange accounts under a shared identity all leak in the same way. The defensive moves — fresh addresses, avoiding address reuse, careful separation of KYC and non-KYC coins — are real but come with genuine friction: fees, jurisdiction limits, and a learning curve that is unfair to demand of someone already in crisis. We cover the mechanics in Bitcoin on-chain privacy; here the takeaway is narrower: assume anything you put on-chain may be linked to you, and keep the wallet you rely on for safety separate from any address the other person has ever seen.
A staged response: match the move to the moment#
Because the right action depends entirely on how acute the danger is, match your moves to the stage you are in rather than doing everything at once. The most common mistake we see in technical advice is treating this as a one-time setup; in coercion it is a sequence, and doing the “right” technical step at the wrong moment can be the trigger.
| Stage | Priority | Bitcoin-specific move |
|---|---|---|
| Immediate danger | Physical safety, not technology. Contact a hotline/advocate; do not make noticed changes | None. A transfer now can escalate, not protect |
| Device feels monitored | Get a separate, private device; leave the watched one normal | Set up any new wallet only on the safe device |
| Planning to leave | Quiet preparation; documents, money, route — leaving is highest-risk | Fund a new wallet the other person has never seen; keep amounts unremarkable |
| After separation | Address and location privacy; account recovery hygiene | Fresh addresses; sever links to shared accounts and old withdrawal history |
This staging reflects the core finding from DV safety planning: safety comes from a plan, not from any single tool, and the moment of leaving carries the highest risk of lethal violence (WomensLaw). Bitcoin can be part of that plan — money an abuser cannot freeze through a bank can matter — but it sits inside the safety plan, never ahead of it.
When Bitcoin isn’t the answer#
Self-custody is one option among several, and honesty requires saying that it is often not the best one for someone in crisis. Bitcoin’s strengths — censorship-resistance, no bank able to freeze or report your account — are real, but they come with a steep tax: high technical knowledge, irreversible mistakes, and a public ledger. For someone managing acute danger, that friction can itself be a hazard.
The honest comparison is situational, and we have found no published analysis weighing these specifically for abuse survivors, so treat this as a starting frame, not a verdict:
- Cash is the hardest to trace and needs no device, but it cannot be hidden in unlimited amounts and can be physically found or taken.
- Prepaid cards sidestep some bank monitoring and identity linkage, at the cost of fees and limits.
- A separate bank account is traceable and freezable, but accessible, reversible on error, and familiar.
- Bitcoin self-custody resists freezing and seizure, but demands skill, leaks on a public ledger, and is unforgiving of mistakes.
The right mix depends on the amount, how closely you are watched, your comfort with the tools, and whether you have somewhere safe to keep a backup. If you are weighing this, weigh it with an advocate, not from a guide alone.
Bottom Line — build a plan that fits your risk#
There is no single correct custody setup for living under coercion, only choices that fit your specific danger. The throughline of everything above is that the device and the safety plan come first, and the wallet serves them — never the reverse. Bitcoin can give someone leverage an abuser cannot quietly revoke, but only if the setup survives an adversary who is already inside your trust, your home, and sometimes your phone.
Frequently asked questions#
Can a hardware wallet protect me if my partner watches me use it?#
Only partially. A hardware wallet protects keys from a remote attacker, but if someone can watch you enter your PIN, hold the device, or pressure you to sign, the wallet’s protections are bypassed. In that situation the device-and-access problem (capabilities 1–3 in the matrix above) matters more than the wallet model. Secure a private device first.
Is a decoy or “duress” wallet safe to use under coercion?#
We do not recommend it as a safety measure. The idea — show a small balance to satisfy a demand — assumes the deception holds. In abuse, a noticed or discovered lie can trigger worse violence, and there is no published domestic-violence research validating decoys as safe under coercion. DV safety planning warns that any change an abuser notices can escalate danger. Treat it as a high-risk option, not a clever trick.
Should I name a friend or family member in a multisig?#
Be cautious. Collaborative custody (splitting keys so no single device holds funds) is sound in general, but it assumes a trustworthy, reachable third party. A defining tactic of abuse is isolation — cutting you off from exactly those people — so the “trusted person” may not exist, may be pressured, or contact with them may itself be unsafe. If you use one, choose someone the other person cannot reach or influence.
What should I do first if I think my device is monitored?#
Do not abruptly wipe or “clean” it — that can alert the other person. Leave it behaving normally, move sensitive activity to a separate device they cannot access (with a new email and app-based 2FA), and reach a domestic-violence advocate out-of-band before changing anything reachable, especially money.
Is Bitcoin better than a bank account for leaving safely?#
Not necessarily. Bitcoin resists freezing and seizure, which can matter, but it demands technical skill, is unforgiving of mistakes, and records payments on a public ledger. For many people in crisis, a mix — some cash, a prepaid card, a separate bank account, and only a small, carefully kept Bitcoin wallet — is safer than relying on self-custody alone. Decide with an advocate who knows your situation.


