General News

The weak point of the Bitcoin Muun wallet is in its backup of keys, according to expert

When it comes to maintaining the security of a Bitcoin wallet, there are a few standards adopted in the ecosystem over the years. The most widespread mechanism currently to generate the keys of a wallet is the Bitcoin Improvement Proposal 39 (BIP-39), which is based on the so-called seed phrase of 12 or 24 words and is widely known; being one of the requirements in the learning path to enter Bitcoin.

But also, Bitcoin wallet applications have multiplied in number, evolving with a variety of designs depending on their nature or function, taking into account user requirements, but also prioritizing innovation.

Thus, to support their security, many wallets also require other types of passwords and access PINs, adding more layers of security according to the occasion and purpose.

But having an abundance of backups and security methods can become a critical point for even the most capable and experienced users. It can happen as with a software or system whose architecture is very redundant, or complex, adding more points of fragility throughout the structure, to the detriment of the user experience.

Muun wallet: innovation against the standard?

The Muun wallet and application, a company started in Argentina, is known for its innovative recovery and backup systems for Bitcoin portfolios.

These methods include from an access PIN for the mobile application, through user password, and even an Emergency Recovery Kit that arrives in your email inbox.

Crypto specialist Christopher Allen recently criticized that the ways to restore access to the Bitcoin wallet with Muun on a new mobile device are, in his opinion, very complicated.

Allen worked for Blockstream as Principal Architect and is the author of several books on security, cryptography and self-sovereignty, including ‘Smart Custody’ (co-authored with Shannon Appeleline), which discusses standards on cryptographic security practices for digital assets.

Allen is considered in the ecosystem as a person with a lot of knowledge, or if not, an expert, in terms of security practices in Bitcoin and other cryptocurrency networks. However, his previous experience did not help him to understand in depth how the wallet works.

Allen argues that Muun does not follow industry standards, and that adds several potential points of failure to the process. One of the points he mentions is the absence of seed words or mnemonics which, as we mentioned, is the most used method in the generality of Bitcoin wallets.

The specialist also explains that when trying to log into the Muun application from the new device, the user session is completely closed on the old device, leaving the user out and without ensuring the successful completion of the restoration process.

“The critical part of the recovery process is the password and the recovery code, which in turn requires a backup,” he said in a series of messages on Twitter.

Why doesn’t this expert like Muun?

In Muun, email is the primary gateway for the wallet user. Once the user’s email is verified, a password of no less than 8 characters in length is created for the Muun wallet.

This password is linked to the user account and is the same that you would use when restoring the wallet on another device, but the disadvantage is that this password is unrecoverable if it were to be lost.

To do this, the user must save a recovery code, preferably on a sheet of paper, in a safe place, although it could also be saved on a hard drive or in the cloud.

Christopher Allen’s problem was that he lost the unique password, and although he did manage to save the recovery code, he did not configure his session with email. Therefore, you cannot receive the Emergency Kit in your email, which is encrypted and only opens with the recovery code.

This Emergency Kit, says a publication by Muun, consists of a PDF document where information about the outputs or outputs (User Transaction Outputs, UTXO) of the Bitcoin wallet can be found.


The Muun Emergency Kit allows you to recover a Bitcoin wallet with a recovery code. Source: Muun /

In turn, this information about the outputs of the wallet is technically called output descriptors, a topic that we discussed in . in an interview with Dario Sneidermanis, CEO of Muun Wallet.

In defense of Muun… Follow the footsteps!

Muun dismissed Christopher Allen’s criticism, pointing out that he may have created an account without email (downloading the backup somewhere other than email).

Also, they suggested using Muun’s Recovery Tool, which It allows identifying the exits of the portfolio to be recovered and sending the funds to an address established by the user. For this, the security code is used, which is, in all scenarios, essential.

In response, developer Matt Odell also recommended the recovery tool in the discussion: “Everything has its cons. I have been able to use the recovery tool successfully in the past. “

Some experienced developers and users randomly consulted by CryptoNews commented that Allen’s mistake could be obvious, but they also credit him for feeling about Muun’s backup methods, and their deviation from industry standards.

This could slow down the development of concrete solutions, friendly to all kinds of users and that can be replicated throughout the various Bitcoin and Lightning wallets available.

Although Muun wallet has been praised mainly for its simple and responsive user interface, which you can learn to use here, a part of the community seems not to have finished familiarizing itself with the method of safeguarding funds.

However, Muun could be at the forefront of Bitcoin development in terms of new options for wallet usability. Although its standardization could take time, Muun proposes to improve key management, especially for multi-signature wallets, such as those needed to create Lightning channels.

About the author

Donna Miller

Donna is one of the oldest contributors of Gruntstuff and she has a unique perspective with regards to Science which makes her write news from the Science field. She aims to empower the readers with the delivery of apt factual analysis of various news pieces from Science. Donna has 3.5 years of experience in news-based content creation, and she is now an expert at it. She loves journalism, and that is the reason, she moved from a web content writer to a News writer, and she is loving it. She is a fun-loving woman who has very good connections with every team member. She makes the working environment cheerful which improves the team’s work productivity.

Add Comment

Click here to post a comment