I've been thinking for a while that the current security methodology for wallets is not great. YES, that statement is extremely obvious on the face of it. But, I mean, think of some of the basic measures people take. This hardware wallet crap, okay great, your keys are kept somewhere safe and there's offline signing, but so what? Boop the users head until they give up the wallet. H4xt funds. We should be able to designed a robust threat model for cryptoassets using smart contracts that resists many kinds of attacks (including kidnapping.) This is hacker news so I guess people will want details on how this might work.<p>I would probably start with how people use their money. If people have t funds, they usually aren't going to move it each day. So start with a fixed, daily spend limit. That's simple, to start with. Then past the spend limit, you might have extremely large, outlier transactions. This is an interesting phase because with actual non-shit-tier security you could have a secondary layer of confirmation. This could be based on different panic codes. Some could indicate that the transfer is being made under coercion and to notify law enforcement, some could indicate to accept the transfer and notify, and so on. You could outsource this to a third-party. Do you see what I mean? All this shit is easy to do with cryptography and actual good design. But no ones done it. I thought of this in the time it took to write this shitty post.<p>Provable deniability schemes can be done to make it look like a wallet only contains a certain amount, too, using various private transaction schemes. This is nothing new. These attacks of being forced to do reveal keys and so on are things cryptographers have thought of for a long time. It's why you had Truecrypt have the fake volume. There is other stuff you can add to the security scheme. Giving different persons a key and making them sign their portion. Co-signing by third-parties (already a thing -- the scheme I like best is keys.casa). Many different ideas to allow for funds to seem like they've been "sent" then allow for revocation later on. You could have all different enhancements to high value, anomalous transfers like forcing the incumbent of transfers to take longer and have a clearing phase and so on. I'm sure there are plenty of ways to improve it even further. Just some ideas for how to stop attacks like this.<p>Whenever I see headlines about hacked exchanges, hacked wallets, lots keys, broken transfers, etc... I just think that we're still at the stage where there's a fractal of shit and we have to do better. Make everything work flawlessly and without even thinking about it.