The Wild West of finance was a time for expanding Bitcoin to a wider audience, less computer-literate and unwilling to run a heavy program on a fixed computer. For this reason, it was a time for improving the user experience, as evidenced by the appearance of lightweight wallets and the multiplication of ways to store bitcoins.

When Satoshi retired in December 2010, newcomers could only choose between the main software and custodial applications such as MyBitcoin. But from 2011 onwards, alternative solutions appeared. Lightweight software wallets, such as Bitcoin Wallet for Android and Electrum, implemented simplified payment verification. Web wallets, such as Blockchain.info, enabled funds to be managed from a browser. Paper wallets offered the possibility of storing funds offline. Some enthusiasts, like the emblematic Casascius, developed physical carriers, which were a kind of embodiment of virtual units in the real world.

Personal custody of bitcoins was a complex problem, subject to the dilemma between loss and theft. To hold one’s bitcoins, it was necessary both to maintain access to one’s private keys and to prevent others from accessing them—two conditions that could never truly be achieved simultaneously. Thus, too easy access makes the wallet too susceptible to theft, as seen with the hacking of Allinvain's 25,000 BTCs in June 2011. Conversely, too difficult access made bitcoins more likely to be lost, as seen with Stefan Thomas's 7,000 or so BTCs lost due to overly complex encryption. It's these constraints that wallet designers have sought to address.

In this chapter, we will study the different ways of using Bitcoin that emerged during the period mentioned. We will first discuss custodial applications and alternative software implementations. Then, we will examine in more detail the case of lightweight wallets, which led among other things to the development of a deterministic structure for storing private keys. We will present paper wallets and physical forms of private key representations which were means of holding cryptocurrency safe from hacks. We will finish by discussing the rise of the first bitcoin mixing services, which allowed for improved user privacy.

In 2011, the most popular custodian application, after the infamous MyBitcoin, was Instawallet. It was an easy-to-use web application launched on April 29, 2011 by Jan Vornberger, aka Jav, a young German developer. It was a custodial service: the funds were held "server-side", meaning that Jav managed them. It required no registration; access was via a URL, such as https://instawallet.org/w/rq2SB02ai6BnWaEBywAlP52cw7qwUAA, which was generated during the first interaction with the service and saved in the web browser. Users were assigned a Bitcoin address, enabling them to send and receive funds. Transfers between Instawallet users were processed internally and were therefore instantaneous. What's more, from the end of July, the service integrated a certification process (called "green address") enabling proof to other market players that a transaction issued originated from Instawallet, to ensure that it was processed more quickly, as part of a relationship of trust.

On March 2, 2012, Jav announced the closure of Instawallet stating "I don't have the time and resources to continue to support the site". The service was nevertheless resumed a few days later by Paymium, who kept it going until its fatal hack in April 2013.

Paymium SAS was a French company founded by Gonzague Grandval, Pierre Noizat (aka Boussac on the forum) and David François in June 2011. It initially focused on the payments field, and its main product was a bankcard fraud prevention application. Thanks to Pierre Noizat and David François' attraction to Bitcoin, it gradually became a company focused on Bitcoin.

In early 2012, Paymium developed its own Custodial app: Paytunia. The Paytunia app was described as "Paytunia is a groundbreaking application based on the open source Bitcoin protocol for secure, easy, online payments and money transfers"). It was launched in April 2012 on Android. Users of Bitcoin-Central (the money exchange platform run by David François) could also access it with their existing account, as both services use the same system in the background. As with Instawallet, transfers between Paytunia users were instantaneous.

It was also a good time to rewrite the Bitcoin protocol. The main software, simply called "Bitcoin" at the time, was a complete implementation in that it required the entire blockchain to be maintained and new transactions and blocks to be relayed. But it was the only one in existence, so the whole network relied on it alone to function. Hence the desire to develop alternative implementations of Bitcoin.

Satoshi Nakamoto was essentially opposed to rewriting the protocol so as not to compromise the operation of mining. In a message posted in June 2010 on the forum, he wrote:

However, this observation did not apply to partial implementations designed to read the blockchain and provide services to users. So, when developer Mike Hearn approached him with his Java implementation project in March 2011, he didn't object to this reprogramming of the protocol, believing that "much complexity can be left behind in a clean rewrite with only client requirements".

Mike Hearn's software implementation is BitCoinJ. This is an implementation of Simplified Payment Verification (SPV) as described in the white paper, which interacts primarily with thin clients, particularly those on phones using the Android operating system. Mike developed this project from late 2010 and published a first version on March 7, 2011. As he was working as an engineer at Google, the code had to be attributed to the multinational company, but the license (Apache 2) was open.

The rewriting of the Bitcoin protocol did not stop there. In July 2011, after the departure of Satoshi, Bitcoin Consultancy members Amir Taaki and Patrick Strateman launched Libbitcoin, a C++ implementation aiming for the highest possible extensibility, scalability and configurability. Their aim was to "rewrite bitcoin, make it super-pluggable, very easy to do and hack everything at every level, and very configurable". The code is published under an open copyleft license (AGPL), which obliges those who reuse the software to publish their work under the same license.

In October, the software managed to perform a full verification of the blockchain. Amir Taaki also authored a “Zen of Libbitcoin,” modeled on the Zen of Python, a collection of principles that influenced the design of the Python programming language. He will also publish a manifesto (The Libbitcoin Manifesto) in September 2013.

The problem with full implementations is that they are resource-intensive and impractical for many people to use. What's more, they can't be used on mobile devices. That's why new and occasional users are turning to the easy way out: custodian applications. In November 2010, a forum member (Kiba) set up a collective bounty for the development of a Bitcoin mobile client. On July 29, 2011, the closure of MyBitcoin confirmed the need for an intermediate solution. This was the catalyst for the development of lightweight wallets.

The first idea was to use a node as a remote server, in which the user has complete trust. In February 2011, Amir Taaki launched a software client for managing a wallet locally by connecting to an existing node called Spesmilo. The client initially ran on Linux, but was soon ported to Windows. The name was a reference to spesmilo, the ancient international currency unit proposed by Swiss mathematician René de Saussure (the brother of linguist Ferdinand) in 1907, as part of the Esperanto project.

Amir was an Esperanto speaker himself and had been translating the software into Esperanto from day one. He was joined by developer Luke-Jr, who helped him maintain the software. The latter added to the program the tonal numeration system, a hexadecimal system proposed by John W. Nystrom in the 19th century, where the unit "bitcoin" equals 65,536 satoshis. The Spesmilo project was abandoned in November 2011, however, in favor of a far more ambitious project (presented below): Electrum.

The other, more convenient idea was to use simplified payment verification (SPV), which allowed transactions to be verified as belonging to the blockchain without having to download the entire data set. On March 11, 2011, a few days after the release of BitCoinJ, a Berlin-based developer by the name of Andreas Schildbach, aka Goonie on the forum, unveiled the prototype of a wallet for phones running Android, based on Mike Hearn's implementation. Under the unassuming name Bitcoin Wallet for Android, it became the first working model of a lightweight wallet on mobile.

Another BitCoinJ-based wallet available on the PC was MultiBit, which was created in September 2011 by British developer Jim Burton. Its distinguishing feature was the ability to manage multiple accounts within the interface.

The effort to improve Bitcoin usability also led to the emergence of deterministic wallets. These are wallets that apply key derivation: instead of being generated individually at random, as was done in the main software, private keys are derived deterministically from information (called the seed) using cryptographic functions. Knowing this information enables the user to recover all his funds, which greatly simplifies wallet backup. There's no need to save the wallet.dat file over and over again!

Deterministic wallets are largely the brainchild of American developer Gregory Maxwell. A supporter of free software, he had been a contributor to Wikipedia since 2004 and worked for the Xiph.org foundation, where he was involved in the development of the Opus audio codec. In May 2011, he began to get involved with Bitcoin, and tried his hand at mining. He also wrote a lot and quickly became very active on the forum and on the IRC channel #bitcoin-dev, where he used the pseudonym Gmaxwell.

Gregory Maxwell had lots of ideas on how to improve the use of Bitcoin, and key derivation was one of them. He was not the first to have this idea (Casascius made a similar proposal in April), but he was the first to formalize it. On June 18, following discussions on IRC, he wrote a description on the forum. He wrote:

Two types of derivation were envisaged. One type (type 1) was straightforward, generating private keys directly from the seed. The other (type 2) was more complex, but allowed addresses to be derived from a master public key obtained from the seed, without accessing the seed itself. This enabled payment processing software to generate an address for each transaction, without exposing the private keys.

Later, in February 2012, standardization took place with the publication of BIP 32. It described the general structure of Hierarchical Deterministic Wallets, HD Wallets, where derivations are used methodically to derive seed keys and addresses. It has been gradually adopted by most wallets over the years.

Other software wallets appeared during 2011. During the summer, a Danish developer by the name of Jan Møller developed a Java interface called BCCAPI (for BitCoin Client API). This was announced on August 23. It was a software interface for connecting a client running on an Android phone to a server. On the client side, it implemented deterministic generation of private keys, with no need for regular backups.

A few months later, this interface was used to create a lightweight wallet called BitcoinSpinner, available on Google Play. It was announced by Jan on November 23. It was officially managed by the Danish company Miracle A/S, which Jan joined at the end of December.

However, BCCAPI suffered from a few shortcomings, which meant it was not to everyone’s taste. On the one hand, the server's software infrastructure, which was based on BitCoinJ, was not public, which prohibited the deployment of additional servers. On the other hand, the system stored transactions linked to addresses managed by a wallet in order to provide the total balance, which reduced bandwidth but posed a confidentiality problem.

These shortcomings particularly bothered Frenchman Thomas Voegtlin, who was a computer researcher at the time and used the pseudonym ThomasV on the forum. He was interested in contributing and sought to set up "servers that did not require user loyalty" (original: "I am thinking about servers you don't have to be faithful to"). On October 20, he decided to "do it from scratch in python".

The result was Electrum, which came out on November 5. Its name refers to electrum, a natural alloy of gold and silver, which was used to mint the first coins in Lydia and Greece.

The client connects to a network of special servers to retrieve the transactions. The servers run the software (bitcoind) and index all transactions using the ABE block explorer code. In this wallet, the seed takes the form of a hexadecimal character string. As of November 10, it was also represented as a 12-word mnemonic phrase. Each word is chosen from a predefined list, allowing information bits to be represented. This type of sentence would be standardized by BIP 39, which was drafted in 2013.

On December 16, Electrum integrated type 2 derivation, so that addresses could be generated, without access to the seed. In October 2012, Thomas Voegtlin would add also simplified payment verification to Electrum, making it one of the best lightweight wallets in the ecosystem.

A third advanced wallet came out in early 2012: Armory. This software was developed from July 2011 by American engineer Alan Reiner, who went by the forum name Etotheipi (in reference to Euler's mathematical identity). It initially took the form of a Python software library called PyBtcEngine, before becoming a full-fledged client in November.

On January 3, 2012, Armory was presented as "The most advanced Bitcoin Client in existence": it integrated numerous features, such as a multi-account interface, deterministic infrastructure with paper backup, part selection and address import. But above all, it offered the possibility of managing funds offline, a practice known as cold storage (described below). In February-March, Alan Reiner carried out a crowdfunding campaign which raised over $4,000. As the months went by, Armory became the benchmark for security.

A hybrid form of wallet was emerging: the web wallet, which allowed accessing funds from a browser by connecting to a service that stored an encrypted copy of the private keys.

From March 2011, Stefan Thomas (justmoon), the German producer of the video "What is Bitcoin?" and manager of WeUseCoins, had been working on a Javascript library (in Node.js) to interact with the Bitcoin protocol. This library, called BitcoinJS, would be released on May 5. It enabled web developers to deploy clients running in the user's browser.

The first developer to use this library was a forum member calling himself DogIsland, who presented a web wallet concept called StrongCoin in August. The interface allowed users to create an account and log in with a username and password. It specified that private keys are encrypted using AES before being sent to the server, so that only the user has access to the funds. The service officially opened on October 7, but had the disadvantage of charging a 1% fee (up to BTC) on each amount sent.

The BitcoinJS library was also used by Benjamin Reeves, a young British developer living in York, known on the forum as Piuk. Very much a recluse, he was also a workaholic. In August, he developed a block explorer that "includes orphaned blocks which can be used to track possible double spends" and "estimates the actual volume of BTC transacted (not just BTC sent)", which he hosts on his personal website. It competes with Theymos' Bitcoin Block Explorer (BBE), and with ABE, an open-source alternative intended to be hosted by users. In October, the site obtained its own domain name: Blockchain.info. It quickly became the preferred explorer for community members.

On December 1, Ben Reeves integrated a wallet functionality to the platform. This feature, simply named "My Wallet", was similar to StrongCoin: users access their wallet with a login and password; their private keys are encrypted and stored on the server. However, no commission was charged. What's more, the service benefited from the clarity of the block explorer, showing the details of executed transactions.

The wallet's practicality makes it very popular. The service quickly attracted thousands of users, reaching 5,000 open accounts in March 2012. Daily volume on the blockchain, which counts bitcoins moved by transactions issued from Blockchain.info (My Wallet and API) and overstating actual transfers, grew steadily. At the beginning of May, it exploded thanks to the activity generated by the online dice game SatoshiDICE, exceeding 18,000 bitcoins, or $90,000 at that point! By July, the total volume moved by Blockchain.info would be estimated at $13.6 million.

2011 also saw the emergence of paper wallets, an application of the concept of cold storage. Holding bitcoin simply means keeping certain information protected from risks, whether from from accidental loss or the curiosity of others (theft). This information - the private key - can be generated by devices that are never connected to the Internet. This has been known as cold storage as of 2011.

Cold storage can be achieved by storing your private keys on a digital backup medium, such as a USB stick. But a much more practical method is the paper wallet, which is simply a sheet of paper containing the private key and public address. The key can be generated by any software wallet, provided the device on which it is located remains offline.

A paper wallet can also be generated using a specific tool. This type of tool was launched in the summer of 2011. The main one was BitAddress, developed by a certain Pointbiz, which was launched in September. This was a Javascript-coded, browser-based tool. The interface invited the user to create entropy to optimize the generation of pseudo-random numbers. The resulting private key and address could then be printed out for safekeeping. It can of course (and is recommended!) to be used without an Internet connection, by saving the HTML page.

Another tool that appeared at this time was VanityGen, created in July by a forum member calling himself Samr7. It was a program for creating a personalized address (vanity address), starting with specific characters, by testing a large number of private keys. This is useful for identifying the donation addresses of individuals. For example, Pointbiz's address for its BitAddress maintenance, 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN, contained the word "ninja".

Finally, the most effective method of protection against theft is the "brain wallet", which involves memorizing a secret phrase that gives access to the bitcoins stored at the corresponding address. For example, the secret phrase can be hashed with SHA-256 to obtain the private key that enables the funds to be spent. This method was proposed by Casascius in August 2011 and highlighted in Forbes by Jon Matonis in March 2012. It is, however, very insecure if entropy is not sufficient. And it is, of course, subject to the limitations of human memory; it is more a practical demonstration of Bitcoin’s power than a sustainable application.

Another possibility for cold storage is the physical storage of private key, which involves embedding private keys or signatures in specific objects. This idea emerged as early as the summer of 2010, with Gavin Andresen's proposal to "print bitcoins" (original: "Printing bitcoins") so that they could be exchanged in person, but it wasn't implemented until 2011.

The first objects of this type are Bitbills, launched by Doug Feigelson (aka Llama) in May 2011, which are plastic cards with QR codes representing the address and private key respectively. The private key is covered by a sticker, so that it cannot be read without showing signs of tampering. The card is fitted with holograms to prevent counterfeiting. Bitbills are, according to their designer, "the first physical incarnation of bitcoins". They provided a good way of "transferring bitcoins in person, just like cash!" (original: "With Bitbills you can transfer bitcoins in person, just like cash!").

The first Bitcoin ATM, designed by entrepreneur Todd Bethell, included a feature for funds to be sent to a specially printed Bitbills card. It was tested for the first time in public in San Diego, California on August 17, 2013. An introductory video was published in September:

Bitbills met with some success, but Doug Feigelson struggled to keep up with demand. In May 2012, Bitbills production was definitively halted (https://web.archive.org/web/20120508074832/http://bitbills.com/order). But there was a competitor: "physical representations of bitcoin" made by Mike Caldwell, aka Casascius.

Mike Caldwell was a 33-year-old American developer who lived in the suburbs of Salt Lake City, Utah, and run a business automation company called Swipeclock. His pseudonym, Casascius, is a Latinized form of CASAS, the initials of the saying call a spade a spade. A rationalist, he was fascinated by cryptography and was attracted by the technical side of Bitcoin. He tried his hand at mining for a while.

Casascius was particularly interested in bitcoin storage, and therefore wallets. He developed a utility to convert a private key into a Bitcoin address, generate custom keys and create a derivation seed. But above all, he set out, as he explained, to "make a real tangible bitcoin that actually conveys BTC". This is how he began selling paper wallets from June on his personal website.

On August 19, Casascius publicly shared his plan to manufacture "real physical representations of bitcoin". On September 6, he began producing them. On September 6, he announced the sale of "Casascius physical representations of bitcoin", more commonly known as "Casascius coins". The private key was covered by a personalized hologram, so that it could not be retrieved without damaging the coin. The first eight characters of the Bitcoin public address were visible on the outside and pre-printed on the hologram by the manufacturer. Surprisingly, the first coins contained a typographical error: Casascius was spelled Casacius.

Initially available in 1 and 25 BTC coins, Casascius bitcoins were quickly offered in other denominations and as bars, reaching up to 1,000 BTC! Physical representations of bitcoin were sold on Casascius's personal website, but also on MemoryDealers (Roger Ver's online store) from October. They were also made available through an ATM at the following year's PorcFest, in June 2012.

In this way, they served an educational purpose and appealed to a different audience, including coin collectors. In 2013, Mike Caldwell would explain himself:

Casascius bitcoins will be a huge success over the two years they were distributed. According to Uberbills, 27,910 coins and ingots would be produced, with a total of 98,284 BTC stored on these media.

Finally, it was during this period that questions began to be asked about Bitcoin's confidentiality. Since Bitcoin was initially presented as "anonymous", many people thought they had nothing to fear. But the registry is public, so funds can be traced and associated with an identity, leading to a question mark.

With the popularization of Silk Road and its adoption by WikiLeaks in the summer of 2011, concerns about anonymity grew steadily. On July 24, Martin Harrigan and Fergal Reid, two Irish researchers from University College Dublin, pre-published a study showing that Bitcoin was not as anonymous as most people imagined. Conducting confidential transactions was not impossible, but it was more difficult than it might initially appear.

To address this problem and break the traceability of funds, the solution was coin mixing, which made it possible to obscure transaction trails. This type of mixing was implemented by centralized mixers, known as mixers or tumblers. Three of these stood out from the crowd and proved not to be scams.

The first is BitLaundry. This service was launched in September 2010 by Peter Vessenes, an American entrepreneur with a degree in cryptography who discovered the existence of Bitcoin at the time of slashdotting. The blender provided the user with a single-use address, to which the funds to be anonymized were sent. The bitcoins were then sent back in the form of several coins (UTXO), within a multiple-entry transaction that includes bitcoins from other users, making the blending effective. The fees charged were around 2.5% of the amount involved. In May 2011, sensing the legal complications that could arise from this activity, Peter Vessenes transferred the service to Mike Gogulski, an activist notable for being stateless, having renounced his US citizenship without possessing another.

The second blender was Bitcoin Fog (the "bitcoin scrambler"), created in October 2011 by Roman Sterlingov, a 23-year-old Russian-Swedish man. Unlike BitLaundry, this service required users to hold a local account balance and then withdraw the funds to reduce traceability, by mixing them with the bitcoins of other users. Withdrawals were made on a delayed basis, in several stages to different addresses, over a period of between 6 and 96 hours. Fees were between 1% and 3%.

The third was of a special kind, as it was the mixer built into Ben Reeves' Blockchain.info wallet. This service was implemented in July 2012 as a feature called "Send Anonymously". The commission charged was 1.5%.

The proliferation of centralized mixers had the effect of catalyzing thinking around decentralized coin mixing, which began in the summer of 2011 with a proposal put forward by Hashcoin. This led to the formalization of CoinJoin by Gregory Maxwell in 2013. But that's another story altogether...

The 2011-2012 period was a busy one for the development of various solutions for using Bitcoin. In addition to custodial applications, we saw the emergence of software wallets like Bitcoin Wallet for Android and Electrum, web wallets like Blockchain.info, paper wallet generators like BitAddress, and physical representations of bitcoin like Bitbills and Casascius Coins. Several mixing services had been developed to offer users greater confidentiality.

In addition, the period saw the development of deterministic wallets, based on the derivation of keys from a single piece of data called the seed. The model was enhanced and standardized in BIP 32 in early 2012, to add a hierarchy to this derivation. But the movement didn't stop there, as other proposals were subsequently published. BIP 39, published in September 2013, standardized the use of the mnemonic phrase, in the same vein as Electrum. BIP 43 and 44, drafted in April 2014, standardized the structure of wallets holding multiple cryptocurrencies and multiple accounts. These proposals were made by Marek Palatinus (Slush) and Pavol Rusnak (Stick), who were working on making the first hardware wallet, Bitcoin Trezor.

However, wallets weren't the only area to see significant advances; so too were mining pools. Indeed, these spread throughout 2011, as mining difficulty intensified, ultimately resulting in the generalization of this mining approach. In the next chapter, we'll focus on this central aspect of the Bitcoin history.