How product marketing works when your product secures real wealth
A few weeks into my time at Trezor, I sat down with the onboarding flow for the first time and started counting screens. The section explaining wallet backups was long. Screen after screen of explanation before the user ever got to write anything down. My SaaS brain did what it always does, I started thinking about where to cut.
Then I asked the product team why it was so long, and they walked me through what a wallet backup actually is. It’s the only way to recover your crypto if the device is lost, broken, or stolen. There is no password reset and no customer support workaround. If you rush through the process and write down the wrong words, or don’t understand what you’re holding, the money is gone and nobody can get it back. Every screen I wanted to cut existed because the team had learned, through years of support tickets and user research, that people skip what they don’t read. And skipping here means permanent loss.
I closed the prototype and put my red pen away. That was the first time I understood that my job at this company was not going to be what I thought it was.

The product marketer’s instinct is wrong here
Every product marketer is trained on the same reflex: find the friction, kill the friction. Reduce time-to-value. Shorten the path from “interested” to “converted.” Remove every click and confirmation screen where the user might pause.
That logic breaks when the product is protecting something irreversible.
A hardware wallet secures real wealth. There is no “forgot password” button for a Bitcoin private key. If someone steals your crypto because you approved a malicious transaction without reading it, nobody is reversing that and nobody is issuing a chargeback.
The friction in this product is a design decision. The device has a screen. When you send a transaction, the details appear on that screen, and you physically press a button to confirm. That button press is the entire security premise. If your computer is compromised and malware has rewritten the recipient address, none of it matters. The attacker can’t reach across the room and press the button on your desk.

Every confirmation screen and extra second the process takes exists because the alternative is a system where a single compromised laptop can drain a life’s savings in silence.
Your job as a PMM is to make the customer understand why that effort belongs here.
The simplification trap
I’ve seen wallet interfaces that strip everything down to a green “Approve” button. No contract address or fee breakdown, but only a friendly screen and a tap. The pitch behind this trend, account abstraction and radical simplification, is that mainstream adoption requires mainstream simplicity.

But when you hide what’s actually happening, you remove the user’s ability to verify it. If a user can’t see which contract they’re interacting with, they have no way to catch a malicious smart contract disguised as a routine swap. The interface that feels the friendliest is also the one that gives an attacker the most room to operate.
In self-custody crypto, the user is the last line of defense. If the product has been optimized to prevent the user from even seeing what they’re defending against, you’ve just removed the one check that mattered.
This is the tension every crypto hardware PMM lives inside. The market wants things to feel easy, but the product’s entire value comes from not being easy in the places where easy gets people robbed.
How you actually market friction
You sell it as verification. The shift is from “this takes an extra step” to “you confirm every transaction on a trusted screen before anything moves.” One framing sounds like an apology where the other is control.
The customer is the one who decides. Nothing happens without their physical confirmation on a device they hold, and that’s where the authority comes from.
The same principle runs through how we talk about wallet backups. The setup process involves writing down a set of words on a physical card and storing it somewhere safe. It is, by any SaaS standard, a terrible onboarding experience. It’s slow and analog, and it asks the user to do something they haven’t done since the last time they hid a spare house key.

But that backup is the only way to recover the wallet if the device is lost or destroyed. Skip it or rush through it, and the consequences are permanent. So the messaging doesn’t apologize for the process. It explains what the process protects. The customer finishes the setup understanding not just what they did, but why each step exists. That understanding is the product’s real activation moment, not “time to first transaction,” but “time to first confident transaction.”
Say only what the hardware can back up
When I joined Trezor, one of the first things I wanted to do was sharpen the security messaging. I started reaching for words like “unhackable” and “unbreakable.” They felt like strong, clean headlines. The kind of language that stops a scroll.
The security team stopped me immediately. Given enough time, resources, and physical access, any device can be compromised. The honest claim is that the architecture makes an attack so expensive and time-consuming that it’s not worth attempting for most threat models. That’s a real claim, backed by a decade of public security research. “Unhackable” is a promise that one researcher with a good afternoon can turn into a headline about your company’s credibility.
That conversation changed how I think about every claim I write. Every marketing claim for a security product is a promise about the device’s physical and logical architecture. If your messaging says “your keys never leave the device” and a firmware update introduces a feature that can extract and transmit the keys, the words on your website become evidence against you. Your own community will surface the contradiction before any journalist does.
I’ve watched exactly that play out. A competitor spent years marketing their device on the principle that private keys could never be extracted from the secure chip. Then they shipped an optional recovery service that did exactly that, sharded the key and sent the pieces to third-party custodians. The feature was opt-in and encrypted, but it didn’t matter. The hardware was now proven capable of the thing the marketing had promised it couldn’t do. The backlash didn’t come from critics but from their own users, and it’s still referenced in every competitive thread years later.

The coupling between what the product actually does and what marketing says it does has to be absolute. The PMM has to understand the architecture well enough to say “we can’t claim this because the firmware doesn’t work that way” before it goes to print. A bad claim in SaaS costs you a disappointed customer. A bad claim in crypto hardware costs you a brand that never fully recovers.
What changes in the job description
Your optimization target changes, and so does your relationship with the product team, because the two are connected. You stop measuring success by how fast people convert and start measuring it by how well people understand what they own. A customer who buys the device and never completes the backup is a liability, not an activation. And you can’t measure the right thing if you don’t understand the architecture well enough to know what you can and can’t say about it. The marketing and the engineering are the same promise.

The reflex to smooth everything out will still fire. Let it fire. Then ask, if I remove this step, does the customer lose the ability to verify something that protects their money? If the answer is yes, the step stays, and your job is to make them glad it’s there.
That’s the job. You make the customer feel capable, not comfortable. And you learn, slowly, that the best product marketing you’ll ever do is helping someone understand why the hard way is the right way.