Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.
Choose a good wallet software if you are to use a mobile app. Wallets like electrum for example have an inbuilt or virtual keyboard. That way, when you are typing your seed, you do it through the virtual keyboard and not those third-party keyboards on your mobile device. Also, even importing a wallet, do it offline. Thank you very much! I will! At least I learnt something from my mistake. |
|
|
|
This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.
Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc. |
|
|
|
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password. Thanks so much for the info. It makes absolute sense. |
|
|
|
Btw I am using Swiftkey as my main keyboard app. Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world. F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets. |
|
|
|
|
Thank you all. I am more than satisfied with all your responses.
|
|
|
|
Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.
This is true, indeed. Btw I am using Swiftkey as my main keyboard app. |
|
|
|
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
We don't know what exactly caused your wallet to be compromised, but you should never do this. With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for nay reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that. Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk. |
|
|
|
In my opinion the most likely scenarios are (3), (4). I guess it's #4. #3 would mean many more people would lose much larger amounts. So backup your data, factory reset your phone, and start over. definetely. I will. Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Now that you mention it, I have imported my seedphrase once to another application (blockstream green) because I was thinking of switching from BlueWallet to BS Green. I have forgotten it because it was a month ago and I never thought it was suspicious. I have downloaded the app from the playstore. After I decided to keep using Bluewallet instead of green wallet, I uninstalled the green wallet and kept using BlueWallet. So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green. |
|
|
|
Weird. It looks like someone was testing his malware backend. If you want to explain further, I would appreciate it. Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees. What does it mean that someone was testing his malware? It's just a guess because I can't think of any other reason to create such transactions. In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space. Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario. 2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me. It's possible. 3. My BlueWallet app is compromised somehow. I downloaded it from the playstore. It's possible. 4. My phone is compromised somehow and someone gained access to my phone's storage. It's possible. Option 5: someone had access to your phone for a moment, and swept your funds. Thanks. I have no sendable merit, but I appreciate your answer. In my opinion the most likely scenarios are (3), (4). |
|
|
|
You can't obfuscate addresses like this, it's trivial to find.Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions. Ok, sorry my bad for both of the above. Weird. It looks like someone was testing his malware backend. [/quote] If you want to explain further, I would appreciate it. What does it mean that someone was testing his malware? In my opinion there are the following options: 1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.3. My BlueWallet app is compromised somehow. I downloaded it from the playstore. 4. My phone is compromised somehow and someone gained access to my phone's storage. However all those options seem too obscure to me and I can't understand how it happened. |
|
|
|
As I said, it's from the website where I sent some sats to play roulette You're contradicting yourself: I have never sent money to this address First, you say your Bitcoin was sent to the address above. Then you say it's from a website you've used, while you say you've never sent funds to that address. It doesn't add up. How do you know which website the address belongs to? Hang on, I have been misunderstood, perhaps because english is not my native language. So, I have a hot wallet on my BlueWallet application. I have sent multiple time to an address that the website (windice.io) provided me, which was looking like this: 3J....... I don't show the exact address because I don't want to expose all of my transactions for privacy reasons. So, my wallet had multiple transactions to the address above. Then, suddenly, I have seen this transaction from my wallet: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37The output address of this transaction is this one: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6I don't own the keys that generate this address. I hope I made myself clear and I am happy to add any more information if needed. |
|
|
|
Hello. Yesterday, I saw this block: https://mempool.space/block/00000000000000000002645fd352bc274f017d8473992018dfd5326a52de2d53It seems strange, since it's empty. I have observed that it was mined just 1 minute after the previous block was mined. Mempool.space give this description for empty blocks: When a new block is found, mining pools send miners a block template with no transactions so they can start searching for the next block as soon as possible. They send a block template full of transactions right afterward, but a full block template is a bigger data transfer and takes slightly longer to reach miners.
In this intervening time, which is usually no more than 1-2 seconds, miners sometimes get lucky and find a new block using the empty block template. I don't understand though, does that mean that miners' mempools were totally empty and they didn't include any transactions? Or the interval time between the blocks was just 1-2 seconds and therefore, there wasn't enough time to include transactions? |
|
|
|
I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).
I remember this casino, they even advertised themselves in this forum, I think around 2018-2019. Let me look up the links But I don't think a site would access your private keys (seeds) or something like that. There is a possibility there was some security lapse that led to the leakage of your private keys (seeds) recently or way back, and you can't remember. Their ANN: ♨️🎲 WINDICE.io 🎲 Contests 🏆 TvT 🔰 Progressive Faucet💰 Jackpots 🎁❤Their former Signature Campaign: Windice.io Signature Campaign(CLOSED)Yeah I guess they couldn't access my PK, but I still wonder how someone gained access to my wallet... |
|
|
|
Hello. I am interested in learning about "The blocksize war".
I have been in Bitcoin since 2020, and therefore, I don't know the history before 2020. I know that it was a "debate" regarding the block size, but I want to read details about it.
I can google it, but I don't know who to trust. So, knowing that there are many knowledgeable people in this forum, could you tell me more about this period?
Of course, any relevant website, video, article is more than welcome.
Read "The Long Road To Segwit: How Bitcoin's Biggest Protocol Upgrade Became A Reality" by Aaron Van Wirdum. He's definitely the most trustworthy person you can find that wrote about the subject-matter. https://bitcoinmagazine.com/technical/the-long-road-to-segwit-how-bitcoins-biggest-protocol-upgrade-became-realityThat write up will give you the history, what caused the "Scaling Debate", the context why, and why the the Core Developers chose the path where we are today. Thank you. It is interesting that almost everyone remembers the "block size war" as the end of it in 2017 and with the shitcoin called bcash. In truth this "conflict" about scaling bitcoin lasted at least 5 years and it definitely wasn't just bcash versus bitcoin with only 2 sides. There were many sides or better said many different proposals for different approaches which we may categorize in a simple way into 2 or 3 categories.
1. The group saying bitcoin should scale using the second layer and should not have a hard fork.
2. The group saying bitcoin should only scale on-chain (layer one and only layer one) by hard forking to a bigger block size
3. The group saying both at the same time. This was short lived and was very messy mainly seen in SegWit2x which had its own separate issues.
Of course this is an oversimplification since for example the second group consists of many different approaches like one saying we should have a one time fork to a massive block size while another saying we should let the miners choose to change the size at any time they wanted, etc.
Yeap, that's what I thought. |
|
|
|
PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...
There is nothing suspicious with windice. They gave you a deposit address and you sent bitcoin to that address. That's all. There is no way they can gain access to your private keys or seed phrase and make transaction from your wallet. Hello! So, what do you think has happened? I can assure you that nobody has ever seen my seed phrase. But the phone may be compromised. I just can't understand what I see in mempool. I have never seen the receiving address before. |
|
|
|
12 words are more than sufficient. 24 words are harder to brute force, yes, but brute forcing 12 words is already impossible. The number of words makes no difference if an attacker compromises your back up.
If the seed phrases from your multi-sig set up have never touched an internet connected device, then they remain as safe as possible.
What you should really be focusing on is how your hot wallet was compromised. How did you store the seed phrase back up, and did you import it anywhere else? It could well be that the device which was hosting this hot wallet is infected with malware, meaning you will need to think about formatting it and reinstalling your OS.
Sounds correct. My device is actually my phone. I really can't understand what went wrong... My seed phrase has never been imported to any other software apart from Bluewallet on my phone. Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before? That's where you're money went, did you log onto the roulette site to see if the funds are there? Are you sure you didn't send the funds while on a fortified hookah bender, and just forgot? Does anyone else have access to the device where you have the hot wallet? Nobody has access to my seed phrase (nor my phone) apart from me. I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went). |
|
|
|
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam. I'm confused: you said you "originally" created the seed phrase in Bluewallet. Does that mean you imported your seed phrase elsewhere? Which wallet did you use, and how can the website you sent funds to have anything to do with that? I had used Bluewallet all the way from the beginning till the end with this wallet. I created the seed phrase there = I created the wallet there and used it as a hot wallet. 12 word seed phrases for 2-of-3 multisig wallet created on a hardware wallet is very safe and secure, you can not compare that with single sig online wallet which is far more vulnerable if you compare them both.
Having the backup in this order in different places also makes the backup to be safe:
Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1
As far as the multisig vault is concerned: This is exactly how I have backed-up my wallet. In fact the only thing I have done using a device connected to the internet, it to monitor my wallet importing my xpubs to Sparrow which is connected to my personal electrum server. |
|
|
|
OP had less than 0.001BTC in a hot wallet. That's a totally acceptable amount to risk losing, and I assume OP has most of his funds in cold storage already.
Hello Loyce. It's not the amount... It's the fact I got hacked... I have both a multisig vault and a cold wallet with passphrase. That's where I keep my entire net worth. I really couldn't afford losing it. That's why you see me desperate and forgive me for that... As I said, it's from the website where I sent some sats to play roulette, I think it's a scam. I trust 12 seed words. You should look elsewhere, changing to 24 words will only give you a false sense of security.
Thanks, I really appreciate this answer. It's what I thought anyway, so... |
|
|
|
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.
I start to worry about this setup too now...
Having the 2-of-3 multisig on hardware device is very safe and secure. One if the best options to go for. It's not a hardware device actually. It's a seed signer, meaning it has no memory at all. My seed phrases are on paper on 3 different places. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok? |
|
|
|
Sorry for your loss.
It might be a malware. But it might be an offline attack z like someone to see your seed phrase backup, or when you give them your device or something like that.
I will recommend you wallet on airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not in the same device your wallet is.
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node. I start to worry about this setup too now... |
|
|
|
|
Show Posts
