|
Meh, I guess once again it proves criminals are lazy even in the amount of millions it's just time and effort to make it anonymous instead of going through a centralized mixer or exchange.
As for being seized or shut down or anything else. Makes you wonder how long it would take. CM ran for years, so it might take that long. Or it could be weeks / days.
But, not something I would worry about either way. If it happens, then others will pop up to take their place.
-Dave
|
|
|
|
At least you can read the code related to paper wallets and check every line in it, which is impossible for a wallet like Electrum. This is the same as expecting from a newbie to write the paper wallet software themselves. It's ridiculous to expect from a newbie to know how to read / write code. And no, it's neither practical to read that. If you open up bitaddress.org's source code, you'll notice bitaddress.org.html is more than 10000 lines long. Less than Electrum, but still impractical. That's the problem with shipping your codebase as a giga-large single file - particularly as an HTML file - even I don't have the patience to read or understand what all that code is doing. Electrum is easier to navigate because you can trace the control flow through multiple files, and that eliminates a lot of the irrelevant code that is not likely to be of interest to hackers. Yes with a but, or no with a however. Having multiple files now means that humans are going to be human. So if some function calls something that you are not using / not interested in then you (who I assume to be human) may not examine it as well or even at all. Having it all in the 1 monolithic file forces you to read the entire thing. There is a good and bad side to both ways. Back to this. Has anyone here actually lost real funds? I keep hearing reports of people loosing money, but so far it's nobody here as far as I can see. -Dave |
|
|
|
I think a lot of people have believed for a long time that Binance and CZ were not going to be sued by the government. And now people are spooked that their scammy exchange might actually have to answer to the law. This is not to say that other exchanges are perfect or even better, just that very are not one of the better ones. Bigger yes but they have done so much shady crap over the years black even if the government didn't want to go after them or crypto exchanges in general after the FTX debacle they didn't have a choice due to what Binance and CZ are doing. Here is a helpful tip: https://www.youtube.com/watch?v=BJF-wVW1F2o-Dave |
|
|
|
That's just terrible news.
Sure, anyone storing massive amounts of value in a mobile wallet is always taking a high risk and already made the first mistake here.
Still, this usually hits crypto-newbies the hardest. Couldn't find anything, is there an approximate number of how many people are affected?
Will be interesting to see if this turns out to be an inside job or if it was "just" a bug exploited by someone. Many questions here, how and who...
And don't forget the why.... If they got the report on Tuesday and were hacked on Friday then you can accept that they did not have time to fix the issues. But when they have had it for so long it comes down to was the coding that bad? Were the issues buried so deep that they had to rebuild from scratch? Do they only have 1 programmer and they were working as fast as they could? Why do people choose to not use reputable, open-source software when it comes to their life savings? I mean, you seriously don't think it's a good idea to spend an hour or two extra, to ensure you won't just let a stranger ruin your life? I mean, if you are dumping $45,000 in to a centralized, absolute shitcoin like XRP, then you probably aren't doing much in the way of research.  ... People invest in a lot of things that may or may not be smart to do. That does not mean they are not paying attention to other things. If you looked at my shitcoin portfolio you would question my sanity. BUT and this is important Dave's left testicle coin currently trading at $0.02 can probably bounce to $0.10 more easily then BTC going from where it is now at $26800 all the way to $130000. Putting your entire life savings into something like XRP / Dave's testicle coin is just stupid. But if you have $50000 to gamble putting $10000 into 5 coins and hoping for the win is not a totally horrible thing. IF YOU CAN AFFORD TO LOOSE IT ALL I have some penny / dollar stocks I have bought over my 30 years of playing the markets. MOST have died. The few that made it more then 10x covered the losses of the others. So while people looked at me as asked why I invested in X I can then point to Y & Z and say those 2 more then covered it. -Dave |
|
|
|
This is general used electronic hardware and it's not connected with Bitcoin in any way, and this DIY bitcoin wallets are not very popular, so I don't see any danger here.
Official shop is always the best place to purchase stuff like this.
That is that is because your not thinking like a paranoid tinfoil hat person. Also keep in mind that compromising device like this would not just be about compromising a hardware Bitcoin wallet, it would be about compromising thousands of IoT things that could be anywhere doing anything giving who knows whom access to who knows what. Getting some Bitcoin out of the deal would just be a bonus, but how many people would buy some like the field tech I know, and then hook these devices up to whatever and have no clue that they're not original hardware. They look like it, they act like it, but they're not. So who the heck knows what is embedded deep down inside. Could be nothing and these were just cheap knockoffs that they were selling , or they could have some vicious code buried somewhere. Personally I'm going with the benign theory and people are just out to make a buck. But why risk it, which is why I and then you pointed out that anybody getting these should only be buying them from m5stack.com or their approved suppliers. -Dave |
|
|
|
Title says it all.
#'s T 3131 & T 3132
Asking 0.015BTC for the pair shipped anywhere in the USA.
BTC address: 3Kdr6W85fdXY2Bj6C2CzwyBYhmUE3GvvsE
Can also take the equivalent amounts in some alts or send you a LN invoice.
I will not ship internationally, but will ship to anyone who you want to re-ship to you.
Both minerjones and MoparMiningLLC offer to do this.
If you have any questions ask.   Cleaning out a lot of stuff. So there will be a lot of things listed over the coming weeks. If you have something specific you might want ask and I'll take a look, but no I am not going to go and make a complete list I just don't have the time at the moment. -Dave |
|
|
|
Why do people choose to not use reputable, open-source software when it comes to their life savings? I mean, you seriously don't think it's a good idea to spend an hour or two extra, to ensure you won't just let a stranger ruin your life?
Part of the problem that I have been saying for years is the fact that people have grown so accustomed to the security that comes with their bank and brokerage applications. Where if you do something stupid more than likely you could get your money back and if you forget your password you have way of recovering it and they have safeguards against you doing things without clicking I am sure a bunch of times. So, people think that all financial applications including cryptocurrency ones are more or less operating the same way. And then are shocked when they do not. For all of everybody running around screaming about everything in the financial world even back in 2008 with all the bank failures and all the other banks that imploded so far this year more or less in most occurrences people got all their money back. Now try to convince those people that they are responsible for their own actions. I'm also going to go out on a limb here and say that it is older people that this happens too. Whether or not everybody wants to run screaming about this group or that group kids today(and I'm gonna say anybody under 30 ) have seen and heard all the disasters that happen online and because they grew up with the tech they understand a lot of its limitations. Grandma and grandpa who you finally convinced to use online banking now think everything operates the same way, and when they had a problem with their online checking account they could call an 800 number and spend an hour getting help through the situation. Do you think they're going to understand the concept of custodial or non custodial or open source or closed source? Or the fact that if they forget the password there's absolutely nothing anybody can do about it. Yes it's a generalization, but probably fairly accurate. -Dave |
|
|
|
I don't see how their software can be compromised unless they were lying about how are the private keys generated and them being non custodial. Atomic wallet is closed source. Anything could be hiding in the code, not just from them being actively malicious but also from a rogue employee sneaking something in, a malicious third party sneaking something in, someone compromising their app store account to upload a malicious app, or even just plain incompetence. I am also reminded of the Copay wallet hack several years ago. Copay had a dependency on a specific JavaScript library which was no longer maintained. A malicious third party obtained control of this library, merged a malicious update, and it was pulled in to Copay updates without anyone realizing. Just another in the long list of reasons to never use closed source wallets. On top of that, Atomic wallet is owned is owned by Binance which historically has few questionable behavior. Are you confusing them with Trust wallet? I didn't think Atomic was also owned by Binance? For those of you like me that did not remember if you left any funds in there (I had an entire $2 of tron so no big deal) just put your phone in airplane mode or disconnect your internet from you PC and check. And then if needed get your private keys. Don't start with getting the keys and importing do a time / effort analysis. Copay was open source. But as I have said countless times. Open source and build verified still does not prevent bad coding. Or as you mentioned a supply chain attack. It just allows more people to see the bad code and report it and get it fixed. And also as I have said countless times. Open source don't mean shit if people don't verify the source vs compiled that you are downloading. And lets not forget the HOW SECURE IS THE PROCESS OF UPLOADING THE APP TO THE VARIOUS APP STORES. Everything else could be perfect, but if you don't secure that system then you are not secure. -Dave |
|
|
|
It’s super cheap to buy them and they end up in every kind of envoirements, scientist, government, businesses etc.. In those kind of envoirments devices like this are also very hard to track, so in my opinion the only reason to counterfeit such a device would really be some kind of malicious activity. I think otherwise the profit would be to small. Is there a good way to see if a chip is real or counterfeit?
Yes & no. If you buy from them: https://shop.m5stack.com/ you can probably assume it's real. And I would think the ones coming out of their approved resellers are also real. Beyond that, I don't think you can. A tech I know bought a bunch from them and when he needed more went to what he thought was a reputable site since at the time M5 had no stock. When one died and he sent it back to M5 it came back as not made by us. Looking at them side by side they were the same. Even in the same packing. Their attitude was we sell them and so do these people, getting it elsewhere you are on your own. So, yes people will clone a $25 thing. Might not even be for evil reasons, just something cheap to make with a good profit margin. There are even youtube videos about people selling counterfeit IC chips in the $3 range so..... https://www.youtube.com/watch?v=12u_hBkHB88-Dave |
|
|
|
From the paranoid tinfoil hat wearing department, be careful where you buy some of these boards from. Not necessarily anything malicious directed towards Bitcoin wallets, but even at the ridiculously low price points that you could find and online there are still a ton of counterfeits out there. I'm assuming that they are just cheap knockoffs being passed off as the less cheap real thing. But in the end you don't have a verifiable source of where some of these chips came from or even who did what at the factory when they were assembled. Why anyone would create a pirate / clone M5 stack is beyond me, but they are out there  -Dave |
|
|
|
Look everyone it's satoshi. Those are the txids for the 1st 3 blocks mined. And on a side note wallets from that era cannot easily be opened in a modern client. And probably a bunch of other things show that this is not your wallet. -Dave |
|
|
|
|
I am going to have to go with the theory of what most things are written in a particular language. It's white the person knows.
Many times, we have done things for web-based apps in PHP that we know can be done more efficiently using a different language. But, and this is a huge BUT everybody in the office knows PHP everybody in the office can deal with any issues if they come up. So PHP it is. Satoshi could have done it differently, but if C++ was what was known then that is what was used.
-Dave
|
|
|
|
|
I also think a lot of it comes from culture differences. What is acceptable in one location may or may not be acceptable everywhere. Heck, I'm from New York and even now and then I have to edit what I typed before posting since I know the toothless inbred rednecks who get offended at everything people in the middle of the US who don't like people on the coasts may take offense at things I say.
And, this is what I have been ranting about for years. The feedback system is broken, so things that people post as negative possibly should have been more neutral but it's what we have so we have to work with it.
-Dave
|
|
|
|
realistically, bad programming and bad RNGs are probably going to cause more duplicate wallets from duplicate seeds than actually being able to brute force it or properly written software creating a duplicate seed just by random See these brain wallets, or posted private keys that still receive funds. Yes, but that is more an example of humans being humans and doing insecure things. I was thinking more along the lines of some chip manufacturer doing something stupid in an otherwise good RNG and for some reason instead of spitting out one of close to trillions of possible numbers, spitting out one of 10. Or some wallet that had some things set in testing that still made it into production so once again instead of just about infinite choices it's one of only a few. Which is why I'll let others play with the 1st wallets that use the tropic square chip. Considering the people making it and their security choices I'll let others figure out what they missed in the 1st generation of their security chip. Because, you can be open source and auditable all you want. But, without specialized tools and knowledge you can't really know whats in the silicon. Which leads to the next thought, even with tons of people over a decade looking at their stuff, you still had spectre and meltdown hit so many processor manufacturers. -Dave |
|
|
|
|
Add the other point to think about is that even F through some bizarre are accountable bad luck your 128 bit entropy words were an exact match to an already existing wallet. Is there an active wallet? Or is it just a wallet that somebody created and then abandoned years ago. Maybe I'm a unique case camera but I probably have created used and then abandoned 50 plus wallets generated from 12 word seeds over the years. I have several hot wallets that I don't keep a lot of funds in, but I do like to have immediate available funds on several devices at a time that are all totally unrelated to each other. And when I'm done after what could be weeks or months, I archive out the seed and create a new one.
I don't think I'm alone in doing this. So yes you could find day's wallet #37. You get to see all my transactions from 2020. Have a blast with that.
Yes it's a privacy issue but it's not a real security issue.
realistically, bad programming and bad RNGs are probably going to cause more duplicate wallets from duplicate seeds than actually being able to brute force it or properly written software creating a duplicate seed just by random chance.
-Dave
|
|
|
|
|
The mempool is where the Bitcoin software stores all the unprocessed transactions waiting to be mined.
It is set to 300 megabytes by default so as it fills up, transactions that would put it above the 300 megabyte limit are purged in the order of lowest transaction fees first.
Most mining pools, have it set way higher than that because they don't want to ever run the risk of not being able to mine something.
The problem you are encountering now is the fact that since the address you are apparently sending to is an exchange and not a address you control, so there is no way for you to spend the unconfirmed transaction with a high fee. An exchange won't do it, so unless shoppy will retransmit these transactions with higher fees, you're just going to have to wait.
Did you contact shoppy support? If So what did they say?
There have been a few transactions mind with fees in the high teens sat / vb over the past couple of days. So if there is a low and new transactions over this coming weekend, there is a possibility that yours might actually get mined.
-Dave
|
|
|
|
|
1) Yes they can decide.
2) No consequence at all, except they don't get the fee for that transaction
3) It stays in the mempool and some other miner will mine it.
There are some minor exceptions to all of this. Such as if someone sends a CPFP transaction the miner must include the parent. But for the most part miners can pick and choose what transactions they put in. And for the most part they pick the ones with the highest fees of sat / VB
Some pools like VIABTC have a PAID service where they will put in a low fee transaction, and others have shown they will flat out reject some transactions that have violate OFAC (but I think they all started ignoring that anyway)
But for the most part miners make blocks how they want.
-Dave
|
|
|
|
No the transaction is within the bitcoin core wallet that you have running on the node. If you have the actual TX that you can see on a block explorer it's out of lightning (2nd layer) and into the 1st layer itself.
So all you have to do is spend that transaction with the CPFP.
How do you have this setup? You should have some access to that wallet to send the funds.
-Dave
I might be wrong, but I don't think CLN uses a bitcoin core wallet? bitcoin-cli listwallets returns an empty array for instance. Also CLN does not seem to be aware at all about what is going on in the mempool. I thought it did, could be wrong I have never tried with CLN but it was in the back of my head that unlike LND it did. For LND people have written tools to get to the keys https://github.com/lightninglabs/chantoolswalletinfo Shows info about an lnd wallet.db file and optionally extracts the BIP32 HD root key Not sure if anything similar exists for CLN Sorry I can't help more. -Dave |
|
|
|
|
No the transaction is within the bitcoin core wallet that you have running on the node. If you have the actual TX that you can see on a block explorer it's out of lightning (2nd layer) and into the 1st layer itself.
So all you have to do is spend that transaction with the CPFP.
How do you have this setup? You should have some access to that wallet to send the funds.
-Dave
|
|
|
|
|
Show Posts
