I agree that the IRS are unlikely to say come out and directly say that (also interested in a link if you have one), but it is likely true.

They simply don't have the resources to investigate everyone who has ever bought bitcoin or another cryptocurrency, just like they don't have the resources to investigate every tradesman who is taking cash for various jobs and not declaring or paying tax on it. They will go after those who have bought or traded a sizeable amount (in this case, more than $20,000 through Coinbase), but spending time, money and resources on reclaiming a few hundred dollars in tax from smaller users would be a net negative for them. I have no doubt they will slap some hefty tax bills and fines on large volume users who haven't paid, and they may even go after a handful of smaller users to try to scare others in to complying. I have no doubt there will be another several rounds of threatening letters though. They want people to come clean on their own, because they can't audit everyone.

And as pointed out above, if you have been smart enough to avoid doing KYC at an exchange, it is extremely difficult for them to actually prove how much bitcoin you own or how long you have been holding it.

OP, you are betting at a 3.8 multiplier on a site with a 5% house edge, giving you a 25% chance to win each bet. Losing 5 bets in a row is hardly some freak statistical anomaly. Also, your 5 lost bets comes to grand total of 811 satoshi, which is less than 7 cents. I hardly think a site which is giving out tens of thousands in prizes is scamming you for 7 cents.

No, you didn't. There is no such thing.

There is a 5% house edge, so it isn't even close to 50/50. Also, if you are making only 50/50 bets, then chances are you are using Martingale, which is a strategy famous for busting newbies who don't understand probability.

Still, freebitco.in is provably fair, and has a page which explains how they calculate your roll which you can independently verify yourself. If you have proof that this is incorrect, then please post it.

It's terrible advice. Firstly, 0.01 BTC on 100x leverage is not even remotely the same as "buying a full bitcoin". Secondly, if you had done as OP suggests as soon as he started this topic and went and bought $100 of BTC on 100x leverage, your position would have remained open for a grand total of about half an hour before being liquidated and you losing everything.

All the links in the article include a reference code, so I don't think it's the site owner, just a naive/malicious user trying to lure other people with terrible advice to benefit from referral rewards.

As Carlton says, there was a 1 hour 16 minute gap between blocks 596166 and 596167. These kind of gaps have happened before and are not only possible but entirely expected given how mining works. Given that the hashrate graphs you see online are all estimated based on difficultly and the rate of blocks being mined, these graphs misinterpreted this gap as a drop in hashrate, when in actual fact it was a perfectly normal delay in blocks being mined.

In the hour before this gap, 10 blocks had been mined, which is way above average. Then we had a period which is way below average. If you look at the block production over several hours or days, it all averages out. Nothing happened except entirely normal random fluctuations, and people who don't understand how bitcoin works jumped on it as being some big news story.

It reminds me a lot of people who get panicked when they see a transaction of 10,000 bitcoins and are convinced the market is about to dump, and every time it turns out to be a complete non-story and just some exchange just moving their cold storage around.

Those are the punycode versions, not the ASCII versions. The subdomain of those URLs listed above would display in your browser's address bar as follows:
As you might imagine, people fall for these kind of attacks all the time if their browser is set to not display punycode.

To protect yourself from this kind of attack, in Firefox open a new tab, type about:config, accept the warning, search for "punycode", and change the value of network.IDN_show_punycode to true. This will change the URL in your browser from the examples I've given in this post to instead display as the examples Baofeng has given in his (so from mẹdium to xn--mdium-n51b, for example).

There is no reason for them to require this information. Once your transaction has been sent, it is completely irrelevant what wallet or OS you used to make said transaction. The only reason they want this information is so they can tailor their next steps in their attempt to scam you of even more money.

You absolutely should not do anything they suggest in the "manual" they sent. They are trying to steal more of your coins. I'd also be very careful to make sure you haven't inadvertently downloaded malware.

In the future, just stick with ChipMixer.

13 is actually two words separated by a underscore. 7 letters then 3 letters.
1 is also a part of your head.

See if that helps! 

There is an answer key which hugeblack has given the password for in his first post, so no need to post the solution.

Ahh, we are getting confused on terminology here.

The attacker can reverse other users' transactions as I described above, but this does not cancel them. It would simply return them to the mempool with zero confirmations. Once the attack ended, these transactions would be available for honest miners to mine again (provided the owner of the transaction didn't try to RBF them in the meantime). Having said that, a 51% attacker is incentivized to include all these transactions on their corrupt chain to benefit from the transaction fees when their corrupt chain takes over.

It is correct to say that an attacker could only double spend their own coins, as they need the relevant private key to generate a second transaction.

Nothing in particular. But if someone was snooping around for your private key and found it, but then discovered it was invalid, it would be reasonable for them to assume that the string of characters they had was somehow related to your key. You have to assume they would try brute forcing various combinations, including character swaps, character substitutions, basic substitution and transposition ciphers, and so forth.

If you were to encrypt your key using a secure encryption method, then that would be very secure. However, you are now just moving the problem one step down the line: How and where are you going to securely store your decryption key?

No.

Assuming your key is in Base58 Wallet Import Format, swapping two characters around will almost certainly generate an invalid key. The chance of the checksum still being valid after you change the address is 1 in 4.3 billion.

He might realize you have scrambled the key in some way, but that will provide zero clues on how to unscramble it. All he can do is brute force a variety of combinations.

No.

No. If someone was to try swapping every 2 character combination in a 52 digit WIF key, that is only in the region of 1300 possibilities. That could be brute forced in seconds.

Adding more swaps makes it harder, but still not hard enough to not be able to be brute forced relatively quickly. This is a very insecure method of storing your coins.

Correct.

You do not need both the private key and the address to steal the coins. Having just the private key on its own is enough to control all the coins. The public address is derived from the private key, so importing the private key in to a wallet will automatically show you the relevant public address.

If you are this concerned about someone else being able to gain physical access to your private key, then storing it in plain text is not the method you should be choosing. Either store it somewhere secure that other people cannot access it, or look in to using an encrypted airgapped machine or hardware wallet.

I spend bitcoin out and about in person at least once a week. My purchases vary from anything from a couple of bucks up to a hundred bucks. Lets say I have memorized a passphrase to wallet holding 0.01 BTC, and I need to pay 0.002 BTC. What then? I give him the passphrase, he sweeps it, then sends me some back? I give him the passphrase, and he promises to only take the amount needed? Either way, you are now introducing an element of trust which is unnecessary. The only way around this using brain wallets would be for me to create, fund, and memorize multiple passphrases to multiple wallets, each holding a different denomination of bitcoin, so I can always pay close to the amount needed.

I really don't see any benefit to using this over a mobile wallet, considering I carry my mobile with me 24/7.

Not necessarily. When theymos stepped in and dealt with the Yobit spammers, he simply wiped all Yobit signatures and banned them for 60 days. He wasn't able to ban the signature campaign itself, since it is run off-site on the Yobit exchange, and there was no manager to ban as far as I am aware. However, you can't argue that what he did didn't work - the spam was horrendous and disappeared instantly.

I don't think it's a huge issue if these campaigns move their management off-site. If we start banning campaigns and their participants which are largely spamming, future campaigns will very quickly learn to employ a manager who actually pays attention to post quality.

For several versions now, devices running Android software treat any connected USB as a charger only and display a prompt on the device before enabling data capabilities. As long as you have a recent version, and don't accept the prompt, then you are theoretically safe. There is always the possibility somebody finds a new method, hack, vulnerability, or similar, which allows them to bypass this prompt and transmit data. The safest method remains to not use public charging ports, or at least bring your own power-only USB cable with the data pins removed. There are also many tiny adapters on the market for a few bucks which you can connect between your phone and the USB cable which block all data transfer.

We already have a pretty comprehensive set of rules for both campaign managers and participants here: Signature Campaign Guidelines (read this before starting or joining a campaign).

This sticky gives very clear guidelines for what is considered spam, and what bans will be handed out to signature spammers. It also gives very clear guidelines that managers should be monitoring their participants, and campaigns which don't do this will also be banned. The problem is that these rules are going completely unenforced, and without some clear direction from theymos on this issue plus probably several new mods, this will continue to be the case.

I think this would need a considerable amount of work to start with, but would settle down relatively quickly. Once word starts spreading among the bad managers and users that both users and campaigns were being rapidly banned for spamming, I suspect they would quickly clean up their act.

I agree with many of the points above that enforcing some sort of minimum wage does little to address the underlying problem, and is mostly an unworkable solution.

Because most devices have a single multi purpose port now. Any USB cable with data pins, even if you think it is just for charging, can send or receive data from your device too. You don't know what's inside the charging adapter. It could quite easily be hiding a few microchips ready to send malware to any device which connects.

Good. Paranoid is good. Yoy shouldn't be plugging any unknown USB cables, drives, or devices in to your device.

Absolutely. There is a public charging station at my nearest airport with about 20 cables of various sizes. Every time I am there, they are almost all being used. That's hundreds of devices each day.

Haha, fair enough. I'll admit I'm pretty much a perma-bear when it comes to fiat that can be created out of thin air at the whim of a government or a bank. This is especially the case when looking at USD, with spiralling and out of control national debt to pay for ever increasing levels of government spending and Trump jeopardizing the US's biggest trade deals.

I guess we'll have to wait and see what the Fed's final analysis of this "lack of movement of liquidity" is. I still think its concerning that banks can behave so unpredictably that it necessitates the Fed stepping in with billions of dollars of funding to stabilize things, and even more concerning that the Fed don't know why it happened.

Samsung Knox encryption is poorly secured. Whilst it's better than nothing, don't rely on it for any truly sensitive data.

Why do I say this? The encryption key it uses is not derived from your password or PIN, but is a preset key on the device itself since time of manufacture. If you forget your PIN to Samsung Knox, you can reset it by logging in to your Samsung account. All your data inside the secure folder persists through this reset, and you can still access it all afterwards using your new PIN. This means although the data is encrypted, it is only as secure as your Samsung account login. If you want to encrypt it properly, you'll need a third party app to do so.

Because exchanges don't care. They care only about their profits, and not at all about their customers.

Take Coinbase as an example. At the end of last year they upgraded their cold storage system. They spent millions on research, development, and implementation. They spent months doing practice runs of moving all their coins from the old to the new wallets. It was a huge undertaking, and most valuable mass movement of bitcoin ever.

Where is the millions spent on securing their KYC database? Where are the months of practicing to make sure that database is secure before it is used? Nowhere. In fact, a few months after this cold storage upgrade and it emerges they are willingly selling clients' data to third parties.

Add in unannounced and surprise KYC, accounts being locked for weeks or months on end, terrible customer service, etc., (not just on Coinbase but across most exchanges) and it's pretty clear exchanges don't care about you. They only care about your money.

This sounds pretty much identical to USBNinja. This is essentially a cable which works just like a normal USB, but can be remotely triggered via either a bluetooth transmitter or bluetooth app to change to a HID and deliver any desired input to the device it is connected to. You can buy one of these kits for 100 bucks, and it even comes with information and examples on how to design your own payload. There are also devices like Rubber Ducky for half that price which will perform the same keystroke attack whilst being disguised as a regular USB flash drive.

I was just talking about this issue in another thread in Beginners and Help with another user who did not believe such an attack was possible.

You should obviously only be buying electronics from reputable sources, but I think the main vector of attack here is the use of public or shared cables rather than selling hacked cables. Selling a hacked cable is likely to only infect one user. If an attacker sets up a public charging station somewhere, they could infect hundreds of users. The solution is simple - never use public or shared charging stations or cables.

The USBharpoon attack revolves around fooling the computer in to thinking the USB cable connected is a human interface device, which it will then accept inputs from. Anything a standard user can do, this USB cable can do as well, including downloading and executing some specific malware.