sorry about your losses, it really sucks.

i have never used any wallet on my phone so i don't really check these things but interestingly enough coinomi GitHub doesn't seem to be updated for more than 2 months[1] which makes me wonder whether their wallet is even open source because that is the first thing i checked after reading your topic, i wanted to see where the bug was and whether it was fixed or not (specially since this type of bug is so weird and obvious!). it seems like they have released a new version (yesterday) on google play but nothing is happening on their github.
comparing with other wallets (Electrum, Breadwallet, Mycelium, Samourai,...) they all are actively updating the source code and you can even compile it from source yourself.

[1] https://github.com/Coinomi/coinomi-android

as far as i can tell about the malicious versions that i have seen, they don't install any malware (like viruses or keylogger,...) on your computer. it is a simple modification of the code so that it spends your funds automatically as soon as you open the wallet and sends them to the hardcoded hacker's address.
so your Bitdefender or any other AV is never going to detect it.

familiarize yourself with digital signatures (PGP) and Web of trust concepts and learn how to use them to verify the authenticity of everything you download to install.

the thing you are referring to here is probably about the lies that some people tell without proof and it is referring to the fact that the very least thing that anybody who claims to be Satoshi must do is to provide cryptographic proof that he owns the key to address(es) that is clearly associated with Satoshi Nakamoto. and without that anything they say should be disregarded and they should be considered fraudulent.

and by the way nobody can "spend" the coins created in Genesis Block because it is enforced by the protocol so even having the key to that address won't work.

theoretically yes, it is possible to do that but in practice it is impossible because the encryption that electrum uses for secret stuff (seeds and private keys) is AES-256 and that is a strong encryption that can not be brute forced that easily on its own. then you add the delays and restrictions of JOS-RPC and it becomes near impossible to perform it since it requires chained calls with each password iteration.

it can not be a spam attack because the main characteristic of a spam attack is "constant" injection of transactions into the mempool and so far this does not look like a spam attack to me:



for comparison, the following is how a spam attack looks like (the picture is from Jan 2017)

pic ref: https://bitcointalk.org/index.php?topic=1776143.0

there wasn't any "traps" or even "manipulation" this time that price went back down. it is simply the normal market behavior at this point where an initial price rise after a big drop is not strong enough to break through a resistance like $4k that easily so it comes back down specially when you consider the number of short term traders who have been trading for 3-5% profits suddenly saw the >10% profit and started selling there. that easily brings the price back down.
and as i said above there is some leftover fear that prevents fresh money coming in for the time being until the uptrend repeats again.

it wasn't a "brute force" it was simply a call to the JSON-RPC interface which could access your secret information IF you didn't have any passwords but if you had the simplest password it would have protected you.

to OP:
see here what you are missing by using the old version https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

you just happened to catch this particular one, otherwise it has been happening for months. the spike size has also been the same size pushing the mempool to about 10-15 MB and drive fees up to 20 to 30 satoshi/bytes. this is one of the problems of adoption growing faster than scaling.

as for the fees of these transactions being low, the reason is because people know nowadays their low fee txs (like 1 s/b) will go through fast enough. for example during spike of today it would have taken a 1 s/b tx 12 hours to confirm in worst case scenario

when you go to your History tab in your wallet do you see the transaction that you sent in there? if so then what does it say in its Date field? does it say something like "Local"?


electrum does not give you unsolicited messages and that after "a few minutes". if you try spending more than you have you will see an error message right away and you won't even go into signing/sending process.


i am confused about these 3 statements. is this the transaction you can't find on block explorers and you say wasn't received or is it the one you are trying to spend?
this transaction is already confirmed https://blockchair.com/bitcoin/transaction/311b5e24330c951cfa8725cccc71832102437dc7140dbea02abd7739e3e4c4d8
and unspent means it is "not yet spent" and the the owner of 1PTzVVhYkxmzBa9yBZPrToPT82CaP3Zrie and    33EEEyMu6WHFdqBnmm8xGJyCLdag8XKzCn keys can spend their respective amount.

the only way for bitcoin price to truly rise is when its adoption grows, nothing else works. any other weird thing you try may work short term (like how altcoin pump and dumps are) but in the long run these things can not be sustained and will fail and all the gains would vanish.
this is actually why bitcoin price continues to rise even after 10 years of rising!

to be honest these two don't even make sense, specially the second one since it sounds like you want fake money be printed and injected in bitcoin to raise its price but you forget that it can crash just as easily and you also forget a more important thing that people aren't going to use these tokens to buy bitcoin, they will continue using their fiat to buy bitcoin.

you can't put this kind of silly restrictions on the market. it needs to remain a free market. besides the coins like mtgox coins need to enter circulating as fast and easy as possible so that we can have a better distribution of bitcoin.
ps. mtgox had nothing to do with the 2018 drop!

"slowly falling" means price is losing a couple of percentages every couple of hours and at least goes down 10% per day. do you see that happening?

obviously not. all we had was a rise from $3600 to $4200 and then the panic kicked in from people thinking it is a "bull trap" and wanted to get out and price came back down to $3700+ that is not called "slowly falling".

your percentages are a bit off. this year we had mostly ups and downs not just drop. price started from a drop down to $3100 and went up to $4k and back to $3500 to stay there. and the overall drop is closer to 85%

the reason for bitcoin price drop is not the same as the reason for altcoin price drops.


your reasons don't make much sense to me. you are focusing too much on the "government" while missing the fact that bitcoin is decentralized and things that involve centralization such as regulations are meaningless in the bigger picture.

this is very vague and incomplete in my opinion which is probably why it has not been merged yet.

i suggest turning it into clear steps and then also include alternative ways and also possible different replies that you get from each command.
for example:
1. Download files from electrum.org
-this should include what files (the .exe or tarball or .dmg file,... + signature file)
2. get the developer's public key
- then it should mention the alternative way here also you must mention what to do when you fail to connect to mit server since it is a common thing for it to go down!
3. do the verification
this should include the example of BOTH good and bad signatures highlighting the part of the response message saying whether it was good or bad and also explaining the other part (the error) that always confuses everyone.

have you even checked Ubuntu before making these comments? you already have all that. https://help.ubuntu.com/community/VerifyIsoHowto and their signatures have been in work since 2004 (15 years)

they also have signatures but in a different more automatic way that is specific to Windows and is more like a certificate and it requires payment. and instead of using PGP it uses RSA which is another asymmetric  cryptography scheme.
any other "most known app" that doesn't have that signature may not need it. for example you don't need to verify the signature of Adobe Photoshop because it is not security sensitive!

of course if you want to be paranoid, there is no end to how much your paranoia is going to go, as it was mentioned your only remaining option would be to only use open source softwares and compiling all of them from source on your own.

as i have been saying in the past week, there is not yet any bull market. what we have is the market trend between the bull and the bear markets! and as long as this transitioning phase is going on, you should expect this type of ups and downs where price plays jump rope with a level like this. just try to not get caught with your pants down thinking it is bull or thinking it is over they are both equally wrong.

also don't forget that there are currently thousands of altcoin bag holders who are dumping their bags as the altcoin market recovers a tiny bit thanks to bitcoin rise. the sheer amount of money that exits that way always puts extra pressure on bitcoin.

that title is wrong on so many levels.
this is not an "expensive" purchase, this is just a purchase. he bought it at a good price at the time with appropriate amount of bitcoin. and that shows that he has understood what bitcoin is created for (to be a currency not something you hoard) and that is something that sadly many people still don't get.

there is still leftover fear in the market which is a natural thing after a long downtrend with lots of manipulation which is why this is not yet a breakout but instead a slow rise as the demand is increasing. what i expect is the same trend to last for a little while and possibly some corrections along the way but the only possible next step is a sharp rise after this as that leftover fear goes away and those who missed the chance to buy at the bottom (for any reason like waiting for a lower price) would rush to buy bitcoin because they fear missing out.

it does have PGP signatures! but since ISO is big (Ubuntu 18.04 is nearly 2 GB) they use SHA hashes and then sign the hashes with their PGP private key and release the signature of that file instead.
so what you do is that you first check the signature of the hashes to see if you have the correct hash list file and then hash the file itself to see the file is correct.

in other words it is a combination of authenticity and integrity with 2 steps.

MuSig is only one part of Schnorr signatures that focuses on an alternative and safer way of "multi signature" features of Schnorr signatures which is used for aggregating signatures and for example offer the possibility of having a 50 of 50 multi sign transaction but only with the size of a single key tx since there will only be 1 signature and 1 public key and that will increase scaling of bitcoin drastically considering currently a lot of the transactions in blocks are multisignature with at least 3 signatures so using Schnorr can drop at least 2 sig + 2 public keys from each of them (considering they are 2 of 3) and that is 2*(32+32+7)+2*(33+1) = 210 bytes per tx! also considering this will probably be released with new SegWit version and SegWit has some overhead we can effectively be saving about 205 bytes per transaction per block and that is great.

but Schnorr is a lot more than just MuSig! https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
the main thing i am excited about is batch verification. not to mention that creating signature is so much faster with ECSDSA compared to ECDSA because it doesn't have the modular multiplicative inverse.

knowledge of cryptography is only a secondary requirement and it will only be needed in the last step, if at all. the first step is to understand the puzzle question and have a starting point instead of making guesses and/or brute forcing random words to get something out of it.

at this point i am convinced that this either was a trolling attempt considering overall activity of OP or if it is an actual puzzle, it was very poorly designed which makes it impossible to solve.

that is why the concept of checking the authenticity of a downloaded file was invented. which means you download anything from the internet and then check its authenticity with a key that you trust. under the hood the (asymmetric) cryptography that is used gives an easy way of verifying that with virtually zero chance of fault.

the most common case is usage of PGP signatures. which means when you download Ububtu for example you verify the ISO file signature against the public key using the cryptographic scheme that was used and if you  get a "thumbs up" you can be sure it was the real OS.

so now it doesn't matter where you download the file from, you don't even have to go to ubuntu.com, you can go to anywhereelseevenafakesite.com and download the ISO and as long as you verify its signature with the real public key and get the valid signature you will be good to go.