--snip--
Off-topic? Do we actually need to establish the fact that WasabiWallet's pool = also its users? I'm sorry, I thought you already understood that, and that we're on the same page in that matter. I do not consider owner/operator of Wasabi CoinJoin coordinator as user. To be specific, i'm talking about Wasabi Wallet user who use CoinJoin feature. But anyway, whether right or wrong, whether you agree or disagree, the point is nopara37 accepted the trade off, and the users also have a choice if they want to accept the trade off. Because anyone can use another mixer that doesn't blacklist outputs, or another team can run another coordinator that doesn't blacklist outputs.
I get the point, although i have to remind that, 1. Some user probably don't know about blacklist. 2. Most user doesn't even aware you can switch to different coordinator.
|
|
|
One security concern that haven't mentioned yet is more government and workplace demand your biometric data. There could be serious damage damage if there's data breach or malicious insider.
You i right in this point, i forget that Govermnet, Banks and Tax Department already has our Biometrics. And that would compromise our private keys.But in such case, you should worry more about identity theft which could be more harmful than losing your Bitcoin. So, while more i read your answers i realize how bad was this idea, the concept is really cool, even cyberpunk, but is totally insecure.
Don't forget term "cyberpunk" usually associated with bad / dystopian future . Given that the resulting string is neither random nor secure, there needs to be added some random factor, which in this case is a user-generated password.
At this point, people should consider using regular Bitcoin wallet which is easier to create, backup and restore.
|
|
|
Now, run a loop, checking each and every address for a balance, then you create a transaction that burns the ENTIRE balance in fees. Attackers won't be able to bump this transaction with their own, because nearly the entire balance has already been allocated to miners anyway.
Don't loop every address naively, the thief would get lots of time advantage to broadcast non-RBF transaction. I don't know if it's best option, but bloom filter could help. Also run it on few different region to handle transaction propagation delay.
|
|
|
--snip--
But that's not the point, and I'm not debating whether the "taint" is even real or not. The fact is, with the Tornado sanction, the government showed that it WILL sanction a non-person entity, a program for mixing outputs, if they see that it is mixing "tainted" outputs. I believe WasabiWallet's trade off, is merely trying to avoid a sanction by blocking "tainted" outputs. "Taint" as defined by "them", they invented it. Taint doesn't actually exist in the blockchain. You're going off-topic. What i asked was "what kind of protection user get from blacklist during CoinJoin?". But your response is about protection zkSNACKs/Wasabi team could get.
|
|
|
@examplens looking at amount of preev,net discussion, i'd recommend you make a thread about your website/domain at Service Announcements. My guess has always been that's some sort of PRicE EValuation (and obviously a short and cheap name picked)
That's clever guess.
|
|
|
PS When I said centralized infrastructure I meant Ethereum blockchain that has most of their nodes on VPS. You shut down one of VPS providers and most of eth nodes are down, and that already happened before, so I am not speculating about that. Could you provide proof for that statement (most of ETH node hosted on single provider)? Here's example for Bitcoin which shows Amazon as popular ASN (but not majority of all node), https://bitnodes.io/nodes/all/asns/.
|
|
|
Just wondering, what kind of protection user get from blacklist during CoinJoin?
For those providing liquidity, it protects their Bitcoins. For users, it's the assurance than none of the UTXOs are "tainted", whatever that means for the government. It's trade off if you want to use Wasabi, or if you don't, you can use ChipMixer. I disagree for following reason. 1. Each government/exchange/analysis have different way to determine whether an UTXO is tainted or not. 2. It's unlikely UTXO from Wasabi CJ not treated suspiciously after blacklist is activated. AFAIK Wasabi team say it's not activated yet. 3. Regardless of existence of blacklist, liquidator's Bitcoin still safe unless there are bug on Wasabi Wallet or WabiSabi protocol which allow liquidator's Bitcoin to be stolen/unspendable.
|
|
|
I just heard the news about Tornado Cash, the sanction, and the arrest of a suspected Tornado Cash developer. It made the point of my debate in the topic. I believe nopara37 knew something like this would happen, and therefore accepted the trade-off of blocking UTXOs from illegal activities. From his point of view, he probably thinks that he made the right decision to protect himself, Wasabi, and its users.
Just wondering, what kind of protection user get from blacklist during CoinJoin?
|
|
|
These attackers acquire the private seeds of a user's wallet after clicking on a link in Google sites or Microsoft Azure.
The report[1] show the thief use very long URL. People with some internet literacy should be skeptical/suspicious about it. Will there ever be an end to cryptocurrency scams?
No. I actually regret the BIP39 writers did not just call the seed phrase a private phrase while we are at there too.
The author actually use term "mnemonic code" and "mnemonic sentence"[2]. But looking at how many possible terms which refer to words generated with BIP39 standard, i doubt there's noticeable impact even if the author use word "private" or "secret". [1] https://www.netskope.com/blog/abusing-google-sites-and-microsoft-azure-for-crypto-phishing[2] https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#abstract
|
|
|
1 out of 70 is really weak proof though. Even Electrum 4.3.0 Windows installer has 1/65 flag[1]. The actual concern of this project are, 1. Whether the author will give the reward if someone beat the challenge. 2. Whether valid WIF (leads to non-empty Bitcoin address) actually exist. 3. It's closed source. It all comes down to whether you trust them or not. But personally i would use my money/resource for something else even if i own or rent high end GPU. [1] https://www.virustotal.com/gui/file/8dff4ac0b8cf04226d9a67c695d7905c4c6c2400cc331e8883adea828cea0024
|
|
|
Other member mention there's security risk with SMS. But i'd be more concerned with fact this service is centralized. I guess if you understand the risk, you can do amounts you're comfortable losing but significant ones? nahhhh. Let's not forget that someone near me can easily pluck out my sim card with some sort of needle and if they replace it with a new one, it would probably take some time for me to notice.
IMO it's not realistic scenario since they could just steal your phone altogether.
|
|
|
Is there any truth to the allegation that they laundered money, using that tool? If so, arrests like this will continue to happen so long as there are citizens abiding by whichever law states that a crime.
I can't show any links atm, but a good amount if I remember correctly — mostly those funds stolen from DeFi exploits. But yea, criminal-related activity is still a very small minority as far as I know; just like with Wasabi CoinJoins and Bitcoin mixers. Let me know if there's further reading to your claim of "criminal-related activity" being a "very small minority". I would think it's still a hefty majority. If you're talking about mixer/CJ in general, Chainalysis proved it some years ago[1]. Their latest report crime report[2] also mention mixer isn't majority/most popular based on few crime activity type, with exception of North Korean hacker group. But take note i only skimmed their latest report. [1] https://bitcoinmagazine.com/culture/chainalysis-most-mixed-bitcoin-not-used-for-illicit-purposes[2] https://go.chainalysis.com/2022-crypto-crime-report.html page 12, 43, 62, 80, 108 and 115.
|
|
|
Please give him 1 merrid Please 🙏 give me 1 merrid
Sorry boss, no begging. Someone go look up what is a "merrid" in order that Boss47 might well be able to get one of those.. not sure if I want to give one of those up (or even if I have any of them), but you never know? We have to find out what such a thing is first... especially before agreeing to give one.. first things first. Google (or whatever search engine you use) is your friend. Based on search result, it looks like he wants to be very stubborn for once (1). WikiHow actually have a guide for it, https://www.wikihow.com/Be-Stubborn. Source: https://en.wiktionary.org/wiki/%D9%85%D8%B1%DB%8C%D8%AF
|
|
|
Actually, within the backup plugin's README file, it tells you to just use poetry install. And to then invoke ./backup-cli using poetry run ./backup-cli .... Thanks for the correction, i didn't notice they put README.md file on their directory. Even so, i still find wording on main README.md file means you can install dependency for all plugin using pip Additionally, some Python plugins come with a requirements.txt which can be used to install the plugin's dependencies using the pip tools:
But I remember that I did minimal modification to my original install / workflow which is described here, to get it working again. It could be as simple as: pip install tqdm after Step 2. @BlackHatCoiner, this is worth trying.. I'd advice to install exact version of tqdm ( pip install tqdm==4.62.3) on poerty.lock file to avoid possible package conflict.
|
|
|
I haven't really followed the craig wrong saga in great detail, but from my recollections, I think he won that case because Cøbra never appeared in front of the court. And that was the only reason he won. If Cøbra had appeared, he would have revealed his identity.
It's quite accurate. There's discussion started by Cobra on https://github.com/bitcoin-dot-org/Bitcoin.org/issues/3698. It doesn't really mean much and craig wrong is still a lying scumbag.
I also would label him as scammer.
|
|
|
--snip--
"similar script" not "site" I know for bitcoinpricecalc.com, follow them from his announcing, but just because the name is too long (three words in the domain), I might look for an alternative that will be always online. There's no guarantee any website will be always online, even Google was down in past. But how about https://btc2fiat.me/? It's not too long and open source, so you also could host it on your server with better domain name.
|
|
|
Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?
Aside from self-hosted/decentralized solution, Codeberg[1] which operated on Germany could work. I've no idea how they handle sanctions law though. Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence? Back to India! SourceForge! Link you mentioned also say SourceForge comply with U.S sanction list. It is an open question though, how much bitcoin ecosystem is addicted to github, and what is the cure?
I'd say it's very dependent on GitHub. Aside from Bitcoin Core which have lots of mirror, i found almost all Bitcoin-related source code on GitHub. [1] https://codeberg.org/[2] https://docs.codeberg.org/getting-started/what-is-codeberg/#what-is-codeberg-e.v.%3F
|
|
|
I have this lib setup and imported to my project. but don't know how to call and give seed as input and get public key of my desired coin as my desired derivation path.
Could you be more specific? The documentation of library you mentioned give several code examples. # Source: https://hdwallet.readthedocs.io/en/v2.1.1/hdwallet.html#hdwallet.hdwallet.HDWallet.p2wpkh_address >>> from hdwallet import HDWallet >>> from hdwallet.symbols import BTC >>> hdwallet = HDWallet(symbol=BTC) >>> hdwallet.from_mnemonic(mnemonic="venture fitness paper little blush april rigid where find volcano fetch crack label polar dash", passphrase="meherett") >>> hdwallet.from_path(path="m/44'/0'/0'/0/0") >>> hdwallet.p2wpkh_address() "bc1qfky82ek5pr07t65qjretw9hevw2j8j5fdrn5hc"
If you need to get public key, just use hdwallet.public_key() after specify correct derivation path. >>> hdwallet.from_path(path="m/44'/0'/0'/0/1") >>> hdwallet.p2wpkh_address() 'bc1qllytr4ftxqgpg2he8uafcgcj9gzxcv7xmuyjw6' >>> hdwallet.public_key() '02fed55ac2909f56c9a2f933113893fdc18a24b7a12c9530c771e47e991da0401b'
|
|
|
For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki. Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.
So for such case use https://brainwalletx.github.io/ ? Tool you mentioned only use single SHA-256. Use WarpWallet[1] or rehashaddress (part of ecctools[2]) instead, which harder to brute force. [1] https://keybase.io/warp[2] https://github.com/albertobsd/ecctools#rehashaddress
|
|
|
These two are not comparable though and BIP39 wasn't a replacement. It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former. Since you mention wallet.dat which usually associated with Bitcoin Core, i'd like to mention Bitcoin Core doesn't use BIP39. You still have to backup your wallet.dat or alternatively master private key from dumpwallet command/output descriptor. ... Then it doesn't make much sense to me to memorize it anymore and I could skip the whole brainwallet thing alltogether.
For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki. Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.
|
|
|
|