2FA is unnecessary on a wallet like Electrum. If you want the safety of multi-sig, then just set up your own multi-sig. It is safer and cheaper to do so, as well as giving you more redundancy in your back ups.
However, 2FA should be mandatory for any and all online accounts which use it. If you can, use a hardware key. If you can't, then use a good open source 2FA app such as Aegis for Android or Tofu for iOS. You should try to avoid any and all Google products under all circumstances - they are notorious for harvesting your data, they are generally closed source, poor security, and just love sending all your sensitive data to random servers around the world of "safe keeping". Google's 2FA app is no different. Avoid it.
|
|
|
And it seems unachievable to have a consensus as everyone has their own opinion coupled with the fact that the Bitcoin community is so large. We've had consensus on plenty of major changes before, such as SegWit and Taproot. If some small niche group wants to disagree and fork bitcoin yet again in to one of the many shitcoins like BCH, BSV, BTG, BCD, and so on, then they are free to do so. You can take a look at the price graph of any one of those coins to see just how well they are doing (hint - every single one is currently hitting all times lows against bitcoin).
|
|
|
Fees are super high today. I've sent a tx with ~10sat/byte fee but had to bump it to ~80sat/byte eventually (about $10 for my amount/tx) absolutely highest fee I paid EVER! Whatever service or wallet you are using to estimate your fees which suggested you use a fee of 80 sats/vbyte is trash. I would recommend you stop using it. There was absolutely no need for you to pay such a fee. For a very accurate but slightly more complex way to select an appropriate fee, read the graph here: https://jochen-hoenicke.de/queue/#BTC%20(default%20mempool),8h,weightFor a slightly less accurate but very simple way to select an appropriate fee, pick your priority from the box here: https://mempool.space/As hosseinimr93 says, there was only one instance over the last 24 hours where the minimum fee to get included in the next block was 40 sats/vbyte. It was never anywhere near 80 sats/vbyte, and most of the time was sitting somewhere between 10-20 sats/vbyte.
|
|
|
I've found the "advanced approach" I wrote about in the last post, it was developed by user Andriian in 2019. Ahh, I do remember reading that now that you've linked it (and actually merited it at the time, heh). I think the biggest drawback to this is the same as the drawback we are discussing above: As soon as Alice spends any of her bitcoin, then the transactions she has given to Bob are invalid and she has to generate new ones and give them to him. This method also requires Alice to keep a constant watch for the transactions she has given Bob showing up in a block. By using timelock as I suggested above, Alice can know for sure that there is zero chance the coins can be spent before the timelock expires. Using this method, Alice has to constantly check to see if Bob is trying to steal from her so she can sweep the coins before he can.
|
|
|
“To be free from the vulnerability, users must migrate their assets from the affected wallet addresses to new, non-affected wallet addresses,” Or even better, migrate to an actually reputable open source wallet, and not this Binance owned closed source spyware trash.
|
|
|
It would be cold to cold. Are you absolutely certain your current set up is 100% airgapped and has never once been online? Do you want to briefly describe your current set up? I'm hoping to avoid memorizing a new seed phrase You shouldn't memorize any seed phrase. Write it down on paper and keep it somewhere safe.
|
|
|
Why should I trust that you are able to store a piece of paper more securely than I am? Why take the risk of an unknown stranger storing my keys in a completely unknown manner, and the risk that you simply disappear or shut down the service?
Why are your pricing options hidden? Why do you have a monthly option if someone is making "recurring transactions" - what difference does it make to you how many transactions someone makes? You should have absolutely no involvement in the process.
If I contact you and say I am user X and I want you to give me user X's seed phrase, how are you going to confirm my identity?
|
|
|
With a simple modification to the code, I think iancoleman can be used, or extract a Master Private Key, which can be imported into all wallets. This is correct. Download the latest .zip version of Ian Coleman from GitHub ( https://github.com/iancoleman/bip39), and verify your download against his PGP key ( https://iancoleman.io/pubkey.txt). Currently this is version 0.5.4. Extract and navigate to \src\js, and then open the file jsbip39.js with a text editor. Navigate to line 118: Change this line to the following: Navigate to line 146: passphrase = "mnemonic" + passphrase Change this line to the following: passphrase = "electrum" + passphrase The first change tells it to ignore the checksum since you are using an Electrum seed phrase and not a BIP39 seed phrase. The second change fixes the salt that Electrum uses when turning seed phrases in to private keys. That's all you need to do. Then just go back in to the \src\ folder and run index.html, and you'll be able to import Electrum seed phrases and extract the relevant keys. Obviously do all of this an an airgapped computer for safety!
|
|
|
For more peace of mind we could change the way the campaign works so instead of allocating a fixed amount to distribute to users every day, you receive a fixed amount at the moment of deposit and you are free to withdraw whenever afterwards keeping the reward. Maybe this is a better solution? Would there be anything to prevent someone abusing this by just constantly depositing and withdrawing the same coins over and over?
|
|
|
Not at all. I was simply assuming that OP was using coins in his own cold storage which will rarely, if ever, be moved. The coins for each transaction should already be separate UTXOs, so if he needs to spend one of the UTXOs it will only invalidate a single timelocked transaction, and not all of them. I think it would be a reasonable approach to exclude some of OP's coins from this inheritance plan for the sake of ease. If he had, say, 10 BTC in these timelocked transactions, he could have 0.5 BTC in a different wallet for his own personal use. This could simply be passed on to his daughter by the way of a seed phrase which she will inherit after his death. And yes @OP, you can cancel even this simple plan any time: simply moving all coins to another address. He actually only needs to move a single UTXO and it will invalidate the entire transaction. So if he has a timelocked transaction sending 100 UTXOs to his daughter, he can just move a single one of those UTXOs and the whole transaction is invalid.
|
|
|
The belief that Trust wallet is safe stems from the fact binance are behind it and that no hack has been reported Just a few days ago Trust wallet was found to contain a critical vulnerability which resulted in it generating private keys in an insecure manner, leading to funds being stolen. Juler12 says that he made a deposit and the money was not withdrawn, meaning that the malware is not responsible Malware can easily steal a seed phrase or private keys, and an attacker which now has access to an active wallet may choose to wait before draining it in the hope the user deposits more coins.
|
|
|
why is the parent transaction not being confirmed The parent transaction pays a fee of 10 sats/vbyte. Even with the increased fee of the child transaction at 25 sats/vbyte, when you consider both transaction together their effective fee rate is only 17.5 sats/vbyte, which is still a few vMB from the tip of the mempool.
|
|
|
Both transactions together (the first of which is an unconfirmed parent of the second), pay an effective fee rate of 17.5 sats/vbyte. At the moment, that puts them somewhere around 4 vMB from the tip of the mempool. Neither transaction is opted in to RBF.
Your options are to wait a bit longer (I would be hopeful they would confirm within the next hour or two), or perform a child pays for parent. I assume bc1q8s5zta0e6p2aafw2n9te4nsn0qkjzcmtv6cfkr is your change address.
If you send all the coins on bc1q8s5zta0e6p2aafw2n9te4nsn0qkjzcmtv6cfkr to another address you control, the transaction will be ~110 vbytes in size. Combined with your other two transactions, that would be a total size of 526 vbytes. To get to an effective fee rate of 40 sats/vbyte, you would need a total fee of 21,000 sats. You've already paid 7,264 sats in fees, so the fee for the new transaction would need to be around 14,000 sats, or 125 sats/vbyte.
|
|
|
What's your source of crypto news? I know it won't be one as it shouldn't be but usually, what website(s) do you visit? Your opinion on this task matters because you are a highly valued, knowledgeable member I tend not to care whatsoever about what these sites class as "news". If you look at the landing page of CoinTelegraph, CoinIdol, etc. on any given day, the top stories are about price speculation, a whole bunch of shitcoins I don't care about, a whole bunch of centralized exchanges or platforms I don't care about, various celebrities or influences I don't care about, clickbait trash like the article being discussed here, and so on. The amount of actual news on these sites is somewhere between zero and none. What I do care about is bitcoin's development and new advances, and for that I read the bitcoin-dev mailing list, the lightning-dev mailing list, and any relevant discussions on GitHub. I would also recommend the newsletter from https://bitcoinops.org/.
|
|
|
3. Like if they were to suspend their services? Yes. Your funds will be just fine. This is incorrect. Trust wallet is closed source. We have absolutely no idea how secure seed phrases generated by Trust wallet are. They could all be generated in a pre-determined way known to some programmer at Trust wallet. They could be storing every generated seed phrase on a centralized server. They could be transmitting seed phrases across the internet. We simply don't know. You should assume that any seed phrase generated by a closed source piece of software is compromised. OP should generate a brand new seed phrase on better wallet software and send his coins across. Well I have thought of doing that but i don't know how he or she may feels when sending personal messages for change of address icopress is a very reasonable person. I can't image they will have any issue updating an address on a spreadsheet. I was actually scared of totally start using a wallet I am not familiar with and I also came across a post from Juler12 where he said of his Electrum wallet being hacked and almost all his funds were stolen This had nothing to do with Electrum. He simply had malware on his computer. Any wallet on his computer would have been equally at risk. If you want to avoid this risk, then you need either an airgapped wallet or a hardware wallet.
|
|
|
Clickbait nonsense. 12 word seed phrases are perfectly secure if you don't start handing out your words on the internet.
|
|
|
I used to buy shitcoins during the bull runs and I knew that had I approved the wrong smart contract everything would be gone. The problem is that there are dozens of exchanges out there which call themselves a DEX, which are in fact not in the least bit decentralized at all. If you are depositing coins to a smart contract, or linking your wallet to a smart contract, then I don't think that's really decentralized at all. Most likely one or two people have written the smart contract and none of the users of the platform have even bothered to read it before sending their coins to it, meaning your coins are still under centralized control. You can absolutely lose coins from such a centralized, poorly written or deliberately malicious smart contract, and indeed, lots of people have done so in the past. Compare this to a real DEX such as Bisq, where the only place the coins go other than your own wallet is to an escrow address controlled by you and the party you are trading with.
|
|
|
perhaps some of you more technically proficient Bitcoiners can watch this video, and weigh in on this ( honestly I am not sure how worried I should be ) Everything he has said is accurate, and I completely agree with all of his conclusions. I regret ever suggesting that anyone should buy a Trezor, and I will never do so again. They have shown themselves to be anti-privacy and anti-fungibility, and are therefore not just selling out their users but are actively working against bitcoin itself, in order to line their own pockets. As he says, however, if you already have a Trezor device (and no other hardware wallet you can swap to or can afford), you are probably safe to keep using it provided you don't go anywhere near the coinjoin feature. I also don't have a single shred of trust left for Trezor, though, so I would make sure you are using it through something like Electrum or Sparrow pointed at your own node and absolutely not relying on Trezor's servers. And when it comes to the time to upgrade or replace your hardware wallet, obviously do not buy another Trezor.
|
|
|
|