That's the wrong point of view.
You can never be sure that your computer is 100% clear from any kind of malware.

Being compromised also doesn't mean that you need to intentionally download and install malware.
Depending on your current version of windows there might (most probably) be quite a lot of dangerous vulnerabilities which allow to perform a remote code execution or manipulate your system in other ways.
This is 'enough' to be able to compromise a paper wallet.

If you want to create a paper wallet, boot an offline linux distro and either use some good(!) paper wallet creator or (the better way) use a good wallet (e.g. electrum) or simply the linux command line to create a private key.
If you need to print it out, make sure you are aware of all risks included using a network connected printer (e.g. buffer storing last X printed pages).

But since you own a ledger nano, just create a new 'account' for your donation wallet and use those addresses.
You might as well use your main 'account'. But this could result in accidentally spending those UTXO's when creating a transaction. An seperated account is the easiest way to not accidentally touch them.
And it is probably the safest and most secured way for you.

This is an incredibly horrible representation of the process.

1) There are no bitcoin 'accounts'.
2) The address is not an 'account number'.
3) The "signature checker" function does need the public key to verify the signature. But this image implies the address is used. It is quite inaccurate. Even for a simplified version of the process.

Alone the wrong naming makes it a bad representation. I'd suggest to rather not use this image when explaining things as it will result in newbies getting confused and/or learning wrong terms.

You can sign messages using segwit addresses.
But as BitCryptex mentioned, there is no defined standard yet. There is no consens yet on how exactly to sign/verify them.

This means messages signed with software X most probably can only be verified using software X.

The mobile wallet i am using is mycelium.
For me, it has all of the necessary features and a nice UI.

The only downside is that their server are under heavy load from time to time.
This results in a very long wait time when resyncing your wallet and eventually failing transactions.

But this happened only 2 times in the last 3 years. So that's acceptable IMO.

If you own a hardware wallet, your able to connect it to mycelium (at least ledgers and trezors wallets).

Not quite true.

When uploading the documents via an encrypted connection (which should always be the case; if a website is using http instead of https, keep far away from it), only the receipent has access to these documents.
When sending them unencrypted via an email, more people have access to it. Basically any router between your mailserver and the destination mailserver can access its content.

If you encrypt the mail, this obviously is not the case. But unfortunately only a handful of people / companies are accepting encrypted mails.


So, if you can choose between an unencrypted email and uploading it via https, always choose the encrypted TLS connection.



@OP
You call yourself a person who protects his personal data, but participate in KYC for some shitcoins worth nothing ?
In this case, you can as well just do the KYC on FJ as requested..

Check the details of the transaction.
The 'missing' 0.001 BTC. Which color is the address highlighted with ?
If it is highlighted blue, this means it belongs to TrustedCoin and is the fee for 20 co-signed transactions. In this case you have created a 2FA wallet and didn't read the notice when setting it up where the fee was mentioned.

If the address is highlighted yellow, it is a change address of yours.
And if it isn't highlighted at all, that's an output to an address which does not belong to your wallet and does not belong to TrustedCoin.

How are you even operating on your system without root access at all ?
How do you keep your system up-to-date without root access ?

The real problem here is not that electrum needs root acces to be installed, which every software requires, but that you forgot your root password.
Just follow o_e_l_e_o's steps to set a new one.

Oh, and btw.. you don't need to install electrum to use it. Just get the AppImage file. This is an executable containing all necessary dependencies.




The best advice would be to not use an online wallet at all.
There are way more disadvantages than advantages of an online wallet compared to a desktop-/mobile wallet.

They are more secure than a web wallet, yes.
But they are by far not as secure as a desktop wallet.


There are still many attack vectors which would allow to steal funds from a user using a browser-based wallet, compared to a desktop wallet. DNS poisining, etc. The attacker does not always need to compromise your device.
On the other hand, there is no attack vector i can think of which applies to a desktop wallet, but not to a browser based one.

There is a big difference regarding security between a browser based wallet accessed by typing an URL into the address bar and a desktop wallet.

True, and even if you are the only one in possession of your keys.. if you need to rely on a website to access them (e.g. like with myetherwallet where the keys are loaded from a file on your PC), you are also at risk.
The best option simply is to use a desktop-/mobile wallet or go for cold storage / a hardware wallet.

This would only protect against these two already found sites.
The problem usually is not to protect against already known fake sites, but to protect against new unknown ones.




The real problem is not that people would visit a fake ledger site IMO.
The problem is, that people still enter sensitive information (mnemonic code, private keys, etc. ) into websites because of little to no knowledge regarding ongoing scams in the crypto world.

People who already add scam sites to their hosts file with 0.0.0.0 or loopback, already know not to enter sensitive data on such websites.
The newcomers are the ones getting caught by that. I think informing newcomers about the most common scams is the best way to circumvent that.

Just checking the URL you are visiting does not guarantee that you are on the legitimate site you intended to visit.
There are multiple approaches to trick people into visiting a fake site.

Currently the most common is to use punycode. The URL will look almost exactly as the original one except for some subtle changes (e.g. a small dot below a character).
Another (more complicated) way to trick you into visiting a fake website would be DNS spoofing / cache poisoning. You'll see the original URL in the address bar, but will connect to a malicious server. Bookmarking the site won't help you there.
While a lot of these more sophisticated attacks are uncommon, relying on a website to open up a wallet (i.e. using a web wallet) is always a bad idea, security-wise.

Since the transactions show conflict and the transaction ID is not valid, you can be sure that the other transaction (which yours conflict with) got included into a block.
Therefore the coins 'do not exist in your wallet' (to be more precisely, they are not associated to the public keys you think they should be) and you can not 'get them back' by doing something with your wallet file.

Using zapwallettxes as proposed by NeuroticFish will probably clear this up, but won't get your 'coins back into your wallet'.

I'd like to sell you some BTC for paypal (80€).

Since you didn't reply within the last 4 days, can we assume that you find what you were searching for?

If not, please be more specific.
1) What wallet file are you talking about (bitcoin core, electrum, etc.. ? )
2) What exactly are you trying to achieve? Are you trying to gain access to private keys without actually opening the wallet ? This is possible, but if you have set a password it definitely is required.

Your brain will memorize: "Take file X and hash it".

That's easy to memorize and not random. Therefore way(!) less secure than a truly randomly generated private key.

It is the same as using a book. You would probably argue "how the hell am i supposed to memorize a whole book".
But the thing is, that you memorize using this book. -> Brainwallet.

As long as the input is not generated randomly, you are risking your coins.




Basically anything which is not a web wallet because they are cancer.
One good wallet for beginners would be electrum.

Desktop and mobile wallets should always be preferred over web wallets.

Changing the OS doesn't necessarily eliminate this risk.
Such malware already has been seen in the wild for MacOS. And they can also easily exist for unix based operating systems.




Without doing the actual math, i am also pretty sure that this is enough to prevent such clipping board malware.

1) It is not possible for the malware to create that much addresses / store that much addresses on the victims computer without being blatantly obvious (if possible at all; i didn't do the actual math but this shouldn't be possible in a relatively short amount of time)
2) I have not seen any non plain-dumb clipping board malware yet (which doesn't mean that it doesn't exist tho).

Start off with the basic information required.

What site are you talking about (preferably post the exact URL you have visited) ?
Can you still access your account ?
Did you receive a confirmation email / Do you still have access to your email account ?

Head over to a block explorer (e.g. https://live.blockcypher.com/) and check your address for incoming transactions.

Do you see the transaction which is "missing" ?

If yes, your electrum somehow has a connectivity issue. Check whether you are on the original most up-to-date version and whether it is connected to the network (green circle at the bottom left).
If no, then "the site" didn't send the transaction. Which site are you talking about ?

Do you remember what kind of wallet you used ?
This can play a huge role in your search.

Or - if you don't remember - do you know when you installed that wallet ?
If it is an old one, chances are high that it was bitcoin core, and that you are searching for a wallet.dat inside of the archive.

Actually, i do reboot my mobile relatively often (like once per week).
For me there is a noticeable boost in performance when doing so since a lot of processes get terminated automatically, which i'd had to kill separately.

And once per month there is an update.

Note that i am not using an old mobile, neither the newest gen. Something in-between. And not an iOS, but android (which doesn't change anything regarding this topic).


But i agree with the majority of opinions here. This attack is more theoretical than practical.
And you shouldn't store more than pocket money on a mobile wallet anyways.

There are way more practical attacks on mobile wallets, than this one.