I hate to say it, but you're not the first one that says they'll get their lawyer involved... I've heard it dozens of times... But freewallet is still going strong and selectively scamming people on a regular basis.
This either tells me they've got a very good lawyer and a TOS that allows them to selectively scam, or people tend not to follow up on their thread of getting their lawyer involved...

This being said: the advice to keep making noise is usually the only advice we can give after the scam has happened... It seem to work from time to time, but most victims lose their funds.
The only thing we, as a community, can do is keep raising awareness about freewallet's tactics.

Adding a small fee doesn't make your transaction slow, nor the process... Adding a small fee will give the miners a smaller incentive to add your transaction to the block they're working on...

A block can contain up to 1Mb of transaction data (+ a maximum of 3 Mb of witness data). The difficulty gets adjusted every 2016 blocks so that the average time between two blocks is about ~10 minutes (on average).

This means that (on average) about 6 Mb of "actual" transaction data can end up in the blockchain per hour. If more than 6 Mb of unconfirmed transactions get broadcasted per hour, the mempool of the nodes get filled with a backlog of unconfirmed transactions.
Since miners are businessmen, they try to optimize their financial gains. They do this by prioritizing the transactions with the highest fee per (virtual) byte of transaction data. They do this because a miner can add a coinbase transaction to the block. This coinbase transaction funds an address generated by the mining pool with a value of the current block reward PLUS the sum of the fees of all transactions included in a block. So, if you add insufficient fees, you give no incentive to miners to prioritize your transaction and the odds are it remains in the mempool of the nodes for a longer period of time. By default, nodes prune old unconfirmed transactions from their mempool after 2 weeks (if my memory serves me right)

However, there are tricks to increase the incentive for pool operators to prioritize your transactions... If you loop back to my previous post in this very thread:

• if you wait it out, you do not increase the incentive of the pool operators. Usually, your transaction will only be mined if the backlog of unconfirmed transactions is gone. If this takes more than 2 weeks, odds are most nodes will prune your tx from their mempool
• if you wait but keep rebroadcasting, it's the same situation as the one above (just waiting it out), but you periodically remind the nodes of your unconfirmed tx, pushing your tx back in their mempools once it gets pruned
• if you bump the fee, you replace your transaction with one with a higher fee, so the amount of sats per (virtual) byte of transaction data is higher, giving the pool operators a higher incentive to add your tx to the block they're trying to solve
• if you double spend the unspent output used as an input for the stuck transaction, you kind of try to achieve the same thing as bumping the fee, but in a much more artisinal way with waaaaaaay less chance of succes
• if you do a cpfp, you basically use one of the outputs of the stuck transaction as input for a new transaction. The miner can only add the fees of the new transaction to the coinbase reward if they also add the stuck transaction to their block. The trick is to make the CPFP transaction with such a high fee (per virtual byte of transaction data) that the pool operator has a high incentive to add both in order to be able to claim the fees of the second (cpfp) tx
• if you pay a mining pool to add your transaction, you directly give money to the pool operator to counter balance the low fee... This is a non-technical sollution, but it does work (eventough, as noted before, it can be pretty pricey)

One thing to remember: those are all odds and averages... It IS possible to get into a block with a tx with a 10 sat/vbyte fee whilst there are 15 sat/vbyte fee tx's still in the mempool. It IS possible your 100 sat/vbyte tx doesn't get added to a block eventough most other tx's in the mempool have a 15 sat/vbyte fee... This being said: the selection of the tx's from the mempool is allmost always an automatic process, and usually you can predict pretty well which tx's from the mempool will be added to the next block.



Eventough insufficient fees is allmost allways the culprit, it does happen that a transaction has unconfirmed parents, or is dropped from the mempool of most nodes (usually because it has been broadcasted to long ago). There might even be other reasons, but i can't think of any except those two right now.

I remember people talking about using gambling platforms instead of mixers for many, many years... The fact does remain that a gambling platform is not built to mix (or launder) money. They do keep extensive logs (part of their business actually depends on those logs so they can catch fraudsters), sometimes they even require KYC... If you're going to launder criminal funds using casino's, you're just going to get caught sooner or later (and since we're talking about criminal funds, i kinda hope the launderers get caught)

Personally, i don't see anything wrong if you just want to hide your money to protect yourself from a $5 crowbar attack or beggars... You can use about any service that allows you to deposit and withdraw funds... An exchange, a casino, a custodial wallet,... I don't know if the wager requirements of casinos are actually there to stop money laundering, and i wonder if their main goal is to make sure their business stays afloat. Only by requiring your balance to be wagered, they stop people from not gambling... The fact they're discouraging money launderers is just a happy coincidence. Personally, if i'd just want to hide my funds from criminals and beggars, i'd rather use a big exchange for this purpose: the risk is much lower than using a gambling website.

Full disclosure: i'm not a "real" gambler. I did visit gambling sites in the past a couple of times, but i'm far from an experienced gambler, and i haven't logged on to any of my accounts for years... Maybe my image of the gambling industry is wrong...

if you underpayed the fees (which is the case in most stuck transaction cases), there are several things you can do... They depend on how you initially created the transaction, the receiving wallet,, your technical knowledge and the urgency...

• wait it out... if it's a transaction between your own wallets, it'll either get included in a block sooner or later, or most network nodes will prune it after a couple of weeks and you can re-use the unspent outputs
• wait it out, but keep broadcasting the transaction so the network nodes won't prune it (usefull if you're paying somebody else that trusts you completely... like a family member or a close friend... It'll probably be slower than the first option, but the receiver won't see a "dissapearing" unconfirmed transaction)
• bump the fee (this only works if your transaction is opt-in rbf). I don't know blockchain's wallet... haven't used them in many, many years... But if they create opt-in rbf transactions, i suppose they'll have some kind of menu to bump the fee (but other users have already pointed out that they believe blockchain does not create opt-in rbf transactions)
• you can try to double spend the unspent output but use a bigger fee this time... The problem is that most (if not all) nodes will reject your transaction... This is more or less the "bump the fee" equivalent of a non-opt-in-rbf transaction, with waaaaaaay less chance of succes and it requires waaaaaaay more technical knowledge.
• you can do a CPFP IF you either received change from this transaction or if you're also the receiver. Some wallets (like electrum) even have a nifty wizard to help you with this process... I don't know if blockchain or trust wallet have such a feature tough (can you import your trust wallet into electrum? That would probably help you a little bit?)
• you can pay a TRUSTWORTHY BIG bitcoin mining pool to include your transaction in their next block... I know and trust viabtc... But i'm not affiliated with them! If you payed > 10 sat/vbyte you can even use their free tx accelerator (but, if you payed more than 10 sat/vbyte, i guess your tx wouldn't be stuck for 20 hours) => https://www.viabtc.com/tools/txaccelerator

In which format is said private key?
https://en.bitcoin.it/wiki/Private_key

But, truth be told, unless it's in mini private key format, your odds are allmost 0 when you can only read 9 characters... (and even if it's in mini private key format, it'll probably take more time and effort than it's worth... I didn't do the math, but my gut tells me that even in this case, it's allmost impossible)

I don't know if you're for real... But if you are: you just posted a big advertisement for scammers...
Personally, i'd disregard all mails arriving at that address from now on cause everybody looking for an easy victim will be mailing you.

An example like that does work to get some initial feedback
My first thought when seeing that score would by: why? What's the rationale behind the number? Was it linked to a scam somewhere, did it get some negative reviews,... ?

I get the fact that you want to limit the amount of querys on your system to avoid having to buy/lease more performant (and more expensive) hardware. This being said, using google's SSO isn't a foolproof way to avoid people signing up with multiple accounts either... It's just an extra hoop multiaccounters have to jump trough. And like i said: using google's SSO will deprive you from several beta testers... I'm not completely against google's SSO, but i avoid it whenever i can (and i only use it for services that i trust and offer little or no other way of creating accounts).

AFAIK, there is no foolproof way to avoid multi accounters... People can create a dozen of google accounts (or buy them in bulk), or they can use throwaway emails, they can use vpn's or proxy's... Or tor... They can change their browser's fingerprint, they can (potentially) bypass (some) captcha vendors...

Personally, i'd probably allow people to sign up using their email and require a captcha completeion, then block >10 lookups per day based on ip address... It's not a perfect system, people can still get around it, but there are sufficient hoops so most of them won't be able to manage more than a handfull of alt accounts on your service.

If you really want to crack down on multi accounts, it'll require grunt work... Maybe work with invites and communicate with your members trough your platform... But it'll require significant effort from your side.

There doesn't seem to be a way to create an account without linking it to my google account (which i usually don't do, especially for new projects)?

no, that should be the actual nonce... If you would re-create the header using this info and do a sha256d hash of said header, the outcome should be under the current target... Starting nonces are not included into the block header when it gets broadcasted.

you *could* use dice rolls to generate an electrum seed... The first google result that popped up: https://www.reddit.com/r/Bitcoin/comments/2akdl5/howto_use_your_own_dice_rolls_to_generate_an/

Do be carefull tough... Read the full topic, including the potential logging of the console, the odd of your dice being not perfect, the entropy discussion...
Odds are your resulting seed is (much) worse than the one generated by electrum's built in functions!

My server is gone, so i'm no longer running bitcoin core, but isn't there a "getblockheader" parameter in bitcoin-cli?

EDIT: i'm currently using getblock.io (which is free for personal use)... I tested the getblockheader parameter, and it seems to work:



In reality, you'll have to combine this with the "getbestblockhash" parameter in order to get the hash of the block @ the tip of the chain... When you have this hash, plug it into the bitcoin-cli getblockheader command to get things like the merkleroot, time, nonce, bits,...

If you're not running a reference implementation of the node software (bitcoin core), and you don't want to use getblock.io, there's always https://www.chainquery.com/bitcoin-cli/ aswell (which works without signing up, but you cannot automate using chainquery)

Just to append to the answer already given: it's so easy anybody can do it... Here's an online site that lets you generate burn addresses: http://gobittest.appspot.com/ProofOfBurn

Just be carefull, it's a BURN address... if you fund this address, those unspent outputs are burnt... You cannot rescue or retrieve them in any way.

Same here... Took a while longer than expected, but the tx has arrived

I was trying whirlwind.money out with a very small sum ~0.005. I just tested a 0.0025 withdrawal, but haven't received anything...

I'll give it some more time, but for now, i'm with Ratimov... didn't receive my withdrawal

Did you actually read what i wrote?

Here's a quote from my post:

I don't care what you do, i'm not the one banning people or tracking offenders down... It just that after reading your posts, i was under the impression you thought that because the account wasn't originally created by you, you weren't evading a ban (which you are).

I see people breaking the law on a daily basis (usually traffic laws). It's not because everybody is doing it that it's ok to break the law yourself... Neither am i going to stop other people from breaking laws since i'm not law enforcement.
But if they would come to the forum and said: "i was riding 90 km/h on a road where the speed limit was 70 km/h, but it wasn't my car and everybody else was doing it, so that's ok. I should have never gotten a speeding ticket": i would never ever agree with you... Maybe the law is stupid and 90 km/h is perfectly fine at a certain spot: it doesn't matter, you still broke the (traffic) law. If you wanted to ride 90 km/h you should have petitioned the local governement to change the speed limit before going 90 km/h.

Just to chime in on (my understanding of) ban evasion:

If you get banned, it's you (as a person) that gets banned, not (only) your account.

So, it doesn't matter if your account is a hand-me-down of your uncle, or if you found the credentials on a piece of paper laying on the street somewhere. If an account under your control gets banned, you (as a person) are no longer allowed to post using any other accounts for the duration of the ban. The only exception is making a new account (or using an existing account) to create a ban appeal in the meta section for discussing your ban. Everything else is considered ban evasion (which is a bannable offence).

It doesn't really matter why you got banned in the first place... If you don't agree with your ban, the correct order of doing things is: using a new or existing account to create one topic in meta to appeal your ban and ONLY post in this topic whilst your ban is still active. If your ban gets reversed (and only if) you can start posting again outside meta. I got banned once for participating in a raffle in the wrong subforum, and that's exactly what i did: i stopped posting and asked for lenience from the admin since it was my first offence after years of being a member... My sentence got reduced, and i only started posting once my bantime was over.

I know it looks like people don't make a big deal out of ban evasion most of the time... I don't really mind... But to my understanding (after being here close to a decade) those are the "official" unofficial rules.

I took a glance at their website... For me, it looks problematic... Flashy buttons, keywords that get repeated, links to big company's to gain trust.... Whilst keeping vague on how this wallet would work. Also, there seems to be a token with the same name, which is also something that always makes me frown...

Personally, i'm not a big fan of any wallet that would keep your keys anywhere but on your own device, and this one seems to do right that: keep your keys on a network?
Now, for me that's a red flag, but i guess there might be relatively ok ways to do this (for example, by using a strong encryption scheme and keeping the encryption key on your device only whilst backupping the encrypted private key(s) in a network... i would never trust this, and i wouldn't recommand anybody else to trust this setup either, but for some it might be ok.... DYOR), the thing is: they're not clear about how any of this works straight away. Maybe if you dig into their whitepapers???

Anyhow, i think there are plenty of trustworthy wallets out there... Why roll the dice with an unknown company that's going to save your keys in the cloud? We're talking about money here... Why would you use a company like this if there are plenty of trusted, good alternatives around... it wouldn't make sense to me...

I watched the video briefly... If i got it correctly, they required physical access to the device in order to do a flash dump which was then fed to a GPU cluster for brute forcing the pincode. IIRC, this is an old vulnerability that's just been brought up once again to show that there is no absolute safety. A hacker would need physical access to your device and access to a cluster to bruteforce your pin. I guess he'll be out of luck with my extended seed phrase tough

I do consider this to be different than the ledger attack vector which does not need physical access. As a matter of fact, ledger is actually sending 3 shards created by a  2 out of 3 ssss  scheme to 3 "trusted" companys. If 2 of those company's decide to work together, they can reconstruct all private keys from all clients that decided to enable this ledger "feature", and it also shows that if somebody is able to inject code into ledger's closed source firmware, the hardware will be capable of extracting the seed and sending it to wherever the person that injected the code wants without any physical access.

Ledger just went as far as extracting the key from your hardware wallet themselves (by design) using official firmware. You only need 2 employees that have access to 2 of the 3 key shards that decide to rob all their clients and it's done... I just think the scale, complexity, risk,... are completely different between this trezor vulnerability and the ledger vulnerability.

Don't get me wrong: i'm not on trezor's payroll... The vulnerability exists whilst in a best case scenario it shouldn't... If there are other vendors that are as thoroughly vetted as trezor without such a vulnerability, it would be better to use those... Or even better, use an airgapped setup with core or electrum... Or a properly generated paper wallet...

Ledger got caught with their hands in the cookie jar again. In the past, they have claimed (on numerous occasions) that the private key could never leave their closed source secure element. Now, they released a "feature" that is able to shard your key into 3 pieces and send it to 3 corporations "for safe keeping".
At this point, i'd never promote ledger again, even if they automatically give the option of a 24 word seed... It's much better to have a 12 word seed that cannot leave the secure element (ever) than having a 24 word seed that could be extracted with (closed source!!!) firmware.

Like it has already been said: there are perfectly good ways of using a 24 word seed on a trezor, or on an other trusted hardware wallet without having to resort to a company that have been caught twisting the truth...