Eigentlich macht man das so, dass das erraten von existenten Nutzernamen nicht möglich ist.

Sicherheitsrelevante Anwendungen sollten es immer so machen, dass nicht klar wird ob der Nutzername jetzt existiert oder nicht.

Wenn diese Meldung jetzt nur bei diesem Ereignis passiert, ist es ein wenig sinnlos. Aber so ist es zumindest gedacht.
Username Enumeration ist ein (niedriges) Sicherheitsrisiko, was vermieden werden sollte.


Allgemein ist mit bei Kraken schon einiges aufgefallen bezüglich deren Security. Die haben sehr vieles richtig gemacht, was viele andere Exchanges nicht machen.

Zum Beispiel kann man mit dem "Zurück"-button nicht wirklich eine Seite zurück, sondern muss über das Menü neu rein. Das passiert weil die mit One-time-tokens arbeiten.
Mit einem Klick auf das Menü (z.B. Kauf-menü) erhält dein Account einen one-time token um dieses Menü aufrufen zu können. Der nochmalige Aufruf der URL (oder z.B. auch des Post-requests) leitet dich nicht zu dieser Seite weiter.
Der Nutzer muss explizit nochmal auf den Button drücken. Das schützt vor diversen Angriffen.

Die haben bei der Sicherheit einiges richtig gemacht. Da könntens ich andere Exchanges eine Scheibe davon abschneiden.

There are open source QR scanner available on github.

I don't really see the necessity for a QR scanner to be signed by a bitcoin developer. Why give them more workload if everything you need is already available ?
And additionally, no software is free of exploits. You just can't know whether there is some hidden vulnerability.

Even with proprietary software, i think it is not too hard to check the first and last few chars of an address and the amount before sending the transaction.
Any QR reader can have a bug. IMO scanning for convenience, but checking for safety should be the way to go.

So you give up on security for a slightly better performance ?
I hope you don't store any sensitive information (including private keys) on your PC.

I really can not understand how people are still using Win7 to store their crypto. End of Life is near and missing security features should be enough to switch to Win10.
And additionally you can still upgrade for free..

Fixed that for you.




Based on the fact that you are using an online wallet, i am pretty sure that you do not know how to properly secure sensitive digital information.

You imported an 'address' ? You probably mean you imported a private key.

If you can not distinguish between an address and a private key, how can you be absolutely sure that your computer is not infected ?

Let me guess.. you are using windows and have a free AV installed? 


Most probably your private key got compromised. Whether through phishing or through malware can't be said without proper investigation.
But you can be sure that you leaked it. This is not a bug or anything else. If someone stole money from your blockchain.com account, you (and only you) are at fault.

You shoud consider spending 60$ of those 1000$ for a hardware wallet. Or at least use a proper desktop wallet. You need to learn the basics first before storing such an amount on your computer again.

Den kannst du gar nicht sehen, weil dein nano s den nicht "rausgibt".
Das ist auch der Sinn des Hardware Wallets, man kann nicht an den private key kommen. Der ist in einem kryptographisch abgesicherten Chip gespeichert.

Den wirst du auch nicht brauchen. Der nano s erledigt alles was nötig ist (Transaktionen und Nachrichten signieren).

Solltest du deine BTC von einem anderen Wallet aus (ohne Nano S) versenden möchten (z.B. weil dieser kaputt gegangen ist oder du ihn verloren hast), reicht es den mnemonic code (24 wörter) zu nehmen und damit ein Wallet zu erstellen.
Dadurch werden alle private keys wieder abgeleitet und du hast Zugriff auf all deine Funds.

 


Kenne mich mit Bitpanda nicht aus. Aber wenn das so ist, dann ja zahlst du quasi drauf (2% über Kurs).
Am günstigsten ist es in der Regel direkt bei einem Exchange (z.B. Kraken).

Mycelium does not have any problems.
Occasionally there might be connection issues, but funds never have been stolen through a bug/vulnerability or similar.
People who have lost funds stored in mycelium were at fault themselves. No security measurements, shared seeds, etc..

I am using mycelium for several years now and never had any problem (except once there was no connection to the server for about a day; but not a security issue at all).


Do you have any real 'problems' in mind ? Or is this just sciolism ?

Yes, you have to pay a transaction fee for each transaction.

But fees on the bitcoin network are lower than withdrawal fees from an exchange.
Mycelium lets you choose the priority of your transaction. If you are not in a hurry, a few sat/B would be enough.

Assuming you want to cash out a portion of your holdings, you will most likely have 1 input and 2 outputs. With a fee of 3-4 sat/B that would be ~ 0.07$.
If you want a faster confirmation, you can always increase the fee (e.g. 30 sat/B, which results in 0.70$). That's the cost for a legacy transaction (address starting with 1..). If you use segwit (address starting with 3.. or bc1..) you will save roughly 30%.

What are you referring to with 'taking profit' ?

Withdrawing the funds to your own wallet ? This takes a few minutes until they broadcast the transaction. Additionally the time it takes to confirm the transactions (this depends on the amount of transactions in the mempool and the fee paid by coinbase).
Overall this can take between 5 minutes and a few hours until you have your balance confirmed in a wallet.

If you refer to selling your crypto to get fiat profit, you can do this instantly. Just sell your crypto via limit order or market.




Trading fees? No, only if you use another exchange.
Withdrawal fees? All exchanges have withdrawal fees. They have to cover multiple transactions (Consolidating deposits, moving to and from cold storage and your withdrawal itself). There are exchange which charge more and less than coinbase.


This forum here is a good place to get started.
There are tons of threads and guides which are helpful for beginner.


And as OmegaStarScream said.. don't use an exchange or an online wallet for storage.
If you can afford (i.e. if the costs are not half of your crypto holdings), get a hardware wallet. They store your private keys isolated and never release them.
If you can't or don't want to buy one, a desktop wallet would be the best way to go (e.g. electrum).


And if you at some point need help, feel free to ask. There are a lot of people here ready to help you out.

There is no reason to bump this.

You asked a question and received the answer. Ban evasion.

There is enough evidence that both accounts belong to the same person.
The excuse of a 'friend' (or sister, brother, mother, grandfather, ..) is the cheapest one you could come up with ?

1) Same facebook account used and 2) Depositing to the same account from multiple addresses (posted by 2 accounts) is enough to believe both accounts belong to the same person.


You - as a person - are banned from this forum. This includes any account owned by you and any account you will own in the future.

Both can be implemented relatively easy and convenient using a classical database.
If you don't want it to be decentralized, a blockchain is not needed for the supply chain. Just host a standard DB and give all actors access to it.

Fault-tolerant storage can also be implemented using a classical database. Just use signatures/checksums/etc.
There are many possibilities.

Using a blockchain is not efficient at all. At least in those two use cases.

Since i didn't see the IMO best solution to generate a brain wallet offline yet in this thread:

1. Take your 'password' and hash it using sha256. This is your private key now.
2. Convert this private key into the WIF (Wallet import format) following all steps from https://en.bitcoin.it/wiki/Wallet_import_format
3. Generate the public key and address out of this private key.


All can be done completely offline and you don't need to download a 3rd party website. Neither do you have to trust any javascript library etc.

But, please note. Brainwallets are insecure. Always. You will never be able to create a passphrase which is even close to being as random as one created by a computer.

There are multiple QR scanner available. You don't necessarily need one especially for BTC.
Simply scan the QR with any scanner and copy/paste the address into your wallet.

On a mobile, most wallets already support scanning QR codes. You just need to verify the address and amount and can send your funds with one click.

I don't really see the necessity for a bitcoin-related QR scanner. Either a mobile wallet or any other standard scanner is good enough IMO. There wouldn't be any advantages.

Why would any company need a slow and inefficient datastructure if they don't need the one advantage of it - decentralization ?

There are more efficient ways to store and validate data immutable. If decentralization is not needed, a blockchain would just be way too slow and inefficient.
I can not think of any good example of application which would require to have a (centralized) blockchain. Anything should be implementable with a different type of database/-structure.

Is there any particular use case you have in mind which requires a blockchain without relying on decentralization at all ?

The problem is that bitpay is cancer.

They only allow paying the invoice with their own application. They do not simply display an address and an amount.
You explicitly have to use a tool (DeBitpay) to convert the invoice into standard address/amount information.

They are trying to force users to use their (shitty) application to store/send funds.


And additional - that's the biggest problem - they are a centralized service holding the keys.
That's absolutely against the philosophy of bitcoin. You don't need to accept BTC if you don't hold your own keys. Can as well use CC then.
BTC has been made to be your own bank, not to let someone else store your money. We have banks and FIAT for that.

Where did anyone claim that using blockchain.com is as safe as an offline wallet ?
Anyone claiming such nonsense has obviously zero knowledge regarding this topic at all.

Did you intend to compare blockchain.com to a standard desktop wallet ?
There might be people around claiming this.. but they are simply wrong. Don't listen to them. Webwallets have the same attack surface as desktop wallets plus additional ones which only apply to web-based wallets.

However, no online wallet (whether web-based, desktop- or mobile-) is even close to be as secure as an offline wallet.

Nicht ganz, die letzten 8 bit eines 24-wort-mnemonic code sind die checksum.

Ein seed welcher in einen 24-wort-mnemonic code encodiert ist, besteht aus 2^256 zufälligen bits + 8 bit checksum.
Das sind dann 1.15*10⁷⁷ Möglichkeiten. Das ergibt exakt 1/256 der möglichen Kombinationen als im Vergleich mit 2048^24. Jedoch immer noch eine viel zu große Zahl um jemals einen gebrauchten mnemonic code finden zu können.

Half the size of your RAM - so in this case 6GB - should be good.

If you don't intend to use your computer for other stuff while syncing, 8GB should be fine too.

The problem is that people hear that a hardware wallet is extremely secure. So they go and buy one feeling too comfortable and secured.

And once they encounter a problem, they (again) listen to anyone proposing a solution.
Especially in such a situation where you think you might have lost all of your money, there is a lot of stress and adrenaline. You might not think about everything as detailed and usually.. and follow simple advices in the hope to recover your money. Even if this requires you to enter your mnemonic code into a website which looks legit.

But of course.. if someone really learns a lot about how to secure BTC, this person won't give away his mnemonic code.. ever.
Especially newbies are not aware of the importance of the mnemonic code. Explanatory work would be the only thing which would really help.

In most cases.. the user.

Nevertheless, using a web wallet always is a bad idea.
But since the OP of the reddit post didn't fall for common techniques used to trick users into entering their private data on a phishing site, chances are relatively high that his mobile or another device is/was compromised.
And i believe it would have also happened with any other wallet (except a hardware wallet or cold storage).

While a mistake on the side of blockchain.com definitely could be possible, i believe that there should be more similar reports in such a case.
In most cases the user seems to be at fault. Whether through malware or phishing doesn't matter much IMO.
As long as people don't understand the task of being their own bank and start securing their funds properly, we will always see more and more of such reports of stolen funds.

But not a single one is as reputable and trusted as daves recovery service.




They would definitely try to recover it if there is a chance in finding the password.
This wouldn't be the smallest wallet being recovered by them. I know at least one person who got a wallet containing between 1 and 3 BTC recovered by them. I doubt 13 BTC wouldn't be enough.