How would you do this ?
Circumventing fingerprint security measurements is relatively easy and it has been mentioned how it can be done.

So.. how would you hack a trezor ?




How would you fake the signature ?
I mean.. people who don't verify the signature are at risk.. yes. But that's not how you update electrum. You always have to verify the pgp signature.

So.. how would you do this ?




Because there are easy attack vectors and risk of losing access (all has been mentioned in this thread already).

If you can argue against electrum updates or trezor being hackable the same way with the same level of complexity (very low), then it is not much better.
But as long as you can't, both are definitely better than a fingerprint secured wallet.

It is important to know which wallet you used.

Since you said you 'lost the program name', i assume you actually downloaded some software and did not use some kind of web wallet, right ?
Try to find out which wallet you have used.

It is completely normal that your receiving address changes after each transaction, this increases your privacy.

Did the wallet you installed give you a mnemonic code, also often referred to 'seed' to backup (12 / 24 words) ? Or do you have any other kind of backup ?

Also, please tell us what gambling site you are talking about.

You would only be able to access the seed of the 2FA wallet, if you recovered it once using the seed and disabled the 2FA option.
Otherwise the whole concept would be useless.

The seed holds 2 out of 3 private keys (of a 2-of-3 multisig). Having both private keys stored in the wallet file (which basically is the case with a restored wallet with disabled 2FA) defeats the purpose of having a 2FA wallet.

When setting up a 2FA wallet, you get a mnemonic code as a backup which creates 2 out of 3 keys, then the seed and one xpriv is going to be deleted, resulting in 1 xpriv stored in the wallet.

In order to send coins from your wallet you need one of the following:

1) The recovery seed (mnemonic code) or
2) Your google authenticator code and the wallet file.

Without one of these, there is no chance.
However, there have been multiple people who have reported that they have been able to reset their 2FA by messaging TrustedCoin (the co-signing service provider).
This seems to be your last chance if you can't find the mnemonic code and can't regain access to your 2FA mobile (or its backup code).

You didn't know that stealing intellectual property is against the rules (and against common sense) ?

Hard to believe..


Your account got banned June 7th.
That's the day you created this account which then was used to complain in meta and continue posting in the speculation section, which is a bannable offense (ban evasion).

Post history archived.

Not even close  

If the information on bpip.org is accurate, you have 107 deleted posts, which makes it 1 in 288 being deleted.

Habe mir mal beide angeschaut.

Wie sich herausstellt, verwendet die 1. Transaktion eine "Zwischenadresse" welche zu der Adresse 1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY (aus deiner 2. TX) gehört.
Und diese gehört zu F2Pool.
Die Transaktion ist auch im Block 592985 bestätigt worden, welcher von F2Pool gemined wurde.

Ist schon logisch, dass ein Pool sich selber keine Gebühr zahlt, sondern die einfach als 0-fee Transaktion aufnimmt.


Aber wie vorher schon erwähnt, ohne aktive Mithilfe eines Miners (oder Pools) wird das nichts.

I'd assume that is the case.

My reports against ban evasion in the russian sub got marked bad too without the offender getting banned  
The evidence was clear and this case should have been escalated to the global mods. The report was in english, but i assume every mod should understand english regardless of the sub they are moderating.

I can understand why he is comfortable using his PC without anti virus software. I am not using one either.
But the difference is that we aren't using windows.

If you are using windows/MAC you need some anti virus. And even with, it doesn't protect you from anything else than the most dumb and already well known malware.




So.. you are sharing all your details and all of your privacy with proton ? A company which makes money with your information.
Are you located in such a highly critical country that you'd rather trust a company (which makes money with information) than your ISP ??

Most people use VPN's for the wrong purpose, and you might be one of them. Take a look here.

Das LN ist derzeit in der Beta phase.
Man sollte das LN nicht mit mehr BTC nutzen, als man auch verlieren kann/möchte.




Das bezweifle ich.
Eine min. Fee von 1 sat/B ist Standard Einstellung.
Und ich glaube die wenigstens verändern die Parameter im Source code und machen sich damit anfällig gegenüber Spam-attacken, wozu auch..
Außerdem würde kein Miner eine TX aufnehmen bei der er keine Gebühren erhält. Die minen nicht zum Spaß, sondern aus wirtschaftlichen Gründen.

Das bringt dir ja nichts, wenn die Transaktion nur in deinem Mempool ist.
Natürlich könntest du Core so anpassen, dass dein persönlicher Node Transaktionen mit 0 sat Gebühr aufnimmt und weiterleitet, jedoch wird kein anderer Node deine Transaktion akzeptieren.

Im Endeffekt befindet sie sich dann nur bei deinem Node im Mempool und kein anderer Teilnehmer des Netzwerks weiß etwas über diese Transaktion. In einen Block aufgenommen werden kann sie so nicht (zumindest nicht ohne aktive Mithilfe eines Miners / Mining pools).

Yes, i can confirm that.

Just imported a random private key into mycelium and made a backup.
Upon trying to verify it, i received the same error message ("The key does not correspond to any bitcoin address").

Seems like it is a bug.

The best in your situation would be to backup the private key itself, or encrypt it yourself (using BIP38).

The best way would be to simply run a full node.
It would be the easiest to implement and the most safest way.

Can you elaborate on the reasons why you can't run a full node ? It doesn't take much effort to set it up and it costs close to nothing to keep it running. The power costs are low and a 500GB HDD costs about 30$.
If you want to run a marketplace or a website, this shouldn't be a problem at all. So i assume there are other problems you are facing ? Maybe we can find a solution for them.

I just tested it using a freshly created "SA"-account (Single Address).
Didn't have any issues. Worked without problems.

Created new SA-account -> created backup PDF -> verify-option -> scanned the encrypted private key -> entered the given password -> successfully verified.

Are you sure you have written down the password correctly ?
Can you try the same procedure again with a fresh SA-account, paying attention to the password and double- or triple checking it ?

It is a shame that electrum doesn't allow to create a nested segwit wallet.

Using legacy is counter-productive. If there is no need to sign messages and bech32 is not accepted at some outdated service, nested segwit is the way to go.
There is no reason to use an old format which is more costly to spend from, just to use electrum.

OP, i'd recommend you choose a different wallet for nested segwit (transaction malleability fixed and lower fees compared to legacy), e.g. Wasabi.

Transaktionen ohne Gebühr (0 sat/B) werden garnicht erst weitergeleitet. Zumindest wenn man core verwendet (was den großteil aller nodes ausmacht).
Die TX erreicht die Miner also nicht einmal.

1 sat/B müssen es mindestens sein um von den Nodes akzeptiert und weitergeleitet zu werden.




Generell nicht, aber wenn man viele kleine Beträge erhält und am ende 20-30€ mit sehr vielen inputs (z.B. 50) versenden möchte, dann macht das schon einiges aus.
Da liegt die Gebühr dann bei 2.34$ (3 sat/B) oder 0.78$ (1 sat/B). Da können 3 sat/B mal eben mehr als 10% des gesamten Betrages ausmachen.

Aber eigentlich sollte man ja eh nicht so viele kleine Beträge erhalten, daher ist es dann auch nur in solchen extremen Fällen zu berücksichtigen.

Popular open-source software has been checked by multiple people already.
And new malicious commits / changes to it would attract the attention of quite a lot people.

Using popular and wide-spread open-source software is definitely safer than using a less popular one or even closed-source software.




Same as above. Popular open-source software has been checked by quite a lot people already.
Cuckoo would be one of these open-source sandbox tools.




Detecting a sandbox is pretty easy, even nowadays.

Escaping them requires a vulnerability in such software. There was a vulnerability which allowed to escape the sandbox of oracle's virtual machine which has been fixed roughly 6 months ago (more or less).
Definitely a possibility nowadays.

Exactly this is the reason why most people have stopped responding to your questions.

A fault confessed is half redressed.




Right, and multiple people have proven this already.
If you wonder why no one responds to your questions afterwards, look above.

Exodus is one of the worst wallets available, together with jaxx.

Besides it being closed source which means you can't know what it is doing and how it is doing it, there is a severe vulnerability which allows anyone with access to your computer to extract the seed.
The developer refuse to fix it because 'your computer has to be secure in order to use a desktop wallet' - which is an extremely worrying statement from developers.

The seed is not secured at all. It is stored in plain text. It takes roughly 1 minute to extract it.
I'd recommend to use a better wallet (e.g. electrum), where an attacker can not simply extract the seed with 1 minute access to your computer (the wallet file can be stored encrypted, not accessible without the password).

Alright, so we at least found the issue.
Since core and the config is working fine, we can focus on your php/sql issue.


The way to debug this, would be to run your php script from the command line and give it a (non-existing, randomly chosen or real) transaction ID.
Then see what it does or doesn't do.

I don't think there is an error log being written when these scripts are called from bitcoind.
But you can always create your own log. Either use the logger command or redirect the output from your commands into your own logfile (using >>) (sorry i don't know the php equivalent of these commands).

I think the best way would be to get them running using the command line.
Since you already found some syntax errors in your php script, is it running through completely now ? If so, it could be safe to assume that there is an issue with SQL.
If they are then running through fine via the command line, the next step would be to test them via bitcoind / walletnotify.