Or perhaps OP's transaction was immediately spent by another transaction, and then 10 minutes later when it still hadn't confirmed the attacker replaced that transaction with a second higher paying transaction.
There's another transaction on blockchain.com explorer trying to spend the same UTXO from OP's address. The transaction had been made with exactly the same fee rate and is invalid now. Click here to see that. I don't really know what exactly caused that 10 minute difference on blockchain.com, but it may have something to do with this invalid transaction.
|
|
|
Sometimes scammers deposit with their own coins to entice people to deposit,
You are right. That's possible, but I doubt that's the case here. If those transaction had been made by themselves for deceiving people, they could simply send back the 2x transaction too. Click here to see the transactions made to the scammer's address.
|
|
|
About your current case if the transaction is still unconfirmed yet I think you can double spend the transaction and transfer it to your new wallet.
Since OP made this topic, the mempool has been emptied several times. Therefore, even if the transaction in the question has been made with the fee rate of 1 sat/vbyte, it has been surely confirmed and there is no way to double spend it. Also, it was mentioned in the OP that both transactions (the one made by OP and the one made by the hacker/thief) have been confirmed.
|
|
|
The first two tweets have been already deleted and I checked the third one. It says that "you can only apply once". With this trick, they are trying to encourage their victims to send more fund and avoid sending small amounts for testing purpose. I also checked their deposit address. Till now, two people have been scammed by them. One has sent 3 ETH and the other has sent 0.5 ETH.
|
|
|
I believe they have strong anti cheat protection through the user ID-s in the site and their way of accessing the site,the mobile,the desktop,what browser do they use and what IP and things like that who make sure people don't cheat with multi accounting.
KYC isn't asked only for preventing users from cheating. Many casinos (or other crypto-related services like exchanges) force users to pass KYC due to complying with regulatory rules. Of course, I agree with you and I don't think they will ever implement KYC.
|
|
|
Now both are fully confirmed and i kinda dont know what to do.
There's nothing you can do. Bitcoin transactions are irreversible The only thing you can do now is to avoid sending any more fund to your wallet and as mentioned above, format your computer and install a fresh operating system. Take note that if you want to be completely secure in the future, you should install electrum on air-gapped device. If you can't do that for any reason, it's recommended to use a hardware wallet.
|
|
|
3. any chance of your trust wallet account getting frozen like they might do on exchanges?
There's no chance for that since the Trust wallet is non-custodial. Trustwallet gives you full access to your private keys. So, it's ture that it's non-custodial. You can import your seed phrase into any other wallet at any time. But this doesn't mean your permanent access to the fund is guaranteed. As trustwallet is close-source, we don't know wether they have access to users keys or not. If they have access to users keys, they can send your fund to their own address and cut off your access to your fund.
|
|
|
So if your purpose is to guess the seed phrase of someone's wallet then you have 0.01% to guess a seed phrase wallet.
I don't understand this. Are you saying that the chance of guessing someone's wallet correctly is 0.01%? Am I getting you correctly? Or I am missing something here? To avoid any misunderstanding for a newbie reading this thread, it may be worth mentioning that the chance of guessing a seed phrase correctly is zero. A 12 word BIP39 seed phrase provides 128 bits of entropy and can't be brute-forced or guessed.
|
|
|
The master public key is derived from your seed phrase through a one-way function. Therefore, there is no way to derive the seed phrase from your master public key.
|
|
|
This has been posted today by admin of BGL coin, for what I can see is still possible withdraw funds from their exchange
I doubt it's possible to withdraw fund from the exchange. It seems that there is no way to login to the website. I tried to login to the website using VPN from different countries, but I couldn't access it. I tried it with VPNs from some European countries, United States, Canada, Japan, Singapore, India and United Kingdom.
|
|
|
So, what could've been the problem from your side because even palle11 verified it from verifybitcoinmessage.com/ and CoinEraser also did from one of the sites you couldn't – brainwalletx.github.io.
There was no problem from TheBeardedBaby's side. palle11 signed a new message from a legacy address which was the one verified by him/her and CoinEraser. TheBeardedBaby was trying to sign the message signed from the segwit address which can't be verified at all. Maybe we should just say those signing message from coinoimi should do that using legecy
The best thing anyone can do is to not use coinomi.
|
|
|
Could have been someone's personal signature text with the forums' ad warning below.
That's not a personal signature. Such information is sometimes displayed below the forum ad banner which is located below the first post of every page.
|
|
|
I apologise, I have done a fair amount of research my question was just poor. What I am asking is if you can not create someones signature for their transaction how can you compute fake blocks for the chain?
I am not sure I have understood you correctly. But I think your question is "How signatures are verified?". When you broadcast a transaction to the network, you broadcast a hash, a signature and a public key. For verifying your transaction, nodes don't need to recreate your signature at all. Nodes generate a hash using your public key and your signature through some mathematical calculations. If the hash generated by them matches the hash broadcast by you, the transaction is verified.
|
|
|
- Did you also try verifying the same message with one of the online tools or other wallets?
I just tried that. I was able to verify the message using other tools like electrum successfully. So, a message signed by coinomi from a legacy address can be verified by other tools, but it can't be verified by itself. Edit: I tried this with a segwit address too and I was again successful in verifying the message using electrum. It's weird. Because the message signed by palle11 yesterday isn't verifiable even using electrum.
|
|
|
There's indeed a bug on that wallet but AFAICR, it doesn't extend to legacy addresses [only the segwit addresses are affected].
I just tested that with signing a message from a legacy address and got the same error. It's really funny how Coinomi works. If you sign a message from Coinomi and then verify the same message without closing "Sign/verify message" window, it's verified successfully. It's verified even with a wrong signature. If you sign a message from Coinomi, close the "Sign/verify message" window and then open it again and verify the message, it can't be verified.
|
|
|
Trust wallet claimed its community-driven open-source non-custodial wallet. I am not sure if it's 100% true.
They are lying about that. Trustwallet used to be open-source, but it became close-source after being bought by binance. According to github, their code hasn't been updated for four years. The code we see on their github is for an outdated version of trustwallet.
|
|
|
1. if buy a new phone and install trust wallet, memorize the phrases, receive some tethers and then stop using the phone for good until a future time: is there any chance of your trust wallet getting hacked?
Even if you are sure that your mobile phone is 100% secure and you never connect it to the internet, you can't say that your wallet is completely secure. Trustwallet is close-source and there is no way to know how the keys have been generated. It may be worth mentioning that you should never trust your memory. It's always possible that you forget your seed phrase.
|
|
|
Wallet is coinomi
I tried to verify the message on Coinomi. It says "Message verification failed". Edit: I just signed a message on Coinomi and verified it with itself to see how it works. Seems that there's a bug on Coinomi. It can't even verify the message signed by itself. As suggested by BlackHatCoiner, don't use Coinomi.
|
|
|
Please someone should quote and verify for me.
As mentioned by BlackHatCoiner above, the message can't be verified. There's a probability that you made a mistake when copy pasting the signature or the address. Take note that there is no standard algorithm for signing message from segwit addresses. So, a message signed from a certain wallet may not be verifiable through another wallet. What wallet did you use for signing the message?
|
|
|
|