It would be more secure than a default desktop wallet setup... If you have these resources and knowledge, i'd actually advice you to follow the procedure you described above with ONE tweak:

Disable the network on the linux distro...

If you use electrum as a watch only wallet, create an unsigned transaction, save it, then boot to the linux distro without network, use electrum to sign the unsigned transaction, rebooted to an online OS and use electrum to broadcast the signed transaction...
This way you'd have a pseudo cold wallet setup, witch is about the most secure setup you can have

sigh...  

4 posts ago, i did my very best to give a non-technical, but complete answer to all those people spreading incorrect information... But it seems like people don't even read the last couple of posts before they start blurting out misinformation...

Unless somebody starts a serious, to-the-point discussion in this thread, i'm giving up... This will be my last reply in this thread (unless, as i've said before, serious posters start posting here). EDIT: i couldn't help myself... People just blurt out whatever nonsense comes to their minds, so i simply had to reply to a couple posts

I'll take even one more step back from the technical crypto-related discussion, and simplify even more... Bare with me, this is going to take a certain level of imagination.

Imagine you are a photo editor and you make a living watermarking images with some text. You get payed if the image you watermarked is published in a newspaper.
It's a very simple world you live in, there are only 2 photo editors available:

• microsoft paint, running on micro$oft windows... Very easy to use, no learning curve... That's why 99% of the photo editors use it
• Gimp, running on linux... Great program, but both the OS and the photo editing software have a bigger learning curve, that's why only 1% of the editors use it

One day, there is a communist attack in your world... Allmost all newspapers decide that red text can be linked to communism, so most of the newspapers in the world no longer print pictures that have a red text watermark on them.
Beecause micro$oft tries to shield it's users (they're not that tech savvy), they decide that all future versions of paint will no longer feature the color "red". It is now impossible to change any pixel into a red one, let alone put red text on an image. Gimp on the other hand, being an open source program, allows it's users the freedom to do whatever they want (no ban on the color red).

After a while, you visit a forum where photo editors congregate, and somebody asks if red text can still be added to a picture. 90% Of the posters immediately answer: "no". Some tech savvy posters start to mumble about technical possibility's but immediately point out that no newspaper will ever accept the image.

But the truth is: there is no law against red letters on an image, there are still photo viewers that show images (even with red letters), there is an image editor that still allows the color red (but it's not very user-friendly, since you need to install a different OS and learn how to use gimp). There are even a small amount of newspapers that don't correlate red text to the communist attacks, and they're willing to buy your images with red text watermarks if you would make them.
So, the answer to the question is: "YES", with a sidenote that you need some technical knowledge to do this, and you'll have a hard time finding a newspaper that's willing to publish your images... So if you'd just add blue letters to the image, it would make your life a lot easyer...

I know, the comparison of this imaginary world to 0 fee transactions isn't perfect, but to a certain degree, it is valid...
If you wish to know why, just look at my earlyer posts in this very topic...

A last remark: people don't seem to get some simple facts about fees.
When a miner finds a block header whose sha256d hash is under the current target, the block he found is valid. The first transaction in the block is the coinbase transaction, it usually funds one of the miner's addresses with a value of: 12.5 BTC + the sum of the fees of all transactions in the block.
If a miner would add no transactions, or all 0 fee transactions, he'd STILL get 12.5 BTC (untill the next block reward halving).

The sum of the fees is very small compared to the 12.5 BTC, so the difference to a miner is neglectible at this moment (i'm not talking about those spam-attack, bidding war, full blocks periods... At these periods, a miner might get significant income from mining fees, and at this point it would be unimaginable to get a 0 fee transaction into a block unless you pay a huge miner to increase the priority of your transaction in his mempool)

In times of blocks being incompletely filled, it would be perfectly possible to fill the blocks with 0 fee transactions IF (and only if) people would start running nodes that relayed 0 fee transactions, and miners would be willing to include them into blocks... The reason they're not doing this is probably because in a couple block halvings, they reward will be rather low, and they'll have to start depending on the fees to make a living... But like i said: this is in the far future, this is not happening right now... Right now, a miner choses not to include 0 fee transactions because 1) it doesn't give him any monetary incentive to do so and 2) because the default config he might be running is already configured not to accept 0 fee transactions.

Welcome to the forum...
I'm sorry to hear your initial experience wasn't all that positive, but there's a reason things seemed very hard...
This forum is (one of) the biggest crypto related forum(s) on the web, hundreds of new accounts get created each and every day. A lot of these accounts are created by scammers and spammers, sometimes automatically and in bulk. That's why Theymos added the "evil ip" function a long, long time ago. It's there to stop abusers from creating new accounts in bulk (the theory is that an abuser won't pay a small fee to activate his/her account if he's going to get it banned in a matter of hours). Sure, it doesn't stop all scammers, spammers, trolls, plagiarists,... but i hope it stops the bulk of them. Even if it stops 50% of them, i'd stil be in favor of the feature.

The sad thing is: as a real user with good intentions, you've become collateral damage in the war on spammers/scammers/plagiarists/trolls/... and that's not that good, but i don't see an alternative.

As for the captcha: i guess you're seeing the captcha because bitcointalk is using cloudflare as an external WAF/DDos protection/cache to protect us from the DDos attacks that took the forum down a while ago, and you've become collateral damage in the cloudflare methodology to...

Last but not least: a new forum software is being developed for years now, nobody knows when the forum will be migrated, but the new software should contain most (if not all) of the security features you (and most of us) crave... The thing is: Theymos seems a bit reluctant to developing extra features for SMF when the new forum software seems to be rather close to completion (but to be honest, to me it looks like the development isn't moving at all).

This is one of those threads where i feel i'm taking one step foreward and two steps back...

I've tried explaining (twice), but the thread keeps getting filled by people that post their feelings about the subject unhindered by any knowledge on the topic that's being discussed.

Please read this post before mumbling false claims in this thread

• It is true that most wallets (and especially the gui versions) have disabled the feature to create 0 fee transactions
• It is true that most node implementations reject 0 fee transactions (especially if they're setup using their default config)
• It is true that most miners won't include 0 fee transactions into the blocks they're trying to solve

HOWEVER

There is nothing in the bitcoin protocol stopping anybody from creating 0 fee transactions, broadcasting them, relaying them, including them in VALID blocks! It's not because the software implementations removed the option from their menu's that the protocol changed in a way that would make 0 fee transactions invalid.

IF you know what you're doing, AND you know a miner that would still accept 0 fee transactions, you WOULD be able to get a 0 fee transaction into a block (given that the miner got lucky and found a valid block header).
Offcourse, this is not the standard way of doing things, sure it's not possible if you stick to using the gui of most of the wallets and try to broadcast the transaction to a couple random nodes, that does not mean the protocol no longer allows this...

As a matter of fact, only 1 page ago in this very thread, i proved that a 0 fee transaction could still be generated... I suppose most of the people posting garbage after this post had no idear what i was posting, since they only saw a sequence of ascii characters without realising it was in fact a valid, signed transaction they were looking at:
Offcourse, i don't know any nodes that have no minimum relay fee (even my own nodes have a minimum relay fee, and i'm not about to change this), nor do i know a big mining pool operator that still accepts 0 fee transactions, so getting this transaction into a valid block is very hard, but NOT impossible!

no, you are not ignorant... The whole thing was a bit TL;, but i DID try to read it (altough i did skip some parts because they were so erratic is lost concentration)... This guy doesn't know what he's talking about OR he does know what he's talking about but he's trying to scam by feeding people nonsense.

You are asking the right questions and making the right assumptions.
- If he cannot sign a message that can be verified using an address that was funded by >0.5 BTC, it's safe to assume he either doesn't have 0.5 BTC, doesn't know the slightest thing about BTC or does not want to share his address.
- If you can't open the .onion link while you're using the tor browser, it's not valid, AFAIK there is no "members only" darkweb (altough there are "members only" marketplaces and forums on the darkweb, but that's a different subject)

For everybody saying it can't be done:


You can use any online transaction decoder, like (for example) https://live.blockcypher.com/btc/decodetx/ and verify that
1) the transaction has 0 fee
2) the transaction is signed

However, if you ever want this transaction to end up in a block, you'll need to find a mining node that:
1) still accepts 0 fee transactions
2) includes those transactions into the block the miner is trying to solve

I guess those miners should still exist, but i don't think they'll be easy to find tough...

BTW: if you're a pool operator, don't include this transaction as a favour, it's just spending an unspent output to fund exactly the same address, so it's a moot transaction

Indeed, you'll be able to copy/paste the address from the wallet software, you do not have to type it in manually, and normally a new receiving address gets derived each time the previously generated address was funded.

No, normally the hardware wallet does not receive any information about balances (at least not for the wallets i own). There would be no reason for this either, and it would decrease the security if this information was also sent to the hardware wallet and stored in it's memory. Most hardware wallets do have a display, but usually it's used to let you enter your pin number, or show information about a transaction you're about to sign, or allow firmware updates,.... all that kind of stuff. A hardware wallet isn't a real "wallet", it's basically a lockbox that stores your xprv, derives private keys and uses them to sign things (transactions, messages) on the hardware wallet itself.
It is indeed the desktop wallet that keeps track of all unspent outputs funding your wallet... The desktop wallet does allmost all the work, everything except signing.

So simplified, the hardware wallet workflow of most hardware wallets would go a bit like this:
Desktop wallet => receives xpub and derives addresses
Desktop wallet => monitors blockchain for unspent outputs funding derived addresses
Desktop wallet => creates a new transaction spending unspent outputs and funding an address of your choice
Desktop wallet => sending unsigned transaction to hardware wallet over usb
Hardware wallet => validating unsigned transaction, deriving the correct private key(s) for signing
Hardware wallet => showing info about validated transaction and asking user for confirmation
Hardware wallet => signing unsigned transaction
Hardware wallet => sending signed transaction back to Desktop wallet over usb
Desktop wallet => broadcasting transaction and keeping all meta-data about transaction
Desktop wallet => updating balance as soon as transaction gets confirmed

As you can see, in this simplified explanation, the only thing that gets sent to the hardware wallet is the unsigned transaction, and the only thing sent from the hardware wallet it the signed transaction. No key ever leaves the device.


i wouldn't recommand it


No, in my opinion it wouldn't be safer... Virtual box images are still images stored on your local disk, input is still captured, clipboard content is shared,... Altough i feel we're comparing apples to oranges here, i can only say that the isolation level of a virtual machine is lower than the isolation level of a hardware wallet. A decent hardware wallet will be unable to send the xprv or derived private keys, while i can still think of ways to steal an encrypted wallet from within a virtual machine.

No problem, i'm always happy to help out a new user when he/she is asking legit questions that can't be answered by a simple search


Sounds strange to me, i guess you're mixing up something here, cause afaik electrum doesn't come with an integrated exchange... So i don't think you're able to buy BTC directly from within the electrum interface... Are you sure you're not just clicking on electrum's receive-tab, then copy the address and enter it at whatever exchange you're purchasing BTC at?
If that's the case, not much will change... A hardware wallet usually comes with wallet software included, some are even compatible with electrum... So you can keep using electrum as your wallet, the only difference is that the xprv, derived keys or seed never touch your computer... All the signing goes on in the hardware device. Electrum (or the HWW manufacturer's propriatary wallet software) just monitors the blockchain for transactions funding one of the addresses derived from the xpub coming from the xprv stored on your hardware wallet. If it finds unspent outputs funding one of your addresses, it calculates your balance and it let's you create an unsigned transaction. Once the unsigned transaction is created, it's sent to the hardware wallet. The hardware wallet will usually show info about the unsigned transaction it received on it's screen and ask you to confirm you want to sign the transaction ON the hardware wallet. Once the transaction is signed, it's sent back to the wallet software which broadcasts the signed transaction.



Yes, just like electrum, most hardware wallet are backupped by a seed phrase... Just make sure you never store this seed phrase on an online medium


Same answer as above . Most hardware wallets are bip39 compatible, so you can usually restore your hardware wallet on any bip39 compatible software wallet... This basically means you can import the hardware wallet's seed phrase into electrum in case your hardware wallet breaks and you need to access your funds right away or you don't want to buy a new one (you just need to know the correct derivation path). However, if you do this, you lose all the additional security your hardware wallet provided.


I own a ledger HW.1 (no longer in production), a ledger nano S, a trezor model T and a trezor one.I never had any complains about any of the ledger or trezor products so far... IIRC, the HW1 cost less than $20, i think the most expensive one was around ~$100, which isn't a lot of you're serious about crypto


That's correct, at least if you're talking about any of the hardware wallets i own. There are wallets out there that have an alternative mode of communication.


Theoretically, yes... I know trezor's code is completely open source tough, and both ledger and trezor are public companies with real people working in them... If you buy some second hand device from ebay, chances are it's tampered with, and either somebody is trying to let you use a pre-initialised device (never use a pre-initialised device, the person who pre-initialised it has the seed and can restore your wallet on his own device afterwards) or there have been rumours of second hand devices that have been tampered with... But if you buy straight from an established manufacturer, you're 99,99% safe

Exactly!

My post was not talking about web wallets that do not give you access to your keys and just use a central hot wallet while credting user's account balances in a (relational) database.
Such an online wallet is just 1 single wallet to the outside world, no matter how many accounts exist on their service.

I don't care if an online wallet does not charge a fee to update 2 records in their private database... This is completely beside the point... As a matter of fact, i'd recommand everybody to stop using online wallets

I've seen a lot of wrong answers, and a lot of right (but incomplete) answers. So i'll try to give a complete answer this time

1) It IS possible to create a transaction with 0 fee... But the developers of a lot of modern wallets edited the functions of their programs so 0 fee transactions can not be created... If you want to create a 0 fee transaction, you can do it using the createrawtransaction command of bitcoin core (either from the cli or from the debug window), you can also use the electrum console... There might be other wallets that still allow 0 fee transactions to be generated, but bitcoin core and electrum are the wallets i've actually used for creating 0 fee transactions. Do be carefull here: there is a difference between CREATING a 0 fee transaction (which is easy) and getting the 0 fee transaction BROADCASTED to the network (which is hard).

2) the first main problem AFTER you created a 0 fee transaction is getting it relayed... A transaction will ONLY have a chance of ending up in a block IF it ends up in the mempool of the node of a miner first. A lot of nodes have a minimum relay fee, but if i'm not mistaking, a node owner CAN still modify the minimum relay fee and set a custom parameter so there is no minimum relay fee... The problem is that most nodes do have a minimum relay fee, so won't relay your transaction, so the odds of a 0 fee transaction ending up in the mempool of a mining node is small

3) the second main problem is that a miner has no incentive to add a 0 fee transaction. Historically high priority 0 fee transactions were added to blocks by the miners, but i don't think nowadays miners still honour high priority transactions

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst
Seems like the biggest vulnerability  was fixed in electrum 3.0.4, i don't think later versions have vulnerability's that can be exploited in order to steal funds...

If you are sure that the version is > 3.0.4 on both wallets AND you're sure your network wasn't breached, your W10 was up to date and your virusscanner was also up-to-date and nobody had physical access to your wallet or seed, mindrust is probably right: the odds are big your email is compromised.

It seems like the thief doesn't mix unspent outputs that fund different addresses when he's spending them:

https://www.walletexplorer.com/address/1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV

It seems he pulled off 3 other heist, and he emptied out his wallet by funding 2 addresses:
https://www.walletexplorer.com/wallet/f09174452800a131
https://www.walletexplorer.com/wallet/9cf87764f8042160

The only thing you can do now is monitor the wallets and see if at one point he funds known addresses. If, for example, he funds an address that belongs to an exchange wallet, you can always contact the exchange and explain your situation... However, odds are pretty big he uses a mixer or exchanges those funds to untraceable crypto currencies using unlicenced exchanges... In this case, there's not much you can do.
Even if he doesn't mix his coins, and deposits them to an exchange/casino/online wallet/..., odds are pretty big the owner of the site he's depositing to will do nothing to help you out.

Please, never use the compromised wallet again, reset your email password, check and double check your OS (a reinstallation might be needed if you're not 100% sure your OS is clean).
Download a clean copy of electrum from the official source and create a new, clean wallet, encrypt it with a strong password, WRITE the seedphrase on a piece of paper and store it in a secure spot before you fund your wallet with any crypto ever again...

If you care about your crypto, i might even suggest switching to a hardware wallet. None of my ledger or trezor devices failed me (so far).

Let's start from the beginning:

• Which version of electrum were you using?
• Was your wallet encrypted (did you use a password?)
• From where did you download your electrum wallet?
• Which OS are you using
• Does your OS have a firewall and virusscanner?
• Do you install unknown software on your OS?
• Are you willing to share the transaction id?
• Are you 100% sure you didn't empty out the wallet yourself, are you sure your spouse/parents/flatmates/children didn't do it (are you sure nobody had access to the seed phrase.)
• Where did you store the seed phrase?

There was a vulnerability in older electrum versions, and there was a warning about fake electrum versions floating around on the internet... It could also be a virusinfection you got when installing unknown software OR it might have been somebody with access to your seed or your wallet...

That being said: transactions are irreversible, especially after they've been included in a block and a couple other blocks are found afterwards... Bitcoin is also pseudo-anonymous. It's possible to follow the unspent outputs, but if the thief knows what he's doing, it'll be very hard (if not virtually impossible) to link the thefth to an IRL person.

You can always use op_return to store data in the blockchain without increasing the utxo set: https://en.bitcoin.it/wiki/OP_RETURN
But like Pmalek already suggested: other blockchain implementations (like ethereum) are better suited to store data...

https://etherscan.io/tx/0x2d6a7b0f6adeff38423d4c62cd8b6ccb708ddad85da5d3d06756ad4d8a04a6a2 (click on view input => UTF-8), source: https://cryptobulls.info/chinese-student-censorship-ethereum

I don't think the fact that LN adoption isn't that high at the moment has little or nothing to do with the low price... You said it yourself: the fees are really low atm, so at this point in time, there is little incentive to use the LN to cheap out on transaction fees/get included in a block fast.

At times of an average fee of 400 sat/byte, i guess the LN adoption might increase, and at that point, the LN might have a positive influence on the price, but not at this point in time.

The lightning network has other benefits tough... It's not only a layer to cheap out on fees...

I find it strange to see debug output on the console... I have written a service script to automatically (re)start my daemon in case of a reboot or a crash, but if i remember correctly from the last time i manually started a daemon, the output was minimal....

Like the others have said, the output of the debug.log and the content of bitcoin.conf (minus username, password or tiken) could help...

It might also be a good idear to give some extra info: which walktrough were you following, which lightning daemon were you installing, were you installing on a physical machine or on a vps (+specs).

If you used the default ports following command should also work to check if bitcoind is running (it checks which process is listening on port 8333):

lsof -i :8333

Or,
ps -ef | grep bitcoin
But you already tried this if im not mistaking

Ps: i'm not @ the office, so any command or recommandation i give is from memory... Typo's can happen

I agree with mdayonliner, and i'd like to add that 99.9% of cloudmining sites are ponzis or scams.
If some site is asking for a deposit in order for you to withdraw, they are scamming you...

If somebody were to give you a 0.001 loan, and you would send this 0.001 to the cloud mining site, my experience tells me the cloudmining site would just keep "your" 0.001 and still not let you withdraw..
The end result would be that the lender would be out of 0.001, and you would walk away since you have no means of repaying... The only winner would be the cloudmining scamsite

I'm renting a couple dedicated servers, my nodes are running 24/7, 365 days a year... I can only imagine most nodes that have an uptime of more than 2 weeks have allmost the same setup as mine...
I'm currently posting from my bed (using my phone), but if you haven't found a node you could connect to by tomorrow morning, i'll dig up an ip of one of my machines.

That's not a good idear at all... For example, if i had some kind of grudge against somebody, I could just copy one of their original posts and paste it on my blog with a backdated timestamp, so it looks my blog article is older than the original post my victim made... Then i could just click the button => BAM autoban.

I could even up my stealth so i wouldn't face any punishment if somebody found out the victim was autobanned due to my scammy methods... I could simply register a free .tk domain, then create an account on a free webhost and create a blog there (all over a VPN or tor)... Then copy somebody else's work and post it on my blog with a backdated timestamp... Then i could create a newbie account on bitcointalk over my VPN or tor, and get a senior member autobanned... Sure, maybe the ban wouldn't stick, but the member would still lose access to his/her account for a while untill the admin has time to look at his ban appeal and unban his account.

I'm not in favor of an automatic ban mechanism...

For the rest of this thread: i'm not a political person... I , personally, wouldn't like to see somebody getting severely punished because he or she copied my work, but i completely understand if other members do have severe problems if their work gets copied... It's against the law to plagiarise in many places around the globe, so i completely understand Theymos has to make a point here, it probably would reflect poorly on him if he let people plagiarise without punishment.
I wouldn't be opposed to the fact of unbanning somebody if the violation happened a long time ago, and if the member has behaved in a suitable manner for a long, long while. In the law of my country, there's something called a "verjaringstermijn". It basically means that if you commit a crime, you can only be punished for this crime the next x years after the crime. The amount of time needed for a crime to become "unpunishable" depends on the type of crime.
I don't know if there's something similar in the US (afaik, that's where the bitcointalk server is hosted), but i can imagine a member who joined in 2010 and commited the crime of plagiarism once in the first year he's a member but never commited the crime again in the next 8 years (while still remaining an active member) could potentially fall into a different category than a shitposter.

Well... True, to some degree...
If you need to figure out which addresses belong to the same wallet based on grouping addresses whose funding unspent outputs have been used together as an input for a new transaction AND combine this with knowledge which of these addresses are publicly known AND calculate potential taint to discover which wallets might belong to the same user and/or which addresses were funded by potential criminals, usually I don't think you'll manage by just using your brain (exept for simple or clear-cut cases).

At some point, you'll need a good analytic tool, you'll need a good database and a good algorithm to analyse the data for you... And since i don't have a problem saying that i don't have the funds, the time, the team nor the knowledge to pull off a full analysis, i'm happy to use a premade tool... This does not mean you should drop your guard, you always have to use your due diligence when using outputs from an external tool.

I actually made this bingo a while ago... No offence, but i guess this is the perfect opportunity to start a game:

Join the Game

Join the Game

The original idear was from o_e_l_e_o, and i'm currently working on a beta version using the images i got from him... Stay tuned