Hard NACK. Sometimes I have a hard enough time just loading in the forum to read it via Tor, captchas, cloudflare, etc., let alone make any posts.

Rather than making things more difficult for real users, we should just try actually enforcing the rules for a change and ban the spammers. It's not a difficult thing to do.

As I explained above, his computer had malware. There was no vulnerability with Electrum - he simply used it in an insecure way.

Hardware wallets are much safer, yes, but they are not invulnerable to hacks, malware, vulnerabilities, etc. Complacency and thinking that your wallets are impossible to hack is often the first step in losing your coins.

That hack had nothing to do with Electrum and everything to do with the fact the user in question was using a hot wallet on a machine which had malware on it. No wallet software can protect against that.

There is nothing else he could have done in regards to installing Electrum itself. The steps he should have taken include not using a terrible OS like Windows and ending up with a device full of malware, not installing spyware software such as Google Chrome, and not using a hot wallet in the first place. If you install any hot wallet on an insecure machine, then your funds are at risk.

You can use Electrum safely by setting it up as a cold wallet or as a multi-sig wallet, or you can use a hardware wallet instead. But if you are going to use it as a hot wallet, then it can only ever be as secure as the device it is installed on, which in this case was not secure at all.

Even more ridiculous in this case since the user owns a Ledger device, but just didn't use it.

Yeah, either FinderOuter as linked to above or btcrecover. Try both and see which one you get better speeds on given your hardware. And make sure to try btcrecover with GPU acceleration as well, as that can be an order of magnitude faster depending on your hardware.

As DaveF rightly says though, 10 missing characters gives you 58¹⁰ possibilities, which is in the region of 430 quadrillion. Even if you can get up to 1 billion possibilities a second, that's going to take you over 13 years to exhaust the search space. For reference, a reasonable home computer can probably manage somewhere in the range of 1-5 million possibilities a second. You'll either need some very powerful hardware on an awful lot of time.

I've not tried it on Windows, but there are Windows releases on GitHub, so it should work fine - https://github.com/Coding-Enthusiast/FinderOuter/releases/tag/v0.16.0.0

Then you are wasting your time. If it was possible to break in to, someone would have done it already.

There are plenty of pieces of software out there which will do this. btcrecover as mentioned above is one such piece of software. You can either give it a text file listing all the passwords you want to try, or you can create what is called a tokens file which is essentially a list of instructions on how to generate passwords. In this case you would create a tokens file telling it to try something like every combination of YYYY-MM-DD within a given range, and it would generate the passwords on the fly as it tried them all. You direct the software to a copy of your the wallet file you are trying to decrypt, and it will simply cycle through all the passwords you provide and try them as quickly as your hardware will allow.

The same software can also be used to do things like brute force missing characters from private keys or missing words from seed phrases.

What are the first two characters of your 66 character key?
What are the first two characters of your 130 character key?
What software or method are you using to convert from one to the other?

It sounds very much like you public keys, and not private keys. Public keys only let you view your addresses and not spend any coins. Where did you get these keys from? Are they from your own wallet or did someone give them to you?

A raw bitcoin private key before you convert it to WIF will be 64 characters long, not 66 or 130. You cannot convert public keys in to WIF.

Yeah, just use btcrecover and set up an appropriate tokens file. Even with a fairly modest GPU, you should be able to brute force 1,000 passwords a second or more for a Core wallet file.

First see if you have any other old documents from your father in which he wrote the date - letters, spreadsheets, emails, etc. - and see what format he used. If he used that format for the password, then btcrecover could try every date in the last 100 years in about 30 seconds. Failing that, then you would need to try every other possible date format. This includes two or four digit years, digits or written words for the month, including short and full names (Jan/January), as well as every possible ordering, and every possible separator (/ - . etc.) But even then, you should be able to cycle through all that for every date in the last 100 years in a couple of hours.

If there is something else in the password, such as a time, or a location, or a name, then things become exponentially more complicated.

No, I wouldn't trade off-DEX with a complete stranger. I've traded face to face with complete strangers before, but always via a DEX where the bitcoin involved will be locked in an escrow prior to meeting to hand over the cash. But now a lot of my trades are done without a DEX because once you've traded with the same person hundreds of times, you may find you have enough mutual trust to just message each other directly and send coins directly without using a DEX.

Bisq charges fees which are spent on funding the DAO and future development, yes, but arbitrators don't set those fees and I would be surprised if the number of arbitrators has any impact on the trading fees.

Bisq doesn't use a reputation system like that, so that wouldn't work on Bisq. Other sites such as HodlHodl let you view the profiles of everyone who has left a user feedback, so you can easily see if they are all fake accounts with only 1 trade.

You should obviously be moving any other coins on wallets from that scam site to a more secure wallet if you haven't already. But as you say and as discussed above, you made a lot of mistakes in your whole process, so I wouldn't trust any wallet you made that day (or any other day in which you followed the same steps).

It's fair to say at this point that it is not a bug but rather it is actively malicious. The owner was made aware of the issue, apparently removed it temporarily, and then reintroduced it. The malicious code is also years old at this point with hundreds of reports of people losing their coins. There is simply no way the owner is unaware of it. It continues to exist because he is actively scamming people.

This is part of the reason that I don't think anyone should use any website to generate wallets or private keys.

Many of those "unknown" blocks will belong to Foundry, but not all of them.

The way that these blockchain explorers identify the miner of a block is by looking at the arbitrary data which is included in the coinbase transaction of that block. Most mining pools tag blocks that they have mined by including their own name or a similar identifier in this data. For some reason, blockchain.com is not accurately extracting the Foundry tag from these blocks and displaying it on their website.

However, there will also be other miners that blockchain.com will be failing to properly identify, and there will be blocks which are not tagged by any miner at all, which will also be shown as "unknown".

The best thing to do would be to look up the block on a good explorer such as mempool.space (https://mempool.space/block/00000000000000000003362b9ce3fca0becc7657ed1221bc058f179fa6a94b99), and read the decoded data under the heading "Coinbase (Newly Generated Coins)" in the first transaction.

The point I'm making is that by this point it isn't a stranger. Without revealing too much for my own privacy reasons, there is another party I first met through a DEX and whom I have traded with probably 100+ times over many years, both in person and electronically. There comes a point where you have enough mutual trust to start trading small amounts without using the DEX and/or escrow, and then building from there. Obviously I would never suggest going off-DEX with a stranger.

It was convenience rather than fees, but no one is going to say no to paying lower fees in any situation.

I'm not sure if I'm misunderstanding you, but Bisq arbitrators do not set the fees, they simply moderate any disputes.

Why exactly would you want a privacy service to use blockchain analysis to spy on its users?

If the only information you have is the address, then chances are you cannot.

Most bitcoin addresses are hashes of the public key or the locking script. Hashing is a one way function and cannot be reversed, so you cannot take an address and go backwards to find the public key. However, when a transaction spending coins from that address is made, the public key will be revealed in the signature of that transaction.

So if you have an address which has never made a transaction, you cannot find out the public key (unless of course you generated that address from the public key yourself). If the address has made a transaction, then you can look at that transaction data and extract the public key from it. Where exactly the public key is within that data depends on the type of address and the transaction itself.

There are a few exceptions to the above, such as P2PK and P2TR outputs.

They weren't able to crack any size of RSA key.

The largest number they were able to factorize was 48 bits. The minimum recommended size for RSA keys is 2,048. They weren't even close, even to older 1,024 keys which are still in circulation. The RSA-100 number, which has 330 bits, was factorized in 1991, and can be factorized on a modern computer in a matter of minutes. 48 bits isn't even close to this number either.

The whole thing is a clickbait nothing burger. The difference between 48 bits and 2,048 bits really can't be understated. It would be like newspapers in 1969 announcing we had colonized the solar system after landing on the moon.

That's not quite accurate. There are also millions of coins in old style P2PK outputs which are vulnerable, and since taproot no longer hashes public keys then coins in P2TR outputs are vulnerable as well. Not to mention all the public keys which have been revealed through other means, such as SPV wallets, watch only wallets, payment processors, signed non-transaction messages, etc. And obviously the public keys which will be revealed as soon as a transaction is broadcast. Relying on the public key being hashed is a poor defense against quantum computers. Rather we will implement some quantum resistant scheme when the time comes.

Can't speak for any others, but the two that I use - HodlHodl and AgoraDesk - both do. On HodlHodl type "In Person" in to the "Payment Methods" search box, and on AgoraDesk you can choose either "Cash by mail" or "Cash (locally)" from the drop down menu.

I would add a fourth method to your list, which is "Trade with people you already know". Have you traded with the same person on Bisq a few dozen times with no issues? Have you made friends with people at bitcoin meetups? Do you have friends or colleagues from non-bitcoin walks of life who also use bitcoin? Having an established relationship and mutual trust with your trading partner can make the process so much easier, as well as potentially allowing you to bypass using a trading platform and escrow (therefore saving time and fees) provided you have enough trust with the other party.

It's a good choice on their part, but it has nothing to do with doing the right thing and is pure self preservation. The same self preservation which is making SBF plead not guilty to give him a chance to get some concessions in court, is the same self preservation which is making Ellison and Wang plead guilty. All involved know there is overwhelming evidence against them and they will all ultimately be found guilty, so they are all picking whichever path will is likely to lead to the lightest sentencing for them, even at the expense of the others.

Absolutely, especially when you consider the political connections his family have and the donations they have made.

Maybe we could try reading the actual report rather than just believing click bait headlines?


They managed to factor a 48 bit integer. So nowhere near the 2048 bits needed for RSA 2048. To do this, they say they need a quantum computer which doesn't exist and which utilizes technology which doesn't exist. If I publish a paper talking about a new space rocket design, that doesn't mean I've been to Mars.

We've known for years there are methods that advanced quantum computers will be able to use to attack our current encryption schemes. We also know that such computers are decades away. This Chinese paper tells us nothing new.

Yeah, we are going to need more information than that.

What software did you use to generate the wallet?
What are you trying to restore from? Do you have a seed phrase of 12-24 words? Do you have an electronic wallet file? Do you have a raw private key?
What have you tried so far that hasn't worked?

Once or twice, but only ever with another party whom I have traded with several times before and built up some trust and rapport with.

The main problems with cash via mail are privacy and security. The bitcoin seller must obviously give an address, and from our discussions regarding how to anonymously receive a hardware wallet, that can be difficult to do without compromising your privacy. However, if you do have a way to anonymously receive packages, then this can be an extremely private way to sell, and can be completely anonymous for the bitcoin buyer.

There is also the security of sending large amounts of cash through the mail, and how to verify that neither party is attempting to scam the other. Bisq have a great tutorial on how to do it as safely as possible here: https://bisq.wiki/Cash_by_mail. I still probably wouldn't pick it as a method with a first time trading partner, though.

This is true only if you are using old style paper wallets in which you simply print a single key pair. If you are instead using an HD paper wallet with your seed phrase on the paper, then you can of course use that seed phrase to recover as many different cryptocurrencies as you like.

The major downside to this is that most altcoins, by nature of them being vaporware or scams, do not have good open source wallet software which can operate in an airgapped manner, meaning you risk your bitcoin by restoring the seed phrase to some seedy altcoin wallet.