coins.ph didn't got hacked. Coins ph has a good security because to register, it requires you to input your valid id and a picture of yourself with your valid id. I think that you're just being hacked by phising site which requires you to confirm your personal information including your email and password. Always remember the original site of coins ph or use their application so you can avoid being hacked.
Well... I've never used coins.ph in the past, and your end conclusing is defenately correct (make sure you're visiting the correct tld), i wouldn't go as far as to say a site has good security because they implemented KYC validation. Did you ever have the chance to vet coins.ph's sourcecode? Do you know if they store the bulk of their funds on a hot wallet? Do you know if they store private keys on a web-accessible db? Do you know their encryption scheme? Do you know their employee's hiring policy? My point is pretty simple: losing funds from a web wallet can come from 2 sources: either you did something "stupid" (like following a phising link, getting your PC infected, ...) OR the wallet provider did something stupid (like getting hacked). All the KYC regulations in the world won't protect you agains the second attack vector (the online wallet provider). By using open source, community vetted, wallets... Either (airgapped) desktop wallets, hardware wallets or paper wallet, you seriously decrease the odds of losing funds, since you run your own wallet. Just my 2 satoshi's tough... |
|
|
|
Who guarantees the integrity? A central authority? The existing community?
What if a new member decided to join the community, he'd have to trust either the central authority or the "old" community (the community members that once had access to the full blockchain before it was pruned). Doesn't sound like something i'd want to be part of.
It's guaranteed by blockchain itself. You can not add or replace anything in the existing blocks so you can be sure that "this unspent output" is valid since the block which contains this transaction does not break blockchain integrity It's true that currently, you cannot change anything in a block because it's a blockchain. The header of the next block contains the hash of the header of the previous block, the merkle tree of the transactions, a nonce and some other data that isn't interesting in this discussion. So, pruning leads to this situation for a newcomer (unless i'm missing somehting here): Block height x header: version, hash of header of block x-1 that cannot be verified, merkle root, time, nbits, nonce Block height x+1 header: version, hash of header of block x, merkle root, time, nbits, nonce Block height x+2 header: version, hash of header of block x+1, merkle root, time, nbits, nonce It's the very first line that's interesting: nobody can verify that the hash of the header of block (height x-1) is correct, because we collectively pruned that block if we'd followed your proposal. Sure, people that were here since the beginning should have no problem with this, they once stored block height x-1, so there would be no reason not to trust block height x's header... But if a newcomer would enter the community, he'd just have to assume that block height x's header is valid, but he'd have no way to independently verify this. This would also mean he'd have no way of knowing his UTXO was built correctly, unless somebody was sending him all historic blocks, which cannot be done if they were collectively replaced by empty placeholders like you proposed. Now, bitcoin core already allows you to prune your blockchain locally, and as long as some people still store the complete blockchain, everything is fine IMHO. You can even switch to an SPV wallet if you don't want to sync, but the moment everybody prunes the first couple of blocks, new members would have to start trusting other members instead of being able to verify everything themselfs. This might still be fine in the beginning (eventough i think it's not fine), but in the end we'd have to start trusting a decreasing number of people that once stored the very first blocks, centralising the trust to these individuals. Sure, it's a moving chain, and as long as you were there from the start you can prune whatever you want and still trust the whole system... It's just that if you were not there from the start, and you only trust yourself (like you should do), you're starting to see the problems. |
|
|
|
If every node in the network would prune block 1 and 2 (since all unspent outputs created by transactions in these blocks were now spent), how would the network ever know about unspent output c? It would be impossible for somebody to verify where unspent output c came from... We would just have to assume unspent output c exists, funds address 1b and is valid?
there is no need "to verify where unspent output c came from" as blockchain integrity guaranteed it's enough to know that this output is not spent yet Who guarantees the integrity? A central authority? The existing community? What if a new member decided to join the community, he'd have to trust either the central authority or the "old" community (the community members that once had access to the full blockchain before it was pruned). Doesn't sound like something i'd want to be part of. |
|
|
|
I think the odds are pretty good that this is just one of the many phising attacks... It doesn't mean coins.ph is hacked... But the only way to gain some certainty is if the OP would post the email's headers.
the email came from info@coins.ph. How did they get the domain name if not hacked ?? Post the contents of the email here and we'll tell you exactly how you are wrong. Exactly... Here's some light reading in case you're interested: https://www.google.com/search?num=100&newwindow=1&q=how+to+spoof+email+address&oq=how+to+spoof+email+addresLike i said, we need to see the email's headers in order to find out if the mail was actually sent by coins.ph or just spoofed by a scammer. |
|
|
|
I would guess that it is the name of the email sender rather than the email address. This is a common phishing attempt for paypal users and now they are targeting crypto. However, this crowd is a bit more of a techno crowd so are less likely to fall for those email phishing scams
You'd be supprised how many newbies are using online wallets and have no clue about what's really happening underneath. I think that a phising mail sent to a big email list, attacking a well-known service, will probably result in several victims each time it's being sent. Not that i have any data to support this claim, but i've been around this community for a long time, and i've had to tell a lot of newbies their funds were irreversibly stolen because they trusted an online wallet, and fell for a phising mail.... |
|
|
|
I got an email from info@coins.ph that I have received Bitcoin but I do have an any account with http://coins.phlooks like coins.ph got hacked. Be careful with other bitcoin wallets. This is the correct address: https://coins.phHow can you say if got hacked if you received bitcoins? Usually a hacker would emptied everything, so you are lucky if you got something in your wallet right now. And this is their blog: https://coins.ph/blog/I haven't seen any news about this hack that you are talking about. Edit: This is their official thread here: https://bitcointalk.org/index.php?topic=1558587.0I don't think the OP posted an exact copy of the mail he/she received. If i had to guess, the original mail probably contained a link to a phising site instead of coins.ph, and if the OP would have had an account on coins.ph and would have fallen for the phising mail, he would have entered his credentials on the phising site to check for the incoming transaction. At this point, the attacker would have had the chance to capture OP's credentials and use them to log in to the real coins.ph and drain OP's account. I think the odds are pretty good that this is just one of the many phising attacks... It doesn't mean coins.ph is hacked... But the only way to gain some certainty is if the OP would post the email's headers. All of this being said: using an online wallet is NEVER a good idear IMHO... This is, once again, proof of one of the many things that can go wrong if you trust a thirth party to manage your wallet online. |
|
|
|
i am newbie here in bitcointalk forum i want to learn to gain merit because you cant be promoted if you dont have a merit.
can any suggestion how to make a effective topic? because all topics here in bitcointalk is usual to all in crypto.
please help me to make a topic that effective to gain a merit
So, if i get this correctly, you're having troubles gaining merit because all topics opened on BITCOINtalk are talking about CRYPTO? If i got your OP correctly, i have some bad news for you: this is a crypto forum. If you're not interested in learning about crypto, asking crypto-related questions and helping other crypto-enthousiasts, you have no reason to be here. I you're serious about "gaining merit", just start reading, learn, and once you've gained some knowledge, start sharing this knowledge with others... Don't spam, don't give advice about topics you know nothing about,... And don't open topics about gaining merits. Just by opening this topic, you got yourself a spot on my ignore list (not that that's a real problem, i usually reserve my merits for really, really, really interesting posts, so you're not losing a lot anyways). |
|
|
|
Having spent most of my early days programming in basic assembly language, I still have a slight mistrust of "high level languages". However, I realise that computing has become so sophisticated now, and one needs to support a wide variety of platforms. I'm going to need to write a couple of programs for some upcoming projects, and I'm not sure that PHP is the best solution. I've been downloading the free eBooks from PackT, and I notice that many of them are guides for Python, and include books for specialist topics. I haven't started to read them yet, as I wanted to make a decision on the best language to start my experiments.
Do any of you guys use Python, and what do you think of it?
I use python all the time, both for hobby projects, crypto projects and my IRL job. Like TheArchaeologist already said: there are tons of libraries available, even for crypto related projects, making your life a lot easyer  |
|
|
|
Very sad... Did you read the TOS? Was the $5 mentioned on their website, on the screen of the ATM, somewhere? If not, i'd probably demand my $5 -$0.14 (the actual fee) = $4.86 back... The way i see it is that they can't just charge whatever they want... They have to be clear about all the fees they'll charge beforehand... But that's just my personal opinion These bitcoin atm machines have a purpose and it is not for general trading. They are used either for convenience or totally anonymous trades. Usually these are proceeds from criminal activity looking to either store wealth or covert dirty funds
Do you have any proof for this claim? I've met several people that have used ATM's, and none of them did this to convert money from criminal activity or launder money. The people i've met used the ATM's because they're a fast and easy way to invest in BTC... You don't have to learn how exchanges work, you don't have to go trough the process of identifying yourself, you don't have to make a trade,... |
|
|
|
|
One thing isn't 100% clear to me tough... In your OP you said "It only cost you pennies to send me the bitcoin (I think 8 cents).".
Do you mean they only added a fee of 0.00001146 (8 cents) , or do you mean they could have gotten away with a 0.00001146 (8 cents) but added a 0.0007165 (500 cents) fee nontheless.
In the first case, i might even think about calling it a case of semi-robbery, unless they clearly stated in their TOS that they always substract $5 to cover the fees, but they'll use a fee that is appropriate at the time of creating the transaction, even if the fee is lower than $5. In this case it's just bad business practices.
In the second case, they're incompetent. Using fixed fees is a thing of the past.
|
|
|
|
It must be unbearable to use a gnu/Linux environment on a smartphone/tablet. Unless your device has 2 Go Ram at least, the system must lag most of the time (?) I won't even try to bother with it otherwise the tablet may go through the window You don't need 2 Go to run a gnu/Linux distro... For example, Lubuntu will run perfectly smooth with 1Go, arch linux will run fine with 512Mb. If you don't need a window manager, you can even run smoothly with less resources (altough i'm pretty sure you'll need a window manager when you try to run a linux distro on your tablet tough). If you know what you're doing, you can even install slax, i've seen it run on systems with 64Mb of ram |
|
|
|
Newbie here, Just getting my feet wet here, Hoping to better understand these terms and their consequences.
Hoping to start with lite coin or bch, Any thoughts on these hard fork news? Thanks!
Your title does not reflect the rest of your post... To answer your title: the BCH fork has already happend quite a while ago... The situation you see today is what happened after the fork: nothing really. The forked chain exists, it's being traded, people that had controll over unspent outputs before the fork now have unspent outputs on both chains... That's about it To answer the second part of your question (the question asked in your post): i personally feel there's a big difference between LTC and BCH. Ltc was the first clone, they changed the POW algo (and some other parameters) and re-built their blockchain right from the genesis block. BCH is a forked off chain, they kept the historical blockchain database from BTC and only at a certain blockheight they decided to fork. Personally, i'm a bigger fan of LTC, but that's just my personal opinion. It's up to you to decide which (alt)coin you'd like to invest in, i don't think any of the two coins you asked about will dissapear any time soon (once again: my personal gut feeling) |
|
|
|
If the hash is bigger than the target, return false.. So if the hash is smaller than OR EQUAL TO the target, true is returned... #1 is correct (if i'm not mistaking)
Let's break this down to a simple example: Target = 10
Scenario A: Check value 9
Scenario B: Check value 10
Scenario C: Check value 11
Code
return = true;
#Scenario A:
if (9 > 10 )
return false;
#Scenario A: returns ->true
#Scenario B:
if (10 > 10 )
return false;
#Scenario B: returns -> true
#Scenario C:
if (11 > 10)
return false;
#Scenario B: returns -> false
Conclusion: EQAUL TO (as in scenario B) returns true, meaning it is accepted. In other words: #2 is the correct one. I'm on my employer's laptop, which only has php installed, so i wrote this analogy with the code: <?php
$target = 10;
$hash = $target - 2;
$end = $target + 2;
while ($hash < $end)
{
echo "testing hash $hash vs target $target => ";
if ($hash > $target)
{
echo "POW does not match claimed ammount\n";
}
else
{
echo "OK!\n";
}
$hash++;
}
?>
response: testing hash 8 vs target 10 => OK!
testing hash 9 vs target 10 => OK!
testing hash 10 vs target 10 => OK!
testing hash 11 vs target 10 => POW does not match claimed ammount
Since the OP was: I still think #1 is correct, the function will return true if the hash is lower than or equal to the target  EDIT: after re-reading your reply and noticing your conclusion was the same as mine: the hash has to be lower than or equal to, i just realised one of us is just misinterpreting the OP...
We both conclude that hashes lower than or equal to the target are fine... It's just that my interpretation of sollution one is exactly correct, while my interpretation of sollution 2 says that only hashes lower than the target are true (which is not correct if i'm not mistaking)...
|
|
|
|
Spamming my own website here, since it solves your problem  http://www.mocacinno.com/listmempool.php?verbose=0If you fill the captcha, you should see every transaction in my mempool at this moment... Since they're in my mempool, they should be unconfirmed (unless a new block has just been solved and it hasn't been relayed to my not yet) If you want more info, change the verbose parameter to 1 [d9b4d5b00b51f8413659a20b86eef7d218a90706baabad98fd33eaaf739f8a9c] => Array
(
[fees] => Array
(
[base] => 2.79E-6
[modified] => 2.79E-6
[ancestor] => 2.79E-6
[descendant] => 2.79E-6
)
[size] => 142
[fee] => 2.79E-6
[modifiedfee] => 2.79E-6
[time] => 1535617315
[height] => 539165
[descendantcount] => 1
[descendantsize] => 142
[descendantfees] => 279
[ancestorcount] => 1
[ancestorsize] => 142
[ancestorfees] => 279
[wtxid] => c62e4dc3c285dc792769f0792b2955bff321f9b315caab09a36b289ba6773b4e
[depends] => Array
(
)
[spentby] => Array
(
)
)
|
|
|
|
bool CheckProofOfWork(uint256 hash, unsigned int nBits, const Consensus::Params& params)
{
bool fNegative;
bool fOverflow;
arith_uint256 bnTarget;
bnTarget.SetCompact(nBits, &fNegative, &fOverflow);
// Check range
if (fNegative || bnTarget == 0 || fOverflow || bnTarget > UintToArith256(params.powLimit))
return false;
// Check proof of work matches claimed amount
if (UintToArith256(hash) > bnTarget)
return false;
return true;
}
Code doesn't lie So I agree it should be #2 then. Another case where the (official) documentation doesn't project the reality then! Anyhow, learned something again If the hash is bigger than the target, return false.. So if the hash is smaller than OR EQUAL TO the target, true is returned... #1 is correct (if i'm not mistaking) |
|
|
|
|
why is your mixer using cloudflare's ssl? Do you realise cloudflare will be able to decrypt all data between your customers and yourself? I'd encourage you to buy your own SSL certificates and move away from cloudflare asap if you want to be taken seriously.
Even letsencrypt certificates would be a hell of a lot better than cloudflare's on such a privacy-centric service (don't get me wrong: cloudflare is great if you're not a service that would require absolute privacy... I've been using cloudflare on my sites for a long time, but then again: i don't even allow useraccounts to be created on my sites...)
|
|
|
|
|
I wouldn't say you need collateral, I'd rather say you need an escrow...
Find a TRUSTED forum escrow and escrow an amount larger than the sum of the value of all pending mixing orders you expect to have hanging at any given time.
Then make an ironclad agreement and always give a signed message as proof you'll start a mixing session...
This way, if you would run with your users funds, the escrow will just reimburse your victims with the escrowed funds and put a red tag on your name so you can't make new victims.
I know it sounds harsh, but you're a new, unknown member that hasn't invested anything in our community, and from the way I see it, this could just as well be an inventive scamming method instead of an honest business proposal.
In case you are for real: good luck with your business!
|
|
|
|
On the one hand, this is the right decision, because many of these applications are scammers. But on the other hand, it can badly affect the bitcoin exchange rate.
Still not see what is profitable to mining by mobile phone, because risk our phone can broken is really big. Even mining with our PC have big risk too, that is why people not mining BTC nowadays and start to mining with GPU. Sorry to tell you, but GPU mining btc hasn't been profitable in years... You need a latest gen asic and a good electricity rate. The misconception about GPU btc mining is so widespread I even included CPU's and gpu's in my profit calculator: https://www.mocacinno.com/mining/Even if you pay no power and you have some of the best gpu's money can buy, you'll only make cents a year, defenately not enough to ever repay you investment in GPU hardware |
|
|
|
On the one hand, this is the right decision, because many of these applications are scammers. But on the other hand, it can badly affect the bitcoin exchange rate.
If the exchange rate drops because google removes scam apps, it would have inevitably have dropped after the users of those apps started posting about the fact they were scammed anyways... Sorry to hear some legit apps were caught in the crossfire tough. |
|
|
|
If you want to use the wallet with the big security. Come on all the wallets are same to use it you missed to keep the fund safe with all the private key secured wallets. I do not know wallets completely secured even you do the mistake.
Common mistakes like private key sharing and phishing site access is the biggest problems to get scammed. Here are suggestion. Electrum, Multibit. Blockchain and Exodus.
It's quite hard to understand your post to be honest, but about your suggestions: Electrum: sure... It's a desktop wallet and should be fine to store a limited amount of funds on a clean PC with a recent version of electrum, up to date os, firewall,.. Multibit: is no longer supported!!! Blockchain: is an online wallet, thus shouldn't be suggested as a safe wallet Exodus: never used this one myself, I have no idear whether it's safe or not |
|
|
|
|
Show Posts
