I strongly dislike the whole "less convenient" argument which always comes up when DEXs are discussed. The only part of using a DEX which is less convenient is clicking the actual "buy" or "sell" button at the point you want to make a trade. Everything else is more convenient. It is more convenient to sign up. It is more convenient to not have hand over all your details. It is more convenient to not have to scan your documents and complete KYC. It is more convenient to not have to wait 5 days for approval. It is more convenient to not have to link a bank account, and then wait another 5 days for your payment to clear. It is more convenient to not get hit with ridiculous withdrawal fees. It is more convenient to not wait several hours or days for your withdrawal to be approved. It is more convenient to not have your identity stolen and end up with $100,000 of debt in your name from some criminal. It is more convenient to not lose your entire stash because the CEX you chose turned out to be a scam or went bankrupt.

Imagine for a second that CEXs never existed, and using DEXs was the default that everyone was used to. A new exchange comes along and says "We are different to all the others. It is difficult to sign up, you have zero privacy, you have to risk your identity being stolen, you have zero security, you have to hand over all your coins, you could lose everything at any time with no warning and no chance of getting back a single satoshi, we'll share all your data with third parties and report all your activities to your government, we'll have random delays and downtime, frozen accounts, locked coins, delayed withdrawals, be under maintenance, insider trade, and awful customer service, but for all that it's quick when you press buy!" Who in their right mind would use this exchange?

People think it is more convenient because they are conditioned to believe that by the very CEXs which survive on them believing that.

Obviously I don't know your exact set up at work, but chances are that anyone in your IT department could probably have watched what you were doing.

Neither of those mean that the system is safe or free from malware.

Again exposing your wallet to anyone who had network privileges to view it. Additionally, the file would have been saved in the printer's own memory and could be retrieved later, and also potentially saved in your company's servers.

You have absolutely no way to know that, and you are relying on the common sense of every one of your colleagues to not download and expose the network to malware.

It is (so far) been as safe as a website can be. But be aware that websites are generally a poor choice to generate private keys in the first place, and other paper wallet websites which were perfectly legitimate for years suddenly turned in to scams and resulted in lots of people having their coins stolen. I would agree with the advice above to generate your keys using Core or Electrum instead.

Turning off the internet for 5 minutes on a computer which has had frequent or constant internet access prior to this achieves almost nothing. The process needs to be done on a dedicated airgapped computer - that is one which has never had any internet access since you last formatted it and installed an open source Linux distro, and will never have any internet access again. You also need to connect that airgapped computer directly to an old fashioned dumb printer which does not have any internal memory or WiFi capabilities.

Yeah - this is not an Electrum bug. It is a bug with the BIOS and the error message would appear directly in the terminal when you try to launch Electrum, not in Electrum itself. OP would have received this error message on launching lots of different software from the terminal, not just Electrum.

Here is a screenshot from another user experiencing the same bug with entirely unrelated software - https://www.reddit.com/r/AMDHelp/comments/itfgf4/cpu_random_generator_seem_to_be_failing/

It's possible, sure. But if there was a potential coinjoin with (say) 50 different participants, and I was holding the whole thing up because I didn't want my UTXOs to be coinjoined along side some other specific UTXOs, then the rational action for everyone else is not to ask me to share a list of the UTXOs I don't like and then double check all the other participants against my list, but rather to simply exclude me since I'm the troublemaker here. This becomes even more evident if there were two or three people like me who all had different lists of UTXOs they didn't want to be associated with.

People who don't want to be linked to other specific UTXOs simply wouldn't use this specific coinjoin protocol. Everyone else who does not buy in to the provable nonsense of taint could use the protocol freely. This essentially already happens in coinjoin protocols which do not cooperate with blockchain analysis and spy on their users (i.e. JoinMarket and Whirlpool, but not Wasabi). It would just be a case of scaling the transactions up to be much larger to make the fee for such transactions incredibly attractive to miners.

I definitely would never recommend this. Buying from an official reseller is the absolute limit of what I consider acceptable, and even then I still have reservations when compared to buying direct from the manufacturer. Buying from a random third party is just asking for trouble. You have absolutely no idea how many people have had their hands on that device or what they might have managed to do to it. Yes, good hardware wallets have built in verification process and cryptographic checks, but for every vulnerability or way to bypass these checks that is found someone has to be the first person to do so.

Probably worth point out that this was only possible because the Trezor device in question was running old firmware which contained a specific vulnerability. This was patched years ago and so this is no longer an issue.

If you've lost one of your back ups, then you simply retrieve a different one (since you should always have more than one back up) and move the coins within to a new wallet. Simple.

Losing a back up and then failing to move the coins within is a problem with any and every back up and is not unique to my method in any way. If you can't find a back up or aren't sure if you've found them all because you can't remember how many you made, then obviously you should assume the worst (an attacker now has access to that back up) and move your coins to a fresh set of wallets. This is just common sense.

I think you are a little confused about nodes and miners. Running a node does not make you miner. Running a node helps to keep the network running, helps to keep it decentralized, and provides you with security and privacy by allowing you independently verify the blockchain without having rely on third parties. But nodes do not mine blocks.

It is not the strongest who get to mine, but rather, anyone who chooses to mine by purchasing some mining hardware and turning it on.

True, but similarly there are plenty of average Joes who do mine. They can choose to lend their hashrate to any pool operator, so can choose ones which do not censor transactions and move to a new one if their current one starts to enforce such censorship. Or they can even choose to mine solo.

In the case of a sustained 51% attack against bitcoin, the censorship of a handful of UTXOs would be the least of our concerns.

The number of nodes is pretty much irrelevant to the difficulty or otherwise of a 51% attack. It is the amount of hashrate that matters.

Run a node, run some mining equipment.

Came across this site via the mailing list: https://fullrbf.mempool.observer. It's been set up by 0xB10C. You might already be familiar with some of the other tools on mempool.observer.

It is essentially keeping track of any transaction which replaces another transaction which is not opted in to RBF. Looks like there are decent number of attempted full RBF replacements with good propagation across the network, but only a few of the replacement transactions are being mined so far. The most convincing evidence of a miner opting in to full RBF thus far is for Luxor, which has a number of replacement transactions showing up in a number of their blocks. Luxor has around 2.3-2.4% of the current hashrate.

I'll be keeping an eye on this to see how things change over the coming weeks and months.

Electrum is a very good choice of wallet (and is indeed open source), but it is not necessarily a cold wallet. Electrum is a software wallet. Whether it behaves as a hot or a cold wallet depends on how you use it. If it is simply installed on a computer which you use every day and is regularly or always connected to the internet, then it is a hot wallet. Your wallet files and all your private keys are continually exposed to the internet, and such a wallet should only be used for relatively small sums of money. If, on the other hand, you install it on a permanently airgapped computer which never connects to the internet, and use a complementary watch only wallet in order to create and broadcast transactions, only then is it a cold wallet. Doing so keeps your wallet files and all your private keys permanently offline and never exposed to the internet, making it much more secure, but also harder to set up and work with than a hot wallet.

There are ways to buy a hardware wallet without giving away your personal information. You can find an official reseller in your country and buy from a physical store using cash. You can have it posted to a PO Box or using general delivery, so you do not have to give away your address. You can also buy it using a pseudonym with delivery to a different address (if you have one you can use). And of course if buying online pay using well anonymized bitcoin and not a fiat method which is traceable to your real name.

If you are planning to hold for a long period of time and transact very rarely, then a paper wallet can be a good choice. However, setting one up securely is significantly more difficult and has significantly more risks than using a hardware wallet, as does when you come to actually spend from the paper wallet. I would not recommend that your first attempt at making a paper wallet is then used to store the majority of your funds.

The site linked to in the thread you have linked (bitcoinpaperwallet) is a known scam. Do not use it! Please also edit your post to remove the link to this scam.

This is not correct. A properly set up Electrum cold storage wallet is just as safe, if not safer, than a hardware wallet. You download Electrum on a separate device, verify it, and then transfer it to your airgapped device using a USB drive. Your airgapped device remains permanently airgapped and the wallet on it never connects to anything, but simply signs transactions created elsewhere and imported using a QR code or USB drive.

Hardware wallets are usually considered a subset or a type of cold wallet. Good hardware wallets keep your private keys offline, but many of them still require connection to an internet connected device in order to operate, meaning they are not a cold wallet in the true sense of the word. A true cold wallet is usually though of as an airgapped device which is never connected to the internet. It generates and store the private keys offline, signs transactions offline, and then only the signed transactions ever touch an internet connected device to be broadcast.

A true cold wallet in this sense is safer than a hardware wallet if it is set up and used correctly, but this is often too difficult for the average person to do. In that scenario, a good hardware wallet becomes the best choice for that person.

Next up: Tim Cook says Android products are not safe and Elon Musk says Facebook is trash.

CZ is not your friend. CZ will say anything that strengthen his position and make him more money, even if those statements directly lead to users like yourself losing large amounts of their coins. You would do well to ignore 100% of the things that he says.

I remember coming across this bug before. Here's an interesting arstechnica article about it: https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/

Turning off the internet for 5 minutes while you create a new wallet, on a machine which is otherwise connected to the internet all the time and will immediately be reconnected to the internet after the wallet is created, achieves next to nothing other than a false sense of security. Any malware which is capable of manipulating your entropy or seed phrase generation will work just fine with or without an internet connection, and any malware which is grabbing your screen or logging your key presses in order to steal your seed phrase will quite happily just store what it grabs in memory and transmit it home as soon as your internet connection is reestablished.

You can PM that Reddit account, but it has been inactive for 2 years, so chances of a response are very slim.

There is an account on this forum with the same handle which was active 2 months ago. You could try PMing them as well, although no guarantee it is the same person: https://bitcointalk.org/index.php?action=profile;u=1355666

The other suggestion from that Reddit thread is to go via your PayPal history to obtain the details of the person who apparently sold you this private key. Have you tried that approach?

I would imagine that such tiny printing would be incredibly fragile. A microscopic tear in the paper or even a smudged fingerprint could render the writing illegible.

If an attacker breaks in to your home and the first thing they do is start unscrewing all your electrical sockets and taking your doors off their hinges, instead of helping themselves to your other valuables, then you have suffered a complete failure of your opsec and your privacy. There are countless TV shows and movies where people hide things under floor boards or inside walls. This is not a new concept. For an attacker to start doing this to your house, then they must already know that you own a large amount of bitcoin, your address, you have it in a wallet which only requires one back up to compromise (as opposed to an additional passphrase or a multi-sig), and that you have said back up stored on site. And if an attacker already knows all that, then you have already lost all your security.

If you forget which outlet you've hidden it in, you could probably unscrew and check every outlet in your house in under an hour. Not a huge issue.

So don't use a system where compromise of a single back up can lead to loss of coins. And simply move all your coins to new wallets when you move house.

There is a guide on the Ledger website: https://support.ledger.com/hc/en-us/articles/4404382029329. I wouldn't be following any third party guides for something like this.

Yes. See this thread for more details: https://bitcointalk.org/index.php?topic=5344317.0

I prefer true cold storage over hardware wallets, if you have the technical knowledge required to set up and use such cold storage properly. But most people don't, and it is much easier to make a mistake with a self created cold storage solution over a hardware wallet. Given that you've bought from an official reseller, if you follow the guide on the Ledger website to confirm authenticity before you use the device, then you are as safe as can be using a hardware wallet. I'm just pointing out that the things that you think are a mark of safety - such as a sealed box - are meaningless compared to the things which are actually a mark of safety - such as cryptographic signing.

That's the point I'm making though. Relying on a package either being sealed or having tamper evident seals or stickers is not a good nor a reliable way to be sure that you have bought an authentic or original device. You can buy hundreds of shrink wrap bags for less than 10 bucks which you just heat up with something like a blow dryer to shrink and seal around your package. Tamper evident stickers are only marginally more tricky than this to fake.

Each hardware wallet should have its own processes for verifying its authenticity, such as firmware being signed by the manufacturers or cryptographic handshakes with their servers. Some, such as Ledger, also provide guides on opening your device and examining the hardware itself to ensure nothing has been added or modified.

I would point out that for an attacker who is capable of tampering with a hardware wallet, bypassing its security mechanisms, flashing malicious code or replacing some internal chip with a malicious one, and still having it pass whatever verification process it has, then being able to reseal a package or forge a tamper-evident sticker is absolutely trivial and should not be relied on whatsoever.

BestBuy is however an official Ledger reseller: https://www.ledger.com/reseller

Given that Base58 has 58 characters, then there is a roughly 1 in 58 chance for the next character to match the preceding one. I say roughly because you are encoding a hex number in Base58 so it is not an exact process, and there are limits on the range of addresses.

This should not happen. It could happen, but would mean you had found the world's first SHA256 or RIPEMD160 collision. Exponentially more likely than that is that either you or the software you are using have made a mistake.

They can not. Ignoring the distinction between compressed and uncompressed public keys for a moment, then there is a one to one relationship between private keys and public keys.

They should not result in the same address. Can you share these two pubkeys so we can check?

It is not simply a lower bit. The 0x02 bit tells us that the omitted y coordinate is even, while 0x03 tells us it is odd. This means these are two separate points on the curve, with the same x coordinate, but the y coordinate reflected over the x axis.

By negating the private key (modulo n), you negate the public key. This means your two keys 02abcd1234567 and 03abcd1234567 come from two different private keys, which are the negation of each other.

Note none of this applies to newer taproot public keys, which only use even y coordinates and omit the parity byte altogether.

Yeah, true enough. I guess everyone has to figure out for themselves their own risk profile, and whether they want more back ups providing greater redundancy against loss, or fewer back ups providing greater protection against accidental discovery. My own feeling is that if your back up is in a position to be accidentally discovered, then you have chosen a poor back up location and should think again. Anyone finding a back up should be doing it as result of a targeted attack, rather than random chance.

I would have some concerns with your system that someone would be tempted to store E1 and D2 in the same place since they are useless together, and E2 and D1 together for the same reason, to minimize the number of secure back up locations they need. But then if they lose just one back up location, such as due to a fire in their house, then they've lost everything.

Not at the moment certainly, but maybe in the future in the hypothetical scenario we are discuss here where some miners might want to include high fee paying transactions which other miners want to exclude. Especially once fees start being worth more than subsidy.

And still, if not via Stratum then it is still a good concept which we could see developed and rolled out in other software. Improving decentralization by allowing every individual miner to craft candidate blocks if they want, rather than just settling for centralized control via the pool operator, can only be a good thing.