The same reason people continue to use all manner of unsafe and risky platforms - greed. They want profits. Trading back and forth to USDT or other centralized scammy "stable"coins allows them to chase profits more easily. It's the same reason people still store their coins on incredibly risky centralized exchanges or lending platforms, or why they throw their money away on altcoin/DeFi/NFT/etc. scams. They will keep using USDT or any of these other services, risking everything, while thinking "Well, it would never happen to me". Until, of course, it does.

The 100,000 figure I used above was simply an analogy. I was not using it in reference to USDT or any other specific platform.

Maybe, but at the same time a lot of people who hold their coins on exchanges are very casual/small users, and they leave their coins on exchanges because they don't want to pay the $5 withdrawal fee that exchanges charge. These people certainly aren't going to buy a $280 hardware wallet when you can get a more secure one without all the stupid gimmicks for $50.

This is marketing speak. Their definition of "on" in this sense will be that it will still display your NFT or your name or whatever other risky information you decide to display on the cover, but it won't actually be powered up for months at a time I'm certain. E-ink displays only use a tiny amount of power. As soon as you start doing resource intensive tasks with it like signing transactions then the battery life will reduce accordingly.

My thoughts exactly. And not just harmless gimmicks, but gimmicks which actively compromise your security. Why on Earth would I want my hardware wallet to have my name displayed on it? So if I lose it an attacker knows who to $5 wrench attack to get the PIN? And why would I want it to display NFTs? So I can whip it out in public to show everyone my super expensive and rare NFT and make myself a target for attacks? And I really don't understand the stacking function. They want you to buy a separate device for each wallet? At $280? Lol. Or maybe you and your family members are meant to stack all your devices together in the same place to make it super easy for an attacker to steal them all at once?

Absolute nonsense. They should be focusing on things like Tor support and bitcoin only firmware, but I guess those things don't make money. So instead we get stupid gimmicks.

I'm afraid that everyone saying the biggest disadvantage of a paper wallet is the fact that it is stored on paper are wrong. The biggest disadvantage, by far, is that most people do not set them up and use them securely, or indeed, are not even aware of how to set them up and use them securely and the many risks and pitfalls they are exposing themselves to.

I would not recommend using bitaddress or any other website to generate your paper wallet. Javascript is a very poor choice for generating private keys. It is often very buggy or poorly implemented, it is open to attack even in machines temporarily disconnected from the internet, it often draws on poor sources of entropy, and it is often untested and unverified. Simply downloading bitaddress and turning off your internet is not a secure way to generate a wallet. Similarly, most people would try to spend from such a paper wallet by simply importing it in to a hot wallet, which opens you up to all the same risks of any other hot wallet.

To properly generate a paper wallet, you need a permanently airgapped computer, formatted with a clean OS or running a live OS, running tried and tested wallet software such as Core or Electrum, connected to a dumb airgapped printer with no internal memory, and you need all of this again when it comes to importing your paper wallet to spend from it. Doing all this is both time consuming and complicated, and most people will mess up somewhere, often without even realizing it.

As long as you have your back ups you will be able to recover your wallets, but if your hardware wallets have issues you may have to recover every back up to the same device, which removes the security of a multi-sig wallet.

Is it open source? They link to a GitHub, but it doesn't seem like any of the repositories are for that wallet.

Seems reasonable. When you say "one key kept nearby", is this on another device or just on paper? Because as above, if you need to import this key on to the same device which is already holding another key every time you want to spend, you are losing much of the benefit of a multi-sig, which is to spread your keys across different devices and remove a single point of failure.

Of all the physical methods other than flipping a coin, I actually dislike this one the least. It's still not perfect, but there is far less that can go wrong with blindly picking individual words from the full list of 2048 when compared to rolling dice or shuffling cards and trying to apply conversions and entropy extraction algorithms on your output to generate secure entropy.

The biggest problems here will be human error and bias, rather than any failure of the system itself. Not shuffling well between drawing words, not returning used words to the bag, or more likely, discarding words and trying again to get something "more" random. If someone draws the same word twice in the same seed phrase, they might decide that's not random and choose a different word. Or if they draw "boss" followed by "box", again, they might decide that's not random enough. To be completely sure there is no bias you would need to weigh every single individual tile on scales accurate enough to detect milligrams (which most people don't have). And finally the cost is another issue, and $120 for something you can do for free with a coin seems unnecessary.

So not the worst solution out there, but I would still stick to flipping a coin.

Yes, but it is significantly more complicated than when applied to a coin (and adds a significant length of time to your generation process). I've outlined it in a previous post here: https://bitcointalk.org/index.php?topic=5395587.msg61126349#msg61126349. But having said that, I think dice are a poor choice anyway (exactly because it is difficult to detect any bias), so I wouldn't recommend using this over simply flipping a coin.

Yeah, I would echo what pooya87 has said above. If your wallet software is not clear which derivation path it is using, then you shouldn't be using that software, exactly because you will likely run in to problems trying to recover access to your coins on a different piece of software in the future. Stick to reputable open source wallet software and you will not run in to such problems.

This should really only be necessary if you are using a really weird derivation path, which as I said above, the vast majority of users should never do. There are tools out there which will scan the most common alternative derivation paths automatically for you in order to try to recover your coins. Electrum itself offers this functionality for BIP39 seed phrases.

Not as far as I know. Any time someone has sent money to the wrong address it has either been they copied the entirely wrong address or they were subjected to clipboard malware, and did not bother to double check before hitting send.

It's certainly doable and has been done before. Check out the following links for example:
https://www.shtfblog.com/how-to-send-bitcoin-over-ham-radio/
https://nitter.net/Coinsurenz/status/1052022462790033408

Probably the best way to do it would be to set up a mesh network via something like GoTenna (as the user in that Twitter link above did), with a person with an internet connection on the other end. Then you can cover a wider geographical area and anyone can send a transaction via the mesh network to the central point of internet access in order to be broadcast.

Note that you aren't sending data which needs to be "signed and verified" via radio, as you put it. Each user would sign the transaction they want to make locally on their own device, and would then send that signed transaction through the mesh network in order to reach the person who can broadcast it on their behalf.

Perhaps the ECB should pay less attention to bitcoin and more attention to how the euro is doing...


A centralized bank, who will be soon launching their own centralized digital currency, and whose very existence depends on bitcoin not succeeding, says that bitcoin's end is near. In other news, world's biggest typewriter manufacturer thinks computers are too complicated and too expensive and will soon die out.

Self preservation. As soon as they lose the ability to control your money, they lose all the power and relevance they ever had.

Well, that depends if you want to use a key stored on your phone, or if you want to use a key stored on a hardware wallet which you access via your phone.

I can't recommend specific wallets for iOS since I've never used any myself, but there will be a number of wallets which support multi-sig which could be used to make your phone one part of a multi-sig wallet. A subset of those wallets which support multi-sig will also have support for your chosen hardware wallet, if instead you want to make your hardware wallet one part of a multi-sig but interface with it via your phone.

You appear to mixing things up a bit here.

Here are the relevant documents for version 3 transactions:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-September/020937.html
https://github.com/bitcoin/bitcoin/pull/25038

This is a separate issue to full RBF.

Full RBF is not being implemented as "a way to eliminate zeroconf transactions", as you put it. It is being implemented to fix various possible attacks, such as pinning attacks, against multi-party funded transaction such as Lightning channels and coinjoins. As a side effect it will make zero confirmation transactions entirely unsafe, but these have never really been safe to begin with.

Once full RBF becomes widespread, then every transaction will be able to be easily double spent before it is confirmed.

Yes, using data from a block header is the most common way to settle a competition in a provably fair way, since it would be almost impossible for the person running the competition to manipulate the outcome.

Essentially, you get everyone to pick a number. Once all the votes are in, you pick an arbitrary block not too far in the future, look at its hash, and figure out the winner based on whatever criteria you used.

For example, the latest block is 765990, with the hash 000000000000000000019e0b0004a91010b557be966bfae8718a584d0d15a656. Bear in mind the hash is in hex, so the characters are from 0-9 and a-f.

So you could release 16 tickets from 0-f, and whoever matches the final character wins.
Or you could release 100 tickets from 00-99, and whoever matches the final two numbers wins (ignoring any letters).
Or you could release 256 tickets from 00-ff, and whoever matches the final two characters wins.
And so on.

I have absolutely zero doubt more platforms will go. And not just small ones most people haven't heard of, but some more "big name" ones like BlockFi.

This is true, but it does reveal poor business management and poor future planning. Bitcoin is volatile. Everyone knows that. To be running a business based on bitcoin and be so unprepared for bitcoin to be volatile that you have to start firing people suggests to me that you don't really know what you are doing. Certainly not the kind of people I would trust to look after my money for me.

Your own wallet is the only safe place for your coins right now.

You can't. A transaction must be broadcast to the network via the internet in order to be verified and then mined in to a block.

That does not mean, however, that each individual needs internet access. You simply need some way of getting a transaction on to the internet. Each person can easily sign transactions on their offline devices, and then save those transactions as a small text file. All you need then is some way of getting those small text files to a person/node/service who will broadcast them for you. If you have a public WiFi spot in your community, then you can travel there and use that. If one person has a mobile device or similar with internet access, they could potentially set up a service broadcasting transactions on behalf of other people. There are services which allow you to send transactions via SMS as pointed out above. You could even transmit a transaction via phone call or radio to someone with an internet connection who could broadcast it on your behalf.

Since you are posting on this forum, you must have internet access somehow. Could you set up a method using whatever connection you are on now to broadcast transaction on behalf of your community?

I'm not sure what you mean by a "mobile key", but you can certainly use Electrum on mobile to generate and restore one part of a multi-sig wallet.

Yeah, you should always have more than one back up of every part, so for a 2-of-3 multi-sig that means at a minimum 6 different back ups. With such a scenario, you could lose any 3 back ups and still regain access to your wallet.

It's not the recovery process that is the issue with closed source wallets. It's that you have no idea how the wallet was generated in the first place. Did it use a poor source of entropy? How do you know it didn't give you a seed phrase from a list of possible seed phrases that someone else possesses? How do you know it hasn't transmitted your seed phrase to Casa's servers or some other third party? These are not just hypotheticals - these are all things that have happened in the past with closed source wallets.

Well, that's a personal decision, but I would always opt for the set up which does not depend on third parties.

I don't follow your meaning here. 2-of-3 is always 2-of-3, regardless of how many back ups you generate or where those back ups are stored.

It seems to me you could achieve the same with a 2-of-3 multi-sig involving your mobile phone, a hardware wallet, and a paper wallet/back up stored somewhere else which would take a bit of time to be accessed.

You've mixed things up there ETFbitcoin.

The address 1111111111111111111114oLvT2 is spendable. This address is generated from a RIPEMD-160 output of 0000000000000000000000000000000000000000. If you put 0000000000000000000000000000000000000000 in to step 3 on this page, it will output the address 1111111111111111111114oLvT2. So, if someone could find the private key which generates the public key which results in the RIPEMD160(SHA256(pubkey)) being 0000000000000000000000000000000000000000, they could spend those coins. It's very unlikely, yes, but the coins are still spendable.

The quote of mine you have linked to above was discussing this "address": https://blockchair.com/bitcoin/address/s-272edf45031dd498e7b3ae89e11ff21b. If you click "Additional info" and then "Op" on the left, you will see the locking script is as follows

To be able to spend these coins, someone would need to find the private key which generates the public key which results in the RIPEMD160(SHA256(pubkey)) being 0. Because RIPEMD-160 always outputs a 20 byte number, it will never output 0, and so these coins are provably unspendable.

I never said it verified the full chain. As far as I am aware, the full chain is only verified on initial download, if the user performs a reindex, or executes the verifychain command starting from block 0.

Still, poking in to it a bit more, it seems that Core now defaults to performing a level 3 check on only the last 6 blocks on start up, which is much fewer blocks than I thought it was. It used to be 288 blocks, but seems to have been reduced to only 6 many years ago.

However, Andrew Chow points out here that Core still verifies the integrity of its databases on startup, so may detect a tampered block that way.

So to more fully answer OP's question, it depends on how far back the block he is editing is, and how exactly he edits it, whether or not Core would pick up that it had been edited outside of a full reindex or verifychain. Not that editing an old block would achieve anything, since it won't be broadcast and would be rejected as invalid by any other node anyway.

As you point out, Electrum seed phrases do this. Basically, when Electrum generates a seed phrase, it then hashes it and checks if the hash starts with the correct version number. If not, it increments the entropy by 1 and tries again, until it reaches a seed phrase whose hash does start with the correct version number. That version number tells Electrum which script type and derivation path to use, which is why Electrum seed phrases are either legacy or segwit and will only ever recover one wallet, as opposed to BIP39 seed phrases which can use any script type at any derivation path and restore a near infinite number of wallets.

A better option is for the majority of users to just stick to the BIP44/49/84 standards and not mess around with custom derivation paths unless they really understand what they are doing.

For legacy addresses, the chance of an incorrect address with the correct checksum is 1 in 4,294,967,296. For segwit addresses, the checksum is guaranteed to detect any error effecting up to 4 characters, and has less than 1 in a billion chance of failing to detect more than that. So not quite 1 in trillions, but still incredibly safe.

I get that, but in this case the casino is losing unrealized profits as opposed to losing actual funds. That's why they can allow users to gamble with unconfirmed funds at all, because in the case of a malicious spend they are only back where they started.

Yeah, this is another valid option. There are a handful of merchants I shop at in person where I am a long term customer and they are happy to hand over the goods while my RBF-opted-out transaction is still unconfirmed. I imagine my relationship with these merchants will not change once full RBF is commonplace, exactly because I am a long term customer and they are as sure as they can be that I am not suddenly going to start attempting to scam them.