Every time you start Bitcoin Core, it performs a verification check on its own local database of all the blocks it has already downloaded. You can see this at the bottom of the GUI window every time you start it up, when it says "Verifying blocks...". If it finds a block which is invalid (because you have edited it in some way), it will discard that block and download the original valid block from other nodes in order to rebuild the local database.
|
|
|
If they've taken loans days just before the audit it's got to be noticed. If they've seen it they'll publish it. Why would an exchange publish details of a loan which shows they are insolvent? They will keep it under wraps, and it will go unnoticed. Just as emergency loans to Celsius, to Voyager, to BlockFi, etc., all went unnoticed in the run up to their collapse. If it was actually this easy to verify the solvency of a centralized platform, then we wouldn't have multiple platforms going bankrupt and taking millions of users' deposits with them. there isn't a way to find out which exchanges have habits for boasting unverified figures. All of them. Falsifying market cap isn't short of fraud. Exchanges have been caught committing a huge number of far more illegal activities, from selling user data to insider trading to helping themselves to users' funds for their own purposes. A little bit of fudging the numbers isn't going to phase them. USDT isn't secure if it's backed by one exchange but it's used most for bitcoin transactions. USDT is insolvent and is not backed up 1-to-1 as they claim. This has been proven in court on more than one occasion. And yet it continues to be widely used. It makes no sense.
|
|
|
Sportsbet surely has to have some security mechanisms in place to battle against this. If you deposit, lose, and then double spend your deposit, then the casino/sportsbook in question has only lost potential profits (your deposit), and hasn't actually lost anything from their reserves. So they can simply ban your account, email address, IP address, bitcoin address, and any other details they might hold on you, such as if you've completed KYC. Or if they really want to keep you as a customer despite your theft, they could simply disable zero confirmation deposits for you. I wonder how many such places will continue to offer zero confirmation deposits after full RBF becomes widespread. Very few, I suspect, since it them become trivial for anyone to double spend a losing deposit.
|
|
|
Proofs of reserves & unexplained strange movements of funds will get published if they're audited. And how do you know the proof of reserves is accurate? What's stopping an exchange taking out a loan the day before an audit and paying it back the day after? Or borrowing funds from one of their affiliated companies or entities? Or even just the CEO topping up the exchange wallets with their own funds prior to the audit. This exact thing has happened before with Bitfinex handing hundreds of millions of dollars of crypto to Tether on the very morning of their independent audits. And yet USDT continues to have a market cap of $65 billion, despite being a fractional reserve scam. Proof of reserves proves nothing. Complete verification of solvency shouldn't be a problem to detect but audits can't stop exchanges being targeted. But without proof of liabilities, proof of reserves is meaningless. So an exchange proves they have 100,000 BTC in their wallets. What if they have 200,000 BTC in liabilities? What if they have huge outstanding loan repayments or debts they hide from the auditors? How do you even know you can trust the auditors? It's all trust upon trust upon trust. There is no independent verification.
|
|
|
the natural state of network was first seen. It isn't. Since the very first block was mined, even if your node uses opt in RBF/first seen, you still accept full RBF whenever a new block is mined. If a block is mined which contains a transaction which double spends an opted out transaction in your mempool, either you accept full RBF or you fork yourself on to a new network. If there are two blocks found at the same height, and they both contain conflicting transactions, either you accept whichever one is built upon regardless of whether the conflicting transaction was opted in/higher fee/first seen/etc., or again you fork yourself on to a new network. Full RBF is very much the default state, and every node already accepts it. You can do whatever you like to your own mempool, but first seen was never the natural state. And again, this is only providing an easy toggle option (which is defaulted to off) for a feature which any code could have been using for 10+ years already (and some already do).
|
|
|
Big brands NordVPN & ProtonVPN publish transparent audit reports every year to gain trust. There are two points I would make about third party audits. First of all, they simply move the trust requirement. Instead of trusting the entity itself, you are now trusting the auditor. They still don't allow anything to be independently verified by the user themselves. And secondly, even if you do trust the auditor, they only show a snapshot at the time of the audit. Anything could have changed between then and now. but can third party published audits of exchanges be considered proof of security? Not at all. In addition to the points I made above in regards to VPN providers, when it comes to exchanges, there are even more unknowns. The proof of reserves which many exchanges are starting to publish is easily tampered with or altered to make it appear more favorable to the exchange, and proof of reserves without proof of liabilities is absolutely meaningless. There is no way for a user to ever verify completely the security, privacy, or solvency, of a third party they are using. The only way to do this is to keep your coins in your wallet.
|
|
|
Exchange owners storing private keys in company emails isn't appropriate, it's what FTX did, other exchanges are professional with stronger security.
That's a big assumption to make, and one which is not true. FTX was the second biggest exchange in the world. Everyone assumed they would have decent security, and instead they had an unsecured group email account. Everyone assumed Coinbase had good security, and instead their data was being sold by a third party. Everyone assumed that Binance, that Bitfinex, that KuCoin all had good security, and all have been hacked and had coins stolen. The fact is that we have absolutely no idea what security exchanges do or do not have. You are trusting complete strangers, who have shown time and time again that they are grossly incompetent. Handing over coins or data to any exchange is a huge risk.
|
|
|
My current multisig is with Casa. Then I think you should continue down the path of moving to a better system. Casa is closed source, holds one of your keys for you, and (correct me if I'm wrong) but you have to pay them $120 a year for the privilege of them holding one of your keys for you. None of these are good thigns. However, on reflection, I think my relative lack of technical expertise may be more of a threat to my multisig security than Casa becoming a bad actor. Maybe at the moment, sure. But the fact that you have self identified this means you are already well on the way to being able to address your lack of expertise. An entirely self hosted solution will always be preferable to one which depends on third parties. With my current setup, I only need to have access to one physical key. Well then you've already lost most of the benefits that a multi-sig solution brings.
|
|
|
Lost track of how many times I've repeated this: Stop using Google to find the website of exchanges, services, or wallets.
Stop following random links without checking the URL.
Start using uBlock Origin.
Never type your seed in anywhere.
How many times does this need repeated?
First of all, Google hosts scams. So many scams. On their search engine, on their app store, on their ad platforms, everywhere. As long as the scammers pay them, Google do not give a single fuck about hosting scams and regular people losing their money. Google is a truly terrible choice for literally anything. Stop using them. You'll also notice that the scam links are promoted as ads. Use uBlock Origin. It is the only ad blocker you will ever need, and will filter out all these scam ads. (Note: uBlock is a different piece of software to uBlock Origin, and one you should avoid. It's uBlock Origin that you want.) And stop clicking on random links and stop typing in your seed phrase. This is basic crypto security 101.
|
|
|
Do I always have at least 10 minutes, 3 hours or 1 day to cancel the transaction? You have until the transaction is confirmed to attempt to double spend it back to yourself (i.e. cancel it). It all depends on the fee you pay and the current state of the mempool. Take a look at what the mempool looks like here: https://jochen-hoenicke.de/queue/#BTC%20(default%20mempool),8h,weightIf your transaction pays 1 sat/vbyte in fees, and there are many megabytes of transactions which pay higher fee rates sitting in the mempool, then your transaction could take hours or days to confirm, giving you plenty of time to cancel it if you choose. On the other hand, if the mempool is empty and your transaction pays a high fee putting it near the tip, your transaction could confirm within seconds of you broadcasting it, meaning you have no chance to cancel it at all.
|
|
|
I trade my bitcoin for Monero, then trade that Monero for someone else's bitcoin, effectively breaking the traceability of my transactions by replacing them with someone else's transactions. Another option is to use RoboSats to swap on chain bitcoin for Lightning bitcoin, or vice versa. To do that, you are going to need a software called SatStack. Alternatively, if you are running your own node anyway, then you can interact with your hardware wallet via either Electrum or Sparrow which is pointed at your own node or Electrum server to maintain privacy.
|
|
|
Are there any alternative rather than Electrum wallet. Any wallet which allows you to import raw private keys would suffice. Although I agree Electrum is the best and safest wallet for this task, my go-to secondary piece of light wallet software is Sparrow wallet, which would also be able to import from a paper wallet no problem. If you are going to use Electrum, note that you'll need to prefix your private key with p2wpkh: if your paper wallet has generated a segwit (bc1q) address.
|
|
|
plus lets be honest most people probably skip over that step if it's not required. Exactly. Just like most people would skip over writing down their seed phrase twice like you suggest. They can't skip a hard coded checksum, however. if it was that simple people wouldn't come on to this forum saying their seed phrase isnt "working". And if checksums didn't exist, and someone comes saying their seed phrase isn't working, you have no idea if it is a problem with the seed phrase itself or if it is a problem with something they are doing with the seed phrase (passphrase, derivation path, etc.) By having a checksum, you can immediately narrow down the problem. being able to detect up to 4 characters that are in error sounds good but if it can't fix it too then i'm not sure how useful it is. Extremely useful. You don't want your wallet software accepting an incorrect address and allowing you to sign transactions to that incorrect address. And by showing you have an error, you know you've made a mistake in your process somewhere or have some malware and can re-examine your process before losing your coins to an incorrect address.
|
|
|
It's interesting to notice how much hardware wallets have increased in price since the creation of that thread. Hasn't the price of everything? Lol. It really depends on what I do. If I end up buying a desktop, I'll still need the laptop when I'm away. On the other hand, if I end up buying another laptop, then it could be used as an airgapped device.
Fair enough. A good argument for a hardware wallet instead then. You could always wait another 9 years until your next new computer and then use your old old one as an airgapped wallet.
|
|
|
Let us see what would happen has full RBF is on the latest version of Bitcoin Core, if node runners will support it (mempoolfullrbf=1) which will later make opt-in RBF not necessary. Some nodes are already starting to run it, but even if the majority don't, I suspect at some point in the future (perhaps even by v25.0, which is scheduled for May 2023) it will get switched to default true rather than default false, at which point it will rapidly spread throughout the network. Then it won't be a case of your wallet requiring to opt in to RBF - every transaction will be automatically opted in. The only stumbling block to using RBF at that point will be whether or not your wallet is good enough to support making such a transaction, but if it isn't you can always import your seed phrase in to a better wallet and do it from there, even if you had never even heard of RBF when you made the original transaction.
|
|
|
If we take into account the huge fees for bitcoin transactions What huge fee? The mempool is empty. You can make a transaction with a fee of 1 sat/vbyte, which works out around 4-5 cents for your average transaction. But the transaction fee on the blockchain network is very expensive, and it is not particularly profitable to transfer in bitcoins at all! It sounds to me like you are talking about the fee a centralized exchange or other centralized platform is charging you to process a withdrawal. Note that such a fee has absolutely no relation to the actual bitcoin network fee, and 99% of any such fee is going straight in to the pocket of the exchange in question. If you hold your bitcoin in your own wallet (and choose a half decent wallet which allows you to customize the fee), then transactions are very cheap.
|
|
|
This guy's mastered the art of conversation. -Hey, Sam, do you know today's date? -I can't say who knows what! Spoken like a true politician. How long until he runs for office? He knows he's full of shit, but tries to hide it as long as possible, thinking nobody will notice. Precisely this. This is his fault, he knows it is his fault, everyone else knows it is his fault, but he's hoping that he can still convince people that somehow he isn't to blame. because in the past 20-30 years, the US Govt has figured out a variety of ways to absolutely skirt constitutional protections when they can make it appear as if there is no state action - including getting information and data that would otherwise be subject to constitutional protections such as the 4th amendments protections from unreasonable searches/seizures. Absolutely. There is a reason that the US government and its various departments is one of the largest customers of data brokers. Even with their mass surveillance programs there is some data they can't access without it being obvious they are breaking the law, and no judge is going to grant a warrant for such illegal data collection, so instead they can just go to one of the thousands of data broker companies and buy that data for not very much at all.
|
|
|
In a best case scenario from the governments' perspective there will be a vibrant network of centralized exchanges with limitless access for financial authorities to all the data. We already know that centralized exchanges widely sell your data to various blockchain analysis companies as well as data brokers, and they freely share your data with governments around the world. (And of course all these entities circulate your data between themselves even more). Given that, I would not be at all surprised if it came out that some centralized exchanges were working even more closely with governments, or indeed if a government flat out owned a centralized exchange for the purposes of harvesting data and enforcing regulations.
|
|
|
Buying a new computer was already on the schedule, but honestly, completely isolating it isn't always possible, and in my case, it probably isn't, because a functioning laptop is always handy. But if you are buying a new one because your old one is getting very slow as you said above, then surely your old one then becomes the perfect candidate for an airgapped wallet? You don't need it anymore once everything is transferred to your new one, and the fact that the hardware is outdated is irrelevant for running something as simple as an airgapped Electrum wallet. You can format it and load any lightweight Linux distro to keep hardware demands to an absolutely minimum, and then the only piece of software you need to install on top of that is Electrum itself. Plus if it's an old device you aren't going to use anyway, then there are no issues with you opening it up and removing the WiFi module.
|
|
|
|