I'm sorry, but moaning about a false positive generated by another application that a developer has no control over is ridiculous. That isn't a "bug" or "poor coding"... that is Windows Defender being overly aggressive. Sure, it's not a good look for new users getting strange alerts from their AntiVirus/AntiMalware software when they're supposedly installing "legit" software... but a LOT of software has fallen victim to that sort of overzealous behaviour and NOT just in the cryptosphere. I have had Windows Defender "quarantine" a lot of things in an effort to "halp" protect me from the "BadPeople"™  And it's even worse in Windows 10 now because I cannot actually permanently turn off the "Real Time Protection" anymore...  At least they were actively trying to fix it once it was reported. Now, I do agree that Ledger haven't been great in a lot of areas... support timeframes would probably top that list, but their apparent focus on adding shitcoins in favour of fixing other issues is definitely in there too. However, I can understand why they do this... think about it... what is more likely going to sell a HW to the "AverageUser"™? The ability for them to use all their favourite shitcoins with a fancy UI... or the fact that Ledger have a 100% bulletproof and error free firmware upgrade system, or that the "MasterPublicKey" shown for SegWit wallet is actually shown correctly as a "zpub" instead of an "xpub"? |
|
|
|
The truth is that we do not receive "wallet.dat" files from our customers.
I should hope not... the clients should be sending you a "hash" extracted from their wallet.dat file which you can then try and bruteforce using hashcat etc. But you are now claiming that you don't get wallets, but in the very first post in this thread, you said: Wallets are sent to us to check the availability of private keys inside,
so we can confirm whether this wallet is real or not, but we are worried about our wallets.
So which is correct?  In any case, the original answer you got from ranochingo is still valid: Whilst there is currently no known vulnerabilities that allows for code execution within the wallet.dat file, I wouldn't trust it too much.
There is no known exploit that will do "Bad Things"™ to your computer if you load a foreign wallet.dat into Bitcoin Core. However, this does not mean that it doesn't exist. "Absence of evidence is not evidence of absence". So, it would be prudent to take adequate precautions. Personally, I would just create a simple VM that contains the OS and Bitcoin Core... then take a backup/snapshot of that "clean" install... every time you need to load a new wallet.dat, simply create a new instance copied from your "clean" backup and then try and load the wallet.dat and/or dump it with PyWallet. If all you're doing is attempting to load/inspect a wallet.dat, you don't even need the block data!  |
|
|
|
and I reset my pc and I remember my wallet was in electrum.
-----BEGIN BITCOIN SIGNED MESSAGE-----
i am jsmbugu from bitcointalk.org and today July 06, 2019
-----BEGIN SIGNATURE-----
bc1qc3h9w6qa3q4pru7umv0m4kz4297ecuakfrlzvq
IE3scZk6tWbWJF7MCzRXWjCqzt6gFYwkjrCwBwdRjeZqRmiXpfA5CX4RHmykwrkdgXI1oJY5PsDoPAG XVEMjHr4=
-----END BITCOIN SIGNED MESSAGE-----
If you want to be able to "prove" that you are still the same owner of this BitcoinTalk account... you should restore your Electrum wallet (either by using your 12 word backup seed mnemonic or by finding the old wallet file if it is still available) and then sign a message from that same bc1qc3h9w6qa3q4pru7umv0m4kz4297ecuakfrlzvq address to be able to prove that you still control it. Just changing the address in your BitcoinTalk profile means absolutely nothing. In fact, now it does look like the account has been sold/traded, as the address has changed and you can't sign from the bc1qc3h9w6qa3q4pru7umv0m4kz4297ecuakfrlzvq address to prove otherwise!!  |
|
|
|
I'm not familiar with what Nodl is... do you mean a "Nodl One" device? If so, that appears to be fully customisable, so I would think you can set that up how you like... or is it a cloud service like AWS or something? |
|
|
|
Trust me, I am truly happy because I have been struggling with this issue for weeks and only got silly replies like, have you tried turning it off and on  It is just a small token of appreciation. thanks a lot! Like BitCryptex said, most of the users around here are happy to help without any financial consideration. So, if you have any other issues with your Ledger device and/or the Ledger Live software, feel free to ask. In any case, Thanks for the very generous "tip"... I appreciate your token of appreciation (I know my missus and her amazon account do!)   |
|
|
|
Even if you think my method takes a few seconds longer, then surely it's worth it for your security? We are talking literal seconds. The average person wastes over 2 hours per day on social media.
Sadly, I think you're tilting at windows o_e_l_e_o  People are lazy... and I suspect that because of the volatile nature of bitcoin (in $$$ terms) and the fact that you can't really spend bitcoin on anything, a lot of users struggle with how much bitcoin is "worth"... until it all gets "stolen" due to their own laziness and failure to "Be their own Bank's security department". This is why we constantly see threads pop up where users have fallen victim to copy/paste malware... or simply copy/pasted the wrong address from another app/program... or not written down their seed mnemonic on paper and just copy/pasted it into an email/txt document or taken a screenshot... I've had instances where I thought I had copied the correct address and then pasted it, but when checking the transaction details before sending, I discovered that I had actually pasted in a previously copied address that had already been on the clipboard (not malware, I just hadn't ctrl-c'd properly). So, I totally agree with you. It isn't hard to check a full address... and like you say, if the value is any more than $5 you can be sure I'm double checking my work at a minimum!  |
|
|
|
So I went back and checked, the 0.018 BTC was from Gemini, Not Coinbase.
My girlfriend also just told me she got an email saying from Coinbase (it's her CB account) that they had delayed the withdrawal for 72 hours "for security reasons".
So it looks like that withdrawal was not lost, just delayed.
Well that's good news then... glad it wasn't anything too serious like malware or incorrect addresses used! Sorry to bother your guys with this. I do appreciate all the help!
Not at all, There are a lot of very knowledgeable users here that are generally happy to help out with any issues or queries that you have. |
|
|
|
You simply create a new address in the wallet of your choosing and then add that address to your server's configuration. Depending on what server you're using, this is done in different ways. For instance, ElectrumX uses an environment variable named DONATION_ADDRESS. The server I use (electrs), just provides a "Banner" option that is just free text that can be specified at runtime or in a config file that is the message shown in the Electrum console and you can add a donation address in that message. What server are you using? |
|
|
|
Another clarification just for my own sake of knowledge, does the key dump from Core actually contain the old wallet data? I had the Wallet file in the bitcoin wallet directory but was never able to actually open it in btc, and the bitcoin core install was new to this machine. Does the dump keys command take data from all wallets directories or only the ones that have successfully been opened?
Since I was never able to open the wallet or even load it, I suspected that the key dump didnt even include it, but to be fair I have no idea how this all works. Bitcoin Core only works on ONE wallet file at a time (unless you explicitly tell it otherwise)... generally, and by default, this will be whatever file is called wallet.dat in Bitcoin Core's "datadir"... just having your "old" wallet file in the directory is not enough, unless it is actually called wallet.datSo, if Bitcoin Core never successfully opened the wallet.dat file... then there is simply no way it could have dumped the keys out. If you are unable to open the "old" wallet.dat with Bitcoin Core... it crashes or gives and error... then try nc50lc's suggestion of the --salvagewallet command. If that doesn't work either... then your last resort is probably going to be attempting to dump the keys using PyWallet. |
|
|
|
The address I sent it to was:
1G3BdSyNiyLGtyEN84T2wcvaGDzaZfGG3i
That is indeed the address that shows in the transaction that you said Gemini sent you: That transaction shows 0.01803066 BTC being received at 1G3BdSyNiyLGtyEN84T2wcvaGDzaZfGG3i So, the big question is, what address did you use in Coinbase? Because it would appear that Coinbase have not sent the coins to that address. I would suggest that you log into Coinbase and lookup the withdrawal from there and find out the txid and/or the address that it was sent to. |
|
|
|
Flag supported and NegTrust left. Any Mod reading this, please ban him and investigate this issue
Scams and scammers are not "moderated" here on Bitcointalk. Your money is gone and you will not be getting it back  Also, unfortunately, He will not be banned for this... but his reputation is now non-existent and hopefully the flag and negative trust ratings will prevent someone else from getting scammer. Do you have any solid evidence that this user is the same? What links can you prove? |
|
|
|
|
Suspicious? Not really... Unverified? Yes...
Obviously, those accounts are essentially "throwaways" with no reputation or history to speak of... but it doesn't automatically mean that whatever they say is untrue... Personally, I just wouldn't put much faith in those replies, and certainly wouldn't be using them as a basis to judge whether the offer is actually legit and resulting in satisfactory outcomes for those affected.
However, given that Bitsler are involved and haven't publicly called it a scam... then chances are the offer is good and users are actually getting paid out their balance up to the $200 max.
As for self-mod... contentious issues like this are always going to attract more than their fair share of trolls and angry users... I can understand why the thread has been created as "self-moderated"... and with the deleted posts service from LoyceV, it's not like they can really hide anything anyway.
In any case, I would probably have reported the 2 deleted posts to moderators anyway.
|
|
|
|
You claim to have read things... how did you not read the sticky posts at the top of the "Beginners & Help" forum? Specifically, this one: Newbies - Read before posting. It contains the answers to all three of your questions. Thank you too so much, I am still learning about the forum which will not take me more than two days I can tell you this, you will not learn everything there is to know about this forum in 2 days. I've been here nearly 4 years... and I'm still learning. after this time, I will come up with topics and posts that will be useful. But I think topics will be more helpful as it can be easily seen than posts.
Please don't go creating topics just because you think you're going to get merit out of it... and make sure to search the forum for an existing topic before you do. Every week we get newbies joining the forum, claiming they're here to "help"... and we get another round of "how to earn merit?", "how to rank up?", "how to have signature?", "how to have avatar?", "what is best wallet?" threads... Create threads about unique and interesting topics and you'll be fine... recycling the same stuff that has been thrashed to death 1000 times is just going to end up with you being put on ignore lists. Personally, I would suggest you find topics that interest you and/or that you have knowledge in... and read and contribute in those first before creating any topics. Welcome and Good luck! |
|
|
|
Oh, I haven't tried the web interface because it doesn't support native SegWit.
Ahhhh that would explain it. Yeah, I can certainly understand in that scenario how annoying it is... and it certainly does seem a bit like a retrograde step. Personally, I'm not sure that the UX "improvement" warranted this change at all. They're simply forcing their methodology onto the existing userbase. I don't understand why it's not possible to change that behaviour under 'Advanced' tab in the web interface. People who don't want to expose their passphrase and don't know how to install trezorctl now have to wait for a software update of the wallet they use to access their coins safely.
I agree... this seems like it should have been a "beta" feature to give wallets a chance to catch up before being "forced" onto unsuspecting users. When companies make unilateral decisions like this, it's always current users that "suffer" It's a bit like the issue with Google Fit at the moment... they had this concept of "move minutes" which worked really well for people participating in activities that don't involve "steps" per se (ie. HIIT, Ellipticals, rowing machines, exercycles etc)... However, Google have now "forced" an update which monitors "steps" as the main measurement of activity! The Play Store is being bombarded with 1 star reviews from angry users! |
|
|
|
Always a good reminder, but I don't think that the malware using similar addresses is exactly a new development... Now, I wonder how attackers do this if its vanity address or a pre-generated address or real-time generating from a script that reads the first and ends characters but it will consume time and resources for this kind of attack.
This article from 2018, shows how the malware is detecting addresses and then sends to a remote server to get a replacement one... most likely so they can send back a similar looking key that has been pre-generated. As someone on the Electrum twitter thread said, it would take less that a Terabyte of storage to hold all combinations of first+last 3 chars... That's peanuts in the world of storage today. With a vanity address I guess you're more likely to notice it if your 5 character "1bL4nk" address was suddenly "1bL3z"... even my "1HCPx" address would probably be ok... But I don't see it as a problem because I usually check a lot more than 3 chars... I usually check around 5 or 6 at beginning and end and look for a distinctive pattern in the middle as well. |
|
|
|
Alternatively... if you don't want to expose any private keys, simply install Electron Cash, and then copy your wallet file from: C:\Users\YOURUSERNAME\AppData\Roaming\Electrum\wallets to C:\Users\YOURUSERNAME\AppData\Roaming\ElectronCash\wallets Then run Electrum Cash and click on the "choose..." button and open the wallet file you just copied. NOTE: If you can't see 'AppData' directory: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files |
|
|
|
This update 'broke' passphrase support on Trezor T. Before the update, the device always asked the user if they wanted to enter the passphrase on the device or the host. Now, the default behaviour is entering it on the host. That's ridiculous considering that the built-in touchscreen is the reason why some people bought it. To make things even more fun, one cannot change that default behaviour without using trezorctl at the moment. Wallet vendors need to update their software.
That's weird. According to the Release Notes that you linked to in the OP: Second, on Trezor Model T, the decision whether the passphrase will be entered on the device is prompted directly in the Wallet (see picture below). This helps the overall UX since the user’s focus stays in the Wallet until the passphrase needs to be entered on the device.
This seems to imply that they just moved the prompt from the device into the webwallet (hots)... so it would appear that you can still choose to enter the passphrase on the device, you just have to click the "Enter on device" button on the web wallet UI first. Trezor thinks this improves the UX... and I can see the logic, but can't really comment either way as I've never used a Trezor T so am not sure of the usual workflow. |
|
|
|
Once you have control of the wallet, that user could deduct whatever they want. It's a risk for both parties. No, it's not. The OP isn't really risking anything at all. However, it is a risk for anyone that attempts to waste time and money and resources on this... The OP has only provided a "hash" that has been extracted from the target wallet.dat file... So, even if you were to "crack" this and discover the password, it is useless to you because you don't have the wallet.dat to be able to use the discovered password. |
|
|
|
|
Treat it like you would if some rando on the street came up to you and sad "bad words"™. ie. you ignore them and walk away (put them on your ignorelist).
However, if those "Bad Words" happened to be real threats of physical violence or hate speech etc... then you would obviously report that to the appropriate authorities. (ie. "report to Admin")
|
|
|
|
|
Show Posts
