If the seed is correct, yes.




Unfortunately i don't own a trezor, so i can't assist you with the exact procedure. But can't you simply let the field empty ?
AFAIK it is not mandatory to attach a passphrase to the seed.

Yes, it affects the master private key which is being generated.

Trezor uses the mnemonic code (your 24 words) + passphrase to generate the master private key (which is then used to derive your private keys, which hold your funds).

You need to restore your trezor only using the 24 words, without a passphrase.
If you insist on having a passphrase attached to your mnemonic code, you need to move your coins from the old seed (without passphrase) to the new one (with passphrase).

It is definitely 100% safe.

When uninstalling the application, all your are doing is.. to uninstall the application.
To spend your coins, you need the correct private keys. These private keys are derived from the seed, which is stored inside of the nano s.

If you uninstall / install an application, the nano s always derives your private keys the same way. Therefore you can uninstall them as often as you want, wipe your nano s or set up a new nano s with your mnemonic code to be able to access all of your coins again.


All you need to make sure to never lose access to your coins, is to have a backup (or multiple) of your 24 word mnemonic code.

If:

• you have the mnemonic code (12 words) from both wallets AND
• you send your BTC to the correct address (from your wallet) AND
• you downloaded the original electrum (no malicious fake version)

your funds are safe!


We need a few more information to help you out.
Start off with answering NeuroticFish's questions and explain the procedure of sending your coins from one wallet to another (i.e. where did you download from / how did you create the wallet).

This was 3 months ago. And he didn't make the glitch public, which said he will do.

Furthermore the 2FA is checked server-side. So technically it is not possible to bypass 2FA by manipulating the client (in this case: the iOS app).

IMO this was just a bad joke. And far away from being a 'source' to the statement that binance had a security breach.

Lol. Alright. That's pretty fishy..

I mean.. honestly.. they could answer with anything they want. But removing it.. come on..

Do you have any source for this statement ?

I can't find any news stating that binance's security was compromised.

Alright, it seems to be proven now that this address is owned by binance.

However, this still doesn't mean that they are going to give you your coins back.

One should assume that they are going to do this, but they definitely don't have to.
They can either decide to keep it, because (1) it was your fault or (2) because their internal policy doesn't allow to manually access the private keys in such cases / initiate such transactions.


But i wouldn't rate binance as a company which will keep your coins. However, they still have the right to do so.

Sending 55+ BTC to a random address you received funds from is careless at least.

This is the correct sequence of commands.

Why doesn't it work ? Do you get any error message? If so, which ?
Also, which version are you using ?

A one-liner to send a transaction is:

You might try connecting to a different electrum server. Maybe its a problem with the server you are currently connected to.

How is this related to your statement that a higher blocksize increases the security (which i replied to) ?




Never said that.
I said you don't need to increase the blocksize.

Never said that you shouldn't under any circumstances. Neither did i said that purely off-chain is the best solution.
On-chain scaling solutions are good, as long as it's not about purely increasing the blocksize.




Not really.

Imagine a blocksize of 1000 MB.
Imagine the blocks are filled with 1MB regular transactions (without spam).

Now an attacker can fill the remaining 999MB of the block with 1 sat/B transactions.

He couldn't create 999MB traffic with 1sat/B transactions with a block size limit of 1MB. This would require him to have 999 blocks completely filled with his 1sat/B transactions.
A much higher fee (actually highest paying fee relative to all other transactions) would be necessary to generate 999MB traffic in this case.

It is cheaper to fill large blocks, than to fill small blocks.

Should work flawlessly.

The RBF tag basically says "this transaction is replacable".

If you create a new transaction using the same inputs to different outputs (sending to a different address) using a higher fee, it should get accepted by most nodes.
This is probably the easiest way to double spend an unconfirmed transaction.

That's just an assumption you make.
There is nothing to prove that point of view.




No it doesn't.

Segwit is necessary for further scaling, yes. But bigger blocks are not.

There are way better scaling options available than just increasing the blocksize, therefore it is not necessary (not saying slightly increased blocksize would hurt BTC).




No, he didn't.

He released bitcoin without any block size limit.
Due to the network design, the messages allowed to be send were limited to 32 mb. Therefore creating some kind of a block size limit.

In september 2010 he set a blocksize limit of 1MB to prevent spam / useless transactions filling up the blocks unnecessarily.

No, unfortunately not.
Currently it can only be assumed, but based on their statements it sounded like its not a security problem on their end.




This indeed sounds strange.
But i guess that's not a clue towards server side problems.

They might want all user to change their secret information because of a server-side security breach or because they believe there are more keys somehow laked / stolen.




Were they ?

I remember that most (if not all) people had their API key entered into a 3rd party trading software/script.
And this software had maliciously used the API keys to buy (and pump) a worthless coin, which has been sold by the attacker to get lots of profit out of it.

I didn't see any news regarding the security of binance being compromised. IIRC it was 100% users fault back then.

But OP could still create a link between the username and the IP, even without explicitly asking for it.
At least if not hundreds or thousands of user will ask him for the server details in a short amount of time.

But even if a connection can be established, i don't see the problem with it. It's not like your account or anything is at risk if such a link exists (especially since most people have dynamic IP's which regularly change or beacuse they are sitting behind a NAT of their ISP).




The xpub is not transmitted to the electrum server.
AFAIK the electrum client is asking for recent transactions on single addresses (basically all used addresses + gap limit).

So the information it can retrieve is which address you send to / receive from, the time you send/receive and your IP.

You already asked that question.

And you received an answer:


Why did you wait 3 days until now, instead of trying out for 10 minutes ?

Which information ?

He only needs your IP to whitelist it. And any server you are connecting to knows your IP (without knowing your IP, a connection would not be possible).

OP on the other hand does not follow a white-/blacklist approach. So he obviously doesn't need your IP (but he still will be able to see it, obviously).

People weren't able to protect their API-keys and 2FA codes which lead to the loss of funds.
So how should they going to be capable of protecting their private keys..




Binance's security is fine. Based on all information, it is each users fault for not protecting his 2FA codes / API keys.
It hasn't been mentioned anywhere that there was some security breach.




That's true, but in this case it the fault of each affected user individually.




It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..

Additional security measurements are not needed. You can create as much protecting mechanisms as you want.
If the people using them are too stupid to properly make use of it, it is completely useless.

People need to learn how to protect sensitive information. That's all which is needed. Making a X-factor-authentication is useless if people don't understand how to store the codes.
Same applies to password policies. A long and complex password is fine, but if he stores it in plain text on his windows XP.. that doesn't protect him.

I don't think so.

Most people are lazy as f**k. They would probably use 1 device (e.g. their mobile) for the 2nd and 3rd factor, therefore basically creating a 2FA again.

If done properly, it definitely increases the security. But i doubt the majority will be able to handle this correctly.




It is not vulnerable.
But if you don't know how to protect your sensitive information... it is only your fault.

It's like saying "I thoughts passwords are secure, now my account is at risk if i tell everyone my password ?".

If you keep your 2FA codes secure, so that noone except for you can access them, it is safe.
If you share your 2FA codes (or they can be accessed by other in any other way), it is not.

Then your post now, makes no sense.

What i wrote 3 lines below your snip still applies:

Note, that online computer refers to hot wallet and offline computer to cold wallet, in this case.

Manipulating the transaction (which is to be signed) is completely irrelevant from whether an internet connection is available on the computer or not.