so i restore my trezor only using the 24 seeds without passphrase , my eth coins will come back all right ?
If the seed is correct, yes. but when you reset your wallet use the 24 seeds, it have necessary step need to enter your passphrase , how can i avoid it ? thanks
Unfortunately i don't own a trezor, so i can't assist you with the exact procedure. But can't you simply let the field empty ? AFAIK it is not mandatory to attach a passphrase to the seed.
|
|
|
not set passphrase in 2018 years ,(i think it didnt have this function in that time ), but yesterday i already set the passphrase
is it effect my wallet ? thanks
Yes, it affects the master private key which is being generated. Trezor uses the mnemonic code (your 24 words) + passphrase to generate the master private key (which is then used to derive your private keys, which hold your funds). You need to restore your trezor only using the 24 words, without a passphrase. If you insist on having a passphrase attached to your mnemonic code, you need to move your coins from the old seed (without passphrase) to the new one (with passphrase).
|
|
|
And this is a 100% safe way to do it. Ne coins can get lost in the process or for any other reason?
It is definitely 100% safe. When uninstalling the application, all your are doing is.. to uninstall the application. To spend your coins, you need the correct private keys. These private keys are derived from the seed, which is stored inside of the nano s. If you uninstall / install an application, the nano s always derives your private keys the same way. Therefore you can uninstall them as often as you want, wipe your nano s or set up a new nano s with your mnemonic code to be able to access all of your coins again. All you need to make sure to never lose access to your coins, is to have a backup (or multiple) of your 24 word mnemonic code.
|
|
|
If: - you have the mnemonic code (12 words) from both wallets AND
- you send your BTC to the correct address (from your wallet) AND
- you downloaded the original electrum (no malicious fake version)
your funds are safe! We need a few more information to help you out. Start off with answering NeuroticFish's questions and explain the procedure of sending your coins from one wallet to another (i.e. where did you download from / how did you create the wallet).
|
|
|
This was 3 months ago. And he didn't make the glitch public, which said he will do. Furthermore the 2FA is checked server-side. So technically it is not possible to bypass 2FA by manipulating the client (in this case: the iOS app). IMO this was just a bad joke. And far away from being a 'source' to the statement that binance had a security breach.
|
|
|
It shows as removed here.
This one is removed too. What's wrong with them?
Lol. Alright. That's pretty fishy.. I mean.. honestly.. they could answer with anything they want. But removing it.. come on..
|
|
|
It is the user who has to use the safe (i.e. securely storing api key / 2FA codes). Binance can't force anyone to protect their password / 2FA code / etc..
But the issue wasn't that people were careless with their 2fa or passwords. The issue was that Binance had a security breach that circumvented these security checks. I get that in crypto you are responsible for your own security - but in this case the problem wasn't the user, it was the 'trusted' and apparently 'safu' centralized exchange, who has such an inflated sense of self importance that they were considering risking the entire integrity of Bitcoin through a roll back. Do you have any source for this statement ? I can't find any news stating that binance's security was compromised.
|
|
|
Alright, it seems to be proven now that this address is owned by binance.
However, this still doesn't mean that they are going to give you your coins back.
One should assume that they are going to do this, but they definitely don't have to. They can either decide to keep it, because (1) it was your fault or (2) because their internal policy doesn't allow to manually access the private keys in such cases / initiate such transactions.
But i wouldn't rate binance as a company which will keep your coins. However, they still have the right to do so.
Sending 55+ BTC to a random address you received funds from is careless at least.
|
|
|
This is the correct sequence of commands. Why doesn't it work ? Do you get any error message? If so, which ? Also, which version are you using ? A one-liner to send a transaction is: electrum payto <bitcoin_address> <amount> | electrum broadcast -
You might try connecting to a different electrum server. Maybe its a problem with the server you are currently connected to.
|
|
|
The argument I make is when the block subsidy is very low versus the value of the fees and the value of BTC is high, the block size will have an impact on how secure the chain is.
That's just an assumption you make. There is nothing to prove that point of view. No, there must be limits. why not have a 1kb block why not have a 10 terabyte block. There must be a maximum utility in there some where How is this related to your statement that a higher blocksize increases the security (which i replied to) ? Sure you can scale off chain but that does not mean you can have a different type of scaling onchain.
Never said that. I said you don't need to increase the blocksize. Never said that you shouldn't under any circumstances. Neither did i said that purely off-chain is the best solution. On-chain scaling solutions are good, as long as it's not about purely increasing the blocksize. [...] but a larger blocksize make it much more expensive to "spam"
Not really. Imagine a blocksize of 1000 MB. Imagine the blocks are filled with 1MB regular transactions (without spam). Now an attacker can fill the remaining 999MB of the block with 1 sat/B transactions. He couldn't create 999MB traffic with 1sat/B transactions with a block size limit of 1MB. This would require him to have 999 blocks completely filled with his 1sat/B transactions. A much higher fee (actually highest paying fee relative to all other transactions) would be necessary to generate 999MB traffic in this case. It is cheaper to fill large blocks, than to fill small blocks.
|
|
|
Moving on... How about transactions marked with RBF?
Should work flawlessly. The RBF tag basically says "this transaction is replacable". If you create a new transaction using the same inputs to different outputs (sending to a different address) using a higher fee, it should get accepted by most nodes. This is probably the easiest way to double spend an unconfirmed transaction.
|
|
|
The argument I make is when the block subsidy is very low versus the value of the fees and the value of BTC is high, the block size will have an impact on how secure the chain is.
That's just an assumption you make. There is nothing to prove that point of view. 1mb or 4 via segwit seems to low. [...] Bitcoin needs both larger blocks and segwit. Both main camps have failed to accept this and the whole projects and society suffers.
No it doesn't. Segwit is necessary for further scaling, yes. But bigger blocks are not. There are way better scaling options available than just increasing the blocksize, therefore it is not necessary (not saying slightly increased blocksize would hurt BTC). For reference Satoshi had 32 MB blocks and he calculated hardware would keep up with bigger blocks.
No, he didn't. He released bitcoin without any block size limit. Due to the network design, the messages allowed to be send were limited to 32 mb. Therefore creating some kind of a block size limit. In september 2010 he set a blocksize limit of 1MB to prevent spam / useless transactions filling up the blocks unnecessarily.
|
|
|
that's my belief based on the statements binance made, but AFAIK no details about how 2FA and API keys were compromised have been released. have they?
No, unfortunately not. Currently it can only be assumed, but based on their statements it sounded like its not a security problem on their end. they have urged all users to change passwords, 2FA, and most specifically API keys so i guess we can't be sure this is 100% client side yet.
This indeed sounds strange. But i guess that's not a clue towards server side problems. They might want all user to change their secret information because of a server-side security breach or because they believe there are more keys somehow laked / stolen. API keys were hacked from binance's servers last year and there have been recent suspicions of an ongoing problem.
Were they ? I remember that most (if not all) people had their API key entered into a 3rd party trading software/script. And this software had maliciously used the API keys to buy (and pump) a worthless coin, which has been sold by the attacker to get lots of profit out of it. I didn't see any news regarding the security of binance being compromised. IIRC it was 100% users fault back then.
|
|
|
That's true... but a normal server has no way of connecting your IP to your Bitcointalk username... unless it is is the Bitcointalk server (or they somehow hack the Bitcointalk logs) But OP could still create a link between the username and the IP, even without explicitly asking for it. At least if not hundreds or thousands of user will ask him for the server details in a short amount of time. But even if a connection can be established, i don't see the problem with it. It's not like your account or anything is at risk if such a link exists (especially since most people have dynamic IP's which regularly change or beacuse they are sitting behind a NAT of their ISP). Don't they get your ip and xpub keys? So it would be possible to work out your bitcointalk username if you posted one of those addresses here (of course you could use a way to hide your ip).
The xpub is not transmitted to the electrum server. AFAIK the electrum client is asking for recent transactions on single addresses (basically all used addresses + gap limit). So the information it can retrieve is which address you send to / receive from, the time you send/receive and your IP.
|
|
|
You already asked that question. And you received an answer: Also can anyone confirm windows 7 safe mode with networking allowed the firmware update?
Why don’t you try? Why did you wait 3 days until now, instead of trying out for 10 minutes ?
|
|
|
By the way, if it requires the same info like mocacinno's server I might stay with the current server Is this private? Which information ? He only needs your IP to whitelist it. And any server you are connecting to knows your IP (without knowing your IP, a connection would not be possible). OP on the other hand does not follow a white-/blacklist approach. So he obviously doesn't need your IP (but he still will be able to see it, obviously).
|
|
|
One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection.
People weren't able to protect their API-keys and 2FA codes which lead to the loss of funds. So how should they going to be capable of protecting their private keys.. This is really bad news... Binance should have invested more in security
Binance's security is fine. Based on all information, it is each users fault for not protecting his 2FA codes / API keys. It hasn't been mentioned anywhere that there was some security breach. Whatever they claimed that they are safe, hackers job is to keep trying to penetrate the security of the exchange so for sure they will find ways to do that
That's true, but in this case it the fault of each affected user individually. To use an analogy, instead of investing in 3 padlocks, it would be more secure to invest in a Safe.
It is the user who has to use the safe (i.e. securely storing api key / 2FA codes). Binance can't force anyone to protect their password / 2FA code / etc..
|
|
|
As far as i am concerned, malicious actor were able to obtain API keys, 2FA codes, etc.. from the victims, correct ?
I answered a quetion in a different thread. A lot of thread has just created about Binance hack. So there is nothing you should afraid of now. [...] I'm sure there will be an extra security measure now and this will be enough for a while. Then we will experience the same things ... The nature of mankind ...
Additional security measurements are not needed. You can create as much protecting mechanisms as you want. If the people using them are too stupid to properly make use of it, it is completely useless. People need to learn how to protect sensitive information. That's all which is needed. Making a X-factor-authentication is useless if people don't understand how to store the codes. Same applies to password policies. A long and complex password is fine, but if he stores it in plain text on his windows XP.. that doesn't protect him.
|
|
|
3Fa would certainly change things.
I don't think so. Most people are lazy as f**k. They would probably use 1 device (e.g. their mobile) for the 2nd and 3rd factor, therefore basically creating a 2FA again. If done properly, it definitely increases the security. But i doubt the majority will be able to handle this correctly. What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable?
It is not vulnerable. But if you don't know how to protect your sensitive information... it is only your fault. It's like saying "I thoughts passwords are secure, now my account is at risk if i tell everyone my password ?". If you keep your 2FA codes secure, so that noone except for you can access them, it is safe. If you share your 2FA codes (or they can be accessed by other in any other way), it is not.
|
|
|
All those were mostly fishing type of attack that has potential to affect exclusively transactions signed by "hot" Electrum while trx signed by "cold" one remain immune.
No attack is targeting 'signed transactions' in any way. snip Perhaps you misunderstand me. FYI: what I meant they target destination address in transaction to be signed by "hot" Electrum. Sure, signed transaction is resistant to any attack. Then your post now, makes no sense. What i wrote 3 lines below your snip still applies: The transaction has to be manipulated before signing, which can happen either on an online computer or offline computer (e.g. through compromised USB).
Note, that online computer refers to hot wallet and offline computer to cold wallet, in this case. Manipulating the transaction (which is to be signed) is completely irrelevant from whether an internet connection is available on the computer or not.
|
|
|
|