Because if you are running an unprofitable business, the best possible thing to do is to lock up your assets for 2 years to take out a loan at 10% so you can continue to run your unprofitable business and end up even more in debt than you were to begin with.

Don't be fooled in to thinking this is Binance doing something good for the network. It isn't. This is Binance doing whatever they can to make more profit for themselves, at the expense of anyone and anything else. Just as they have always done.

The last retarget saw the difficulty increase by one of the highest jumps ever, and the highest since May last year. We are on track for another 5% jump in this period. Hashrate is at its highest ever, and continuing to grow. The ecosystem is "running and growing" just fine, without this cash grab from Binance.

They are using the cutting edge Proof of Tweet algorithm: https://nitter.it/Arthur_van_Pelt/status/1581464913591291904#m

The entire BSV network has collapsed. Blockchair shows no blocks for a day. https://explorer.viawallet.com/bsv and https://whatsonchain.com/blocks both show recent blocks, but different recent blocks. If you look through the past 24 hours worth of blocks, this unknown miner is mining between 70-80% of them, completely empty. At any point, this miner could decide to just ignore all blocks other than their own, completely halting all transactions and activity on BSV.

The amount of copium on Twitter is hilarious. Everything from "There is no attack" to "This is good because it means fees will be pushed higher than the subsidy" to "This is just someone trying to load up their bags with block rewards before we moon" (seriously). People are unable to make transactions, and there are frequent reorgs dozens of blocks deep.

Any word on exchanges starting to implement freezes on BSV withdrawals/deposits? Even if someone does manage to get a deposit confirmed on the network, I can't imagine the exchange will be too happy when a reorg makes that deposit disappear 100 blocks later. Given I can only imagine the majority of BSV bagholders will be keen to dump their bags for real bitcoin as soon as possible, any exchange which continues to accept BSV deposits is at a huge risk of loss, even without CSW's new software allowing him to arbitrarily seize any coins he likes. So back to the original point of this thread: Get your bitcoin in to your own wallets as soon as possible.

If you trade BTC for ETH, and then later trade that ETH back to BTC, then an adversary who was watching you might be able to link up your trades across the two public blockchains and therefore track what you did. They can look for an ETH transaction of an identical value to the BTC transaction you made occurring around about the same time, and then be able to make a reasonable guess as to which ETH are now in your possession. They can repeat this again in reverse to link your new bitcoin to your old bitcoin. This is impossible with Monero.

You also have to consider how you interact with the Ethereum blockchain. The most popular Ethereum wallets, such as MetaMask or multi-coin wallets, are in no way private, and harvest lots of data including your IP address, crypto addresses, and balances and transactions. Monero, on the other hand, can either be run via your own node or connecting to another node via Tor to mitigate these risks.

That's probably your issue then. Mainstream support for Windows 7 ended 7 years ago. It is an outdated and insecure OS. You should strongly considering upgrading at least to Windows 10, although obviously Linux would be a better choice all round for both security and privacy.

Why do you want to use Wasabi? In case you are unaware, they are pro-surveillance and pro-censorship and cooperate with blockchain analysis. I would steer well clear of their software.

What version of Windows are you using, and is it up to date? A quick web search suggests this .dll is part of the Microsoft Visual Studio (Visual C++) package. Make sure this is installed and up to date. I don't use Windows, but I assume this can be done through some sort of package manager or update manager? If not, you can grab it from here apparently: https://www.microsoft.com/en-us/download/details.aspx?id=52685

In terms of NGN, there is an open issue to support Paga, which you might be familiar with: https://github.com/bisq-network/growth/issues/268

With ChipMixer - cheap, fast, convenient, low risk, and secure. I can send coins to be mixed and leave them on ChipMixer for as long as I want, and access them at any time I choose. I can have a handy supply of mixed coins I can access at a moment's notice at any time. Additionally, thanks to ChipMixer's chip structure, I can only withdraw what I need, meaning I can usually avoid creating change which gives me even more privacy.

The only truly private altcoin is Monero, and the only truly private DEX to trade it on is Bisq. Swapping Bitcoin to Monero is a viable mixing technique, but you should then move the Monero around, wait as long as possible before swapping it back, swap it back in a different amount than you traded in the first place, and with a different third party. While this is entirely possible, it is slower, has higher fees, is far more cumbersome to do, and potentially less private if you mess up.

Also, if you are using a centralized service which is discriminating against some bitcoin because they claim they are "dirty", then that service is actively attacking and undermining bitcoin's fungibility as well as monitoring and censoring you, and you would do well to find a different service to use.

Specifically, at this address: 1QLbz7JHiBTspS962RLKV8GndWFw

There is a great answer explaining why some characters are easier to find than others on stackexchange here: https://bitcoin.stackexchange.com/a/95828. It is to do with converting Base58 back to Base16 giving two ranges for some addresses (the easier to find ones), but only one range for the others.

I have pointed this out to franky1 multiple times before, as he defends mass surveillance and government intrusion, while saying that nobody should use mixers or other privacy tools.

I'll repeat the quote I shared in that post above:

franky1 epitomizes this mindset. "PayPal are free to censor anyone who uses PayPal, they are just protecting their business", he says. Even if you think that is a reasonable position to hold, you really think it will stop there? Given the history of government repression, mass surveillance, censorship through the fiat system, social credit scores, and all manner of controlling measures being forced upon us, you really think this isn't just the next step in ever more censorship and control over your lives? Governments would force fiat institutions to freeze all your accounts if you say something they don't like if they thought they could get away with it, and indeed, have already done exactly that with the Canadian truckers, Russian oligarchs, and others. If PayPal had got away with this (and I am still 100% sure they will re-implement it at some point in the future), then they will soon move on to ever more repressive policies.

But surely it you can bypass the PIN counter altogether to earn yourself unlimited attempts, then you would also bypass any delay imposed on repeated attempts. In such a case it then becomes fairly easy to set up a program to just brute force every combination from 00000000 to 99999999. And with the seed dumping vulnerability you mention now patched, then if such an attack were possible then I suspect we would have seen it by now.

So if it seems not possible to bypass the PIN counter, then that comes back to the original question of what does bricking after x attempts rather than resetting after x attempts achieve, other than forcing you to buy a new device?

Exactly. Which is part of the reason I am arguing against using dice. If you instead want to test whether a single die has no bias and be reasonably confident in your conclusions, then it would require even more rolls than the ~16,000 coin flips I gave above to test for a coin. Why take the risk, when there are safer, simpler, and quicker methods available?

That wouldn't work. You need to decide in advance which die will be your first number, which will be the second, and which will be the third, as if you wait until after you have rolled to pick the order then you introduce bias. In such a scenario, if die 1 has a bias towards 1 and die 2 has a bias towards 2, then ending up with HHH will be more likely than any other combination.

The method only works on a single die because each individual roll has the exact same chance to be biased as every other roll.

That's an interesting angle which I had not considered. It does however raise the question that if this were the case, why have we not seen the PIN counter being reset on other devices which do not use this hardware counter? Given how eager hardware wallet manufacturers are to disparage the competition, if this were possible would we not have seen a disclosure that "X wallet's PIN counter can be bypassed"?

That is undoubtedly a terrible idea, but that doesn't mean we should be promoting other risky ideas in its place.

It can, but it is significantly more complicated. Essentially you would roll the dice three times, and make a note of all three numbers. If any number is repeated, you discard the rolls and start a new set of three. You then note if the second number is higher (H) or lower (L) than the first number, and then if the third number is higher than both the first and second numbers (HH), lower than both the first and second numbers (LL), or between the first and second numbers (B). This allows you to generate 6 possibilities from your three dice rolls:

HHH
HLL
HB
LHH
LLL
LB

You map each of these six possibilities to a number from 1 to 6, and repeat until you have as many numbers as you need.

This works because rolling 1,3,5 is equally as likely as rolling 1,5,3 or 3,1,5 or 3,5,1 or 5,1,3 or 5,3,1, regardless of the bias towards any individual face of the dice.

You simply convert the data part (after the 1) from Bech32 back in to hex, and then drop the version byte at the start and the checksum at the end. What you will be left with is the witness program, which for standard segwit addresses will simply be the pubkeyhash. There are multiple implementations you can use to do this available here: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#reference-implementations. Alternatively, you can use this site: https://bitcoin.sipa.be/bech32/demo/demo.html. Just paste in your segwit address and it will spit out your program (which as I mentioned, for standard addresses will be your pubkeyhash).

Since message signing is done via the private key and not an address, and message verification is done via recovering (usually) two public keys from the message and signature, you can use this pubkeyhash to verify any message if you know what you are doing. If you turn that pubkeyhash in to a legacy address via adding a network byte to the start, a checksum to the end, and converting to Base58, you can then verify a message signed with a segwit address against the equivalent legacy address.

For example:


If you paste the above in to this site (https://brainwalletx.github.io/#verify), the message will fail to verify.

Now, take the segwit address in that signature, and use the method described above to extract the pubkeyhash - e9fd77daadc93cda00fc8bd416c760bc427c5d0a.
Now, take that pubkeyhash and turn it in to a legacy address - 1NLE5yWwTjRyMe8Jd6JdUzSE9RLikH79cn.
Now, replace the segwit address in the signature above with this legacy address.
You'll find the message now verifies correctly.

Definitely some weird stuff going on. Blockchair and some other explorers are showing no blocks for ~5 hours, while other explorers are showing 50 blocks beyond that, but with dozens more empty blocks. Seems to me that CSW and co are trying to re-org out all these empty blocks?

Whoever this unknown miner is, they control a majority of the hashrate and are finding somewhere between 70-80% of BSV blocks. We always knew BSV was a centralized scam coin, but currently instead of it being centralized under CSW's control it is centralized under the control of this unknown miner.

Wonder if they'll start using the new protocol to simply assign every BSV in existence to themselves?

My point exactly. If the argument is that bricking a device is safer than simply factory resetting because you cannot guarantee that all the data is destroyed with a factory reset, then they are pretty much admitting that they think data can be extracted from their device via some method. In which case, whether the device resets or bricks itself is irrelevant, since no attacker would attempt to brute force an unknown PIN with 3/10/20 whatever attempts, and instead proceed to extract the data through whatever these methods may be.

Also, if the argument is that bricking is more secure than a factory reset, then the devices should come with a huge warning to never sell your device, give it to a friend, etc., since even if you factory reset it your wallets would be at risk. As far as I am aware, no device comes with such a warning.

What is the benefit of a device bricking itself after x number of attempts, rather than just factory resetting itself? Assuming in both cases there is no chance to recover access to the original wallet without knowledge of the seed phrase, then bricking instead of simply securely wiping/shredding the data seems like a bug, not a feature, and simply forces the user to purchase another hardware wallet rather than just using their newly reset one to recovery from a back up.

Given that we know plenty of people leave hardware wallets lying around where they shouldn't, on desks, in drawers, etc., I'd be pretty pissed if a kid (for example) picked it up thinking it was some kind of phone and inadvertently permanently bricked my $200+ device.

Which poses the next question: "How to get the attacker to believe you didn't just send those coins to a different wallet you also control?"

I prefer the approach of using multiple passphrases. Base wallet, small amount of coins I can hand over to an attacker. Passphrase 1, larger amount of coins which could reasonably be my entire stash, which I could hand over if very much coerced to do so. Passphrase 2, my actual stash, with no evidence of its existence and no blockchain links to any of my other wallets.

And even in this scenario, I could hand over Passphrase 2 if absolutely necessary, since I don't keep all my funds on one hardware wallet anyway, and my various other cold storage and paper wallets would still be safe.

I would say the most common way that people sign from a segwit address is via Electrum, given that it is such a ubiquitous wallet that many people are familiar with. You can easily import a seed phrase or individual private key to it in order to sign a message, and can easily do all this offline for added security, and the other party can easily install it in under a minute if they don't already have it for the sole purpose of verifying your signature. Or if they know what they are doing they can always pull the pubkeyhash out of the segwit address to generate a legacy address and use an online tool such as https://brainwalletx.github.io/#verify

Alternatively, just use segwit for the majority of things since it has a host of other benefits, and keep a legacy wallet on hand on the rare occasion you need to sign from an address.

Just some more PayPal censorship: https://hongkongfp.com/2022/10/12/paypal-hk-halts-payments-to-hong-kong-pro-democracy-group-citing-unspecified-excessive-risks/

Censoring any donations to a Hong Kong pro-democracy group due to "excessive risks", but at no point tells anyone, including the group themselves, what those "excessive risks" are. Sounds like China are in charge of PayPal company policy now.

Great to see more and more fiat companies shoot themselves in the foot like this. Can't censor donations with bitcoin!

There are literally millions of sites out there which are 100% scams. Not just in bitcoin, but in general. Malicious clones of exchanges, platforms, mixers, wallets, shops, etc. MLM schemes. Fake charities, casinos, lotteries, marketplaces, etc. Fake investment companies. Fake employment companies. Fake companies in general. The list is endless.

You can report these sites if you want, but what incentive do web hosts have to take down these sites? Scammers pay them, and they don't take a hit to their reputation by continuing to host scammers because almost nobody even bothers to find out who is hosting these scams in the first place. Register themselves to the Seychelles or similar and they can pretty much do what they like. And even if you succeed in taking down a scam site, it will be re-hosted at a different address within hours.