As Lucius mentioned, mycelium server can often not show the up-to-date balance.

Do you see a transaction history? If not, chances are very high that his is a synchronization issue.
You can then either try to import your seed into a different wallet or simply wait a few hours / a day.

However, if you see a transaction history, look for the most recent transaction. If it is an outgoing one, your wallet might be empty.
If it is a receiving one, check the address on a block explorer to see whether (and how much) coins it still holds.


Before resetting your wallet, make sure you have a proper backup of your seed words!

Actually it should also work with python3.

Python can be quite cocky with the 'Module not found' errors.
You might have to adjust the path to get it working.

But syntactically there is not a lot of difference between python3 and python2. Those are just minimal.
If you are familiar with python3, you will easily be able to get your code working in python2.


Your only 2 options are to either get it working via adjusting paths / making changes to the package or using python2.

While it is true that it is vital to check the receiving address before sending a transaction, forgetting the last character (or any other char) or misstyping one will result in an invalid address.

When misstyping one character, the chance of the address still being a valid one is 1 in 2³². [1]

This makes it nearly impossible to accidentally send BTC to a different address than intended.



[1] https://en.bitcoin.it/wiki/Address

First, addresses don't get really 'hacked'.

In order to spend the funds lying 'on an address', the attacker needs to get access to the corresponding private key.

Now the question is, how does the attacker gain access to the private key ?
If you have your funds stored on a desktop wallet and the attacker gets access to your computer (e.g. via malware), he will have access to your seed (which will lead to all private keys being known to him).

If somehow the attacker does get access to only one private key (which will only happen in very rare cases where you store the private key seperately somewhere or accidentally give it to someone), only the funds associated with this one address will be at risk (i.e. stolen).


Just to make my statement correct:
If you are using unhardened paths (which is not the case in most wallets), 1 private key AND the public master key is enough to calculate all other private keys of the same derivation path.

This mostly won't affect you, but it is worth to be noted.




No, definitely not.
Feel free to store as much as you want on a single address.

3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r for example, is the address of the Bitfinex cold wallet and is holding roughly 138k BTC at the moment.

Simple.

1)
Because it is NOT necessary. Anyone with a brain (who actually is able to use it properly) knows how to stay up-to-date.
And people who don't have any clue about security, shouldn't store cryptocurrencies on a desktop wallet at all.

2)
It creates additional attack vectors. I know that you don't understand anything regarding security/vulnerabilities.
So either just believe me or do your own research.


You fell to a very very basic phishing scam. Admit it, learn from it and move on.
I stop responding to your trolling posts now because it seems that you don't learn anything from it anyway.

That is definitely enough.

It is MORE than you should expect.

Everyone is responsible for his own actions. If you fall for cheap phishing messages, you should consider using a hardware wallet or not using cryptocurrencies at all.

Noone and nothing stops you from receiving an email "sent by" electrum.org which says you to download a new (malicious) version, etc..
This is due to the fact that email is a broken protocol.
If YOU fall for something like this, it is YOUR fault. Same goes with downloading files without verifying the signatures.

If you still need someone trustworthy to do this for you, feel free to message me here on the forum.

Bitfinex is using PGP to encrypt emails.

Simply installing an addon doesn't allow you to read the email.
You obviously have to add your PGP key (which you have set in the bitfinex settings) to your addon (enigmail).

If you don't have access to your PGP private key anymore, your only option is to contact bitfinex (even tho this seems ot be impossible for you currently).
What exactly does not work from the support page on bitfinex.com ?
Usually you have to enter your email address (or even an alternate email address if you don't have access to your registered one) and they will get in touch with you.

There is no need for this bullshit.

Just VERIFY THE SIGNATURE.

There is absolutely NO reason for checking the hashes. All files are signed by TomasV's PGP key.
Signatures should always be MORE TRUSTED than hashes compared with hashes posted on a website / forum.

There are quite a few tutorials available on how to get the PGP key and how to verify the signature.
If you want to be sure that you got the original electrum (and not a fake / malicious version), verify the signature or build it yourself from source.

 

A computer does EXACTLY what is written in the code.

If YOU can't read or understand it, it is your fault.




Actually, the brains behind microsoft are very clever.
They are gathering more information from you than allowed by law and make money out of it.

To be precise, YOU are stupid for using microsoft without turning off all spying settings.




I don't think you know how CVSS works.

Actually.. it doesn't effect:
- Confidentiality
- Integrity
- Availability

The vulnerability doesn't allow the attacker to do anything except just SHOWING A MESSAGE.

That's like sending you an email with the title of "electrum is vulnerable, plz udpate from this very very offcial siite: electrummalware.org/iamstupid/forclickingthis" (mistakes intended)

People like you actually would click on it and install malware 

---

1. Because it is way easier (especially for non-techy people like you who don't understand anything at all)

2. Because Microsoft has a very very bad security policy

3. Yes

4. Depending on the source of the hashes to verify with, yes

5. I am actually 99.9 % sure that TomasV is smarter than billy gates.

Yes, thats why i have suggested to check the source code.

You can always trust the source code.




Of course they do the same thing. But you are SURE that the program is doing what it is supposed to do.
You are eliminating the risk of the source code and the binary being actually 2 different programs (e.g. prebuilt binary including backdoor).

There is a good reason to "not show security alerts". This offers way too much room for exploitation and would create new potential attack vectors.


Each user IS and SHOULD responsible for his/her own security.
If you are depending on others to tell you when it is safe or not safe to use a software, you are doing something wrong.




There is nothing which needs to be fixed currently.

Also he didn't mention anywhere that he is not a developer, even tho its pretty probable, it's just what you are assuming.


I don't understand the big crying about this "vulnerability". All it allowed was to show a message from the electrum server.
That's nothing security-related at all.

This wouldn't even get a CVSS score of 3 of 10 (i calculated it myself). That's definitely just low severity.

Simple.. The source code.

Electrum is completely open source.

And if you don't trust the developer, simply check the whole code at github.
You only need to verify the source code once, then after each update you will simply be looking at the commits only to make sure no backdoor whatsoever has been built in.

You can even build it yourself from source if you don't want to download a prebuilt binary.

That's not completely true.

The electrum server which you were connected to (which can by run by anyone who wants to) didn't broadcast your transaction.
That's not related to the electrum wallet itself.


Instead of simply clicking on an URL to download software which you didn't even verify the signature of, you could have simply connected to a different (non-malicious) electrum server.


I don't know how often you already read that here on the forum.. but.. Verify, don't trust!

---

The fact that you didn't update a software which holds your money for about 2 years, is already pretty bad.

Unfortunately there is no way for you to get the money back.


Since you didn't download a malicious wallet trough a phishing attempt and since your wallet is password protected, i'd say that the most plausible explanation is that your computer is infected with malware.

Did you download any half-way-shady software within the recent days ?
Do you use a legal copy of windows (cracked versions almost always have backdoors built in) ?

Uhm, no.

That's just completely unnecessary.
Using a good algorithm / software (which veracrypt definitely is) to encrypt files / folder once is enough.

Doing it multiple times is just wasted time and ressources.


If you encrypt your whole drive, it will look like completely random data. Encrypting it again doesn't give you any benefit at all.
Rather choose a passphrase which is 1 or 2 chars longer than the previous one. Increases the security way more than encrypting something "twice".

Let's be honest.. it was the fault of every single user who fell for this phishing scam.

Nothing is wrong with electrum security-wise. Some malicious electrum server exploited a low-severity-vulnerability in electrum to show a (very unprofessional) message (that's all they could do).

Electrum has never notified user about an update this way.
Each user who fell for this and downloaded the faked wallet without verifying the signature is fully responsible for their own loss.


@OP:
You have 0 trust in electrum, but use jaxx and exodus?
Both of them have already been proven to be exploitable (multiple times) which can easily result in a loss of funds / private keys.

Yet, there only was one severe vulnerability in electrum (the RPC vuln) which also required to have no password set in order to be really exploitable regarding stealing funds / private keys.

I didn't look into the first two, but the first which caught my eye when visiting their website was this (below "QR code data transmission,  isolated from the Internet world":

Either this was a very very embarrassing mistake, or they don't really have a clue what they are talking about.

1. SHA is an hashing algorithm, not an encryption algorithm
2. There is no need to use asymmetric encryption. Symmetric encryption is way faster and more secure compared to asymmetric encryption when using the same keysize


This statement alone tells me personally to keep far away from this wallet.
If they mix up hashing with encryption, how are they supposed to build a secure hardware wallet ?

---

Actually this is a ledger nano s with reduced functionality (reduced to only 3 coins) paired together with the fact that it can only be used with blockchain.com's web interface.

The software you use to communicate with the ledger does (most probably) NOT have any influence on exploiting this vulnerability.

It is the bitcoin application (on the ledger) which is (or better: was) vulnerable, not ledger live (which is just the GUI to access the ledger nano s).
Electrum itself is also communicating with the bitcoin application (on the nano s), just as any other GUI is.


@OP:
You are right that updating the firmware can be risky regarding the security.
But the nano s is verifying the signature of the update before installing. If it is not signed by ledger's (the company) key, the installation will fail.

So, feel free to update the firmware. You are running a greater risk not updating it, than when updating it.
But make sure to have your seed properly backed up.

Thanks, but unfortunately the offer expired.




I am from europe 

Thanks for your replies guys, unfortunately the offer expired and i don't need anyone to do this anymore.

Sorry, i believe 1:1 rate is pretty fair considering paypal - BTC.

But thanks anyway for your offer!