Never looked at it again and now my balance shows zero bitcoins. Can anyone help me to get my two btw back? Should I just make a backup?
As Lucius mentioned, mycelium server can often not show the up-to-date balance. Do you see a transaction history? If not, chances are very high that his is a synchronization issue. You can then either try to import your seed into a different wallet or simply wait a few hours / a day. However, if you see a transaction history, look for the most recent transaction. If it is an outgoing one, your wallet might be empty. If it is a receiving one, check the address on a block explorer to see whether (and how much) coins it still holds. Before resetting your wallet, make sure you have a proper backup of your seed words!
|
|
|
Actually it should also work with python3.
Python can be quite cocky with the 'Module not found' errors. You might have to adjust the path to get it working.
But syntactically there is not a lot of difference between python3 and python2. Those are just minimal. If you are familiar with python3, you will easily be able to get your code working in python2.
Your only 2 options are to either get it working via adjusting paths / making changes to the package or using python2.
|
|
|
That's why it is always important to check the address you are sending to several times. Even if you are not infected you can still make a mistake and forget to copy the last character of your address for example.
While it is true that it is vital to check the receiving address before sending a transaction, forgetting the last character (or any other char) or misstyping one will result in an invalid address. When misstyping one character, the chance of the address still being a valid one is 1 in 2 32. [1] This makes it nearly impossible to accidentally send BTC to a different address than intended. [1] https://en.bitcoin.it/wiki/Address
|
|
|
Is it better to split your btc into multiple addresses in the rare case one gets hacked? Also, if one of your addresses did get hacked and all your other addresses were associated by having been generated from same seed, are your other addresses at risk (assumming they did not figure our your seed of course).
First, addresses don't get really 'hacked'. In order to spend the funds lying 'on an address', the attacker needs to get access to the corresponding private key. Now the question is, how does the attacker gain access to the private key ? If you have your funds stored on a desktop wallet and the attacker gets access to your computer (e.g. via malware), he will have access to your seed (which will lead to all private keys being known to him). If somehow the attacker does get access to only one private key (which will only happen in very rare cases where you store the private key seperately somewhere or accidentally give it to someone), only the funds associated with this one address will be at risk (i.e. stolen). Just to make my statement correct: If you are using unhardened paths (which is not the case in most wallets), 1 private key AND the public master key is enough to calculate all other private keys of the same derivation path. This mostly won't affect you, but it is worth to be noted. Do you feel it is foolish to keep too much btc in any one address?
No, definitely not. Feel free to store as much as you want on a single address. 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r for example, is the address of the Bitfinex cold wallet and is holding roughly 138k BTC at the moment.
|
|
|
Legendary why you dont want electrum to show security alerts to users? You want to fool users?
Simple. 1) Because it is NOT necessary. Anyone with a brain (who actually is able to use it properly) knows how to stay up-to-date. And people who don't have any clue about security, shouldn't store cryptocurrencies on a desktop wallet at all. 2) It creates additional attack vectors. I know that you don't understand anything regarding security/vulnerabilities. So either just believe me or do your own research. You fell to a very very basic phishing scam. Admit it, learn from it and move on. I stop responding to your trolling posts now because it seems that you don't learn anything from it anyway.
|
|
|
not enough
That is definitely enough. It is MORE than you should expect. Everyone is responsible for his own actions. If you fall for cheap phishing messages, you should consider using a hardware wallet or not using cryptocurrencies at all. Noone and nothing stops you from receiving an email "sent by" electrum.org which says you to download a new (malicious) version, etc.. This is due to the fact that email is a broken protocol. If YOU fall for something like this, it is YOUR fault. Same goes with downloading files without verifying the signatures.
|
|
|
If you still need someone trustworthy to do this for you, feel free to message me here on the forum.
|
|
|
I get the email but it states it's encrypted and i need to install Enigmail (i done this on Thunderbird) but i still can not read the email??
Bitfinex is using PGP to encrypt emails. Simply installing an addon doesn't allow you to read the email. You obviously have to add your PGP key (which you have set in the bitfinex settings) to your addon (enigmail). If you don't have access to your PGP private key anymore, your only option is to contact bitfinex (even tho this seems ot be impossible for you currently). What exactly does not work from the support page on bitfinex.com ? Usually you have to enter your email address (or even an alternate email address if you don't have access to your registered one) and they will get in touch with you.
|
|
|
But developers can post hashes of files here on bitcointalk. Or in twitter. In second source. It's 99.9% secure! Why not to do this? This section consist of million threads, where people complain about electrum wallet phishing
There is no need for this bullshit. Just VERIFY THE SIGNATURE. There is absolutely NO reason for checking the hashes. All files are signed by TomasV's PGP key. Signatures should always be MORE TRUSTED than hashes compared with hashes posted on a website / forum. There are quite a few tutorials available on how to get the PGP key and how to verify the signature. If you want to be sure that you got the original electrum (and not a fake / malicious version), verify the signature or build it yourself from source.
|
|
|
You can always trust the source code.
DONT A computer does EXACTLY what is written in the code. If YOU can't read or understand it, it is your fault. There is a good reason to "not show security alerts". This offers way too much room for exploitation and would create new potential attack vectors.
lol so microsoft and security companies are stupid because they show users security alerts There is nothing which needs to be fixed currently.
yes because microsoft and security companies are stupid Actually, the brains behind microsoft are very clever. They are gathering more information from you than allowed by law and make money out of it. To be precise, YOU are stupid for using microsoft without turning off all spying settings. I don't understand the big crying about this "vulnerability". All it allowed was to show a message from the electrum server. That's nothing security-related at all.
This wouldn't even get a CVSS score of 3 of 10 (i calculated it myself). That's definitely just low severity.
it is 10/10 high risk security. Terrible mistake of a developer I don't think you know how CVSS works. Actually.. it doesn't effect: - Confidentiality - Integrity - Availability The vulnerability doesn't allow the attacker to do anything except just SHOWING A MESSAGE. That's like sending you an email with the title of "electrum is vulnerable, plz udpate from this very very offcial siite: electrummalware.org/iamstupid/forclickingthis" (mistakes intended) People like you actually would click on it and install malware
stupid Legendary FIRST OF ALL, Legendary, answer these questions: 1. Why Microsoft just let users verify files by hashes? 2. Why Microsoft doesnt recommend users verify files by signature? 3. Microsoft is encouraging poor security behaviour? 4. Microsoft just let users verify files by hashes is "false security"? 5. You and your ThomasV are smarter than Microsoft and Bill Gates?
1. Because it is way easier (especially for non-techy people like you who don't understand anything at all) 2. Because Microsoft has a very very bad security policy 3. Yes 4. Depending on the source of the hashes to verify with, yes 5. I am actually 99.9 % sure that TomasV is smarter than billy gates.
|
|
|
he doesnt trust developer.
Yes, thats why i have suggested to check the source code. You can always trust the source code. Prebuilt binary and source code do the same things (show everything from servers to users, not show security alerts).
Of course they do the same thing. But you are SURE that the program is doing what it is supposed to do. You are eliminating the risk of the source code and the binary being actually 2 different programs (e.g. prebuilt binary including backdoor). There is a good reason to "not show security alerts". This offers way too much room for exploitation and would create new potential attack vectors. Each user IS and SHOULD responsible for his/her own security. If you are depending on others to tell you when it is safe or not safe to use a software, you are doing something wrong. So if he wants to build from source code he has to fix source code first but he is not a developer. Solution? "Electrum replacement needed"
There is nothing which needs to be fixed currently. Also he didn't mention anywhere that he is not a developer, even tho its pretty probable, it's just what you are assuming. I don't understand the big crying about this "vulnerability". All it allowed was to show a message from the electrum server. That's nothing security-related at all. This wouldn't even get a CVSS score of 3 of 10 (i calculated it myself). That's definitely just low severity.
|
|
|
Its all about trust. No one wants to entrust their bitcoins to dodgy software.
Don't trust, verify! Which is why, regardless of the fact that I always download Electrum from electrum.org... I will always verify the digital signature before installing and using it. I also always check the Electrum website on a semi-regular basis to look for updates. In my opinion, Electrum isn't "dodgy"... and at the end of the day... the real blame lies at the feet of the scumbags executing these attacks. verify what if he doesnt trust the developer? Simple.. The source code. Electrum is completely open source. And if you don't trust the developer, simply check the whole code at github. You only need to verify the source code once, then after each update you will simply be looking at the commits only to make sure no backdoor whatsoever has been built in. You can even build it yourself from source if you don't want to download a prebuilt binary.
|
|
|
It happened because the software stopped me from proceeding you fucking idiot!
That's not completely true. The electrum server which you were connected to (which can by run by anyone who wants to) didn't broadcast your transaction. That's not related to the electrum wallet itself. Instead of simply clicking on an URL to download software which you didn't even verify the signature of, you could have simply connected to a different (non-malicious) electrum server. I don't know how often you already read that here on the forum.. but.. Verify, don't trust!
I havent receive any popups and i downloaded from their site about two years ago.
The fact that you didn't update a software which holds your money for about 2 years, is already pretty bad. Unfortunately there is no way for you to get the money back. Since you didn't download a malicious wallet trough a phishing attempt and since your wallet is password protected, i'd say that the most plausible explanation is that your computer is infected with malware. Did you download any half-way-shady software within the recent days ? Do you use a legal copy of windows (cracked versions almost always have backdoors built in) ?
|
|
|
Multiple encryption is better I guess. VeraCrypt the folder, veracrypt the veracrypted folder, do it again, and veracrypt the whole device. It should be better than 1 layer encryption, just like 2fa, just my 2 cents.
Uhm, no. That's just completely unnecessary. Using a good algorithm / software (which veracrypt definitely is) to encrypt files / folder once is enough. Doing it multiple times is just wasted time and ressources. If you encrypt your whole drive, it will look like completely random data. Encrypting it again doesn't give you any benefit at all. Rather choose a passphrase which is 1 or 2 chars longer than the previous one. Increases the security way more than encrypting something "twice".
|
|
|
[...] AGAIN, I’m not saying it’s the users’ fault. [...]
Let's be honest.. it was the fault of every single user who fell for this phishing scam. Nothing is wrong with electrum security-wise. Some malicious electrum server exploited a low-severity-vulnerability in electrum to show a (very unprofessional) message (that's all they could do). Electrum has never notified user about an update this way. Each user who fell for this and downloaded the faked wallet without verifying the signature is fully responsible for their own loss. @OP: You have 0 trust in electrum, but use jaxx and exodus? Both of them have already been proven to be exploitable (multiple times) which can easily result in a loss of funds / private keys. Yet, there only was one severe vulnerability in electrum (the RPC vuln) which also required to have no password set in order to be really exploitable regarding stealing funds / private keys.
|
|
|
There is also OraSaifu which looks overkill and expensive, probably not for the average joe and I also don't like the idea of having a device where you have your seed instead of writing it a paper. I didn't look into the first two, but the first which caught my eye when visiting their website was this (below "QR code data transmission, isolated from the Internet world": ..SHA asymmetric encryption..
Either this was a very very embarrassing mistake, or they don't really have a clue what they are talking about. 1. SHA is an hashing algorithm, not an encryption algorithm 2. There is no need to use asymmetric encryption. Symmetric encryption is way faster and more secure compared to asymmetric encryption when using the same keysize This statement alone tells me personally to keep far away from this wallet. If they mix up hashing with encryption, how are they supposed to build a secure hardware wallet ?
Actually this is a ledger nano s with reduced functionality (reduced to only 3 coins) paired together with the fact that it can only be used with blockchain.com's web interface.
|
|
|
This one more reason to use Electrum instead of ledger app. Electrum is far more tested and trusted. Additionally, you have much more control over transactions with Electrum than with ledger app.
The software you use to communicate with the ledger does (most probably) NOT have any influence on exploiting this vulnerability. It is the bitcoin application (on the ledger) which is (or better: was) vulnerable, not ledger live (which is just the GUI to access the ledger nano s). Electrum itself is also communicating with the bitcoin application (on the nano s), just as any other GUI is. @OP: You are right that updating the firmware can be risky regarding the security. But the nano s is verifying the signature of the update before installing. If it is not signed by ledger's (the company) key, the installation will fail. So, feel free to update the firmware. You are running a greater risk not updating it, than when updating it. But make sure to have your seed properly backed up.
|
|
|
Thanks, but unfortunately the offer expired. Which country are you from that uses commas for their currency?
I am from europe
|
|
|
Thanks for your replies guys, unfortunately the offer expired and i don't need anyone to do this anymore.
|
|
|
I have seen your post but didn't reply as it is a too low amount. Anyway, I can try if you can pay 1.5$ extra from the PayPal charge. You will pay only if I can pay successfully.
Sorry, i believe 1:1 rate is pretty fair considering paypal - BTC. But thanks anyway for your offer!
|
|
|
|