Have you created your seed inside electrum ? Do you remember clicking the 'Options' button when seing your seed ? Inside the options you can check a box which says 'Expand this seed with custom words'. The next screen tells you then to enter additional words. IF you have done this AND had leading/trailing whitespaces, you are affected. But note the last sentence: The wizard will show a warning in this case. (#4566) Your hardware wallet is unaffected, since i believe you can't enter additional whitespaces when adding custom words in nano/trezor. Note: This topic belongs into 'Alternative Clients' -> 'Electrum'. You can move your topic by clicking 'move topic' at the bottom left of this page. |
|
|
|
Want this setup so only transactions originating from my application will sign the raw transaction using the local bitcoind (using rpc) and then forward the signed transaction to the bitcoind connected to the internet.
This sounds risky if you don't know exactly what you are doing. In order to this approach being secure, you definitely need to setup your bitcoind connected to the internet in a DMZ. And firewalls between your subnetworks is a must-have. Preferably append a signature (not a bitcoin-signature) to the unsigned transaction when transferring it to the signing machine to guarantee integrity and authentication. Also, note that this approach is NOT fully cold-wallet. In order to be a true cold setup, your signing machine should be not connected to any network at all. As i understand from your post, your signing machine is in the same network as the online-machine? |
|
|
|
Use python3 to run electrum and to install packages. So, isntead of running: sudo pip install <module>
You have to run either: sudo pip3 install <module> to install systemwide, or: pip3 install --user <module>
or python3 -m pip install --user <module>
to install it inside your home directory. |
|
|
|
|
To fully analyze your issue, we'd need more details.
What wallet did you use when creating your seed/phrase ?
What does your seed/phrase consist of (english words, random characters, ..) ?
And what wallet gives you the message of a wrong phrase ?
Please answer these questions. It simplifies it a lot to fix your issue.
|
|
|
|
Do NOT pay the ransom. You are NOT GUARANTEED to get the decryption key once you have paid the ransom. Some don't even have a decryption key anymore or simply just wipe the whole drive. The best is to ignore the warning, disconnect all affected drives and put them aside. DON'T TOUCH THE DRIVES ANYMORE. If you have backups, use them. Decryption tools emerge decently fast after a new ransomware has been found. At least as long there is a possibility of reverse engineering the key or compromising the c&c server. Most ransomwares do have either backdoors, are bad implemented, or have a vulnerability to retrieve the decryption key(s) from the server. The chances are relatively high of getting files back if you have the time to wait. You may have been infected with an old ransomware. Can you please post a picture (e.g. take a picture with your mobile, upload it to https://imgur.com/, give us the link) of the ransom screen ? Also, what ending do the files have ? This is necessary to know to find out which kind of ransomware this is. It is CRUCIAL to know which malware EXACTLY you are infected with. This fully determines the next possible steps for you to take (especially since you are running a business). |
|
|
|
But I can't find any information regarding Electrum wallet modification malware exists on the internet.
I never said that it does exist.. but it would be a possibility. In case it would exist, it probably wouldn't be that known. A single developer / group of developers could try to spread the malware themselves. This wouldn't attract attention until a lot of users face that problem/malware. If there is, someone should try to improve Electrum and prevent this from happening again.
This scenario is not that easy to circumvent. You'd need to built electrum to NOT trust the system it is installed on. And if you can't trust the system you are trying to install the software on, .. you shouldn't keep any private-/sensitive- information or cryptocurrencies on that machine at all.. Preventing injection is definitely possible, but not that necessary. It is way easier for an attacker to simply gain access to the private keys once you open electrum. Injecting dll's into electrum just to counterfeit the wallet creation process seems to be a bit of an overkill to me. And as i have already mentioned.. this is just ONE approach to modify the address you see. There are way more. If electrum should be secured against each of these.. Thomas would need a few more developers who only focus on the security. This isn't feasible (and unnecessary since you have to trust the host machine when storing private keys, no need to try to defend against each possible attack when your own machine is compromised..).
Edit: To clarify potential misconceptions regarding the safety/security of electrum: What i have mentioned above is applicable to EVERY software. This is nothing specific to electrum (or any other specific application). The branch which probably suffers the most from injections is the gaming industry. They have teams of engineers and developers only working on anti-cheat mechanisms. There is no solution or technology which prevents this happening. This is a cat-and-mouse game. |
|
|
|
I just do not like Windows 10, especially because that OS is collects a large amount of data from users - most of that can be manually adjusted, but this is just one big spy software.
Most data collection can be turned off (even though not everything through the GUI settings, registry entries required). But i understand your concern. Then why don't you switch to linux ? There are a lot of distro's which are easily understandable by windows user.
Therefore I consider older OS much more user friendly when it comes to privacy.
That's wrong to assume. The only thing you get with an older OS is worse performance and more vulnerabilities.
Since here is a case about hardware wallet and such wallet should be safe for using even in infected device I do not see why Ledger give users only Windows 10 as option... Windows 7 is not outdated, there are still updates and it is safe OS Sure, you CAN use a hardware wallet on an infected PC. But most user can't properly use a PC. And human error will result in threads calling ledger scammy and buggy. Windows 7 should be regarded outdated. A lot of vulnerabilities aren't being fixed by microsoft. Only the most dangerous ones are. You are risking all sensitive information on your machine (not the seed of your hardware wallet) when using windows 7. Calling an OS 'safe' is tough.. It is not the OS which makes a system secure. It is the whole setup, the network, user habits, etc.. The OS is just a small part of a safe/secure system. And windows is - by far - the least secured OS around.. Without any advanced mechanisms.. your windows machine will be compromised very fast.. A linux machine most probably won't.
and Ledger Live is only UI, how can I be vulnerable if using Ledger on Windows 7 (with good AV+Firewall+Antimalware) ?
Your nano s itself won't be vulnerable. But it is way easier to compromise your machine and try(!) to manipulate the ledger live software. And in case of you not double checking the tx details on your nano s, someone could slip you his address to send the funds to. If this was to happen, the first one to be accused is ledger.. I understand their approach. People should ALWAYS use up-to-date software. IMO old OS's shouldn't be supported at all.. by no company/developer. |
|
|
|
2018-09-06 09:18:01 (ERROR) -- SDM.py:307 - Bitcoind could not be found in the specified installation:
2018-09-06 09:18:01 (ERROR) -- SDM.py:309 - /mount/node
2018-09-06 09:18:01 (ERROR) -- SDM.py:310 - Bitcoind is being started from:
2018-09-06 09:18:01 (ERROR) -- SDM.py:311 - /usr/bin/bitcoind
2018-09-06 09:18:01 (INFO) -- SDM.py:171 - Found bitcoind in the following places:
2018-09-06 09:18:01 (INFO) -- SDM.py:173 - /usr/bin/bitcoind
2018-09-06 09:18:01 (INFO) -- SDM.py:173 - /usr/bin/bitcoind
2018-09-06 09:18:01 (INFO) -- SDM.py:175 - Using: /usr/bin/bitcoind
2018-09-06 09:18:01 (INFO) -- SDM.py:339 - Called startBitcoind
2018-09-06 09:18:01 (WARNING) -- SDM.py:441 - Spawning bitcoind with command: /usr/bin/bitcoind -datadir=/home/user/.bitcoin -dbcache=2000
Did you configure the core path to be in /mount/node ? Because armory seems to not be able to find it. It is using /usr/bin/bitcoind. Is this the correct path for your core installation ? |
|
|
|
I have verified the exe I downloaded, so it is basically impossible for me to use an infected client
Well, that's not completely true.. There are several possibilities how an malicious actor can modify your electrum wallet even tho you have verified the signature before and the .exe itself being the correct one. These techniques include (and are not limited to) malware which is nested into your system and waits for you to open electrum. Once electrum is opened, it hooks itself into the process and injects dll's to maliciously modify the creation process of your wallet. This is just one example on how someone COULD foist one an 'infected client' without the client itself being infected. I am not saying that this has happened. But it is definitely not impossible. And also definitely more probable on a windows machine than on Linux/macOS. |
|
|
|
I did not have the need to install Ledger Live so far, but now I am surprised that Windows 7&8 are not supported, it is really an unpleasant surprise for me. I really do not understand decision of Ledger regarding this, there is so many users who still use older versions of OS. What is the reason for this, and is there any way around to use Ledger Live in Windows 7 maybe?
Probably because using an outdated OS (with all the vulnerabilities and unpatched exploits available) causes too much security risks to support it when marketing a secure product. It is definitely advised to NOT use it anymore. Especially if your computer contains sensitive or valuable information. Windows 10 was available for free for quite some time now. They have even extended the free-upgrade-timeframe multiple times. And it seems that currently (even tho stated that a free upgrade is no longer possible) if you download the official windows media creation tool, you'll be able to upgrade to windows 10 for free. If you have a valid product key, it will stay valid in windows 10. |
|
|
|
|
I see a lot of people being confused by the btc 'ATH' in iran.
An radical increase in price like this can have two causes:
1) The tradeable asset's value is sharply increasing or
2) The currency the asset is traded against is sharply losing value.
In iran, currently 2) is the case.
This does mean that people in iran who hold bitcoin, did NOT get rich quick. It means they have kept the value stable, while the others have lost a lot of their value.
|
|
|
|
This thread belongs into the meta section of the forum. Bottom left of this page -> 'move topic' -> 'other - meta'. I guess you have locked your account by now ? Read this thread ( https://bitcointalk.org/index.php?topic=497545.0) thorough and send one PM including a signed message using a staked address to Cyrus if you want to regain access to your account. |
|
|
|
No. The obvious benefit would be on-chain scaling without escalating orphan rate and jeopardizing security. [...] , it would help with orphan rate once we decide to push the network toward unstable thresholds (large block size/short block time).
How is this in any way related to scaling ? The amount of transactions which can be processed within a given timeframe is not increasing with your 'proposal'. I heavily doubt 'we decide' to increase the blocksize or shorten the block time. Both values are perfectly fine. Messing with them can lead to a catastrophic event (e.g. keep an eye on BCH once the block start getting half-way full). Scaling should be optimally done on a second layer. Epecially messing with the blockchain AND changing blocksize-/time- value is a horrible approach. What stops me to create a 'parallel' block to the second block created then ?
I'd get 50 BTC reward, right ? Since it is height 2.
Protocol may or may not stop you from appending more blocks to auxiliaries and protocol will decide about rewards. I thought this should be an improvement to the protocol. And now 'the protocol' will decide everything ? How exactly would you handle this problem? If you don't have a solution, it is under no circumstances an acceptable change to the network. |
|
|
|
Unfortunately OP seems to not have an answer to these questions  I have asked similar ones, but didn't get any reply. This whole 'walletswap' probably just was a small idea without investing too much thoughts. Either this or it's a (relatively) well planned scam.. but i doubt that. The whole approach of swapping sensitive information like this can not work. Private keys are not something one HAS, but something one KNOWS. OP, if you are serious with this.. then you'd better stop wasting more time on that 'project'. |
|
|
|
The exact number can only be guessed. But it is at around 700k BTC. Looking at the earliest blocks, you can see some correlation between the hashrate and other factors which can lead to a conclusion that the majority of these blocks have very likely been mined by satoshi.
Who would do this and trust bitcoin so far? Logically this person can only be Satoshi.
That statement is far away from being logic.. Because coins havn't been moved, they have to belong to satoshi ? What if those private keys got lost ? Or the owner died ? How can you be so naive to say it is 'logic' that they belong to satoshi ? |
|
|
|
A wallet is just a piece of software which manages your private-/public- keys. It does not need to be online at any time to be able to 'receive' bitcoins. Simply install any preferred wallet on your offline-PC (e.g. electrum), verify the signature, create a wallet, backup the seed, and export the xpub (master public key) to your online-pc. You can afterwards create a watch-only wallet on your online-pc (shows addresses, transaction, balances) but you can't sign transactions since there is no private key imported. Your offline-pc wont show your current balance. Only your watch-only wallet on your online pc will. Please do NOT create your seed on your online-pc and delete it afterwards to create a watch-only. This destroys the whole purpose of a cold wallet since your private keys are supposed to NEVER touch an online-pc. If you are creating the seed on your online-pc you are assuming your online-system and network is completely clean. And that's not an assumption you should make when setting up cold storage. |
|
|
|
|
In case you are really running a 32bit OS on a 64bit CPU, i would suggest choosing option 1. from HCP.
There is no need to partition your drive and further use the 32 bit version.
With a 64 bit system you'll be able to use more than 4gb of ram and large data quantities can be processed faster.
If ledger is the only reason for you to buy a PC and your CPU does support 64 bit, this probably is the best solution.
And if you are going to store BTC only on your ledger, you might as well just download electrum and connect it to your ledger. You won't have to reinstall any OS and don't need a 64-bit architecture.
|
|
|
|
This can happen if your blockchain is missing some blocks past the height where armory is stuck. Which version are you using ? We need your armory log to exactly find out what's happening. Please either post it between [ code] and [ /code] tags or use https://pastebin.com/ and provide us the link. |
|
|
|
I am looking for some reliable wallet service / application with multisig possibility.
You definitely shouldn't be looking for an online 'service'. If you don't own the private keys, you don't own the bitcoins. Me & my friend are about to start a small business  We want to create a secured wallet so that none of us independently can spend the money, ie to spend the money we have to put 2 signatures ( his & mine ). Especially in this case.. you should DEFINITELY NOT use an online wallet. Create a 2-of-2 or 2-of-3 multisig with a desktop client and keep the private keys secured offline. I know that it's possible, but at the same time, I don't want to use things like Bitcoin Core.
So I am searching for more UX friendly alternatives and, of course, reliable ones.
Well.. you can either have the most UX friendliest which is probably an online wallet. But this WON'T be a secured one. If you want to own your BTC yourself (not the website provider) and want to have them stored securely, set up a multisig using a desktop client. You don't have to download the whole blockchain. You can use a lightweight client (e.g. https://electrum.org/#home). There a lot of tutorials available online how to properly create a multisig wallet. This does take 5 minutes of your time. The reward for those 5 minutes is a secured storage solution instead of some 3rd party wallet service (which would be dumb when running a business). If you technically don't understand anything at all, i doubt you will be successfully able to accept BTC payments or whatsoever. In this case pay someone to show it you step-by-step.. |
|
|
|
|
Show Posts
