Be aware that the fake Electrum may have sent your seed mnemonic to the hackers. Given that your funds have not disappeared as yet, this may not be the case. However, maybe the hackers are just busy  So, you should do as Abdussamad has suggested and install the latest version on a clean device as soon as possible. Then, I would recommend that you create a completely new wallet with a new seed mnemonic and then send all your funds to the new wallet ASAP. |
|
|
|
Trying to convert pub key to corresponding hash 160.
Sounds good... input.txt would have the public addresses inside
Errr.... addresses or pubkeys? You cannot go from an address -> pubkey. As the address is derived by hashing the pubkey, which is a one-way function. So you can only go pubkey -> address. Also, in your code you are only using the SHA256 algorithm... There is no RIPEMD-160, so even if it is pubkeys that you have in the input file, you still wouldn't see the matching RIPEMD160. Have a look at this: http://gobittest.appspot.com/AddressIt shows step by step how to get from private key -> pubkey -> address and what hashes are done and when. To see the Hash160: Privkey -> Pubkey -> SHA-256 -> RIPEMD-160 |
|
|
|
So actually i did good that I tried to make another transaction with high fees?
Yes... and no. It was a good attempt, but unfortunately, I don't think the fee was really high enough to make a big difference. The mempool is still quite full and the recommended fees are still quite a bit higher than what your "effective" fee is. And if I will add another transaction with high fees? Should it be even more better?
No... you'll quickly see diminishing returns as each transaction you add in will need to increase the fees to such an extent that it covers the size of ALL the previous transactions as well. If you wanted to increase your effective fee up to 20 sats/byte... you would then increase your effective transaction size by one more transaction: 223+192+192 = 607 bytes It's possible that it could even be bigger if it needed more than 1 input + 1 output, so consider that the absolute minimum increase. 20 sats/byte * 607 bytes = 12140 sats... or 0.00012140 BTC... just as the fee to be paid. For now, I'd just leave it as it is... and see what happens in the next couple of hours. |
|
|
|
Honestly, I'm not sure that there is ANYTHING that will satisfy your level of paranoia  Asking whether a device can be compromised by an AC power bank like that is just ridiculous. If all it does is connect to your laptop via the normal power cable, that is simply impossible. Yes, power banks that connect via USB or USB-C connectors could theoretically be a disguised device setup to compromise your device. However, in that instance, the attack vector is instantly rendered useless by simply using "power only" USB cables/connectors as already discussed. I think you need to learn the difference between "possible" and "probable". For instance... is it "possible" that I could randomly generate the same seed as your HW wallet? Yes, the odds are non-zero... BUT is it "probable"? Hell no... the odds are so ridiculously small that it may as well be considered "impossible". Is it possible that someone is selling keylogging USB power banks on Amazon? Yes... is it probable? I'll let you figure that one out... |
|
|
|
HCP, has there been any case reported where someone downloaded electrum from the official site... did not verify the .exe... and then downloaded a fake electrum?
Not that I'm aware of... most of the "I definitely downloaded from Official site" claims turn out to be incorrect after the user actually views their browser history and sees exactly where they downloaded from. In most instances they simply see an identical site and think it's the official one, but it'll be electrum.net or electrun.org or one of the punycode URLs etc. The sneakiest one I've seen so far is a fake domain that redirects you to the official site on subsequent visits... so it lets you download the fake, then if you try and goto that URL again, it simply redirects to the official site to make you think you were on the official site all the time... very sneaky. But even though there hasn't been a hack on the official server that puts fake versions on their download server... I still verify the signature. It takes less than 30 seconds. |
|
|
|
To the first question, no, nothing came back to my account.
You likely won't see it "come back"... it's a slightly misleading way to describe what change is. Your wallet will automatically detect that the 2nd output being created is being assigned to an address from your wallet, so it will recognise it as "change" and adjust your balances accordingly. Bitcoin isn't like "internet banking" where you say send $68 to X... and it creates a transaction that sends exactly $68 to X... Generally, your wallet "balance" is actually made up of several "unspent transaction outputs" (UTXOs). These can be of all different values... and most likely, none will be the exact value that you're trying to send to someone. So you wallet will group several together until it has enough to be greater than or equal to "the value you're trying to send + transaction fee". In your instance, you tried to send $68.33 and it used a UTXO that was worth, $69.02. It then broke that up into the $68.33 output... the $0.66 "change" output... and the rest ($0.03) was spent on fees. You can read more about how "change" works here: https://en.bitcoin.it/wiki/ChangeAnd the second question, I do have some more balance inside. I don't care pay even 5$ if there any service like that.
It isn't a service... you just create a new transaction that spends the unconfirmed output from the first transaction and use a large fee to cover both the original AND the new transaction so that a miner wants that large fee and has to include both your stuck transaction and the new high fee transaction to claim their prize  It would appear that you've attempted CPFP: https://www.blockchain.com/btc/tx/ee137508d705a0f8b45d25d92be306055da9ae535ef1b96c4235439b6b8a5913Unfortunately, it hasn't really added toooo much in the way of a fee boost. I think the average fee you've paid across the 2 transactions is now about 10 sats/byte. Total Size of txes: 226 bytes + 192 bytes = 415 bytes Total fees paid: 0.00000226 + 0.00003840 = 0.00004066 BTC Total fee rate: 4066 sats / 415 bytes = 9.8 sats/byte (which in new terminology is ~2.5 sats/WeightUnit because it's non SegWit) While that is a bit better than 1 sat/byte, it's not "huge", but it is a lot nearer to the top of the pile, so hopefully your transaction will be confirmed in the next few hours. |
|
|
|
Correct. But since the remaining amount is only 0.00005090 BTC, there's not much to work with. It could be "burned" as fee entirely (the value is less than the 1 dollar OP wants to spend on it), but I doubt blockchain.info allows that.
That's true assuming that the OP only has that one UTXO left in their wallet... However, if they have other coins as well, then it wouldn't be that difficult. I tried to check increase the fees at the web but I didn't see the option there.
It's right in the send dialog "Customize Fee":  Once you click that, you can set what you like:  |
|
|
|
Like most of the big hacks... it's mostly due to the significant increase in value of BTC (and other cryptocurrencies)... It has become very profitable to invest time/money in finding and exploiting vulnerabilities in crypto based systems. When Bitcoin was worth 10c, no one cared... now that it's worth $10,000 the value proposition is quite substantial |
|
|
|
Not sure I would have bought a 2nd one hand myself... but I'm unaware of any (unpatched) hacks involving devices that were still compromised following a full wipe and re-initialisation. So simply wiping the device, updating to the latest firmware etc and creating a few new seeds to check that it is creating a different seed every time you initialise it should give you 99% confidence that it's fine. As long as you're aware of the unpatchable vulnerability with all Trezor wallets (including the T). So, make sure you use a passphrase! |
|
|
|
If you're super concerned... just use a "power only" usb cable... ie. one that doesn't have the data pins connected. Then it doesn't matter what sort of USB port you plug into, the only thing that will be transferred is power. You can even DIY this: https://www.instructables.com/id/USB-Condom/ |
|
|
|
Bear in mind that "destroying" a mobile device can be a bit dangerous... especially if it has a non-removable Lithium Ion or Lithium Polymer battery in it that you can't remove first. If the outer shell of the battery is compromised and the innards of the battery are exposed to air, it's very likely to oxidise violently and most likely catch fire and/or explode. There are plenty of YouTube videos showing what happens when Li-Ion and LiPo batteries are punctured.  |
|
|
|
...but if they never seen that message ever and it looks legit since its from the client, most ppl wouldnt think much of it unless they are very cautious about it right?
One could also argue that if a piece of software they've been using for a long time suddenly does something they've never seen before (ie. Suddenly pops up an 'Update' message), would that not make you suspicious that something might not be right?  Still, I agree with pooya87... verifying the digital signature is an absolute must... even when I've manually typed in electrum.org and downloaded the .exe from the official site... I'll still grab the .asc and verifying the .exe is legit BEFORE I run it. EVERY. SINGLE. TIME. |
|
|
|
A question out of the box:
If I've got a memory card slot in my smartphone and I've stored/kept everything (almost everything related to crypto) and even installed my wallets in that memory card (by selecting it as default), do I need to worry at all about my stuff that I can just take out when memory card is removed?
Theoretically no... Once you removed the memory card then it isn't available to the system... But practically speaking, it's kind of impossible to know for certain exactly where the OS has been storing data. It's possible that data has been put into the /cache partition "temporarily". Unless the resale value of your device is significantly more than the crypto holdings that might be exposed by someone retrieving data from the device... you might be better off just keeping/destroying the device. |
|
|
|
Can you tell us something about the different types of procedures such devices can be tampered with? If so, it could make us more mature about them so to save ourselves and others from falling apart from their coins just because they've got no / least technical knowledge about using these devices with care.
There are only really 2 ways to tamper with the device: 1. Firmware 2. Hardware #1 is the "easiest" method... it's simply modifications made to the firmware to compromise the integrity. Ledger have made great strides since the work of Saleem Rashid to ensure that the device is able to detect altered firmware and/or stop it from working. #2 is a lot harder as you'd need to break open the casing (without damaging it) and either replace all the internals with your own custom board that replicated the workings of a Ledger... or you're need to attempt to find space in an already cramped container to try and squeeze in your own extra hardware. Then you'd need to put the case back together. I think it would probably be easier to actually just 3D Print your own casing and build your own full internals than attempting to modify and repackage an existing Ledger device. |
|
|
|
I tried to use Electrum but the receiving address is not the same as the sending address.
You can also switch "change addresses" OFF in Electrum... "Tools -> Preferences -> Transactions":  Simply untick the "Use change addresses" option. Any change generated from a transaction will be returned to the original address. Alternatively, you can simply create a wallet file in Electrum by importing a single private key. This wallet will contain exactly one address. It will never create new addresses (unless you import more private keys to it). |
|
|
|
Ability to receive transactions from native SegWit address depends on whether or not your wallet supports SegWit.
No, it doesn't. The Bitcoin Protocol allows for ANY address to be able to receive coins from ANY address. I think perhaps you're confusing the case where a "broken" custodial wallet (typically exchanges, web wallets and gambling sites) doesn't support sending coins out to a Native SegWit address as it doesn't recognise it as a valid address and flags it as "invalid"... but there is no technical reason as to why this should be. It's just lazy developers. In any case, as the OP was attempting to receive coins to a Legacy address, and the transactions were displaying on the blockexplorer, it would have been unrelated to the types of addresses being used. |
|
|
|
One of the best things about HW wallets is that you are bound to notice when its stolen and it will give you time to respond appropriately - not so with your software wallet.
Not necessarily... there are use cases that I've seen where users claim they either have more than one HW and then store them in various remote locations (safety deposit, "trusted" family/friend, hidden location etc). If you have something stored in a remote location, it may be some time before you're aware of a theft. |
|
|
|
I tried Sending that last of my money but it simply just says to Me "Invalid Amount" which makes totally zero sense at all.
What exactly did you try and type into the "send" dialog? Did you attempt to type in an amount in BTC or an amount in USD? |
|
|
|
|
Show Posts
