Did you even read the thread? A lot of answers have been posted here.
The most obvious answer is, that it is not necessary to completely encrypt the wallet file.

Why should one need to decrypt his wallet (and expose it to theft) just to check his balance? Or just to copy a receive-address ? This wouldn't make any sense.
Therefore, the important (secret) information are encrypted, and the non-secret information are not encrypted. Thats the best approach regarding security/convenience.

Don't worry. If you have done everything right and your PC is not compromised, nothing is lost.
It is good that you are switching from a web wallet to a desktop wallet. This improves the security of your coins a lot.


Please answer these questions (this will allow us to help you more efficiently):

• What version of electrum are you using ?
  
  
• Did the transaction already got confirmed (Did you check it on a blockexplorer) ?
  
  
• Is electrum synced ? (Should show a green dot at the bottom right corner)
  
  
• Do you still see the address you have send your funds to in electrum (Either 'receive'- or 'address'- tab) ?
  
  
• Do you have a backup of your seed ?

Every(!) cold storage gives (only) you full control over the private keys.
You don't have to 'connect to the blockchain' at all. A cold storage is meaned to be OFFLINE.

Additionally.. you are not 'connecting to' a blockchain. You are downloading the blockchain. You are connecting to other peers in the bitcoin network.




This is irrelevant when talking about cold storage. Cold storage = Offline.
You only have to keep the seed or private keys saved in an offline environment.




If you are going to sync it, it is not a cold storage. Syncing is useless. It just creates additional attack vectors.
When using a cold-storage-PC, you have to use it purely in offline (air-gapped) mode. Another PC (which is connected to the internet) is used to broadcast transactions.




IF the device is truly air-gapped, you don't run any risk when installing multiple wallets on one device.
Even if one wallet is malicious, it won't ever be able to connect to the internet.

I think OP meaned the following:

• User A deposits 0.1 BTC to Address X given from OP's exchange as deposit address to user A
• A then tries to withdraw these 0.1 BTC to the deposit address (address X)

@OP:
I don't think this user tried to be 'funny'. He probably wanted to check how your system works and if you have implemented some bugs which might allow him to double deposit/withdraw.
It is basically a form of finding/exploiting vulnerabilities in less-known crypto services. Chances are high an exchange without a proper security-/developer- team does have a few critical vulnerabilities which could be exploited.

You should stop using that version and download/install the newest version (3.1.3):

Dependencies:

Electrum:

Old versions are vulnerable under specific circumstances.


To verify your download:

This will download ThomasV's Signing key.


And to verify:

'Blockchain' is a data structure.
You can represent it as a 'chain of blocks'. Or you can explain it like a linked list. But you can not actually 'look at it' in 'real life'.

The bitcoin blockchain is a public ledger which holds records of all transactions made.
These transactions are included into blocks. Each block (within this chain) does refer to the previous block.
Since each block is secured through Proof-of-Work this creates an immutable type of decentralised ledger.

This really depends on these 3 things:

1) the amount of BTC you want to store
2) the frequency you want to access your coins
3) the grade of security you want to achieve


If you want to store amounts which are 'big' enough to absorb the purchase of a hardware wallet -> Go for it. Ledger and Trezor are the best ones.
Those offer highest grade of security combined with convinience in daily usage.

If you don't want to buy a hardware wallet, but want to have highest possible security -> Go for a cold storage. This means store the private keys / seed only in an air-gapped offline environment.
Spending from such a wallet can be a hassle, but your coins will stay very secured.

If you want to access your coins frequently and don't want to buy a hardware wallet -> Go for a split-option. Create a cold wallet and store a big percentage of your holding there.
Use a light-weight wallet for your every-day spendings. I'd suggest Electrum in this case.

Quantum computers are far from being reality.
Researchers are trying to get these qubits into a stable position. Thats the first which has to happen for quantum computers to become 'realistic'.

Afterwards devices with more than just a few of these qubits have to be developed.

And after years of researching, when (if) finally a working (and usable) quantum computer is developed, there has to be a new algorithm developed which will allow the discrete logarithm and integer factorization to be computed in a way more efficient way than currently possible.

And only then, bitcoin (assuming no changes are being made) will be less secure. It will be about as secure as IOTA is at the moment. Basically Address-reusing will be a vulnerability here.

One should note that transferring transactions via USB can impose a new risk of getting infected.
While this is a (relatively) uncommon attack vector, it still does exist.

Since you are using an USB storage to 'communicate' between your offline storage and your online PC, it effectively isn't fully air-gapped anymore.

An approach to negate that attack vector would be to use QR codes and webcams (on your PI and online PC) to transmit data (un-/signed transactions).

Funny how noone came up with this idea yet 

@OP: Besides of BTC/bcash confusion, may it be possible you have confused 'Segwit' with 'Legacy' ?
With what number did your address (you have copied into coinbase withdraw field) start with (1.. or 3.. ) ?
And whats the first number of the actual address which received your withdrawn balance ?

If one of them both start with a 1.. and the other one with a 3.., it might be possible you simply just have opened your wallet once into 'segwit mode' and once into 'legacy mode'.
You can choose the address format in: 'Settings' -> 'Blockchain' -> 'Bitcoin' -> Either Segwit (Addresses starting with 3..) or Legacy (Addresses starting with 1..) .

Shamirs secret sharing is not some 'script' created by a 3rd person which can be changed.
It is an algorithm. It has been created by Adi Shamir (https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).
The code used on the website is open source: https://github.com/iancoleman/shamir39.




This doesn't change anything.
Trezor is simply going to implement this algorithm.

It doesn't matter who is (or: is not) going to implement it. You can always use this algorithm on your own.

This algorithm does exist since 1979.

Coinomi (already mentioned here) does also support segwit.




The mobile version of electrum does not support 2FA. This would be senseless.
Using 2FA on the same device is not '2-factor'. If your device is compromised, your wallet AND your 2FA are compromised.




The transaction fee is completely independent from the wallet.
Some wallets do estimate fees differently. But most wallets do allow you to set your own fee.

The amount of fess you need to pay to get confirmed within X blocks does depend on the amount of transactions waiting to get confirmed.
Wallets do have no influence on this fee.

What kind of 'telegram bot wallet' were you using? BitGram bot (https://telegram.me/telebitgram_bot) ?

You only have access to bitcoins if you do own the correct private keys.
You should install a mobile wallet which gives (only) you full control over your funds. There are plenty available.
There is nothing to gain with the usage of such a 'wallet bot'.

Your transaction has definetely confirmed.
Can you somehow export your private keys from this bot?

If yes, simply export them and import them into any other wallet.

If not, you have to somehow contact the support/developer. If you don't own the private keys, you don't own the bitcoins.

Theoretically you might be able to implement such a system. At least pseudo-randomness.

But there hasn't been any kind of such an project yet. Simply because there is no need for something like that. 




The easiest (and most convinient) would be to create a dapp on ethereum.
You don't really need to create a new currency/blockchain. An simple application should fit all of your needs.
You can look at the source code of cryptokitties (https://etherscan.io/address/0x06012c8cf97bead5deae237070f9587f8e7a266d#code). This might help you a bit.

Here.

The question is.. how do you define 'stolen bitcoins' ?

Bitcoins do only exist as UTXO's assigned to public keys on the blockchain.


Now, imagine the following case:
Eve does steal 1 BTC from Alice's address (A). She creates a transaction sending the whole bitcoin to her address (E) (ignoring fees).
She is obviously in posession of the 'stolen bitcoin'.

                 
(A) 1BTC     --->     (E) 1BTC



Now Eve already has 2 BTC on another address (E2). She decides to send her whole 3 BTC to 3 people: Bob (B), Carol (C) and Dave (D).
On a technical level this means that 2 inputs (2+1 btc) create 3 outputs (1+1+1 btc).

                       (B) 1BTC
(E) 1BTC   --->     (C) 1BTC
(E) 2BTC   --->     (D) 1BTC



Who does now own the 'stolen bitcoin' ? Bob, Carol or Dave ?
-> You simply can't say. Because inputs are 'destroyed' and new outputs are 'created'. You can't derive the 'origin' from an UTXO.


Now imagine Bob, Carol and Dave are all going to spend their BTC into two further outputs (0.5 BTC each). It is completely impossible to tell which 2 of these 6 outputs 'are made of stolen BTC'.
The more transactions there are, the more confusing it will get when trying to identify the 'origin'. And that is basically what a mixer does.

Look at Chipmixer FAQ for example. Once you have deposited you get a 'chip' which you can merge or split into bigger/smaller chips.
Each chip does represent a private key with a balance of a multiple of 0.001. After you have done as much splitting/merging as you wish, you can withdraw your balance.

Do you have any suggestion what it might be? The only conclusion i have is a compromised wallet. 

To summarise:
1) OP has received 0.15 BTC to 1JwwG2TbXxwRxV9mFg8hqKrvt3WZH4uD2j.
2) About 13 minutes later this transaction appeared (fee of 89.79 sat/B and an odd second output) moving his funds.
3) OP received another 0.05 BTC to 134CGzVV4yzE99ahYngjn8KpfTiy8ATiKR.
4) About 4,5 minutes later this transaction appeared (fee of 89.79 sat/B and an odd second output) moving his funds.

Now when looking at the (overpaid) fee and the time interval between those transactions, it is very well imaginable (in my eyes) that his seed/wallet is compromised and a script is checking those addresses for deposits frequently.
Additionally it seems like the change also has been transferred out after ~10 minutes.
I guess the script has generated a transaction with a change (to OP's wallet). And the next time this address has been scanned by the script, it generated another transaction.


IMO this indicates a (poorly) written automatic script to check known private keys for a corresponding balance + OP's seed is compromised.


I'd be happy to hear another possibility of what might have happened !  -  Feel free to post what you think !

Did you install python 3 after having 2.7 already installed?
In that case it might be necessary to run:


instead of just

(like mentioned on ledger's support site)

This does depend on the symlink created. But i believe websocket-client is needed too.

Of course the key was compromised. If it hasn't been compromised, no transaction could have been made with this private key.
The important question is HOW it got compromised.

Do you arleady know how it happened? Did you enter it on a website? Missing/Lost backup?
If you are not sure about how this happend, it would be careless to assume the system is clean.
A simple, self-coded malware is NOT being recognized by anti virus software. Fooling AV software is way easier than it should be..

So unless you are 100% sure how the key got compromised, i'd suggest to be more carefully when storing cryptos on your PC again.

 

"Coinbase" is not a wallet. It is an exchange which provides a wallet-kind of service.
You should choose a wallet where (only) YOU have control of the private keys. This is not the case with a coinbase web wallet.

Coinbase is effectively in charge of your bitcoins. They just give you a 'balance' in their database which allows you to withdraw this amount of BTC later on.
You don't own any bitcoin if you don't own the private key.


If you want to store bigger amounts and don't have access to a PC, the ledger nano s would be the most secure option.
You can use this hardware wallet with your mobile. The key generation and transaction signing is done on the device itself. This secures you against malware/theft.

If you don't want to buy a hardware wallet, go for a wallet on your mobile. It is way more secure than using an online wallet.