Thats exactly what i have said.
But wether the developer are saying the truth can't be known at this moment.
There are several possibilities on what happened.

As a developer you need to build your whole system with security in mind.
There is no magic formula to create a secured system with a few lines of code.

The most obvious would be to be secured against all already-known attacks against web applications.
But since you can't rely on an attacker to only use already known vulnerabilities, you have to implement different 'security-levels' in your application.

A system which detects anomalies itself and blocks any fraudelent attempts to gain access to parts of your application where it is not allowed,
is something you definetely want to have.
Binance, for example, has such a system. Some 3rd party 'trading tool' captured API keys and tried to make money with pumping a specific coin on binance,
giving the attacker a lot of money.

Fortunately the system detected this attempt and instantly stopped all actions. This lead to normal users balance being restored and to a heavy (financial) loss for the attacker.

A phishing site does one thing: Phising.
This has NOTHING to do with any exploits/malware at all.

I'd suggest you to read this wikipedia page about phishing before trying to correct people with your wrong interpretations.

---

You can't 'control' a computer via a keylogger.
Controlling an PC implies access to this PC (full control = root access).

A keylogger just captures keystrokes + transmits them via the internet.
Additionally a bot net does not control your PC. Your PC will eventually get a part of a botnet.
The machine inside a botnet is usually controlled by a C&C server.


You obviously seems to lack the basic knowledge regarding security in IT system. I'd suggest you read a few books before commenting on that topic.

The devs removed the application because the lost their signing key.
Without this key the devs won't be able to push updates / new versions to the play store.

And since there has been a small bug discovered, they are currently not able to fix it (To be more correct: they are not able to upload a fixed version).
According to the developer they accidentally deleted the key (not compromised).

They will upload a new version (and hopefully won't lose the signing key again) soon.


It is recommended to NOT use the application until a new (fixed) version has been released.
Wether they really lost their key or wether it got compromised can't be said for sure currently.

Correct.




Nothing has changed.
Miner do decide for themselve which address they include as receipent from the coinbase transaction (the mining reward).

The easiest way is to build the block always the same way.
Most miner probably have their address 'hard coded' in their software running.
This way they don't have to pregenerate a bunch of addresses and don't have to fill the list of addresses again once it is going to 'get empty'.

While i can't say for sure why they use the same address for every block they mine.. i would assume it is because of convenience.

Nano utilizes a directed acyclic graph. This is not similar to blockchain technology.
In a DAG-based currency people are simply adding transaction to the graph 'whenever they want to'.
Compared to blockchain currencies (where transactions get confirmed by miner who do a PoW to create a block) this is a completely different approach.

While it has the advantage of faster transactions ('confirmations') it is way more vulnerable to DoS attacks.
Additionally the security of all those DAG-based currencies havn't been tested yet. While Bitcoin (blockchain tech itself) has been attacked for several years now - without success.

A Bitcoin transaction consists of Inputs and Outputs. Inputs of a transaction are unspent transaction outputs from previous transactions.
A transaction can be made of multiple inputs and multiple outputs.

In fact, you can chose as much inputs/outputs as you want (as long the size of the TX is smaller than 100Kb - i think).

Electrum for example lets you easily send coins to many addresses within the GUI.


For the sendmany command mentioned by achow101, you can look up the syntax here: http://chainquery.com/bitcoin-api/sendmany


An example:


This command sends 0.01 btc to 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4XX and 0.02 btc to 1353tsE8YMTA4EuV7dgUXGjNFf9KpVvKHz.

It was not for safety purpose, but for anonymity.
While bitcoin itself is not anonymous at all (rather pseudonymous), using an address only once increases the anonymity by others not being able to link all of those transactions
until multiple UTXO's (from different addresses) are being spent together.

One of satoshis intentions was to create an partly anonymous digital currency.
Using the same address for every mined block would kind of kill this purpose.


Additionally it can't be said for sure that all of the first blocks have been mined by satoshi.
His miner crashed after 'a few' blocks. Other people were mining in the timeframe of his miner being down.
Wether an address from early mining does belong to satoshi or to other early-early-adpoter can't be told for sure.
 

Yes. Removing all network adapter physically gives you a 100% guarantee that your offline machine won't communicate with any other device in its proximity.
Note that being 100% secured against an attack vector can almost never be reached.
This is one of the few cases where it is possible to absolutely secure yourself against an attack vector.




You are right, the risks are very low. But it still exists.
It all depends on how much you want your storage to be secured against which attack vectors.

And you are also right with the USB drive being the attack vector which would probably be the first one abused.
And it is indeed independent from your network adapters.

But there are other possibilities to transfer your unsigned TX to your offline machine and move your signed TX to your online pc.
The simpliest would probably be witht he help of two webcams:

• Create unsigned TX on online pc
• Display QR code of this TX
• Scan the QR code with webcam connected to your offline machine
• Sign the TX
• Display the QR code of the signed TX
• Scan this QR code with your webcam connected to your online PC
• Broadcast transaction

Note that to be on the safe side, you should NOT connect your webcam to an online PC after connecting it to your offline storage.
This attack vector (flashing webcam firmware with malicious version) is pretty unlikely.. but it also does exist.

I don't think a miner would include a transaction with zero fee, simply due to the fact that they would rather push the TX fees higher (to at least get any fee),
instead of including a transaction they don't earn anything from.

And additionally, if i am not mistaken (feel free to correct me), 0-fee transaction won't get relayed by the majority of nodes.

You should read the thread.
OP clearly mentioned all of his funds on cryptopia got sold for BTC which then got withdrawn.

---

@OP:
Contacting law enforcement agencies is the only way of having a chance to get your coins back.

For the next time, you might chose a more appropiate form of storage. 14 BTC being 'stored' on an exchange is a bad idea.
Exchanges alrady got hacked and always will be the target of hackers. Nothing one can do about this.
If you really want to store your coins on an exchange (because of whatever reason; not advised!) then at least chose an competent exchange (e.g. binance).

Running an exchange is not a brainless task.
You need a team of competent developer with security in mind building your backend from scratch.

Without a properly coded exchange you definetely will get burned.
This happened to quite a few shitty exchanges (e.g. bitgrail).

If you can't afford to pay a developer team to build a solid exchange, you better don't start one by your own.

An online wallet is not comparable to a hardware wallet (trezor) or a paper wallet security-wise.

In an online wallet your private keys are stored (either encrypted or unencrypted) on the service providers server. This creates a lot of new attack vectors compared to hardware-/paper wallets.

With a hardware wallet you have a dedicated device which creates and holds the pivate keys in an airgapped device. It can be used on infected PC's without being exposed to theft.

A (properly created) paper wallet also is completely airgapped.
The whole security of a paper wallet relies on 1) the physical security and 2) the way it has been generated.

Application-Specific Integrated Circuits [1] can only perform one task (the one they were created for).
Miners ASICS do calculate SHA256 hashes. They can't start bruteforcing private keys.




Bitcoin virus? 




Professional bitcoin miner don't do that.
Its the blackhat developer who creates malware which will then mine coins for them.



[1] https://en.wikipedia.org/wiki/Application-specific_integrated_circuit

The mnemonic seed [1] is not a key. Its purpose is NOT to secure your wallet.
This (random) seed is used to derive all of your private keys.




You are definetely doing something wrong.
I assume your pc didn't get 'hacked' but you have downloaded malware.

You should consider using a safer option to store your coins if your pc already has been infected.
The reason the attacker hasn't already stolen your coins probably is that he was kind of incompetent.

Nevertheless, this is in NO WAY related to the mnemonic seed.


[1] https://en.bitcoin.it/wiki/Mnemonic_phrase

You did not import your wallet into electrum.
You created a new electrum wallet and imported private keys from your core wallet.




There is no seed option because you have imported private keys.
To use the option of a seed you have to create a new wallet and send your funds to your new wallet.




Yes.
There are a lot more ways to protect your holdings.
You first have to know against what you want to be protected.




You should create a new wallet and use the seed option. This makes backing up your coins way easier.
Transactoin fees can't go lower than they are nowadays.

If its only because of the space.. you can use prune mode. This way core does not store the whole blockchain.

If your backups are correct (you have tested them), you can safely remove core from your hard drive.

Would you mind sharing the website you are talking about?
And what are you actually trying to accomplish?




Of course not.
Your hardware wallet is only monitoring the address it has generated.
Not any other addresses.




Probably not.
But this depends on how the address got created (from the suspicious(?) website).
A few more information about the site would definetely help to figure out what they exactly do.

Noone was talking about anything related to windows.
Please start reading the threads you are shitposting in.

You additionally seem to miss the whole point regarding the checksum.
You post a few lines of code where the RIPEMD160 hash function is called and claim thats the only part you understand and that it is 'from windows' ?   

I'd highly recommend you read this: https://en.wikipedia.org/wiki/Hash_function

The malware on OP's PC being a trojan is the most probable.




There is no way funds get stolen from a desktop wallet by phishing.
(I am assuming people are not dumb enough to paste their seed into an online site)




Sniffing is not an option in this case.
With sniffing you are listening to (or recording) the wlan traffic.
Using a public wifi with a desktop wallet installed does not imply a higher risk of losing the private keys.

Using an old processor doesn't also mean you have to use your old (non-wiped) hard drive.
An old laptop with a formatted hard drive and wireless adapter removed does its job very well.

There is also no need for running an OS as live version from an USB stick. It is absolutely fine to install an OS to your hard drive.
No connection adapters mean no connection. Regardless of the OS you are running and from how you boot it.