Just explain to them what I've explained above. There are plenty of stores I shop in which accept zero confirmation non-RBF transactions for small purchases, and I'm not aware of any of them being scammed. It's just not worth the time and effort. For can set a price limit beyond which they want to wait for a confirmation or two.

Other possible options:

• Get them to use Lightning instead.
• Get them to open an account for each customer which you can deposit to in advance.
• Send them bitcoin as soon as you enter the store and have them refund the difference after you've checked out.
• In the case of a local farmers' market, I used to pay for goods and he would hold them for me while the transaction confirmed while I checked out some other stalls and then returned to pick up my goods. Now he is comfortable enough with bitcoin and I've bought enough stuff from him that he'll just accept my zero confirmation transaction.

An unconfirmed transaction definitely isn't settled, but neither is a credit card transaction. The point is an unconfirmed (non-RBF with a decent fee) bitcoin transaction is extremely difficult and probably very costly to reverse and can only be reversed for 10 minutes, whereas a credit card transaction is trivially easy to reverse for up to 6 months at almost no cost.

Except risking your identity being stolen and all your coins being stolen, scammed, hacked, locked, frozen, etc.

Irrelevant. You don't need to be doing anything illegal to want to maintain a little bit financial independence and privacy from the prying eyes and fingers of centralized exchanges.

Sure, but it's also about trading peer-to-peer and avoiding financial institutions, which is obviously lost if you use a centralized exchange.

You are going to have to be more specific than that if you want any serious help.

What you have linked to is presumably a batched withdrawal transaction from Bitstamp. Were you trying to withdraw bitcoin from Bitstamp? Did you expect your withdrawal to be in that transaction? Have you been in contact with Bitstamp support?

Whether or not an exchange supports Ukraine is probably irrelevant to considering what actions Russia may take against it within their own borders. Putin has already placed limits on how much foreign currency Russian citizens are allowed to buy, has placed limits on how much foreign currency Russian citizens can leave the country with, and banned altogether forex transfers to outside Russia. I'm surprised he hasn't already started to pass laws and limitations on what crypto exchanges are allowed to do, but I would suggest all Russian citizens get everything they own off exchanges before they find it locked and inaccessible. If Putin does start to clamp down on exchanges, then I would expect him to clamp down on all exchanges as a means to stop Russians dumping the ruble, rather than selectively trying to punish ones which are supporting Ukraine.

Please actually read the thread before hitting reply. There is extensive discussion in the previous posts about how Coinomi absolutely is not open source and has had a number of very significant vulnerabilities in the past (transmitting seed phrases to third parties, not encrypting communications, etc). Further, no wallet can guarantee your security since even the best hardware wallets or cold storage can be used in an insecure way if the user does not know what they are doing.

We need to stop recommending Authy on this forum. It is the worst possible 2FA you can use. It is as insecure as SMS 2FA in that someone who can spoof your phone number can access your account, it spies on your activity and information and shares that with third parties, and it can unilaterally lock you out of all your 2FA codes and demand KYC. See my post here for more information: https://bitcointalk.org/index.php?topic=5385388.msg59326683#msg59326683

Good 2FA apps such as Aegis allow you to go in to each individual account and view the back up code so you can write it down if you forgot to when you set it up or if the service didn't display it at all. Also note that you can always just decode the QR code and extract the code from it.

Cash is obviously the fastest and most final, but for a $200-300 grocery shopping far more people are paying with credit card or similar than are paying with cash. And every major retailer and the vast majority of smaller retailers still accept credit card with no issues whatsoever.

Well, if you keep doing it every few months, then your credit card provider will terminate your account. Just like if you claim your Amazon order didn't arrive once or twice they usually just send you a replacement, but if you do it constantly then your account gets terminated.

And once this person had defrauded the same supermarket two or three times, then said supermarket will ban them from their premises, just as they would if someone charged back their credit card multiple times or "accidentally" shoplifted multiple times.

The problem here is that people compare a credit card transaction being broadcast to a bitcoin transaction being confirmed, and then say bitcoin is too slow to use in person.

When I pay with a credit card:

• The merchant sees the transaction immediately
• The merchant receives the money in 3-5 business days
• The transaction can be reversed for 180 days

When I pay with bitcoin:

• The merchant sees the transaction immediately
• The merchant receives the money in 10 minutes
• The transaction can be reversed for 10 minutes

The two lines I have bolded are what people compare. Credit card transactions are hugely risky for the merchant. They don't receive any money for days, and the transaction be reversed for months. It is also almost trivial to reverse a credit card transaction. I can phone my card provider any time in the next 6 months and say my card was lost, stolen, skimmed, phished, whatever, and for a value of $200-300 most will reverse it without question. Compare this with how difficult and costly it is to reverse a non-RBF bitcoin transaction, which must be done within a time frame of only 10 minutes on average.

And yet, almost every merchant accepts credit card transactions and experiences minimal fraud.

Also, see this quote:

This is a false equivalence. Centralized exchanges 10 years ago were not anti-bitcoin like the centralized exchanges today are. They did not demand ridiculous amounts of KYC and even go as far as asking your to reveal your employment and income source. They did not arbitrarily lock accounts or seize coins. They did not hire blockchain analysis companies (or event create their own!) to spy on you and monitor your transactions. They did not discriminate against individuals based on the history of their coins, even though that history has nothing to do with the individual in question. They did not refuse to let you withdraw your coins, censor your transactions, report you to your government, sell your data, and so on. Centralized exchanges might help more people buy and sell bitcoin, and of course people are free to use them if they want to, but they are absolutely antithetical to many of the founding principles of bitcoin.

Here is the transaction OP is referring to: https://mempool.space/tx/94951a50848fdda91961acece0e791f5260b7fcd4b6f315dd1b194751eb17398

Several of the inputs are known to belong to Bitstamp, so this is a transaction made by then. Given the multiple outputs of different sizes, then OP has most likely made a withdrawal transaction from Bitstamp and his wallet is one of the output addresses in that transaction. That transaction was confirmed weeks ago though, so it's uncertain why OP is questioning it now.

There is no "legal" way to do this. If there was an easy "illegal" way to do this, then it would have been done already, a security bounty claimed, and patched so it was no longer possible. It took Joe Grand (Kingpin) several months with a very outdated wallet to exploit a vulnerability which was patched 4 years ago just to unlock a wallet. The only way I am aware of to do this would be via the Ledger Donjon's method: https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

There are some hardware wallets which retain the option to display the seed phrase after you have unlocked them which you could look in to if you want to be able to do this in the future. I don't really like that option though, as it does pose an additional security risk.

Here's another good reason never to use a Coinbase Vault: https://bitcointalk.org/index.php?topic=5381583.0

The user in this thread had their funds stored in an old-style Coinbase Vault. Coinbase then removed support for these vaults, and the user has been unable to access their coins for some time, despite multiple attempts at finding and decrypting various passwords and keys.

Nope. See here: https://help.coinbase.com/en/coinbase/getting-started/other/vaults-faq. They simply send you an email first. Given that the most likely way for an attacker to access your vault is via your email account, then this achieves next to nothing, since the attacker can set up a rule on your email account so you never even see the email arrive.

Having your seed phrase (not private keys) written down a piece of paper gives you a back up and protects you against loss of your coins should your phone be lost or damaged. It does absolutely nothing to protect against theft of your coins. All hot wallets are more vulnerable to theft than cold wallets are, regardless of how good your back ups are.

Pretty much this. I have used mobile wallets for small amount for years, and I have never had a single issue or lost a single satoshi because I use a reputable open source wallet, I don't visit random websites or click on random links, and I don't download a bunch of pointless spyware apps and games.

There is not a single open source iOS wallet which is reproducible from the published code, so no, iOS wallets are not more secure than Android.

Just don't use mobile wallets for amounts you are not willing to lose.

Are you comfortable carrying around $50-100 in cash in your wallet? Yes? Then you should be comfortable carrying around 0.001 - 0.002 BTC in your mobile wallet.
Are you comfortable carrying around $10,000 in cash in your wallet? No? Then why are you carrying around 0.25 BTC in your mobile wallet?

I use an open source mobile wallet several times a week. How else am I going to spend bitcoin when out and about? They are a necessity. But I also don't store my entire stash in one, just like I don't carry around all the fiat I own in my pocket at all times, which would be plainly moronic. Put your funds in cold storage, and transfer small amounts to your mobile wallet as and when required.

No one can profess to know the motivation of every person in the world responsible for coding malware, but if there is potential profit to be had, then someone is likely to attempt it. Bear in mind the most shitcoins are just tokens on another blockchain, though, so a piece of malware which swaps Ethereum addresses for example will be able to steal thousands of useless tokens too.

Take existing malware, swap out BTC address detection for *insert coin* address detection, swap out BTC address insertion for *insert coin* address insertion, done. Probably under 2 minutes.

No, checking your addresses properly and having good browsing habits which prevent you from being infected by malware in the first place will protect you from clipboard malware.

There are plenty of ways you could do this, or something like it.

• Take your two pieces of entropy and simply concatenate them.
• Add them together.
• XOR them together.
• Combine them in a hash function.
• Use one as a seed phrase and the other as a passphrase.

When you click "Show entropy details", it will display the generated entropy in hex. You would either need to roll a 16 sided dice, convert your standard 6 sided dice rolls in to a hex string, or my preferred option would be take the raw binary and add your dice rolls to that, with 2/4/6 being 0 and 1/3/5 being 1.

Exodus is also closed source, so no, another poor choice. Mycelium maybe "relatively" safer, as you say, but all hot wallets and inherently more risky than cold wallet or hardware wallet alternatives.

Each hardware wallet has their own way of verifying that it has not been tampered with, from tamper-proof packaging to cryptographically secure handshakes with the manufacturer's servers. It all depends on which hardware wallet you have purchased.

They do store one. You can test this yourself - go and create a new 2FA wallet, and then open the 2FA wallet file in a text editor. Scroll to the bottom and you'll see the one master private key the wallet holds under "xprv". The other two are missing obviously, since it's a 2-of-3 multi-sig wallet. the second can be recovered from your seed phrase and the third is known only to TrustedCoin.

---

When you create a TrustedCoin wallet, Electrum uses the seed phrase to derive two master private keys, one at m/0' and another at m/1'. It then generates two master public keys from these master private keys, uses these two master public keys to deterministically produce the third master public key as pooya87 has described, and then saves the first xprv and the other two xpubs in the wallet file. This is how your wallet contains one xprv, but a single seed phrase can recover two xprvs allowing you to spend the coins and bypass TrustedCoins's third xprv if desired.
 

As OmegaStarScream says, the new account will be under the same seed phrase.

Your first segwit bitcoin account is derived at the following path: m/84'/0'/0'
If you create a second segwit bitcoin account, it will be derived at: m/84'/0'/1'
If you create a legacy bitcoin account, it will be derived at: m/44'/0'/0'
If you create a second legacy bitcoin account, it will be derived at: m/44'/0'/1'

And so on. Segwit accounts are at 84', legacy accounts are at 44', and the the third number is incremented by 1 for every new account you create.

Your "Add account" button is grayed out because your current account is empty. Trezor will not let you create a second (or third, or so on) account until the previous account has been funded.

I wouldn't say that. A multi-sig set up, while more complicated to use and recover than a single-sig set up, provides some unique benefits and can also provide a lot of additional security. The problem is that a lot of users, like yourself, are unaware of the need to have all the xpubs for recovery, and therefore the requirement for every signatory in the multi-sig set up to back up every other xpub along with their own seed phrase. For a 2-of-3 set up, the simplest way of backing things up would be as follows:

Back up 1: seed A, xpub B, xpub C
Back up 2: xpub A, seed B, xpub C
Back up 3: xpub A, xpub B, seed C