as you confirmed below, the offline wallet doesn't know which inputs are spendable. e.g. the wallet tries to spend UTXOs that were already spent because it is not synced...


this is the piece i was missing. i'll try out using a watch-only wallet. it didn't occur to me that a watch-only wallet could construct the transactions. sounds easy enough, thanks.


no. that was the whole point of my post -- how to get up-to-date UTXO data without connecting the offline pc. why would i make this thread if i were just connecting the "offline" pc to the internet? LOL...

i guess maybe that line of thinking makes sense for electrum, where syncing means connecting to a trusted server. with a full node, the database directory should include block data, current chainstate, UTXO set. i was asking how i could extract that block data from a synced node's directory and transfer it via flash drive to the offline wallet. i still don't see why that should be a problem, though i'm just not clear on the specifics of what should be transferred.

my thinking was that transferring signed transactions via flash drive expose it to similar attack vectors (being air-gapped is irrelevant there), so no real security loss. i'm not sure i understand how that "takes away the whole purpose of using a cold-storage wallet" unless you're telling me that the only way to get block data is to literally connect to the internet.

UTXOs at the fork block will be copied exactly. that means that any addresses in your electrum wallet that hold BTC will also hold B2X after the fork. however, you can't simply send the B2X coins out of that wallet. you will lose your BTC by doing so because there is no replay protection -- the transaction will be broadcast on both chains. i would be careful and avoid transacting after the fork if you want to make sure to retain both coins. i'm sure some reliable methods will emerge to split our coins.

no one knows regarding future demand for B2X. if miners and major services really follow through, the price might be significantly higher than the futures market currently indicates. we really don't know. in time, i believe the legacy chain will emerge victorious, but i won't be so foolish to immediately dump my B2X for ideological reasons. i'm trying to accumulate bitcoins here!

FYI this is a good site to track electrum servers to connect to. you can connect to Core servers rather than connecting randomly.

what is the safest/easiest way to sync an offline desktop wallet? i like the idea of signing transactions on the offline pc, then transferring them via USB or similar medium and broadcasting from a pc that connects to the internet.

naturally, once you push a transaction or two, you need to sync the wallet, otherwise it will try to sign transactions using invalid inputs. where can i safely download block data, and what's the proper way to add it to my wallet directory so that it can sync past my latest transactions?

thanks!

absolutely. i've been watching newbies flock to download malware when altcoins launch for years now. it never ceases to amaze me. at the very least, one should do a basic amount of research: the bitcoin gold team has an official website (btcgpu.org) and twitter. start there. cryptocurrency user or not, nobody should be downloading anything straight off the google search results.

there's already been a pretty widely circulated scam also: twitter.com/btcgpu is an imposter, and he's been sending people to a web site where users input their private keys to claim their BTG. it's clearly a total scam. this space really is a scammer's paradise.

i don't think the huge "unknown" BCH miners who are accounting for > 80% of the hash rate are dumping. do you have any evidence that they are? because if you follow the coinbase transactions, they are holding.

i think jihan wu's plan is/was to invest in bitcoin cash for the long term. the hyperinflation was a feature, not a bug, for him. i'm wondering if he is setting segwit2x up for failure as a ploy to drive all big blocker support to bitcoin cash.


there's plenty of discussion on the mailing list if you care to look. there's many core developers who aren't adamantly opposed to a block size increase; it's just a matter of timelines and consensus to prevent a chain split. even luke dash jr. worked on coding a 2x hard fork...

it sounds like there probably wasn't a fake website set up, and that he just gave all his information to them out of desperation and belief that he was on the phone with coinbase support. it's still not clear. but if they set up a fake phone number, it's not difficult to see them setting up a fake website. it could have been set up as a simple support portal (e.g. with zendesk or kayako), like some exchanges have been known to do.


it's pretty easy these days. i can mosey on over to the services or digital goods forums and get some phone numbers set up right now, paid for with bitcoin. burners/sim cards in mail if nothing better -- difficult case to pursue across borders for this amount of money.


apparently it was listed on google.

lesson learned: you should never give passwords/secret tokens to customer support people. exchanges will never ask for this. these are always social engineering attacks.

if this was how OP got socially engineered, that's interesting. it's true that people (including myself) use the top search results to quickly confirm we are entering the correct, legitimate site. i assume the same goes for phone numbers. i google restaurants all the time and order takeout/delivery the same way. if the #2 result is a fake number, we should collectively report the number to google.

the unfortunate thing is that coinbase didn't even have phone support until very recently (the last month or two). so if this is how OP was compromised, this might have been avoided if not for the timing.


it sounds like he was probably socially engineered into giving up his login/password to the hackers. since he had 2FA on the account, i believe this is the "secret seed" he was referring to. this is a term that coinbase actually uses to refer to the 2FA token used to generate TOTP codes: https://support.coinbase.com/customer/en/portal/articles/2820377-2-factor-authentication-2fa-faq

it sounds like the hackers (on the phone with the OP) got him to verify the hackers' device through email while they were on the phone. it's not 100% clear from the OP, but it seems like he probably handed them his login/password, verified their device for them, and gave them his 2FA token. that's everything they needed to compromise his account.

there are safe ways to use them. i would only use ATMs where ID scan is not required -- cash only. ATM/gas pump skimmers are becoming very sophisticated these days, so i definitely wouldn't risk anything where you need to swipe. and even with cash only / no ID, i would probably try to shield my face/hair for additional privacy.

i've used bitcoin ATMs before, but really just for the novelty. the fees are simply too high to make it worth it, unless you have no other way to convert cash into BTC.

the risk is losing funds through replay attacks. for example, let's say you use blockchain.info -- you control those private keys. if you don't do anything (no transactions) after the fork, your coins are safe, so it's not unsafe to hold your coins there. the danger is in using blockchain.info's nodes to push/receive transactions. they may be following an invalid chain in which valid transactions can be replayed (and vice versa). that means that if you try to transact with legacy BTC, you could lose your B2X coins. If you try to transact with B2X, you could lose your BTC.

this could all be avoided if the segwit2x guys would just fork responsibly and add replay protection. the thing is, they need to harvest SPV wallet users (who blindly follow miners), otherwise their fork looks illegitimate with little to no economic activity.

very strange. that's not what they told me when i had trouble verifying ID in august. are you sure they told you specifically that you can't use the mobile app? because they still have this up on their website. the article was updated just a month ago:


further down the page, they also say this:


unfortunately, their customer support takes forever to deal with anything, so i'd play around with the options in the mobile app or the mobile version of the website...

gemini is even stricter. they wouldn't accept my government-issued ID at all. apparently, if you are a US resident, you must have "REAL ID-compliant" identification. apparently, california driver's licenses aren't good enough, so if you live in a state that doesn't comply with REAL ID, then you need to get a new passport.


i had a new account a couple months ago and i think they have now integrated both processes into one. i had to provide driver's license and selfie at the same time. what they should do is stop offering the pc webcam option at all, because it works for absolutely no one. you need a high res camera, so you need to use the mobile app.

they've basically instituted mandatory verification (with passport/driver's license + selfie -- good recipe for identity theft) for accounts valued higher than $1,000. with such a low threshold, their entire userbase is now basically subject to these new rules. they didn't give any prior notification that this would happen. and with a userbase as large as theirs, i imagine it could take months to verify everyone.

in the meantime, no one can trade/hedge value on their coins or withdraw their money. and people with previously verified accounts are also having their accounts disabled, which is pretty fishy. whatever is happening, it's being carried out by bittrex in an extremely unprofessional manner. i'd be curious to know what the rights of creditors are in this situation, when the custodian is seemingly blocking access to funds based on arbitrary conditions, which is also causing significant financial damages to victims, because they cannot withdraw or trade as normal.

they must be getting a lot of pressure from regulators/law enforcement. their twitter also says they are based in seattle... is that true? i wonder how wise that is given that washington state is one of the only states that regulates cryptocurrencies, hence why bitfinex and poloniex stopped offering services to washington residents.

they have changed their terms multiple times recently. many of us did not sign up to these terms. they dropped peoples' withdrawal limits to 0 or 0.025 BTC/day unless they start the verification process. many people have basic verification, which was a healthy medium between full anonymity and giving your passport and SSN to a shady exchange. nobody knows who the owners of bittrex are; they are not public personas like with bitstamp or even bitfinex.

how do you know they are a "legitimate business that abides by all rules/laws?" for all i know, they might be taken down by the FBI tomorrow just like btc-e was. they've been operating as a money transmitter -- and headquartered in the USA no less -- without any legal registration as an MSB in any of the 50 states. that alone is enough to have them immediately shut down by regulators. why the hell would anyone want to give their documents to such a company? how could they be trusted to store the data properly? look at what is happening to equifax: you think bittrex can be trusted with our SSNs? fuck that! they are openly flouting the law already, you think they give a shit about the integrity of your personal data?

the fact that there is a large, steady stream of people complaining of having their accounts disabled recently and forced to provide ID documents suggests this is systematic, and not the fault of the users whose accounts are disabled. this is shady as fuck on the part of bittrex.

thanks for the heads up. these guys were particularly sloppy; they didn't even properly spoof the email address. it's fairly trivial to do so, so these phishers are aiming at the lowest hanging fruit.

i would hope that nobody would ever click a link purporting to be from MEW anyway. users don't link email addresses to MEW wallets at any point, so that alone should immediately tip anyone receiving these emails that a scam is happening. MEW never sends out emails, and what email list would they even have access to? people are just using the bitcointalk/btc-e/other database leaks and sending phishing emails to those email addresses.

would i? no, but it's not that simple. for one thing, bitmain (or whatever attacker) isn't going to announce to the world that they are 51%-attacking the legacy chain. they will act aloof and carefully hide where the attack is originating from.

for another, the narrative many people hear won't be, "bitmain is 51%-attacking the network." they could even selectively, or on a limited basis, accept some transactions into blocks, to prevent anyone from successfully charging that a 51% attack is occurring. they could even by-and-large accept only their own spam transactions into blocks, creating a narrative that it is the lack of hashpower -- not an attack -- that is causing this situation.

by the time it could be definitively proven that a malicious entity is orphaning honestly mined blocks, the legacy chain will have been virtually/completely unusable for days or even weeks. by this point, many legacy chain users and activists like luke dash jr would undoubtedly be moving forward with implementing a POW-changing hard fork.

now, surely among those users -- the activist small blocker/UASF/anti-miner community -- the narrative will be that the legacy chain was attacked. is that going to be the consensus, though? or will people believe that the legacy chain will have died by attrition, as jeff garzik keeps repeating it will? they will surely attempt to illustrate a situation where the community -- users, miners -- are collectively leaving the legacy chain, creating a self-reinforcing feedback loop ("hashpower follows users/price") where it eventually dies.


i don't think that a lot of users understand the gravity of consensus rules. there seems to be a distinction being drawn between technical parameters like block size limit and monetary policy parameters like the 21 million coin supply.


all of this is unprecedented. it's possible that -- as the NYA signatories seem to believe -- that hash power and economic nodes are far more influential by sheer numbers than full node operators. and by that i mean this: full node operators opposed to the fork will ignore the segwit2x chain, but how much of the network do they represent? we can't ignore the economic activity that major services/exchanges/payment processors represent. the question then becomes, how much of those companies' userbases are going to boycott those services? how much of those companies' userbases even knows that this debate is even going on, or cares?

this is precisely correct. the initial problem for users is that difficulty will take considerable time to adjust on the legacy chain. based on the difficulty at the fork block, it would take 10x the hashpower to achieve normal 10-minute block time, so confirmations will take at least 10x as long (likely much longer due to bad fee estimation --> network congestion).

what this also means is that honest miners on the legacy chain are much less equipped to fend off a 51% attack (or rather a 33% selfish mining attack). jihan wu has apparently claimed that bitmain controls a majority of the hash rate. that means that bitmain alone could kill the legacy chain without even drawing all its hash power away from the segwit2x chain or BCH. all they need to do is carry out a selfish mining attack for long enough for legacy chain miners to shut down due to attrition. (the entire time, legacy chain miners will attain zero block rewards)

now, i'm not sure whether bitmain would actually engage in this. but people shouldn't act like everyone involved is a benevolent, honest actor. bitmain is incentivized to kill the legacy chain -- they've been making it clear for years now. and so are all the companies signed onto the NYA. two chains is not the ideal outcome for anyone.

bitcoin cash lacked the backing of the ecosystem. no major companies backed it, no existing bitcoin wallets were compatible with it, and even with majority hash rate, SPV wallets would have ignored its chain because of changes to the sighashing algorithm.

this is not the case with segwit2x, so it's a bit more tricky to predict. this time, major services/wallets are lined up to support the fork -- and where bitmain decides to point its hashing power could make a difference. people keep talking about miners like they are such a diverse group. they're not.

i think some of the big blockers are actually quite tech savvy. there is a lot of overlap with ethereum/dapp developers, too. but there is a huge difference between those who have a technical grasp of blockchain consensus and those who are merely tech savvy.

there are very few developers in the world who are capable of producing consensus-critical software as reliable as what bitcoin core produces, and this group is only shrinking. one can be tech savvy and still have a "move fast and break things" mentality. it's just not appropriate for bitcoin development.

you can see the pull request from the btc1 developer team here: https://github.com/btc1/bitcoin/pull/117
more discussion here: https://www.reddit.com/r/Bitcoin/comments/6virdi/jeff_garzik_adds_optin_replay_protection_to_btc1/
and well-known developer and general explainer-for-noobs, jimmy song, wrote a more in-depth tutorial and explanation here: https://bitcointechtalk.com/how-segwit2x-replay-protection-works-1a5e41767103

so yes, i think we can trust the information at this point. whether the opt-in protection is sufficient/ethical is another story. most people don't even know what replay attacks are or why they matter.


i just realized, since there is no replay protection, the thread poll doesn't make sense. no one needs to install segwit2x. it will work with wallets right out of the gate. that's why it's so dangerous.

let's take closer look, though. bitfinex said this:


here's what coinbase said, leaving their options open:


so, we have an acknowledgment that there will be two blockchains. this is clear enough, and indeed, it's not what the NYA signatories set out to do. at the same time, no one seems to be backing down. in fact, clearly, coinbase is planning to move forward with the fork, and plans to offer full deposit/withdrawal support for both coins within a few days of the fork (compare to ETC or BCH).

no company of note has left the NYA. and all the miners are still signalling -- even f2pool. roger ver has gone off the deep end and is taking the opposite approach to bitfinex, saying that segwit2x will be the default bitcoin blockchain and BTC ticker.

in other words, i'd say that the fork is still likely to happen at this point. i think right out the gate and in the long term, there will be more demand for the legacy chain. however, it will be interesting to see what happens if 90% + (or even a simple majority) of the hashpower does indeed back the fork.

my advice is to trade wisely and do not make this ideological. the safest bet is to hodl both coins or to sell only a small portion of either. the best opportunity will probably play off hash power distribution. i believe the futures market is currently pricing in a fair chance that the fork doesn't happen, and that the miner support behind segwit2x will significantly drop as we approach the fork. i suspect the market may be wrong about both points, though.

bitmain is the wild card -- they could unleash a torrent of hashpower at fork time and they have an interest in the legacy chain being the weaker chain. don't underestimate that.