folders staring with a dot (.) are hidden (in this case .bitcoin and .electrum)... Either use a terminal, or look at your gui file explorer's settings to show hidden files and folders... I updated my previous post with the paths that could be interesting.

The first screenshot shows a couple of images and a shortcut for your desktop
Second one also some pictures and a shortcut
Thirth one also some pictures and a shortcut
Fourth one shows the root of a linux volume

None of the screenshots contain any files that i would identify as a wallet file.
Go and look in the /home/ folder, iterate trough the users in the home folder and look for /home/[user]/.bitcoin/ and /home/[user]/.electrum folders.

If you find a user /home/[user]/.bitcoin/ folder look if there's a wallet.dat file, if not: open bitcoin.conf and see if there's a different wallet path, if not: look if /home/[user]/.bash_history exists and see if you can find any indication of how you started bitcoin core

If you find a /home/[user]/.electrum, look if there's a wallet subfolder containing wallets

Thanks for the input from everybody

I'm happy to see that at least i'm not being extremely paranoid and several other members also think there's something off about this guy... From time to time you encounter somebody that's clearly a scammer and you deal with him/her as such. Other times it's more subtitle, and you wonder whether or not you're becoming paranoid.

The guy did not contact me again, so i did not have the chance to give him his $5 back (eventough i explicitly asked him to make me an invoice). Once he does give me an invoice i'm planning on refunding him and then just letting it be, whilst still keeping an eye on him from time to time so i can give him a negative or neutral feedback if he clearly crosses the line.

Since i think this thread and the input i got is more than sufficient for me to make up my mind, i'll close it (for now). If anybody wants to add extra remarks, don't hesitate to PM me and i'll unlock it for a short while so you can add an extra post.

yes.
Electrum also uses wallets, IIRC, the default wallet is called default_wallet, but electrum makes it really easy to pick different names for new wallets...
There are default places where both bitcoin core and electrum store their wallet files (not in the same place, they both have their own default folder), but those paths differ between different operating systems... Also, both electrum and bitcoin core allow you to create wallets in about any path you want, they just also happen to have a default path.

nope

Those files are just bitcoin's sourcecode...
The only thing you can do with those files is compile them into a binary, they don't contain private keys or other private information... Unless you took a wallet.dat and manually changed the extension to hide it in plain sight.

If you can open the file with a text editor (kate, gedit, vi, nano, notepad, notepad++,...) and read actual code, it's an ascii file and it's just sourcecode... If you cannot open these files because they're pure gibberish (and with gibberish i mean just random looking weird characters), it *might* be a hidden wallet file... But since the names you list there are 100% the names of the files containing bitcoin's sourcecode, i think the odds for a hidden wallet are slim to none.

In, hindsight, you are 100% correct, there IS no such thing as a free lunch.
The reason i took the bait was that there seems to be a renewed intrest in the lightning network (at least, my gut feeling is that i'm seeing more LN topics recently), so i basically assumed the user's question was a legit one, and the he did indeed need a ln invoice... Maybe he wanted to test his scripts, maybe he wanted to test his routings, maybe... ?

But yeah, i should have left it "as is". He didn't sent me a $5 invoice (yet), but i truly hope he sends it asap, so this can be over and done with...


I'll PM you with the thread(s): the one that "trapped" me and the one that's a bit to good to be true... Just don't disclose them, since i have no proof of an actual scam or a "hard" bribe attempt, i'd rather not besmear the user's rep based on my gut feelings

EDIT: i opened this thread just before the closing of the business day... I'll be AFK for about 16 hours, so i probably won't be able to reply before tomorrow morning

Thank you for reading my ramblings and verifying that at least from my point of view of the situation smells rather fishy... It's perfectly possible that the person i'm talking about is just very "clingy" and is disgruntled because he payed me $5 and didn't get what he wanted in return... It's just that i really don't know what to make of it and wether or not it's worth making it a "real" issue (escalating everything).

I need some input on wether or not i'm being paranoid here... Just to learn from my mistakes.

I'm not publicly stating the username of the user i'm talking about, since i have no proof of any real wrong-doing, so i do not want to tarnish his rep. If anybody digs and finds the person i'm talking about, i'd like to request not to post his username here... I'm also going to paraphrase instead of quoting him, for exactly the same purpose.

So, the story goes as follows
Yesterday, i was browsing a non-bitcoin related subforum and a clickbait title catches my attention. As usual, i open the post to read if my instinct was correct...

The OP said (and i'm paraphrasing to protect the identity of the user i'm talking about)
At least, that's how i interpreted the post

The topic wasn't closed, nobody posted anything that indicated the $5 invoice was created for this user... So i taught to myself: i get payed about $30/hour (after taxes), $5 is worth 10 minutes of my time... So i opened a connection to my ln node, looked up the exchange rate for $5, created an invoice and sent it to the user.

He immediately payed $5, so i taught his test was succesfull and i helped him out whilst getting a $5 tip for my efforts (which is nice, but not world-changing... It's basically what i make in 10 minutes, which was about the amount of time i spent on the whole process... BUT at least i did something nice for somebody that was in need).

However, the user immediately PM'ed me back, leading me to a thread that can only be described as containing an offer to good to be true... However, if something is to good to be true, it usually is, and this particular offer has a potential to leading to my identity being DOXXED, aswell as a potential of illegal goods being purchased under my name... So i made up a (true) excuse and tought the communication with the OP was over.

Today, however, i receive a PM from him telling me that i should have thanked him for the $5 (wich might be true... IDK) AND that i SHOULD give him some +rep.
I answered that i'd vouch on his thread that he did indeed payed the invoice and did indeed gave me the $5, but that i wasn't going to give him +rep since i didn't give out +rep unless i've dealth with you for a very long time (hence, TRUST you, which is basically the idear behind the trust system)... Moreover, that i tought i was doing him a favour by sending him the invoice, but i thanked him for the $5 anyways.

A couple of hours later, he replies (once again) that his initial thread was a couple of days old already, and he didn't need the invoice i sent him, but he payed it anyways (like i should have guessed this) and that +rep would be appreciated and sent back!

I replied him basically telling him that i didn't like the way this discussion was going, and asked him to create a ln invoice with the same value as the one i initially sent him, so i could refund his $5 and be done with it. I already spent the better part of an hour creating the LN invoice, verifying it, reading and replying to his thread... I really don't want to end up being a suspect in a trust bribery scandal for $5 and i really don't want to spend any more time for a $5 tip...


Now, my main question: am i being paranoid, or was this user just baiting DT members with a small denomination only to guilt them into giving him positive trust?

Apparently the OP no longer needs help.

@OP: please close your thread or at least update your post when help is no longer needed.

Just for the sake of clarity and completeness, i'd like to say that it's defenatly inelegant, but i do system calls from python scripts all the time and python is perfectly capable of handling these situations... In my line of work, i usually get closed source binaries from vendors... If i want to write wrapper scripts, the only thing i can do is use system calls to these closed source binaries and parse the output... Offcourse, if the vendor upgrades his binary, or if you get unforseen output, you'll need to maintain the wrapper script aswell.

As for using the output for a website: it shouldn't matter if he's using a native python library or a system call. The end result is exactly the same.

Worst case scenario OP can always do a system call directly from his script... Not the most elegant sollution, but depending on his usecase, it might work just aswell? I mean, it's not like it's a brute force tool or something (and even if it was, it would probably be a better idear to use a native c tool instead of a python tool), so a simple system call will probably do the trick just as good as a real python library...

Like ETFbitcoin said, why don't you use the tool itself instead?

Compiling it is really, really, really easy... Here's the binary i compiled (took me 2 minutes to do): https://mocacinno.com/hotlinkimages/keysubtracter
Is it safe? I really don't know... I have not read the sourcecode, nor would i run a binary compiled by somebody else i didn't fully trust... So yeah, if i was in your position, i'd read the sourcecode and compile the binary myself instead of using one that was compiled by somebody else, but at least now you have a choice...

BTW: since i did not read the soucecode, i'll remove the binary later today... If you need it, download it, if not leave it be... It won't be on my server for more than a couple of hours.

Satoshi's email was hacked, his account is locked and even if it wasn't, odds are that he wouldn't know his password anyways... Since his posts were migrated from a different platform to bitcointalk.org.

If he really wanted to prove he is satoshi, he can move funds from a couple of the earliest block's block reward, or he can sign a message... That would conclusively prove it.

--joking--
Aren't you bitcoin's CEO? Ouch, you gave me the wrong impression aswell... Stop fooling around and cancel the transaction already
What will you say next, that we don't speak the same language?  
--/joking--

@OP: bitcoin is irreversible and not governed by anybody. The only one that can give you your money back (at least, refund an equal amount) is the person that scammed you. If this wasn't LoyceV, there is nothing he can do.
You trusted the wrong person and got scammed... It's perfectly fine to open a scam accusation here, but all we can do is tag the scammer so others get a warning and he cannot make a lot of new victims (at least, if the scammer is a member of bitcointalk and you provide strong proofs). You could also go to your local police office and file a complaint, but the odds of them caring AND having the knowledge to even understand what happened to you are small (very, very, very small).

I did a quick search before posting this thread (so i wouldn't post duplicate content), but apparently i missed those two topics... Oops...
This being said, i did fund my new main net taproot address, worked as expected. Next time i need to spend some BTC i'll use my taproot wallet and report back

Finally included in trezor suite I had been waiting for a while to get my hands on this... To bad there aren't a lot of wallet vendors that currently support taproot... Also, my current electrum version doesn't allow me to create a taproot wallet, and last time i checked, the newest electrum version doesn't support taproot yet (either)... But i didn't double-check...

My first taproot address being derived right now...



EDIT: derived a (main net) address... funding it right now... Will try to spend afterwards... So far, everything works as expected

EDIT2: for full tests, i'm switching to the testnet...

Created a testnet taproot address: tb1pmcxv2zswv5dgsvq9nlmx66mx0fmedwpmcz9008zclxeql5a625uqylemk2
Tried funding it using coinomi (which i had on hand and contains a couple tsat's) => Failed, coinomi does not recognize taproot's address format...
Used bitcoin core instead... txid 18f7f687ff97e2f354180ae7e2f65f83bb2e83833c08765169b32e233acbe716 on the testnet

Created a second testnet taproot address: tb1psdtpn7fzyc6e8ueettzffraw24ga6crrhee9kj0pwpqy2qkp5tzqqv35fn
Funded it using bitcoin core... txid d6d66cda612d8f454fe49e77e92f153bf067746045162be3b2957ecd2910aeb3



And my first taproot transaction, using unspent outputs funding taproot addresses creating an unspent output funding a taproot address: 2ae31feab2444704ee9bfe0c47149a38074d43d2eeda3e10265b40490c90f21c

This feature works

Keepass +1
I've been using it for a long, long time... It's a well described format, there are (open source) tools to read a keepass database for about any OS you can imagine, offering various feature sets (like auto filling passwords, merging databases,...).

I tried trezor's password manager for a while, but i found it a tad bit "clumsy" (for the lack of a better word) for everyday use... Plus, at that time, they did require a cloud connections... I have no idear if they improved their password manager, i only tried it out when it first hit the market, and moved straight back to keepass after a couple of weeks...

I'm actually entertaining the idear of running vault, probably on an rPi or on my NAS... But for the time being, i'm loving keepass

IIRC, lastpass uses aes-256 encryption, and apparently your key never leaves your local system (the encryption should happen on your system before the encrypted data is sent to lastpass). If this is true, their security model would be reasonably safe...

However, i would NOT use an online password manager for keeping seed phrases or private keys... But that's just my personal opinion... I would never store something that important on a cloud server, no matter how good their scheme is... If somebody gets their hands on your master password, or if your browser is compromised, or if you fall victim to a MITM, or if the encryption scheme is ever broken your passwords are up for grabs...

Also, this is just lastpass, it does not mean other online password managers are equally safe... And i did not check lastpass'es sourcecode, so i'm just believing what they tell me...

archive.org has some archives from this page.... They're a couple months old, probably from before they actively pushed a token... They still seemed to be asking donations at that time tough...
I've added some spaces in this url, so i hope google won't pick it up... You'll have to remove those spaces to open the url tough!!
https:// web. archive.org  /web/ 20210916000127/ https://  www. bitcointalktoken.com/

I'm not the OP, however, i've read dozens (literally dozens) of these threads and i can give you a general answer to these questions (might or might not be applicable to OP's case)

• Freewallet is NOT a wallet, they are a (covert) custodial KYC exchange that calls themselfs a wallet to attract victims customers .
  
  • With "covert" i mean that they hide the fact they trigger a very extensive, over the top, KYC procedure somewhere in their TOS. They randomly trigger such a procedure while locking (in reality often stealing) the user's funds whilst refusing to tell anybody what triggered their KYC check, so they think they can do this with impunity (because they say they have good reason to lock user's funds, but they refuse to disclose those reasons)
  • with custodial, i mean CUSTODIAL... Not your keys, not your coins.... which is fitting in this case... The user does not have access to his/her funds when he/she uses this wallet!
  • with exchange, i mean litterally "exchange". One of their primary functions seems to be exchanging coins to other coins... which shouldn't be a primary function for a "free" "wallet"
• Why did the OP use "free" 'wallet".... I don't know about op's case, but freewallet goes trough great length to push their wallet... They are being accused of buying fake reviews, they put great effort in their search engine listing, they are active on forums and social media,... All in all, i think it's very easy for novice users to fall into their trap... If you read positive blogposts about this wallet (written or sponsored by f(r)eewallet), followed by a high SE ranking , followed by loads of 5 star (fake) reviews in the app store, it becomes very tempting to install this wallet

Now, i'm not the boss of anybody, i have no authority.... But i can give advice to the OP and anybody else in their position: Once you get your funds back, i'd advice to switch to a non-custodial wallet ASAP... I know freewallet says that at this point you are verified and they will not lock your account (again), i'd personally run (and run fast) towards a wallet that actually lets you (and you alone) hold your private key(s) or recovery seed....
Don't trust closed source wallets (unless very trusted by the community), don't trust online wallet, especially don't trust exchanges... Switch to a decent wallet... If you hold limited funds, a desktop wallet might do. If you hold a lot of funds, think about a better wallet altogether (do your own homework, but an airgapped wallet, a decent paper wallet or a decent hardware wallet are usually reasonable choices for keeping larger amounts).