I am open to ideas/suggestions on how I could 'prove' I cannot withdraw things myself? I think it's to late for that now, and people just have to trust that you won't withdraw coins yourself. One potential way would be to create some multisig setup so that nobody would have full control over keys/coins, or splitting seed words with shamir backup scheme. Maybe there was a way to create simple script for unlocking coins with some terms but I don't know how to do this. I could for example claim that I destroyed my copies, but is there a foolproof way of proving somehow a withdrawal doesn't come from me later?
No, as far as I know that is impossible to know. You could always time limit this challenge and create new from scratch doing it in some better way like I suggested before, but think who would you add and trust as other parties in multisig. |
|
|
|
Ok, so AtomicDEX. As usual, at least on their homepage, they don't say if they're open or closed source. What are they? is it safe?
I told you to go and do your own research, don't just go around asking random people is something is safe or not. Don't expect everything to be chewed down like baby food, and use your brain for a change  https://github.com/KomodoPlatform/atomicDEX-Desktop/blob/dev/LICENSE |
|
|
|
Now, I've been reading (not a lot) about Atomic wallet, but, as usual, I can't find what I'm looking for. I would not suggest anyone to use Atomic wallet because it's closed source and I don't like it's interface. Hardware wallets are unaffordable to me now. Any multi asset software wallet you'd recommend?
Most wallets that support multiple coins are not open source, so you won't find much better alternative wallets. One potential alternative that could work is a wallet plus dex exchange and it''s called AtomicDEX that can be used as wallet for storing coins and for trading coins using atomic swaps: https://atomicdex.io/I would not recommend any other software wallets, but I know people use closed source wallets like Exodus and Coinomi. It depends if you are asking for mobile or desktop wallet, but Unstoppable.money could be interesting open source mobile wallet you should check out. Do your own research before using any of them, and keep seed phrase backup safe. |
|
|
|
Ne mogu vjerovati da nisam prije primijetio, ali He-Who-Must-Not-Be-Named se opet vratio na forum.  Nisam ni ja... ali to je opet ista stara priča, Bitcoin down - Antikvark is back, Bitcoin up - Antikvark is gone. Ostaje samo počastiti se njegovim prisustvom na lokalnom forumu, sa novim ''mudrostima'' iz šešira, a možda to i nije loše protiv monotonije. Uhvatio se sad sa onim frankyem a imam ih obojicu na ignore. |
|
|
|
Da li znate da postoje agencije, ljudi koji nude usluge da se placa listanje na CMC i CG?
100% znam da se direktno ništa ne plaća listanje coina na Coingecko ili CoinMarketCap, ali šišanja ima dok ima ovaca koje plaćaju za to. Indirektno se mogu i ja pojaviti i tražiti neki novac za listing, ali to nema veze za CG i CMC. Oni nisu decentralizacija, oni nemaju veze s kriptom osim sto listaju za jako puno novca vase i nase projekte da bi dobili exposure. Stvorili su si takav monopol da ih nista drugo ne zanima osim novca 🤮
Ne mora sve biti decentralizirano i ne vidim kakvu prednost to daje osim plaćanja glupih visokih fee naknada na polu-centraliziranoj ethereum mreži, ili još gore na drugim centraliziranim klonovima kao bsc npr. Kažeš da njih zanima samo novac a vi planirate prodaju nekog novog BCT tokena, a za što drugo ako ne zbog novca, sigurno nije iz ljubavi prema tehnologiji  To je samo moje skromno mišljenje i možda ima nekih pozitivnih strana, da ne budem kao drugi mračnjaci sa ovog foruma koji sve gledaju crno. Sretno sa projektom. |
|
|
|
...
Just look at their ridiculous definition of their own AOPP service... Most exchanges, even centralized with strict kyc don't ask from users some special knowledge for withdrawing coins. It's simple click of a button and entering your wallet address... I don't see anything complicated there that would need simplification. Even signing a message is not a big deal with simple instructions, many forum members did it here and they are not experts with some super-secret hidden knowledge. AOPP is designed to simplify the user experience of non-expert users who are dealing with difficulties withdrawing their funds from exchanges to their own wallets. |
|
|
|
Do I understand correctly that there have already been cases with the substitution of fake ledger wallets? This is the first time I hear about it. Can you tell me where I can read about this incident? Were there people who lost their funds because of this?
Yeah it happened and I have been writing all about that last year in one of my topics. Packaging and case looked like original, they even had plastic cover (not that hard to make even at home), fake packaging bag, so newbies could fall for this trap easy. Only difference was with fake instructions, inside of device pcb was different and fake software that was pre-loaded on device. Experienced users and previous ledger owners would probably notice suspicious scam device and report it like one of them did. |
|
|
|
Goddamn, this sneaky dude got me as well! It appeared to me that this happened recently - which would mean the firmware would have been seriously outdated - but I reckon it would have been possible: get a ton of coins, forget it for almost 10 years, find it again and need to look for a hacker since you forgot the PIN.
He is smart guy and I will give him a credit, but correct way would be to mention the years when this happened, if not in video than in descriptions. Most of the people are now thinking that Trezor is still affected by this old bug, they are not doing any research and social media is full with this youtube video They're not just cutting the antenna, they're removing the chip's power source, so it just can't turn on again. Yeah I saw that link and procedure is fairly simple for anyone who did some soldering in his life. No chip = No wi-fi/bt, and this could even make raspberry a bit faster also (version 2.0 is faster than v1.3 even with wifi/bt). I love DIY and FOSS myself, and do believe it can be more secure in many cases, just due to more eyes looking at the code. It's also great that you can remove a feature and recompile without that, for instance. However this is not limited to DIY wallets, but it's also the case for any other open-source wallet.
Except for coldacrd wallet, because if you fork their code and try to compile it yourself and change some things, you will get a lawsuit from NVK for license violation... That means their website is lying and misleading people intentionally. Ask NVK about this and you will get banned, but all his channels... pathetic. Of course, also pressure on the manufacturers helps. For example, Shift Crypto offers a 'Bitcoin only' firmware that I believe can also be flashed to the 'Multi' edition (irreversibly).
You know that Keystone wallet also has this feature? It's possible to install Bitcoin only firmware and after that it's impossible to switch back to multi-coin edition, so it's permanent and good for security. I would not immediately update in this case, since the new firmware update may contain fresh critical bugs or vulnerabilities. This problem creates a danger only with physical access to the device. Online, Trezor is still safe, isn't it. Can wait a while, and then update the device.
Hello and wtf?! I would... It's been more than 3 years since this bug in Trezor and it would be BIG mistake if you don't update now if you have old firmware like that. |
|
|
|
I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens. Me neither. I was surprised to see Blue wallet on that list, and I like how it worked as a mobile wallet, but I won't recommend it anymore. Nobody asked customers and regular users if they want to have this anti-privacy feature or not, they just want to kiss ass of governments, now they should suffer. I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so. It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people. I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet. Maybe they are not focused on desktop wallets so much, so I hope Electrum wallet won't do that ever :/ We should seriously consider traveling without any (visible) bitcoin wallets cross border, just to be extra safe. |
|
|
|
If passphrase in BIP39 standard, Why there are only few wallets support passphrase?(Trezor, Ladger, Safepal)
Most hardware wallets support BIP39 standard and they all have optional passphrase, not just three brands you mentioned. I am pretty sure that Keystone, Coldcard, Passport, BitBox, KeepKey, CoolWallet, Ellipal and others have support for both BIP39 and passphrases. Not sure if all desktop or mobile wallets support passphrase with BIP39, but I know Coinomi wallet does: https://coinomi.freshdesk.com/support/solutions/articles/29000009680-how-to-add-a-bip39-passphrase-to-my-existing-recovery-phrase- |
|
|
|
SAFU means fake safety, and that wallet can be hacked at any time with some insider leak attack. Binance collected over 7,950 Bitcoins with only 10% from trading fees, so you can see how much they really earn with rest 90% and it's not including withdrawal and all other fees. Do you think that creating such funds would be good for users and sufficient as a hedge if there were hacks? I don't really trust Binance or CZ, and they have much more funds to cover all potential loses if they want to do it. I am not sure what happened when they got hacked before and how they payed their customers. Do you think it has enough assets to cover all the technical problems that will occur? And what if all crypto exchange do this?
This is obviously not enough to cover anything, it's just created as marketing propaganda for fake safety. |
|
|
|
Looks like my certificate got caught in the middle of the last Let's Encrypt bug.
First it was BPIP website, now ninjastic.space affected by that let's encrypt bug, but in my case everything worked just fine. Not sure why some users are affected and some not, but it could be because if specific browser settings that are not the same for everyone. |
|
|
|
Very nice! Let me propose that this Reporter Badge script could be added to BPIP Extension, so they could be used even without userscript managers. I don't know how complicated is to add this to extension, and correct me if I am wrong but I think that other scripts and themes are already added. This should be optional in settings, so maybe suchmoon and ibminer could comment if that is even possible and if they have free time for this update. |
|
|
|
Kupio sam Bitcoin u mjenjačnici bez problema. Danas sam htio platiti VPN i dobio odgovor
Nisi rekao ni koji VPN, ni koji novčanik, ni koji način plaćanja si koristio, možda oni koriste neki third party payment. Mislim da se taj error javlja samo kod Androida i ima neke veze sa javom, pa probaj onda koristiti neki drugi novčanik, najbolje Electrum koji ima i za desktop i za android. PS Trust Wallet je sranje.  |
|
|
|
While I was browsing the Ledger's subreddit, I stumbled upon another lame phishing attempt I am getting emails like this in my old spam email address all the time, and I am not even paying any attention to them, but the sad thing is that some people are falling for this crap all the time. Just imagine how many emails, sms, and calls like this previous ledger customers received after that huge ledger leaked that happened. Related with this topic I just remembered to post screenshot of brand new leaker website  (credits to unknown author)Do you have the link to submit my seed phrases to? I have a few billion seed phrases, certainly wouldn't want any of them to be terminated, so I'll submit them as fast as I can.
Send me PM and I will give you big 90% discount and free lifetime tech support! I just need to dive into spam folder to find what you are looking for  |
|
|
|
Yeah, that's about right. All the close-range mumbo jumbo is not implemented as a security measure; you can circumvent it with a tunneling attack, stronger antennas and similar. On hardware level, it is not protected against that.
To paint a better picture, everyone should imagine that NFC is just a small antenna. It's my opinion that having antenna in hardware wallet is not secure, but that is just my opinion, what do I know  I have limited knowledge about its security but in regards to the simplicity of its approach, it means little to nothing if it's going to work occasionally.
In theory some kind of universal NFC reader could be used for all devices including desktop computers, but question is if this will be compatible with one used in Square wallet. I was reading that Apple had worse support for NFC from all other smartphones, but maybe something changed in last few models. I found some interesting articles about alleged ''secure'' NFC techology that everyone is trying to push down out throat recently. One of them say that malware can be planted using NFC beaming, but bug was android related: https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/This one is from last year, NFC Flaws Let Researchers Hack ATMs by Waving a Phone! https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/After reading all this I am really having trouble to believe how they say that adding NFC in hardware wallets in more secure than other methods. If ATM can get hacked with NFC than I rest my case, or maybe we should buy this new hardware wallets and use them for hacking |
|
|
|
Design and build a fake hardware wallet
This already happened before with fake ledger wallet that was looking exactly the same from outside, but from inside it was different and it was pre-loaded with fake ledger software already. Nobody knows exactly how many people received this devices but we know that scammers used ledger amateurs leaked database with home addresses information. With recent stupid changes ledger is making it's not even possible to verify if your device is genuine because they are gluing pcb with battery It's much quicker and easier to setup a scam coin or fake electrum site and drive people to it or a bad link to metamask or something else.
Those are cheap phishing scam and fake tech support that gets recycled all the time. There are different level of scammers, lowlife and upper class, but biggest scam would be to just infiltrate one STM32 chip manufacturer that is used in most hardware wallets. |
|
|
|
Several people have recommended KeePassXC - Thanks - I have started using it and it is amazing. In addition to just storing passwords, it also does TOTP (Authenticator) and automatically pushes keys to an SSH-Agent.
KeePassXC is truly amazing, you can use it on all possible operating systems, it can work fully portable or as appimage for linux, and there are nice browser extension to improve it. Browser extension is made by KeePassXC Team and it works great in both Firefox and chromium browsers and all their forks. Note that it's better to keep TOTP Authenticator secrets in separate database from password. So, in that same spirit I created a new bounty for KeePassXC. Unless user mistake is made with somebody finding their backup keys, I doubt this will ever be broken and hacked, unless some major quantum change happens in future. I think this challenge will get very interesting as the price increases for all of these crypto's over the next couple of months  Maybe you should post this challenge in social media like twitter to have more attention, if you didn't already do that. I would tag all three accounts for KeePass, lastpass and 1password, and maybe few bitcoiners and hackers like Kingpin aka Joe Grand. |
|
|
|
I don't think that's the right place: it's not about ads and prizes are a couple hundred dollar each.
They can always post it to off-topic but it probably won't get much attention there, and since this is minds games I would go ahead and post it in games in rounds, even mprep said is OKish to do that. My suggestion would be to avoid talking anything about payment and rewards (or post any payment in Bitcoin) and just post link to telegram channel for extra rewards in altcoins. That way you are playing with or around the rules and I think that many people visit games and rounds daily, so you would get much more people than in altcoins. |
|
|
|
This is just my interpretation, but maybe moderators think that posting just copy-paste titles with links as low quality post and most of the merged posts you made looked exactly like that, one or more lines of the and original link. I would not report this myself if I was a moderator, since this is posted in altcoin section that is usually much lower quality and I don't think this is done for increasing number of posts. They probably would if someone reported those posts. Except nobody cares about altcoin threads.
Are you sure about that? Take a look how many posts got reported by Ratimov, and I am sure lot of them are in local altcoin section. Let's here what moderators have to say, and maybe we find the secret who reported them. |
|
|
|
|
Show Posts
