That is a big change. Their old setup allowed you to keep one of three keys in cold storage off-site and gives you security that is increased from having your keys on your internet-connected computer. The new implementation provides only incremental security above keeping your coin on an exchange.

Their blog says the previous implementation was not being used by many customers and was taking up engineering resources, so I don't blame coinbase for discontinuing their "vault" service.

I have noticed that propaganda is being posted in places that I would it would have a small impact. There are a number of accounts that I have noticed are spreading Russian propaganda. Some of the propaganda I have seen in various places even try to disguise the fact they are spreading Russian propaganda by claiming to be opposed to Putin.

There is no real reason to hack accounts from Ukraine to spread Russian propaganda. Putin can simply create new accounts, buy accounts, or use existing accounts they already have to spread their propaganda.

Coinbase vault is essentially a 2-of-3 multisig setup. Coinbase has one key and you have two of the other keys. The instructions that coinbase provides is that the 3rd key (the 2nd key that you control) should be kept in a hard-to-access location that can be accessed in case coinbase will not sign a transaction spending your coin.

So you will sign a transaction with the 1st key, and after coinbase does it's security checks, they will sign with the 2nd key. If for whatever reason the security checks do not pass, coinbase will not sign the transaction, but you have the ability to sign the transaction by using the 3rd key.

Unfortunately, it seems that there are always people willing to pounce whenever disaster strikes. It is common for people to loot homes after a hurricane that caused people to evacuate. Donation scams tend to pop up when there is a cause that many wish to donate to help.

I think the effect of these types of people is that others will be less willing to donate to help good causes because they don't know if their money is actually going to help, or if it is going to scammers.

Yea, you are probably right. Most of the sanctions will likely be removed if Putin were to withdraw from Ukraine. Although damage has already been done and some will seek to not trade with Russia after the war.

Putin is clearly trying to intimidate the west into removing the sanctions without ending the war. I would conclude that this means the sanctions are likely working, and Putin is afraid of the oligarks in his country.

My assumption is that you purchased a bot that will attempt to "front-run" other trades. 

These types of scripts are very risky because even if they are written without malicious intent, there is the risk that someone else will figure out how your script works and will write their own script that will be able to trade based on how your script trades, allowing that person to profit at your expense.

Based on what you are offering for a code audit, I have my doubts that you have the capacity to hire a competent engineer.

In theory, a HW wallet could store some derivative of the seed and use a non-standard implementation of a passphrase in order to avoid storing the seed.

Doing so would not improve the security of the HW wallet. If someone is able to extract the "secrets" from a HW wallet, they are going to use tools with the ability to copy arbitrary information, and are not going to write information displayed on the HW wallet's display.

The algorithm to calculate the private keys based on the above derivative will need to be public, so it will be possible for the user to recover their private keys in case their HW wallet breaks.

Do you have a source for this? They have not been charged with the actual hack, however it would be very strange for the hacker to entrust someone with billions of dollars to launder his stolen coin, especially when they are having difficulty moving hundreds of thousands of dollars.

We will see if the sanctions work. They are clearly impacting the Russian economy, and more importantly, the banking system in Russia. Without a stable banking system, Putin may have difficulty procuring additional weapons, munitions, and supplies from within his own country. If the west were to impose a Russian Oil embargo and/or decide to stop buying Russian oil/gas, Russia would lose its ability to continue to finance the war.

Putin is clearly trying to talk the West out of continuing to impose sanctions.

That is a ridiculous assertion.

I am not sure what your point is. Russia is invading a free country that opposes said (attempted) occupation. Many western countries do not want to do business in Russia. If the people of Russia do not like this, they should take action, including using force if necessary, to cause the war to end.

There is currently not a ban on the importing of Russian oil, however, in the UK, dock workers are refusing to unload Russian oil because they do not want to participate in the financing of Russia's war machine.

The "legal" term of "war" is meaningless. If the country on the receiving end of sanctions decides that the sanctions make an escalation necessary, they will escalate.

If Putin decides to respond to sanctions by bombing the US, there is nothing stopping him from doing so, except the consequences of said bombings to Russia. Said consequences would include retaliation on the part of the US and its allies. If Russia were to win such a conflict, there would be no mechanism in place to punish Russia for the escalation.

It is unlikely that Russia would win a war against the US, so Putin is unlikely to escalate against NATO. Putin is talking tough because he is hoping that NATO countries do not want to go to war, and will be willing to back down from sanctions under the threat of war.

No.

My understanding is that you still need to provide your private keys in order to spend coin from "coinbase vault", so it would not be a good solution. You are basically relying on coinbase's security measures to prevent you from immediately spending your coin.

If you cannot keep your private keys safe, frankly, you should not be using bitcoin. I'm sorry, but that is the truth.

It would be a superior solution to keep parts of your private key/seed in separate locations, or you could use multisig and keep the private keys in separate locations.

No.

This is also not possible. Each time you incorrectly enter your PIN, you will have to wait an increasingly long amount of time before you can try again.

---

If it were possible to extract the seed from a HW wallet, it would be a security vulnerability, and the manufacturer would need to take steps to prevent this. You were instructed to write down the seed phrase when you initially created your seed. If you no longer have access to the seed, if you have access to the PIN, you should move all the coin out of your HW wallet and into a wallet whose private keys you have multiple backups to.

I personally am often lazy when referring to the unit of bitcoin and will refer to it as "coin" as a broad sense to include both bitcoin and other altcoins. I also often refer to "Bitcoin" as "bitcoin core" or the "bitcoin network" depending on the specific topic of conversation. Anyone reading can easily deduce what is being talked about.

The IP addresses of nodes are more or less public. It may be possible to get some idea as to what kind of hardware is associated with a particular IP address by sending a particular request and seeing how the computer responds.

Probably not very high on the threat model to bitcoin. Nodes are not run in a vacuum. There are many security experts that monitor the bitcoin network, and they could warn bitcoin users if there is some kind of attack against bitcoin nodes.

Further, a node going offline does not necessarily harm the network. If a single node goes offline, it means the person who owns that node cannot use that node to validate transactions, but everyone else can continue to use their own node to validate transactions.

Economic sanctions are an act of war. Their intentions are to coerce those who the sanctions are being imposed on to change their ways.

Obviously, sanctions are not the same as bombing a country or shooting at a country's military. Going from sanctions to actual violence is a major escalation.

I think this is mostly a marketing ploy on the part of FTX. It is a nice gesture, but I am not sure how much of a difference this is going to make.
It is clear that Russia is in the wrong. Most corporations are taking the side of the West. Those that are even hesitant are facing strong backlash.

It is possible, in some cases to trace the inputs to their outputs when using CJ. Deductive logic can be used to make these conclusions, along with clustered addresses before and after coin is passed through the CJ. If there is a series of CJ transactions that are continuously running, and people can have their coin in the CJ for an arbitrary amount of time, tracing the transactions would be more difficult, but not impossible.

A good developer will make any software they create very flexible. So it should be trivial to adjust any malware that is well-written if some new coin became popular.

It is also possible that malware is written in a way such that it does not specifically look for "bitcoin" private keys, but rather looks for what resembles private keys (this might not be specifically relevant to clipboard malware).

I would also make the general statement that if a coin is not popular enough for people to write malware to try to steal, there is a good chance that coin is not very valuable.

As I explained in my previous post, once you move your threat into a section that does not allow for self-moderation, the self-moderation feature for that thread is removed permanently. It will remain removed even if you move your thread back into a section that allows for self-moderation.

You should not be moving threads between boards frequently. You should post your thread in the correct board and leave it there. You should also not attempt to delete posts that you should not be deleting.