This is correct, and is analogous to the equation I shared above:

P(A).P(B).P(C') + P(A).P(B').P(C) + P(A').P(B).P(C) + P(A).P(B).P(C)

Your equation works out the three intersects of A ⋂ B, A ⋂ C, and B ⋂ C, and the subtracts the middle intersect of A ⋂ B ⋂ C twice since you have included it three times.
My equation works out the intersects while excluding the middle intersect each time, and then adds the middle intersect back in at the end.

Either way, you will end up with the same result.

This is wrong.

If you want to calculate the probability of losing access to a 2-of-3 multi-sig, then you need to work out the sum of the probabilities of losing any two keys and the probability of losing all three keys. The formula you are looking for is as follows:

P(A).P(B).P(C') + P(A).P(B').P(C) + P(A').P(B).P(C) + P(A).P(B).P(C)

This is the probability of losing A and B, plus the probability of losing A and C, plus the probability of losing B and C, plus the probability of losing all three.

The other way to calculate would be to add the probability of losing exactly one key to the probability of losing no keys, and then subtract that from 1:

1 - (P(A ⋂ B' ⋂ C') + P(A' ⋂ B ⋂ C') + P(A' ⋂ B' ⋂ C) + P(∅))

Where P(∅) = 1 - P(A ⋃ B ⋃ C)

Teletype. It's a monospace font which is generally used when referring to small snippets of code, command line arguments, etc.

Let's call your keys A, B, and C.

Probability of losing A = P(A)
Probability of not losing A = P(A') = 1-P(A)

Probability of losing all three keys = P(A ⋂ B ⋂ C) = P(A).P(B).P(C)

Probability of losing exactly one key = P(A ⋂ B' ⋂ C') + P(A' ⋂ B ⋂ C') + P(A' ⋂ B' ⋂ C) = P(A).P(B').P(C') + P(A').P(B).P(C') + P(A').P(B').P(C)

Probability of losing one or more keys = P(A ⋃ B ⋃ C) = P(A) + P(B) + P(C) - P(A ⋂ B) - P(A ⋂ C) - P(B ⋂ C) + P(A ⋂ B ⋂ C)

Plug in your numbers as desired. If you are looking specifically for the probability of never losing a single key, then do 1 minus the last equation above.

The transaction was broadcast publicly. It absolutely was not done for money laundering purposes.

You can find thousands of examples of people having their accounts frozen and money seized while PayPal provide zero reasons why and also provide zero assistance. There was also the big issue recently where they changed their terms to allow them to confiscate users' money if those users said anything online that PayPal disagrees with: https://bitcointalk.org/index.php?topic=5416501.0

---

But anyway, the money has been refunded to Paxos: https://mempool.space/tx/1b9adb2878fce5cd1b6a11a011e3965f904829228d57cf90ca6731cd501890c6

They don't need to. If you want to test something on your own private network, then you can use the regression testing network locally to do so (regtest). Using regtest allows you to establish nodes and connections as you desire, generate blocks at will, and mine all the coins you ever want.

But if you want to test something on an external network which is more similar to mainnet, then you will want to use testnet or signet.

F2Pool owner is now asking the community what they should do with the funds: https://nitter.cz/satofishi/status/1702095123981738437#m

Given how much PayPal are more than happy to screw over regular people for literally no reason whatsoever, I have no strong feelings either way what happens here.

No. You rely entirely on the good will of the mining pool operator, and they are under no obligation whatsoever to refund the fees.

You can't, unless you can look at the address they received the block reward to and somehow track them down from that.

You can't contact the police because the miner did not steal anything. They simply mined your transaction, the fee of which you chose. If you chose the wrong fee, then that's your fault.

Up to the pool operator, but generally yes.

You can see this in action right now, with the difficulty increasing by a factor of 4 every 2016 blocks.

Block 2,477,664 - Difficulty 1
Block 2,479,680 - Difficulty 4
Block 2,481,696 - Difficulty 16
Block 2,483,712 - Difficulty 64
Block 2,485,728 - Difficulty 256
Block 2,487,744 - Difficulty 1,024
Block 2,489,760 - Difficulty 4,096
Block 2,491,776 - Difficulty 16,384
Block 2,493,792 - Difficulty 65,536
Block 2,495,808 - Difficulty 262,144

You can already see things slowing down. 4,096 to 16,384 took 21 minutes. The next epoch took 31 minutes. The next took took 1 hour 23 minutes. By the time we hit the next retargeting at block 2,497,824, it will have been somewhere around 3 hours. It will take a further 4 epochs after this one to return to the previous difficulty (provided the hashrate hasn't actually changed).

The issue here is that the block of difficulty 1 after a 20 minute period was the last block in difficulty epoch.

Here is the point the issue began:

Block 2,477,662: https://mempool.space/testnet/block/00000000000000003c2717761354c34d5cdb12f5f247a1d7d0c5a8174e4b6a11
Difficulty: 147386757.8674816

Block 2,477,663: https://mempool.space/testnet/block/00000000000019477d9b273423ac45be472ac63d88616e5169efe9e3bdb03fb9
Difficulty: 1

As OP notes, what is supposed to happen is that after the block of difficulty 1, testnet should revert back to the previous difficulty. The issue here is that the block with difficulty 1 is the last block in a difficulty epoch (2,477,664/2016 = 1,229 exactly, remembering of course we start at block 0 and not at block 1).

The next difficulty epoch should adjust the difficulty based on the old difficulty of 147386757.8674816, but instead it mistakenly adjusts the difficulty based on the difficulty of the last block, which is 1. So the difficulty for the new epoch is set at 1.

Every block since then has been mined in seconds, and the difficulty is slowly adjusting back upwards to a normal value.

Still depends. Many exchanges have their central wallets publicly identified. If someone knows that OP is using one of these exchanges to swap his bitcoin to litecoin, for example, then they can simply look for any litecoin transactions of the same value at the same time.

There are almost certainly blockchain analysis companies which passively scan all transactions and make any easy links or easy identifications they can. Far easier for them when they need to investigate some specific transactions to already have all the groundwork done already.

Seeing the colors is irrelevant. Even someone with perfect eyesight cannot pick out the difference between this color or this color or this color or this color, and yet all four have different hex codes and therefore would generate different seed phrases. The hex codes must be backed up, which is more difficult, more time consuming, and more error prone than just backing up a seed phrase in the first place.

You shouldn't be remembering anything, hex codes or seed phrases. Relying only on your memory is risky and unsafe. Just write down your seed phrase on paper and store it somewhere safe, like every good wallet tells you to do.

So, turns out it was PayPal which made this error: https://bitcoinmagazine.com/markets/paypal-reportedly-overpaid-510750-in-the-largest-usd-bitcoin-transaction-fee-ever-

PayPal are blaming Paxos, and Paxos are releasing the usual boilerplate "Funds are safu" nonsense while reportedly contracting F2Pool to get their money back.

Just another data point to add the the hundreds of thousands of data points showing that no matter how big, how well know, how "reputable" any centralized exchange is, they cannot be trusted to use even basic security protocols.

4.5 years!? What a holestoric milestone! Truly monumenthole. Wonder if theymos will change my name to h_o_l_e_o in commemoration?

Oh, I've never left:

I've rewritten your transaction OP to remove the dust input, keep the payment output the same, and very slightly adjusted the fee so you can replace your currently unconfirmed transaction:


If you can sign this and broadcast it to a node which accepts full RBF replacements, then it should replace your other transaction and be confirmed fairly quickly. You can do this easily with Electrum if you are able to import your wallet to Electrum using either your seed phrase or a private key for that address. You should do this on an airgapped device for security reasons.

Otherwise, at the effective fee rate of ~7.5 sats/vbyte, you are going to be waiting weeks for a confirmation.

The parent transaction with a fee rate of 6 sats/vbyte will already have been dropped by default nodes, meaning OP's transaction will have been dropped as well. There are however an increasing number of nodes using non-default mempool settings, which is why we can still see OP's transaction on most block explorers and he can still see it in his wallet.

Sure. There will always be a government owned blockchain analysis company trying to spy on you. But if you cut off a huge amount of the data they get fed from the likes of centralized exchanges providing your KYC data and wallet addresses, payment processors like BitPay sharing details of your spending habits, closed source wallets which depend on their own servers sharing your wallet addresses, and so on, their bullshit "analyses" would be even more provably bullshit.

If some random account showed up to this forum and said "Hey, I've figured out a way to track bitcoin transactions, send me any address and 100,000 sats and I'll tell you who owns it!" while refusing to provide any technical details or let anyone see their code, they would rightly be called a scammer and rapidly be tagged with a newbie warning flag. But somehow if you show up to the US government and say the same thing they give you a multi-million dollar contract.

The disadvantage being your plate no longer has a blank rear side, so cannot be bolted on to something "face down" to make it appear like any other metal bracket or joint.

I'm also not convinced that trying to line up your plate with a printed template and line up a powerful enough light with each hole to get a clear point projected on the template in the right place is going to be any easier than just doing as Loyce has suggested.

They don't forget - they simply don't care.

The government don't care in the slightest when banks launder literally trillions of dollars. They get a completely meaningless token fine and that's it. No arrests, no criminal charges, no seizures, no shutdowns, and allowed to continue to launder more money in the future. This is all fine because the banks bribe our politicians and freely hand over all your data to the government when they want it. But when a piece of open source code allows the average person to maintain some semblance of privacy against the government's various mass surveillance programs, then all hell breaks loose and they absolutely must prosecute someone. They don't actually care if the people they prosecute are actually guilty, as long as the set an example to the rest of us that you should be good little citizens and never step out of line. This is not about preventing money laundering in the slightest - if it was, they would clamp down on the banks which do it constantly. It's about surveilling and controlling the populace.

Absolutely. We already have dozens of blockchain analysis companies out there. My point was that if everyone who used bitcoin stopped using things like centralized exchanges or wallets like Wasabi or Trezor which all directly fund these blockchain analysis companies, then that would cut off a large part of their funding and many would cease to exist (not to mention making general blockchain analysis much more difficult since you would no longer have KYC linked addresses and such).

It's pretty damning just how desperate Chainalysis are to not let anyone who even remotely understands bitcoin view their code.

Depends on your tools, I suppose. Lopp managed it: https://jlopp.github.io/metal-bitcoin-storage-reviews/reviews/bitplate/

Buy 20 such plates. Use one to stamp your seed phrase. Then use all 20 in a building project, such as to join two pieces of wood together, with the seed phrase obviously pointing inwards so it appears no different to any of the others. Or go in to your roof/cellar/foundations/crawl space/floorboards/whatever and just screw it (face down) on to some beam/joist/rafter/truss/whatever. No thief is going to stumble across that by mistake, and will only know to look for it if your opsec has completely failed.

This is incredibly dangerous.

There are 455 ways to pick 12 words in the same order from the 15 words you have given. For each one of those, there are 132 ways to swap two words. This gives a total number of possibilities of just over 60,000. My not particularly powerful hardware at home can test BIP39 seed phrases at around 100,000 per second, meaning I could crack your method in under a second.

Even if you assume the attacker just wants to pick 12 words in any order from the 15 you have given, that's still only about 218 billion combinations. I could break that in less than 13 days on average, and an attacker with good hardware could do it in hours.

You shouldn't save your seed phrase online ever.

Hardened and unhardened derivations were defined simultaneously in BIP32. One wasn't created in response to the other.

A private key on its own is insufficient to derive any other key, be that parent, sibling, or child. It is the combination of a private key and the parent public key and parent chain code (as is revealed in the parent extended public key) which reduces the equation for unhardene derivation to a single unknown (the parent private key) and allows it to be calculated.

So there are lots of companies which already produce metal plates with this hole punch design, but I'm not sure if I've seen one without the template etched on to the metal.

You can easily reduce the size of the plate and/or increase the size of each box by overlaying words 13-24 on top of words 1-12. For example, one dot in a box for words 1-12, two dots for words 13-24, or three dots if the letters overlap. Or a vertical line, horizontal line, and a cross. Or any other such arrangement. Or even do the same with 1-6 overlaid with 7-12, since 12 word seeds are perfectly adequate.