Monero is assigned coin number 128: https://github.com/satoshilabs/slips/blob/master/slip-0044.md

As you say though, it's more complicated than just deriving at that path since you also need to use the sc_reduce32() function to end up with a ed25519 key.

Both Trezor and Ledger have released tools which will guide you through the process of converting your BIP39 seed phrase in to a 25 word Monero seed phrase which can be imported in to the Monero wallets we have discussed above:
https://github.com/ph4r05/monero-agent/blob/master/PoC.md#trezor-seeds
https://github.com/LedgerHQ/app-monero/tree/master/tools/python

Or alternatively, Coinomi (of all places!) has forked Ian Coleman's paged and implemented the same thing. Just enter your seed phrase and select "Monero" from the drop down menu and it will spit out your Monero seed phrase:
https://coinomi.github.io/tools/bip39/

Obviously do all this on an airgapped device.

I'll add another one:

https://nioctib.tech

Put in the TXID of any confirmed transaction and hit the "debug" button underneath any of the inputs, and then you can click "Next" and "Prev" as it simulates the script and shows elements being moved to the stack. You can also hit the "Raw" icon to see a color annotated breakdown of the raw transaction data.

No, it won't. It will be a hot wallet which is sometimes disconnected from the internet.

If you are sure your computer is 100% impenetrable to attacks and completely free from all malware 100% of the time, then you should probably present your findings to the CIA or something and be paid handsomely in return, since you'll be the first person ever to create a 100% secure system.

No. First, you can't be sure your device is malware free. Second, when you delete data, all you are actually doing is telling your computer it can write over these sectors of your hard disk when it needs to. The data isn't actually removed until it is written over, which could take months or even years depending on how you use that disk.

You aren't sure. No one is sure. Have you disassembled and intricately examined every piece of hardware in your computer to check for backdoors? Have you read every line of code for every piece of software running your computer, from your BIOS and OS through to your wallet software? Are you examining every incoming and outgoing packet across your internet connect to check for malware or data being leaked? Of course not. Therefore you have no idea if there are vulnerabilities in your system.

This is the whole point of a permanently airgapped device. It is impossible to have a completely secure system connected to the internet, but you can mitigate a lot of possible attack vectors simple by airgapping your device permanently.

Again, nope. Your wallet data will still exist on your hard drive unless you have deliberately written over the necessary sectors, which few people do. Malware can access that data and send it off to an attacker.

That's not what the colors on Jochen's site mean. The fee bands are simply different colors. There is no color that means "overpaying". Go back to May this year or go back to the end of 2017 and there were plenty of times when you had to pay fees in the red bands to have a reasonable chance of being confirmed within the next few hours. This was not an overpayment, but rather completely appropriate.

People often equate companies being large, long running, or well known as meaning these companies know what they are doing. This is not the case. The biggest tech companies in the world - Microsoft, Apple, Google, Meta, and so on - have all experienced multiple data breaches. The same is true for all the biggest centralized exchanges in the crypto space have experience multiple data breaches, and yet people do not seem to care. Why would they spend their profits on advanced security systems when they know they can get away with spending the bare minimum? As soon as you've completed KYC anywhere, your data is at risk.

If an attacker can "bypass MFA" using only a phone number, then it means their MFA was simply an SMS message, which is widely known to be the most insecure MFA method there is. They probably won't reveal any details because it will highlight just how amateurish their whole set up is.

I don't think the US government at least will go down the route of an outright crypto ban. It is much more lucrative for them, both in terms of taxation and data harvesting, to instead pass the most ridiculous regulations which require all bitcoin to be fully KYCed. First it will be banning non-KYC trading, then it will be mandating that all withdrawal addresses from exchanges are linked to KYC data (such as the AOPP proposal), and then it will be mandating that all bitcoin is only stored on regulated KYC exchanges and you are not allowed to withdrawal it at all. I'm sure I don't need to point out how we should fight back against this nonsense as strongly as possible.

Ha! Suggesting the government might actually care about the victims! Good one! No, the government simply keep it for themselves or auction it off.

Or they should have bought out our politicians like the fiat banks do. That gives them a free pass to launder trillions.

Poking about LinkedIn shows that a couple of their key people such as their CTO left the company around the same time as they went silent on all their media channels last year. It seems maybe there are a few customer support agents still working at Coinomi, but they key people responsible for maintenance and development have all left.

If you don't want to run your own node, then why not just use the GUI wallet from https://www.getmonero.org/ and connect to a third party node?

Why? Just because it's popular? It's a pre-mined scam which is happy to roll back the chain to censor people if the devs so choose. It's the opposite of all the things you want from a proper cryptocurrency.

With the privacy implication of linking whatever payment you were making to your favorite VPN or account at some website. Sometimes it's simply not worth it for the sake of 1000 sats.

Alternatively, send it to the public donation address for something like Tor or EFF.

Add in almost all addresses ever synced via a light wallet which sends your xpub to the third party server to query your balances, which is probably the majority of addresses ever used. The only way to be sure your public key is actually private is to have it generated on an airgapped machine and never leave that machine.

Note that Grover's algorithm and Shor's algorithm are two entirely different things which can be used to solve different problems. When it comes to bitcoin, the former would be used for SHA256 while the latter for the ECDLP. While Shor's can provide an exponential speed up in attacking the ECDLP (and therefore make it possible to solve), Grover's can only provide a quadratic speed up in attacking SHA256 (which would still require 2¹²⁸ operations and therefore incredibly unlikely to ever be broken), which is why many people (mistakenly) think that keeping public keys private provides more security.

I'm not aware of any serious opinion which thinks these things will be feasible in just a few years, however. We are decades away at least.

I've said it before and I'll say it again - the only safe KYC is no KYC.

It's so incompetent it would be funny, if it wasn't so alarming. These are the entities you are entrusting your data to every time you complete KYC. Entities whose employees have so much information publicly available about them that they can be SIM swapped with ease, and who have access to your sensitive information via just their phone.

In what world is your full name, physical address, and how much money you were storing on these scam platforms not sensitive data? You've just made every single one of those users a target for physical attacks, especially any with a large number of coins.

Pretty laughable that they state "client funds" haven't been impacted. What funds? Everyone lost all their funds when these scam platforms collapsed, remember?

What a complete shitshow. The number of reasons you should avoid centralized exchanges continues to grow exponentially.

Nope.

Yes, but they don't want to.

Not really. They've proven they are willing to sell out their users, cooperate with the authorities, fund our common enemy, and attack bitcoin itself, all in the name of lining their own pockets. They are never to be trusted again.

A wise choice.

Look at any block and you will see dozens of such transactions.

Here's the most recent block, for example: https://mempool.space/block/000000000000000000001d63a0516748160bb6b01741ab14b41277416fd5f54d

mempool.space lists transactions in a block in the order the miner includes them. Since miners preferentially include higher fee paying transactions, then usually all the highest fee transactions are listed first. I count 19 transactions which pay a fee of 100 sats/vbyte or more, when actually 8 sats/vbyte was all which was needed to get in to that block. Click on any other block and you will see the same thing.

You can't say that every single one of these transactions is simply because someone doesn't know what they are doing. Some will be, sure, but there will also be people who absolutely must get their transaction in to the next block for whatever reason, centralized exchanges with their poorly optimized algorithms, people who simply don't care about the extra few bucks they are spending in fees, some poorly configured wallets or software, and so on. I for one have created transactions with excess fees when paying a regular fee would leave me with a change output of a few hundred or a few thousand sats. Rather than be left with an output which would cost 50% of itself in fees just to spend, I'll just add it to the fee I'm already paying and donate it to the miners.

Your steps aren't completely clear to me. Just to clarify - you are connecting your Trezor only to your airgapped computer and interacting with it via Electrum, signing transactions on your Trezor, and then moving those transactions from your airgapped Electrum to your live Electrum to be broadcast?

That's certainly one of doing it and is very secure. An alternative solution for the future would be to use a hardware wallet which is already airgapped and does not need to connect to a computer at all, such as a Passport.

Absolutely no idea, I'm afraid. I don't use ETH or any other pre-mined shitcoins. Maybe you are able to do it with Trezor Suite itself?

I'm sure the DoJ will be equally punitive against any fiat banks caught to be laundering money for North Korea though, right!?

Like when JPMorgan Chase laundered $89 million for 11 companies which they knew were linked to North Korea and were previously flagged as being suspicious? Or when BNY Mellon laundered $86 million in transactions which had "no clear commercial reason" for individuals which had talked openly in the media about "conducting business with North Korea"? I'm sure the DoJ will soon be handing out some punishments soon, right!?

Oh no, those documents came out 3 years ago and literally nothing happened: https://www.nbcnews.com/news/world/secret-documents-show-how-north-korea-launders-money-through-u-n1240329

As I said above, this has absolutely nothing to do with money laundering, and has everything to do with the government losing its grip on your lives. They don't care about money being laundered at all, as long as it is the right people doing the laundering.

It's a common problem with all self created schemes or ideas like this one. It seems obvious to you at the time, but skip forward a few weeks or months without thinking about it and you simply forget the intricacies of what you've done and make it very difficult to recover. To add to what I said on that old post you quoted - not only do you have to shoehorn your 24 words in to an awkward sounding story, but you'll also need to make sure none of the other 2048 commonly used words from the BIP39 word list are in your story. No point having a story which contains 100 words from the wordlist and being unable to remember which are the important 24 words.

If you need to carry a wallet with you, then a hardware wallet is the best solution for this. If you need to hide the fact you are carrying a wallet with you, then I would likely encrypt it inside a hidden volume which could be decrypted if forced to reveal some dummy sensitive data.

The issue at the moment, which has been the case for a few weeks, is that there is a huge backlog of transactions paying 6 sats/vbyte waiting to be confirmed, with the volume above that spread very thinly. So it is entirely possible that 8 sats/vbyte would put you within 0.1 MvB of the tip of the mempool, 7 sats/vbyte would put you 1-2 MvB from the tip, while 6 sats/vbyte puts you anywhere from 2-30 MvB from the tip. So you pick low priority at 6 sats/vbyte, and then a few blocks are found in quick succession and your transaction is mined. That's not a failure of mempool.space, but rather a quirk of state of the current mempool.

Bear in mind of course that transactions don't pay either 6 or 7 sats/vbyte, and there is a continuous range between these two numbers which most fee estimators will not pay attention to. 6.0 sats/vbyte and 6.9 sats/vbyte will be a difference of over 25 MvB from the tip at the moment.

Having said that, mempool.space is currently stating the "No Priority" fee is 14 sats/vbyte, which is only 2.5 MvB from the tip. That's not "No Priority" in my book. If I had a "No Priority" transaction, I'd set it to around 6.8 sats/vbyte and expect it to be confirmed sometime in the next 24 hours.

So yeah, as others have said, take a look at Jochen Hoenicke's site instead. Not only can you place your transaction exactly as far from the tip as you want, but more importantly you can view the current mempool trends and see if it is filling up or emptying out.

You surely know better than to ask me that question. Here's my solution: Electrum for Bitcoin and Monerujo for Monero. Sell all your shitcoins for one of these two.

Their subreddit paints a similarly bleak picture: https://www.reddit.com/r/coinomi. Lots of posts of people being unable to spend coins, unable to sync, getting a variety of error messages, etc. The comment section for each of those posts is just filled with spam.

Also no activity on their Twitter accounts for over a year.

I would say it's a good result all round that the wallet has collapsed. A closed source wallet which sends seed phrases over the internet in plain text to Google has no right to continue to exist. I would suggest everyone uses their back ups to sweep their coins to a better wallet.

As I've said before, blockchain analysis is based on guesswork.


As soon as a transaction has been made, it is impossible to say that those coins haven't changed hands. As soon as a transaction has more than out output, it is impossible to say which bitcoin ended up where (and indeed, "which" bitcoin doesn't even exist at a protocol level). It is trivially easily to fool many of the heuristics blockchain analysis uses, such as script type matching to identify the change output, or inputs being spent together to identify co-ownership. And not just to fool them as in "they can't draw any conclusions", but to fool them as in "they actively draw the incorrect conclusion". And of course one incorrect conclusion leads them to build more and more incorrect conclusions on top, building an entire chain of nonsense which they then pass off as irrefutable fact.

I've said for a long time that blockchain analysis is provable nonsense with no scientific basis. It seems even the directors of blockchain analysis companies agree with that. But of course they will continue to peddle their nonsense to centralized exchanges and governments alike because it pays handsomely to do so.

---

I did a small experiment some time ago regarding blockchain analysis: https://bitcointalk.org/index.php?topic=5395035.msg59905002#msg59905002

One particular piece of blockchain analysis software put a significant amount of coins in the wallet of various centralized exchanges in one of the categories of scams, hacks, or blacklists. Obviously the blockchain analysis software being used by these exchanges did not classify these coins in this manner, otherwise they wouldn't have accepted those coins. The fact that two different pieces of software can come to completely different conclusions about the exact same coins should be more than enough to tell you that blockchain analysis is made up trash.

One of the core principles of any piece of science is that its results are repeatable and independently verifiable. If I come up with a process to say, isolate gold from an alloy, then I publish my methods and other people perform the same steps, end up with the same results, and verify my process works. If I come up with a process to say some coins are tainted, and other people do the same thing and end up with completely different results, then my process is bullshit.

There's the beauty of it! You don't need to write down any mnemonics! For the low price of only $10 per month per mnemonic, Ledger will store them all for you! Such secure! Many value! Wow!

There is an argument to be made to have a second hardware device which you can use for the emergency recovery of your funds should your primary device be lost, stolen, or damaged, so you don't need to risk importing your seed phrase in to a hot wallet. But if you can always just buy a new device should this happen and you are willing to wait a few days. And if you do need an emergency back up device on hand, then you can pick up something cheap like a SeedSigner and not splash out $300 for this NFT picture frame.