I agree, and the most likely outcome here is that you deposit your coins and get paid the interest as advertised. But there is a not insignificant possibility that Huobi make a few bad investment decisions and your coins are lost. Not worth the risk.

It's the same as banks. Whatever they are offering their customers, they know they can make more than that using customer's money and pocket the difference as profit. With banks it is expected - it is no secret they run a fractional reserve system and the money you deposit is either loaned by the bank to other customers or invested in various assets or vehicles. With crypto exchanges it is different - people (naively) expect that when they deposit bitcoin to an exchange, and exchange simply "looks after it" for them. As I said above, Huobi have already been caught investing customers' deposits in high risk investment programs. If you deposit your coins for this 4% ROI, then your coins will be invested similarly, and therefore you might not get them back.

LocalCryptos doesn't need any documents for trading on their platform. I use them not infrequently and have never and will never share a document or even my real name with them.

Some traders may ask for identity verification prior to trading, but you are entirely free to not use those traders. Last I read LocalCryptos were trying to implement some sort of secure identity verification system, which would allow users to verify their identity to each other without revealing documents, but it obviously still requires a third party to review your documents at some point, so it is far from an ideal solution. They wrote a blog post about it over a year ago, but I've not heard anything since - https://blog.localcryptos.com/preventing-identity-theft-with-optional-id-verification/

Everyone can ignore them. It's as simple as clicking the "ignore" button. I wonder why more people don't do it.

You achieve literally nothing by responding to cryptohunter trolls. He has been bleating the same nonsense for over 2 years. Nothing you say will change his mind. All you are doing is wasting your time and making the forum less usable and less readable for everyone else.

Just click "ignore".

Provided you are using proper wallet software, then this should not happen.

A private key is simply a 256 bit number. Almost any 256 bit number is a valid private key, with the upper limit being slightly less than 2²⁵⁶ due to the order of the secp256k1 curve that bitcoin uses. If your wallet was to generate a 256 bit number above this limit by chance (somewhere in the region of 1 in 300 trillion trillion trillion chance), then as per BIP32 it should simply skip this value and proceed to the next one. The only way it could use an invalid 256 bit number as a private key would be to calculate it as modulo n, (with n being the order of the curve discussed above), which would result in a much smaller 256 number which is a valid key.

Seed phrases are generated from your entropy. Any 12 word seed phrase could be used to generate a seed number, as it is simply the input to the PBKDF2 function, which then generates the seed number for your wallet. However, the final word of standard BIP39 seed phrases contains a checksum for the rest of the phrase. Again, your wallet should automatically generate a valid checksum, but if it didn't, the seed phrase could still be used to generate a wallet while ignoring the invalid checksum.

The short answer is provided you are using an established wallet, then no, you do not have to worry about invalid seed phrases or private keys.

Google will happily accept money from scammers and fraudsters not only to run their ads, but to boost their ads to the top of search results. Google do no research in to the ads they accept - as long as someone is willing to pay them for the ad, then they are more than happy to run any and every scam ad around and do not care if users such as OP or yourself lose money. As long as they make a profit, that's all that matters.

Google are an immoral bunch of privacy invading thieves, as far as I am concerned. Notice that every post we see on here complaining about scams in search results is about Google. I've never seen a single post complaining about scam results showing up in good privacy respecting search engines such as DuckDuckGo or Qwant.

Stop using Google. You are freely handing over your data for the privilege of being scammed.

It only makes the "headlines" because crypto "news" sites like CoinIdol, CoinTelegraph, Decrypt, etc., have repeatedly shown that they are click bait trash and will write any old nonsense to get views and money, without doing any research whatsoever and regardless of whether or not it is true. I honestly cannot fathom why people continue to visit these sites.

Streaming online pornography creates as much carbon dioxide as Belgium.
Console gaming creates as much carbon dioxide as Denmark, and PC gaming as much as Taiwan. (Just playing the games, never mind the carbon dioxide from manufacturing and distributing PCs/consoles/games.)
Devices being left on standby creates as much carbon dioxide as the Philippines.

All of these are far higher than bitcoin, but we don't see any headlines saying that if you don't stop masturbating you are going to kill the planet. But sure, lets focus on bitcoin and its 0.05% contribution to global CO₂ production.

This is just security through obscurity, and is generally a poor method to rely on for security of your seed phrase. Better to make sure you seed phrase is stored in a secret and secure location than to store it out in the open but try to obfuscate it like this. If you are going to store it where someone can find it, then better to encrypt it instead.

That's why you make back ups. Paper wallets, if generated properly and spent from properly (i.e. on permanently airgapped computers) are one of the safest ways to store bitcoin - completely airgapped, immune to being hacked or leaked online, practically immune to malware, easy to hide and store securely, etc. Set up correctly, they are safer than web, software, and hardware wallets. Their biggest draw back is that a lot of people create them in insecure ways, and then blame the paper wallet for their own mistakes.

Private keys do not contain spaces or words. You are thinking of seed phrases. Private keys are strings of letters and numbers.

No, it wouldn't

Turning a private key in to a public key uses elliptic curve multiplication.
Turning a public key in to an address uses hash functions (SHA256 and RIPEMD160).

A quantum computer running Shor's Algorithm can reduce the number of operations to obtain a private key from a public key from 2¹²⁸ to only 128³, which is easily doable with a large enough quantum computer.
The same quantum computer running Grover's Algorithm can only reduce the number of operations to obtain a public key from an address from 2²⁵⁶ to 2¹²⁸, which is still far too large to be possible.

No, they aren't. It is near impossible (if not actually impossible) to be anonymous on the internet.

If you host your own Monero node, run it via Tor, buy your Monero using untraceable cash which you anonymously send to your trading partner without ever revealing any personal information, etc., etc., then yes, using Monero brings you very close to anonymity. Simply buying and using Monero does not, as you can and will leak your information in a hundred other ways, from KYC tracking to IP addresses to browser fingerprints to other currencies you trade to and from.

Probably. Much easier to launder something which can be spent anywhere and everywhere than something which can only be spent or converted to cash in a small handful of places, none of which will be able to accommodate the significant sums of money criminals will be trying to launder without KYC demands.

The "Receive" tab in Electrum is used for generating invoices that you can send to other people if you want them to pay you specific amounts of bitcoin or if you want them to pay you within a specific time frame. Most people do not use this function at all.

You are correct in saying you should use one of the addresses marked as "receiving" under the addresses tab. Right click on the first address which has no previous transactions (you can tell by the number 0 in the far right column), and use that as your receiving address. Alternatively, from the second "Filter" drop down at the top, select "Unused" and use the first receiving address. It is good practice to use a different receiving address every time you receive coins to your wallet, as it is good for your privacy.

After you have pasted your receiving address from your clipboard, double check that it is still the same. There exists malware which will change addresses stored in your clipboard in an attempt to steal your coins. Always double check your addresses before confirming any transaction.

I mean, sure, a passphrase makes no difference if an attacker is just blindly brute forcing seed phrases or private keys. However, the change of someone having their coins stolen from an attacker brute forcing a 2²⁵⁶ space is astronomically smaller from the chance of someone having their coins stolen from someone finding their seed phrase back up, or coercing them in to revealing it, or them accidentally exposing it online, and so on, in which case a strong passphrase can mean the difference between losing everything and losing nothing.

I use multiple different passphrases for multiple different wallets and I think it is a great feature. People should use it more.

In some cases, it can be a huge safety improvement. Trezor devices, for example, can have the seed phrase extracted from them by someone with physical access to the device. If you aren't using a strong passphrase, then your funds are gone. Ledger devices had a now patched bug which allowed an altcoin transaction to also sign a bitcoin transaction from the corresponding wallet. If your altcoin and bitcoin wallets were behind different passphrases, then this would have been entirely mitigated.

It can also be a privacy improvement. Using entirely different wallets for different things will help prevent you from accidentally linking inputs together that you wanted to keep separate (although granted this can also be achieved using different accounts in the derivation path).

If someone finds one of my seed phrase back ups (unlikely, but not impossible), then only the minority of my coins stored at that "top level" are at immediate risk, and the majority stored under various passphrases will be secured against a brute force attack for long enough for me to move them to new wallets. Not to mention that passphrases are the only real protection we have against $5 wrench attacks.

Provided you have written the private key down accurately and it has not been damaged during storage, then no, it will always work.

A private key is converted to an address using a number of very specific mathematical processes - namely elliptic curve multiplication, SHA256 hashing, and RIPEMD160 hashing. The same input (private key) will always give the same output (address). The only way for a private key to stop working is with a massive fundamental change to the bitcoin protocol.

The vulnerability in Trezor devices which allows an attacker with physical access to the device extract the seed phrase have not been patched. They are a hardware issue, not a software one, and are therefore unpatchable. The only work around is to also use a long and complex passphrase, which is combined with your seed phrase to generate a different wallet than your seed phrase alone.

A bit of paranoia can be a good thing and can make you safer.

I previously used both Ledger and Trezor devices. I stopped using Trezor devices partly because of the unpatchable vulnerability as described above, and partly because of the way they approached said vulnerability and tried to sweep it under the rug rather than warn all their users. If I was picking a hardware wallet, I would pick a Ledger device.

Having said all that, I am more and more moving to using airgapped wallets. Essentially an old computer, laptop, raspberry pi, etc., which is permanently airgapped from the Internet, running a clean install of Linux, and using full disk encryption. It is the most secure way of storing your coins in my opinion, but is both far more difficult to set up and a little more cumbersome to use than a hardware wallet.

Allow me to present the follow up to my popular "Plagiarizer's Bingo"!



I count ten hits on this first post, but unfortunately, no complete lines or diagonals. The game continues!

No.

The Billfodl is one of many steel designs for backing up your seed phrase. It uses a "tiles in a template/holder" design. Like all devices which use this design, it is very susceptible to both fire and crush damage, and even fairly minor damage or warping to the outside case is enough to allow the tiles within to move around or fall out, resulting in catastrophic loss of your seed phrase.

Have a look at the stress tests performed by Jameson Lopp on these devices.
The full rankings are here: https://jlopp.github.io/metal-bitcoin-storage-reviews/
The Billfodl performance is here: https://jlopp.github.io/metal-bitcoin-storage-reviews/reviews/billfodl/

By far and away the best performing devices (and also the cheapest) are the ones which involve engraving or stamping your seed phrase directly on to either a titanium or stainless steel plate. You can either buy such a device, or you can easily buy such plates at a home hardware store and make your own.

Having said that, even more important that than is having more than one back up. Having your seed phrase engraved on a plate is all well and good, but what if there is an explosion or earthquake, and you can't find your metal plate in the rubble? What if there is a flood or tornado, and your metal plate gets carried 20 miles away? I have my seed phrase simply written down on paper. I am not too concerned about it being destroyed in a disaster, because I have a second copy in different physical location which I can use to replace my lost copy.

I am completely on board with the privacy side of wearing a mask. I've worn a surgical mask for so many years every day at work that I don't even notice I'm wearing them anymore - the same as wearing glasses. I'm more than happy to wear them in public, and will continue to do so for years to come, long after they are no longer mandatory.

Are they not the same thing at this point?

I'm not convinced it would. The crypto community on a whole mirrors the general population on the whole, and there are far too many naive newbies or just idiots who do no due diligence around. "A person is smart. People are dumb."

Binance hacked for $40 million and hacked for users' KYC data - continues to grow as one of the biggest exchanges in the world
Coinbase hand over details directly to the IRS and US government, sell users' private data to third parties, develop software for tracking users and rent it out to the FBI/IRS/DEA, insider trade - continues to grow as one of the biggest exchanges in the world
Huobi are running a fractional reserve and using customers' deposits to invest in high risk products for their own gain - continues to grow as one of the biggest exchanges in the world
Bitfinex printed $800 billion Tether out of thin air which they loaned to themselves because they are insolvent - continues to grow... you get the idea

Any exchange caught out by proof of keys (as Quadriga was), will just freeze withdrawals, come up with some excuse, and then go back to business as usual the next day. Any customer smart enough to ditch an exchange caught out by proof of keys is smart enough to not be storing their coins on an exchange in the first place.