1- Has anyone ever lost cryptocurrencies stored in a hardware wallet? I know that should not buy a second-hand hardware wallet and should buy it from the manufacturer or its authorized representative. I mean, is it possible that the manufacturing company (like Ledger, safepal or whatever) tampered with the product from the first? For example, in the production line. For example, the manufacturing company may have stored the words of the device, and after someone makes a purchase and transfers the balance to the hard wallet, the manufacturing company steals them. Has anyone ever reported that they lost their cryptos stored in hardware wallets?
If you are skeptical, there is an option of setting up a multi-signature wallet, as you will not have to trust a single manufacturer and thus there is less possibility that more than one manufacturer will be scammer, but I do not know if you have sufficient knowledge to do this. You can set up cold storage so that you can ensure that you do not need to buy a hardware wallet, but the main purpose of hardware wallets is to reduce complexity in exchange for giving you relative security, as long as you buy a reliable hardware wallet from the manufacturer, verify everything, and use it on a clean computer (new device or delete your old OS with a new open source OS used only with the hardware wallet) then you will be safe. knowledge will not harm you. Start reading more about Bitcoin and cold storage, and when you are ready, your security will be taken to a higher level.
|
|
|
Using it will be negative, as it attracts the eye's attention, it will cause confusion and less attention to what you post. It may lead to many people hiding signatures, which means fewer people will click on your signature links, and after a while, signature campaigns will stop because they did not get enough feedback.
|
|
|
Some countries where the state controls everything are very slow and less flexible when making amendments to the laws and are quick to prevent anything new, but with the passage of time and more countries accepting this technology, the adoption of Bitcoin globally will be rapid, if the G20 countries, for example, use Bitcoin in commercial transactions, Within less than 4 years, 70% of the world’s countries will do that.
|
|
|
You are now talking about your impression or feeling about something that may be right or wrong, but you are not offering criticism of the idea. The mortgage is considered a financial instrument more than an investment in the property or related to it, and therefore it is risky to pay the price of buying an apartment on credit unless you calculate your steps properly. True, otherwise you will fall into a long spiral that will not be easy to get out of. Spending on real estate outside the residential framework is a long-term investment in the value of the property assuming that it will increase, or short-term speculation with the aim of achieving a large profit, so choose whichever of the two you want.
|
|
|
I cannot believe that someone who cares about privacy still uses a phone number to secure his accounts, not to mention that he is a developer and is supposed to know this information. Securing your account using a phone number leaves you at the mercy of a third party. This third party may freeze your phone number, block it, or even misuse it, waiting for this to happen. Such attacks to update your information about security is a bad thing.
|
|
|
I don't understand why the exploit did not work. If they were able to break into one of the secure elements using laser fault injection, what was stopping them from breaking into the other one similarly, or even both at the same time?
Is there some sort of hardware feature that keeps only part of the key decrypted at any given time, and changes the key at fixed interval to another one?
According to what I understand, they are required to test the DS28C36 against the ATECC508A, a previous test of which using the same tools proved the success of the attack and the possibility of knowing the data. https://blog.ledger.com/coldcard-pin-code/the attempt was only aimed at SE1 and one vendor and not to hack the wallet. It is true that there was a leak, but the attack was not successful due to the use of permanent-protected pages used for P256 curve. Details are better explained here https://fdtc.deib.polimi.it/FDTC23/slides/FDTC2023-slides-3-3.pdf about the reasons for the failure of this attack and recommendations for the future.
|
|
|
First thing I thought was about Color Blind people (1 in 12 men are color blind, or about 8%) that simply don't see some colors, but even people with normal eyesight can interpret same color differently. Even monitors need to be calibrated to show each color correctly, and to calibrate exactly you need special devices, that is another spin ball in this experiment.
I used a tool to extract the HEX code of colors, and out of 8 colors, I obtained 4 colors that were extracted correctly and with the same HEX code, two colors with a different HEX code in the last number, and two colors with a completely different HEX code. https://bitcointalk.org/index.php?topic=5466467.msg62832538#msg62832538This method does not require all HEX code to be correct, this is 6/8, but I did not print it and tried to extract the colors using the phone camera, which may produce more errors, not to mention all the complications.
|
|
|
If I sweep the private key into my Electrum Bitcoin wallet, do the BCH, Bitcoin SV and other airdrops remain attached to the private key?
Your private key is one, but generating the public key from it and broadcasting the transaction in the network requires that the software used supports it. Electrum is a Bitcoin-only wallet, you will need to download Electron Cash wallet to scan BCH and spend from it. https://electroncash.orgPerform this step after withdrawing all your Bitcoin balance. I created this guide long ago (2018) but it still works and you can still download coinomi.
Does the CoinOmi wallet keep syncing, I thought it stopped?
|
|
|
But something change in the difficult of testnet in the last hours, somebody is mining like 5 blocks per second, so if someone wants to learn how to mining they can try Testnet on this momment.
I don't see what's strange about that, as there is no return from testnet mining. There is rarely competition for block mining, and thus one miner with good hardware can mine several blocks after each other. testnet will not teach you or enable you to understand Bitcoin mining because of the difference between many things between these two networks, but it is good in development and the evidence for this is its role in the CVE-2018–17144 double spending vulnerability. https://bitcoinops.org/en/topics/cve-2018-17144/#:~:text=CVE-2018-17144%20was%20a,included%20in%20Bitcoin%20Core%200.14the bug was exploited on Bitcoin testnet, causing any nodes still running Bitcoin Core 0.14.x to crash and nodes running 0.15.0 to 0.16.2 to accept a transaction that spent the same funds more than once. When testnet miners managed to produce a valid chain with more proof-of-work than the invalid chain, those non-upgraded nodes attempted to switch to the new chain but were unable to fully un-spend a double-spent input.
|
|
|
I didn't get the impression that they weren't targeting sensitive information like the seed, private keys, or the PIN. What else would they be looking for?
They targeted this data but the PIN is stored in SE2 and seed decryption depends on SE2 and MCU. The second one and the MCU weren't submitted to the laser. I guess they were only interested in the security of the DS28C36, not the rest. The Coldcard MK4 is the only hardware wallet that uses this chip I think.
Your guess is correct. After searching a little, I found that it is related to this story https://blog.ledger.com/coldcard-pin-code/. It seems that they want to test it compared to ATECC508A, they want to say that MK4 is safer than MK2. The cost of these devices is more than $200,000 and they require a specialized team. I think they may be used after the permission of the wallet owner if he forgets the PIN.
|
|
|
These natural disasters and artificial humanitarian crises such as wars will give companies like Ledger Recover more demand. As I said in the past, this service will find demand due to either people’s lack of interest in being your own bank or their lack of trust and fear of losing the private key. I do not recommend this service or any similar service here, but the risk assessment strategy requires you to be prepared if anything happens. I made this topic when 2023 Turkey–Syria earthquake happen Is Metal Seed Storage Safe in an Earthquake?
|
|
|
From what I understand, the test was not for the possibility of extracting the private key from COLDCARD Mk4 because that was clearly stated, as after the private key is generated encrypted, then stored in SE1 using a 256-bit key determined by a SE1, SE2 and the main microcontroller. above test was SE1 and showed that data could be leaked (the private key is encrypted there). However, the ability to identify the private key failed. They verified that the wallet was working properly, but I did not find tests on SE1, SE2, and the main processor (MCU) at the same time. Source https://blog.coinkite.com/understanding-mk4-security-model/Frankly, it is a good thing, but I will not trust any company if I lose my HW wallet, and anyone must withdraw directly as soon as discover that HW has been stolen or disappeared.
|
|
|
These are the longest synonyms of terms I have read in a while, and I do not think that the average-income person has clear investment methodologies with the accelerating economic changes. A simple rule: whenever I have additional income, I invest in Bitcoin, gold, and stocks, while trying to limit my investment in Bitcoin to a thousand dollars per month. It may decrease or increase, but the average is always like this, and perhaps after we witness the new ATH, this amount may decrease to 500 due to the bearish approach of the price of Bitcoin in that period, and then the other 500 dollars will be transferred to gold or stocks. The end of the strategy will be to collect 200k to 400k and then I can think about buying a good apartment.
|
|
|
expanded economy is one of the things that should be judged on one thing. The economy is interconnected and linked to each other. We have economic sanctions that make concepts such as globalization and economic integration difficult. Therefore, it is difficult to say that the cause of stagflation is one cause, and there are factors, and each factor will affect them. .
The government's experiments in combating inflation by raising interest rates address a certain type of inflation, but the inflation that occurs is caused by different factors. treating inflation by simply raising interest rates and continuing with policies of raising interest led to the occurrence of stagflation. Instead of being a temporary stagnation, it became an increase in product prices due to fluctuating energy prices, problems. All supply chains lead to this result. The beginning of the reform will be after stopping raising interest rates.
|
|
|
As you have noted, no one will prevent you from depositing because of inability to complete kyc. They will allow you deposit, but withdrawal will be the problem.
Some exchanges are even dubious such that they will increase the difficulty of the KYC when they notice you have already deposited. This is an attempt to confiscate your fund. So, it is advisable to complete KYC before using an exchange.
If they do not ask for KYC when depositing, then they are scammers. All services that request KYC do not deal with the user financially without knowing or confirming his data, and cannot deposit without that. what happens is exchanges do not ask for KYC because there is not a global regulation and when the became big they change terms of use change, so all Whoever deposits using old addresses that he used will fall into this problem, and sometimes even after this happens, good platforms provide the option to withdraw without being able to perform any other action like trading. I repeat, if they do not ask for identity verification when depositing, they are scammers.
|
|
|
Hey @UniJoin Are there any plans to provide APIs to developers or any plans to release Electrum plugin?
Yes, it is on our roadmap to offer an API for UniJoin, so that shops and services can implement our service into their site. Also, we want to create a system, which will be used to pay for a service who are requesting an exact amount. Hey @UniJoin Is there any update about this or if it will be implemented within this year? Excited to try API Mixer. I want to know whether you have any future ideas for providing a private key or private code that can be used to withdraw from unijoin mixer. I can send coins at any time, and instead of withdrawing it after certain hours, I can withdraw it using a private code at any time and use it to make anonymous deposits or any similar ideas?
|
|
|
|