In a sense, but that is not entirely accurate. The hash must be smaller than the current target. This is not the same as having a specific number of leading zeroes. For example, 0x00001FFF and 0x0000FFFF both have the same number of leading zeroes, but there is a huge difference between those two values. (The first number is 8,191 while the second is 65,535.) If the target was 0x0000CFFF, then one of those numbers would pass and the other would fail. (The real target is a 32 byte number, not a 4 byte number as I have used here.)

Essentially, yes. The higher proportion of the hashrate that a specific miner has, then they will find a higher proportion of all blocks, and therefore earn a higher proportion of all block rewards.

They can, but they will be incredibly unlikely to ever mine a block successfully, or if they contribute to a pool, they will earn a tiny fraction of the total rewards.

That's kind of the point.

Well, it depends. If you coinjoin them and then store the xpubs of your new outputs insecurely again, then you will be back at square one.

Unless the app has its own virtual keyboard like Electrum, then they aren't. You can tell this simply by the fact that your predictive text carries over between apps and software, meaning anything you enter on the generic keyboard is not kept within whatever app you are using but is accessed by the wider firmware and even synced to the cloud to better "learn your writing style" (read: spy on you).

Google were successfully sued a while back because if you turned off location gathering, Google still gathered all this data, they just didn't display it to you in your account when you accessed your location history page. I would not be in the least bit surprised if they still gathered all the sensitive data you enter via your keyboard, they just don't display it to you as an option for predictive text.

Completely agree. As I said above, this is just one possibility and the OP should not assume this is the cause without definitively proof. I was merely pointing out just how easy it is to be careless with your seed phrase, which should never have been entered on any keyboard at all.

Meaningful quantum computers are a long way away, and we do not need to start building quantum proof bitcoin just yet, but I don't think they are 500 years away.

Even if everyone was using second or third layer solutions rather than the base chain, you still need to use the base chain to enter those layers. With Lightning as it stands now, even just to get everyone in the world to open a single channel would provide decades of on chain transactions and fees for miners. But with things like taproot and channel factories, that becomes more efficient. What other layer 2 or 3 solutions will we have in 100 years? And then there are things like merged mining, which already happens. We simply have no idea what the ecosystem will look like in 100 years.

As pooya87 points out, taking coins which haven't moved in x number of years gives rapidly diminishing returns. You'll potentially get millions in the first year which will cause absolute havoc for miners trying to reorg the chain to claim the rewards themselves, and then that will rapidly fall off and you'll be left in the situation you were in before.

Ahh, I misunderstood your previous post. I thought you were saying the first unhardened 0 referred to your first receiving address, rather than referring to the category of external/receiving addresses.

I also do not use ETH, but you are right in saying it does not use change addresses, so I also wouldn't expect to see 1 at the change level unless someone did that manually or the wallet software was bugged or flawed.

Again, when you open your wallet, you are not "logging in" to anything. You are simply accessing the private keys and their derived addresses which are already stored on your computer.

And most importantly, verify your download before you install it. [GUIDE] How to Safely Download and Verify Electrum [Guide]

That's not right. Ethereum does indeed use the change level of the derivation path, and for most wallets, the first Ethereum address will be at m/44'/60'/0'/0/0. The reason we don't specify the full derivation path here is because btcrecover will start deriving addresses on top of whatever we specify.

So if we specify m/60'/44'/0'/0, and give it an address limit of 1 as I did, then it will check the address at m/44'/60'/0'/0/0.
If we specify m/60'/44'/0'/0 and give it an address limit of 10, then it would check between m/44'/60'/0'/0/0 and m/44'/60'/0'/0/9.

What would be the incentive for miners to start sabotaging block creation? Mining honestly would still net them transaction fees. Mining dishonestly just for the sake of it earns them nothing unless they control 51% of the network, which is incredibly unlikely.

Further, if you start unlocking unmoved coins, you create a huge incentive to mine dishonestly. If the total block reward is (for example) 0.5 BTC from fees, and you release 50 BTC, then there is a massive incentive for every individual miner to try to reorganize dozens of blocks to try to claim the 100x reward for themselves. This problem compounds the more additional coins you release.

No. I think it is far preferable for some old coins to be stolen and reenter circulation by people who have sufficiently powerful quantum computers, than it would be for developers to overturn one of the key pillars of bitcoin and start deciding what happens to coins they don't control.

You are fundamentally misunderstanding how bitcoin works.

Electrum does not "connect" to a wallet. Indeed, there are no wallets to connect to at all (outside of centralized exchanges in which someone else is holding your coins for you, but even then you are simply connecting to this third party and not to some wallet on the blockchain). Your wallet is simply a collection of your private keys. Your private keys are used to unlock certain addresses and allow you to move the bitcoin on those addresses. The bitcoin itself is not in your wallet - it is on the blockchain. All you have on your computer is a collection of private keys.

Now, if I've managed to access your seed phrase, then I can regenerate those exact same private keys and have them on my computer. How could your computer possibly know if my computer, or if any other computer in the entire world, also holds those same private keys? Think of it like this: You've created an encrypted file which is storing some sensitive data. You set up an alert on your computer to notify you every time that file is decrypted, so you know if anyone else is opening it. However, I plant some malware on your computer which copies this file and sends it to me. I can now decrypt it and open it on my computer, read all the contents, and your alert system would be none the wiser.

Correct. The solution to this is to have good security in the first place, usually by using a hardware wallet or an airgapped device. If you are ever concerned your wallets might be compromised, then set up new secure wallets and transfer all your funds.

As explained, this is not possible because there is no wallet to log in to in the first place. There is simply a collection of private keys stored on your computer.

Well, let's assume it was generated using the standard Ethereum derivation path.

First of all create a plain text .txt file with one of each of the twelve words per line. So, like this:


Save the file somewhere easy to find.

You'll then want to run the following command:


You'll need to insert your address and the path to the file you just created above in the relevant places.

I need some more information first. Please can you answer each of the following questions:

Is the address you have a bitcoin address?
Is it legacy (1), nested segwit (3), or native segwit (bc1)?
Which wallet was used to generate the seed phrase? (Alternatively, is the seed phrase BIP39 or Electrum?)
Do you know if you have used non-standard derivation paths or more than one account? (If you don't know what this means, then the answer is probably no.)

Edit:

I see you've edited to say the address you have is an ERC20 address. So again, which wallet was used to create this address? Do you know the derivation path of this address?

Such a feature is possible, but completely meaningless. Allow me to explain.

Your wallet contains your private keys, derived from your seed phrase. If your seed phrase or your private keys are leaked, they usually aren't leaked because someone else opened your wallet file, but because your seed phrase was stored insecurely, or there was some malware on your computer that accessed your private keys when you unlocked your wallet, or you imported your seed phrase/private keys in to another less secure wallet or an outright malicious wallet, or you entered your seed phrase/private keys on to a website, and so on. In these cases, any feature which shows the last time you opened your wallet would be completely meaningless and provide only a false sense of security. It would only show the times you had accessed your wallet (which you obviously know about), and would not be able to tell you that your seed phrase/private keys had leaked via other methods.

If you leaked your seed phrase via malware and I had access to it, for example, I could import it to a copy of Electrum on my computer and open your wallet. I could then do anything I wanted, from simply waiting for you to deposit more, to sweeping all your funds at any time. The whole time I have access to your wallet, your local copy of Electrum will happily show you that no one else is logging in to your local copy of Electrum, and it is completely impossible for it to know anything about my copy of Electrum which is also accessing your wallet.

A private key in Base58 is already in Wallet Import Format. That's exactly what WIF is - the Base58 encoding of your hexadecimal private key with the network byte prefix and the checksum appended, with an optional 0x01 byte to signal that you are using the compressed public key. If you want to swap between your compressed and uncompressed WIF keys, then as suggested above you can do this using https://iancoleman.io/bitcoin-key-compression/ offline.

Right fillipone, this is getting ridiculous. Every time this thread shows up on my watch list and I open it, I lose the next two hours of my day because... um... reasons.

Ideally, they wouldn't mine these half full or empty blocks at all, and the whole network would just agree to wait the few seconds it takes to fully validate the previous block. But then you end up with the classic prisoner's dilemma problem - it is in each individual mining pool's interests to break this agreement and attempt to mine empty blocks for a few seconds, and as soon as one starts doing it all the others are at a disadvantage if they also don't start doing it.

Still, it's not a huge problem - in the last month there were only 9 empty blocks, and there were zero blocks which were otherwise under filled.

Maybe. Maybe not. Malware is obviously specifically designed to bypass the usual security protocols. And given that most phone firmware and most apps are largely closed source, who knows for sure? But I'm certainly not going to assume that Android or Apple have created the first 100% fool proof security system.

This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.

Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world.

Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.

On an individual level for simple transactions, then no, there is no difference for you between opt in or full RBF.

The main reasons for full RBF are explained in one of the mailing list posts I linked in the OP: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-June/019074.html

In short, full RBF eliminates a number of DoS attacks against multi-party transactions such as Lightning channels and coinjoins, therefore allowing further development of these technologies.

I assume you are talking about old P2PK outputs, in which case mempool.space displays them correctly. Some explorers show these outputs as belonging to the address derived from the relevant public key, but this is not accurate, since the coins are bot locked by the address at all, but by the pubkey.