Bitcoin Forum
September 25, 2018, 06:13:59 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1]
1  Economy / Service Discussion / Bitpay and RBF on: April 09, 2018, 06:40:26 PM
Has anyone ever tried bumping their fee with RBF after paying a Bitpay invoice?

I imagine the transaction would be confirmed with a different hash than the one I paid the invoice with, so it might be a problem. I'm wondering for future reference because I just got caught in a lull with no blocks found for 30 minutes. I'm probably going to be delayed a few more blocks because of it. I just had to cheap out on fees, didn't I? Smiley
2  Economy / Service Discussion / Amazon GC no longer available through Gyft - Alternatives? on: April 06, 2018, 04:22:40 PM
Last night, I went to buy some Amazon gift cards with BTC on Gyft. They weren't available. I figured it was a temporary thing, an API issue or something, because that's happened before. But I emailed them about it and they responded, "Amazon is no longer available through Gyft." Undecided

Are there any similar alternatives? I really liked having a corporate reseller because you could always trust that their cards weren't fraudulent.

With P2P or things like Purse, fraud is really common, so I'm looking for a reputable reseller like Gyft.
3  Bitcoin / Press / [2018-03-20] Breaking the Ledger Security Model on: March 20, 2018, 07:42:22 PM
A security researcher just released a report detailing a set of attacks that exploit a vulnerability in Ledger hardware wallets.

He details multiple modes of attack -- including remote attacks, or ones that require physical access either before or after setup of the recovery seed. For example, supply chain attacks, where a dishonest vendor can modify the device before you physically receive it.

Personally, I've been skeptical of some of the bold assurances made by Ledger regarding key security. The author notes:

I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.

Physical access before setup of the seed

Also known as a “supply chain attack”, this is the focus of this article. It does not require malware on the target computer, nor does it require the user to confirm any transactions. Despite claims otherwise, I have demonstrated this attack on a real Ledger Nano S. Furthermore, I sent the source code to Ledger a few months ago, so they could reproduce it.

As you can tell from the video above, it is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device.

Physical access after setup

This is commonly known as an “Evil Maid attack”. This attack would allow you to extract the PIN, recovery seed and any BIP-39 passphrases used, provided the device is used at least once after you attack it.

As before, this does not require malware on the computer, nor does it require the user to confirm any transactions. It simply requires an attacker to install a custom MCU firmware that can exfiltrate the private keys without the user’s knowledge, next time they use it.

Malware (with a hint of social engineering)

This attack would require the user to update the MCU firmware on an infected computer. This could be achieved by displaying an error message that asks the user to reconnect the device with the left button held down (to enter the MCU bootloader). Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device.

This attack becomes incredibly lucrative if used when a legitimate firmware update is released, as was the case two weeks ago.

He proceeds in some detail and outlines very simple versions of the attacks. I highly recommend reading the full article. But here are some more background tidbits:

While the software on the SE can be attested to, the MCU is a non-secure chip and (as we show below) its firmware can be replaced by an attacker.

And herein lies the problem: to achieve Ledger’s security guarantees, the chain of trust must be anchored in the SE. This means that the SE needs to verify the firmware on the MCU.

While I will focus on software tampering in this article, it’s important to note that, in the absence of a software vulnerability, you could still compromise the device by tampering with hardware.

It is incredibly important to note that, for these devices to be secure at all, you must completely verify the physical hardware.

Since neither the packaging nor the actual device are tamper-evident, it is trivial for an attacker to modify the device. I cannot repeat this enough: if you do not verify the physical hardware, it is game over.

You should also verify the hardware whenever someone could have had unauthorized access to it, otherwise you are vulnerable to Evil Maid attacks.

Ledger provides instructions to do this, but I will note two issues with them.

1) The pictures are of varying quality. Ledger needs to provide high resolution images that display every component clearly.

2) The reverse of the device is not displayed at all! It is essential that you verify the back of the device, especially since this is where the JTAG header (a debugging interface) for the MCU resides.

Even if these two issues are resolved, I would question how expensive it is to have one of the MCUs with additional flash memory, but identical pinout, to be re-labelled as an STM32F042K6.

Nevertheless, while it is important to touch on this topic, hardware tampering is not required for the attack I will describe in this article.

If we can modify the user interface, we can change the recovery seed that is generated during the onboarding process. This is quite easy since the user interface is open source and Ledger allows you (by design!) to install a modified UX application.

Under normal circumstances, the device would display a warning that the “User interface is not genuine”, which would be a red flag for any attentive user.

But recall that I promised that I would explain how controlling the display can backdoor the key generation? The reason this attack works is that we can simply hide the non-genuine UX warning.

For this demonstration, we’re not going to do anything sophisticated that a real attacker would do, such as generating a random-looking, yet entirely predictable, recovery seed.

We’re going to do something much more obvious.

If you’re well-versed in C, you’ll note that I’m replacing a syscall to the random number generator with a function call that sets all the entropy to zero. As you can see in the video at the start, it generates a recovery seed where the first 23 words are abandon (the last word is different because it is a checksum).

Since the private keys are derived from the recovery seed, if you control the recovery seed, you control all the Bitcoin addresses generated by the device.

If we put it all together, we get the following attack which I think is really neat.

Of course, since the SE believes the MCU is running genuine firmware, attestation still succeeds. And, as I mentioned earlier, no hardware tampering was required, which defeats Ledger’s security integrity verification.

Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device.

The problem with an architectural vulnerability like this is that it is challenging to fix without changing the architecture.

Ledger has employed multiple mitigations to try and prevent an attacker from exploiting this vulnerability.

First of all, the MCU firmware has been optimized and rearranged. Specifically, the firmware calls into functions in the bootloader instead of duplicating the functions. While this prevents this particular mode of attack, it’s important to be aware that there are other, more “creative” methods of attack that I know of, and probably some that I don’t know of.

Secondly, the SE now times the MCU when it asks it to send the flash contents. This is designed to prevent the use of compression algorithms. It is also supposed to prevent code being supplied by the computer over USB. I’m not sure how well it succeeds in doing the latter, due to the fact that the code can be kept in RAM.

However, it’s of note that the SE runs at up to 28 MHz yet the “adversary” (the MCU) runs at up to 80 MHz! This throws into question whether a slower chip can accurately time a faster chip to prevent it from doing extra things, especially given the slow UART communication.

Ledger refused to send me a release candidate, so I haven’t had an opportunity to verify how well these mitigations resolve the issue. But these raise an important question.

Is it truly possible to use a combination of timing and “difficult to compress” firmware to achieve security in this model?

Building secure systems using this model seems like an incredibly exciting research proposition and I think it’s interesting to see companies like Ledger pushing the envelope on this.

Read the full article here:
4  Bitcoin / Development & Technical Discussion / Quantum computing and Bitcoin's use of ECDSA on: March 13, 2018, 08:49:30 PM
I came across an interesting article by nopara73 (who works on HiddenWallet and TumbleBit stuff). He discusses when quantum computing will break elliptic curves:

The elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates.
The paper estimates the breakthrough to 2027 with a completely different method. I tend to think 2022–23 are the right numbers...

For Bulletproofs, what matters is the Shor RSA2048 line, which is predicted to be broken in 2022–23.

He concludes that since we don't expose Bitcoin public keys when transacting (only hashes of public keys), that our bitcoins are safe. That is:
Thus, as long as you don’t expose your public key, you don’t need to worry about quantum computers and the only way to expose your public key is to make a Bitcoin transaction. If you don’t reuse addresses you are quantum safe.

So, I have two questions.

1) Aside from the specific case of Pay-to-IP in earlier versions, is the above correct?
2) What is the general plan when ECDSA is broken? Hard fork to a new signature algorithm? Simply never reuse addresses?
5  Bitcoin / Development & Technical Discussion / Estimating Segwit transaction fees on: February 07, 2018, 11:57:44 PM
What do people use to estimate bech32 transaction fees? Electrum's fee estimation, as expected, drastically overpays. I also haven't wrapped my head around satoshis/bytes vs. satoshis/vbytes and how to figure out how much transaction size is allocated to witness data.

Usually I set very low fees since confirmation time isn't an issue. Recently, I needed to send some urgent transactions. I basically just eyeballed the Core next-block fee in satoshi/byte and reduced it by 25% to be on the safe side. Electrum told me the fee was low and to expect 25 blocks before confirmation.

But they were confirmed in the next block and I suspect I overpaid. Any ideas?
6  Bitcoin / Electrum / Privacy implications of watching-only wallet setup on: January 21, 2018, 09:30:41 PM
What are the privacy implications of syncing a watching-only wallet using a master public key?

I've always heard that Electrum had weak privacy due to the way it verifies transactions, but I never looked into the details. Does the wallet leak metadata that makes it easy to link addresses within the wallet? Is there any difference in this regard between using the desktop wallet normally and using a watching-only wallet?
7  Economy / Invites & Accounts / [WTS] Bittrex account (basic verified), Bitfinex account (unverified) on: January 10, 2018, 02:16:02 AM
You will get:

-Bittrex account with basic verification (US-based; 0.4 BTC/day withdrawal limit)
-2FA not yet activated
-Linked email account (used only with this Bittrex account)

The account has no funding/trading history. I opened it a couple months ago intending to trade and never got around to it. PM me an offer if you are interested. Serious offers only. I deal only through PMs on this forum. Payment in BTC or ETH.

I also have an unverified Bitfinex account (no trading history, UK-based) that I'm willing to part with.
8  Economy / Service Discussion / PSA: Electrum has a critical security vulnerability on: January 07, 2018, 04:30:34 AM
Tavis Ormandy, security researcher at Google, pointed out a critical vulnerability to the Electrum team earlier today. They immediately pushed a security update. It's advisable to shut down immediately if you are running Electrum.

Quote from: Theymos
A vulnerability was found in the Electrum wallet software which potentially allows random websites to steal your wallet via JavaScript. The bug presumably also affects altcoin derivatives of Electrum such as Electron Cash. If you don't use Electrum or a derivative, then you are not affected and you can ignore this.

Action steps:

 1. If you are running Electrum, shut it down right this second.
 2. Upgrade to 3.0.4 (making sure to verify the PGP signature).

You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions.

It's a bit disappointing to see that the vulnerability was already an open issue from last year. I guess they didn't realize how severe it was.
9  Bitcoin / Legal / Taxes: Altcoin airdrops (not fork coins) on: December 28, 2017, 08:09:53 PM
There was a recent thread with a lot of good information about US taxes as they relate to fork coins (like Bitcoin Cash).

For tax purposes, is there any difference between the Bitcoin Cash "airdrop" and an airdrop of native coins? For example, BitSend has a weekly airdrop to forum posters of 10 BSD. Are we supposed to use the USD cost basis of that 10 BSD each week (last week = $13.50) and call it "other income" on our tax return? That means that even if we opt to hodl the coins long term, we have to pay taxes on receipt, right?

The forks feel more like "stock splits." This feels more like a giveaway or something. Is there any way that these could be deemed "gifts" under the tax code?
10  Economy / Speculation / South Korean gov't holds emergency meeting re curbing cryptocurrency speculation on: December 13, 2017, 10:40:03 AM
South Korea accounts for the #1, #10 and #14 cryptocurrency exchanges by volume. Yes, I know there could be wash volume involved, but as we all know from the Chinese exchanges' history, that doesn't necessarily matter. Korea seems to be approaching Japan with regard to market relevance, and Koreans are especially active in the altcoin markets.

So, the government called an emergency meeting yesterday. The topic: methods for curbing cryptocurrency speculation. Sources at the Bank of Korea say that the government will announce measures targeting cryptocurrency traders by the end of the week. They already banned ICOs in September. According to the article:

Top officials at the country's finance regulator have openly mulled a bitcoin trading ban and have compared trading in the cryptocurrency to a Ponzi scheme.

Could this be fuel for a price correction?
11  Alternate cryptocurrencies / Altcoin Discussion / Recent Bitcoin forks -- Bitcoin Diamond, Super Bitcoin, Bitcoin Platinum, etc. on: December 08, 2017, 10:24:13 PM
After Bitcoin Gold, I stopped paying attention to new Bitcoin forks. I figured that other people would lose interest just like I did. I read this article on Arstechnica earlier today. Apparently a bunch of other forks are scheduled or already happened, and the markets (including futures) indicate that they do carry some value.

According to the article, the following forks are in the works. I think in some cases, the snapshot already happened:

In recent weeks, a bunch of different people have announced plans to create new currencies. There's Bitcoin Silver, Bitcoin Platinum, Bitcoin Diamond, Bitcoin Uranium, Bitcoin Cash Plus, and Super Bitcoin.

Does anyone have any info on the above forks? Snapshot Block #, whether there are working (safe) wallets and a live network, what exchanges they are traded on? I'm hesitant to bother moving my coins and sacrificing privacy to claim fork coins when they aren't worth much. But both Bcash and Bgold were a boon to my portfolio, so I'm curious.
12  Bitcoin / Bitcoin Discussion / Lightning Network transactions successfully tested on Bitcoin mainnet on: December 06, 2017, 09:56:11 PM
According to Lightning Labs, ACINQ and Blockstream, Lightning transactions are now being tested on the live Bitcoin network. Notably, this means that several different Lightning software implementations are now interoperable, which was a major development hurdle to overcome. The specifications for version 1 of the Lightning Network are now established standards.

We bought a Starblocks coffee and a article.

It's definitely a major step in bringing the Lightning Network closer to reality, although there is still much work to be done. Before Bitcoin users can start using LN, the developers of the various LN implementations need to produce beta software for the mainnet. From the Coindesk article:

In conversation, Lightning developers stressed there are kinks left to work out with the user experience before they recommend businesses adopt it. Padiou argued that this cautious approach to development shows developers are making sure they get the technology just right, so as to eliminate the chance of users losing funds.

"It also demonstrates the approach has been very conservative. We're not going to rush anything," he told CoinDesk, adding: "We're almost there."
13  Bitcoin / Legal / Newbie capital gains question (USA) on: November 27, 2017, 08:52:09 PM
I have a simple tax question. My friend just bought into Bitcoin and Ethereum for the first time this month. He plans to sell everything for short term profits early next year (January or February, depending on the price action).

He asked me how to report taxes on the gains. Hopefully I'm correct (otherwise I've been doing my taxes wrong), but I thought I should confirm before giving him an answer:

1) He has no capital gains taxes due (on these investments) for the year 2017, since he won't realize any profits until early 2018. Taxes on these gains would be due in April 2019 for the tax year 2018.
2) Short-term capital gains are taxed at the same rate as ordinary income.

Thanks for any guidance you can provide! Smiley
14  Economy / Service Discussion / Square Cash App on: November 20, 2017, 08:50:25 PM
Does anyone around here use the Square Cash App? If so, could you share your experience? I guess it's like Venmo/Paypal, except they recently started a pilot program to buy/sell bitcoins within their app:
Square announced it's piloting a program that would allow users to buy and sell bitcoin in its app. That could offer substantial revenue potential for Square, plus offer some much needed legitimacy for crypto assets.

Also, I'm curious if anyone knows the details regarding verification requirements?

It seems like originally, the service required users to set up a debit card / bank account. Since last year, you can keep a balance in your Cash App wallet instead of withdrawing directly to your bank.

Does anyone know if that means you don't need to set up any payment options (debit or credit card / bank account) at all? Can I just receive $$ to my Cash App wallet and pay it out to someone else? If so, I'm curious what the limits are before you need to verify identity. I can't find this information listed on their site like I can for Venmo...
15  Economy / Currency exchange / Have BTC or ETH, want $240 Venmo on: November 20, 2017, 09:21:47 AM
Need $240 Venmo.

Dealing with trusted/reputable members only. Willing to send first to trusted members. (I'm aware of the reversibility of this payment method, hence only dealing with people who clearly aren't scamming for a couple hundred bucks)

I can pay a small mark-up over spot price. PM me.
16  Other / Meta / Security Log on: November 17, 2017, 01:23:41 AM
Is there a way to check the security log going back further than one month? When I go to It only returns results going back to October 18th. Thanks!
17  Economy / Web Wallets / Xapo announces position on Segwit2x fork on: October 10, 2017, 08:04:14 AM
Xapo has made an announcement regarding their Segwit2x policy:

Basically, they will call the chain with most accumulated difficulty "bitcoin / BTC". The minority hashrate chain will be called  "BC1" if it has a 1MB consensus rule and "BC2" if it has a 2MB consensus rule. The minority chain will be available for withdrawal and conversion but they will not offer long term support for it.

So they are basically just following the miners here. Thoughts?
18  Bitcoin / Legal / Tax implications of staking (proof-of-stake) or running a masternode on: October 06, 2017, 07:15:54 PM
I'm looking for some general information on the tax implications for US citizens with regard to staking or running a masternode. They are pretty similar. In POS, blocks are minted rather than mined, and the creator of blocks is decided based on coin stake (the more coins you control, the more likely that you will mint any given block). With masternodes, you are paid a percentage of block rewards once you control enough coins (plus some additional conditions).

I know how to deal with the capital gains on the block reward payments. But I'm having trouble determining how the block reward payments themselves should be treated. Is each receipt of a block reward (or pro rata share) considered a taxable event? What kind of transaction is it exactly?

Thanks in advance for any info!
19  Bitcoin / Bitcoin Discussion / Russia Likely to Ban Bitcoin Payments, Deputy Finance Minister Says on: September 28, 2017, 10:37:55 PM
Literally two weeks after the Russian Finance Minister said there was "no point in prohibiting" cryptocurrencies, it seems that the Russian government has yet again reversed course.

The Deputy Finance Minister had this to say earlier in the week:

Alexey Moiseev, the deputy finance minister of Russia, said earlier this week that he expects pending legislation on cryptocurrencies will feature a ban on payments made in cryptocurrency.

According to the state-backed news source TASS, Moiseev – who previously said that bitcoin should be classified as a kind of asset in Russia and limited to qualified investors – told reporters on Monday that "no regulator doubts that payments will be banned."

For him, there is no doubt that Bitcoin (and other cryptocurrency) payments will be banned. Read the article here.

Thoughts? Russia is probably the most infamous government for flip-flopping on Bitcoin regulation. This seems like more of the same. The market doesn't seem to be reacting to the news.
20  Alternate cryptocurrencies / Service Discussion (Altcoins) / Altcoin exchanges with no AML/KYC on: September 01, 2017, 07:43:58 PM
I searched for a similar thread but couldn't find anything recent. I'm hoping you guys can provide some suggestions. I'm looking for exchanges where I can trade BTC, LTC and ETH, as well as other coins.

I'd like to be able to deposit/withdraw without hassle, and I don't trust these altcoin exchanges with my personal documents and information. I'm aware of Nova Exchange and Yobit -- I believe these don't require any sort of verification, correct? Does anyone use these exchanges...are they reputable?

Any other suggestions are greatly appreciated! Smiley
Pages: [1]
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!