Also something else I glossed over before - they are providing $50,000 in insurance for your holdings. They must, therefore, be monitoring all the balances on all your addresses in real time and linking all that information to your KYC and seed phrase back ups to ensure that they don't get scammed by someone claiming to have lost $50,000 when they were only holding $10.

I've skim listened to this on 2x speed, but I can't find anywhere that they actually address that there now exists the ability for Ledger wallets to export seed phrases off of the secure element. Someone please correct me if I'm wrong. They answer questions like politicians. Direct quote from Nicolas Bacca (BTChip, Ledger VP): "I'm not sure what's not to like."

Absolutely unbelievable. This forum, Reddit, Twitter, literally everywhere pointing out the massive issues with this, and the VP responds by sticking his head in the sand and saying "Everything is great!"

Correct, and well noted!

When writing the Whitepaper, Satoshi clearly didn't envisage the issue with a longer chain having less work, as I have described above. The code to change from height (longest chain) to chainwork (chain with the most work) was implemented in 0.3.3 in July 2010, as you can see here: https://github.com/bitcoin/bitcoin/commit/40cd0369419323f8d7385950e20342e998c994e1#diff-623e3fd6da1a45222eeec71496747b31R420

It's still unsafe.

The whole point of a hardware wallet is to store your seed phrase and private keys safely and securely inside and prevent them from being extracted. The whole point of Ledger's secure element is that there is no possible way to extract the seed phrase from it. Now we have just discovered that a simple firmware update will permit the secure element to start sending your seed phrase across the internet. Ledger have just admitted that their entire design is deeply flawed.

We conveniently already have a name for a hardware wallet which can expose your seed phrase to the internet. It's called a hot wallet.

So the very fact that this exists, even if you don't sign up for it, means that the next firmware update for Ledger devices will create a process by which your seed phrase is extracted from your hardware device, downloaded on to your computer, and then sent across the internet. That is a massive attack vector. It negates literally the entire point of a hardware wallet to keep your seed phrase and private keys isolated from computers and the internet. Not to mention this gives governments a very easy path to seizing all your assets, if they want, and allows all your coins to be stolen with some very basic social engineering. If you have completed KYC anywhere ever, then you've given away all an attacker needs to recover your seed phrase and empty your wallets.

Remember when Trezor and Ledger were the two best hardware wallets out there, and every thread had people (me included!) recommending either/both of them. How the mighty have fallen! Both are complete and utter trash now, completely ruined by awful decisions such as this one. Seriously, do the management teams behind both wallets understand nothing about bitcoin?

More and more I am glad that I have moved pretty much exclusively to airgapped, encrypted, cold storage for the bulk of my bitcoin. I know that my wallets will never suddenly pose a massive security and/or privacy risk out of the blue because of some absolutely moronic decision by a third party trying to squeeze more and more profits out of their customers.

Once again, as I've said multiple times above, nodes and miners choose the chain with the most chain work, which is not synonymous with the longest chain.

In the event of a fork of just one or two blocks where both chains have the same amount of work, then nodes will generally pick the chain which they saw first.

I don't disagree with anything you have written there, and the people in this space calling for more regulations are crazy. But seeing Binance as some kind of bastion of hope against these regulations is also crazy. Binance have shown time and again that they do not care about bitcoin or their users in the slightest. They only care about their own profits. They will fight regulations which prevent them from operating in various jurisdictions, but they will do absolutely nothing against regulations which are actually damaging to the space.

Thankfully, governments around the world can regulate centralized exchanges and centralized services as much as they want, and we can continue to use bitcoin freely in a peer to peer manner as intended.

What a bunch of absolute clickbait nonsense. Claiming that all 12 and 24 word seed phrases are vulnerable!? I'm sorry, has someone managed to break the laws of thermodynamics and create a colossal amount of energy out of nothing in order to start cracking 2¹²⁸ bit seed phrases? Are the oceans boiling from the heat this energy is turning in to? Because that's legitimately what would happen if we used enough energy to successfully start brute forcing seed phrases. And lets not even mention the fact that seed phrases didn't even exist when most of these old addresses were funded for the first time.

An absolute trash article, but sadly what comes to pass for "news" in the crypto world. Just like that article a couple of weeks ago that claimed seed phrases are vulnerable because someone posted all their words online and then their coins were stolen.

I've answered this above:


Usually, the longest chain does indeed have the most work, since as you say, when the chains fork each block on each chain adds the exact same amount of work. If the fork continues past a retargeting, then the chains will have different difficulty adjustments since they will not have found all the blocks between the fork and the retargeting in the exact same amount of time. From that point on, the blocks added to each chain do not add the same amount of work, and so the longer chain will not necessarily be the chain with the most work.

That's incorrect - it was always 64 bit. In fact, the two outputs which this transaction created were very close to INT64_MAX, which is 0x7fffffffffffffff, or 9223372036854775807. The two outputs were 92,233,720,368.54277039 each.

The bug was actually fixed in a standalone patch Satoshi released within a few hours. Version 0.3.10 was the first full version to include this patch.

No, it didn't. As vv181 has pointed out, it just implemented sanity checks.

This is also wrong. The incident absolutely led to the creation of 184 billion bitcoin. These bitcoin no longer exist because the chain was re-orged to remove them, but they were still created in the first place.

Sorry, but this is wrong yet again. That 0.5 BTC absolutely still exists. It is the 0.5 BTC on this address - https://mempool.space/address/17TASsYPbdLrJo3UDxFfCMu5GXmxFwVZSW. This is the input which was used in the value overflow incident, which now still exists as an unspent UTXO since the value overflow transaction was re-orged out. It has not moved since, but it is still there and still completely valid to be spent in the future.

---

What happened is someone created a transaction which spent the 0.5 BTC I linked to above. They created two outputs in this transaction, both for 92,233,720,368.54277039 BTC. At the time, part of the way the software checked if the transaction was valid was to ensure the fee (i.e. the sum of the inputs minus the sum of the outputs) was equal or greater than zero. If you had higher outputs than inputs, then when you subtracted them your fee would be negative, and so the transaction would be rejected.

However, when the software added the value of the two outputs together, they overflowed and became negative. So then when the software subtracted this negative number from the 0.5 BTC, it ended up with a positive number, which passed the check for the fee to be positive. And so the transaction was allowed.

I'd rather not use bitcoin at all than use it exclusively via the rules and regulations that Binance enforce. Full KYC, zero privacy, zero security, full surveillance, permissioned, censored, complete governmental control.

This is pretty much already the case if you use centralized exchanges. The government know everything you do, your coins don't actually belong to you, and you can be denied access to them at any point. That's not bitcoin - that's a bank.

Remember when Binance attacked bitcoin by trying to roll back the chain to cover their own losses? Binance doesn't care about bitcoin, and I don't care if Binance gets taken down. Sure, there might be a short term price hit, but Bitcoin thrived before Binance, and it will thrive after Binance.

Not quite. The amount of work is based on the current difficulty, and not the individual hashes of each block. Every block in the same difficulty epoch will add the same amount of chain work, regardless of the actual hashes or the number of leading zeroes in each hash.

You make a note of it (if you want) when you first enter the passphrase. You then compare the fingerprint with what you've written down when you enter your passphrase in the future to confirm that you have indeed entered your passphrase correctly and not made a typo anywhere.

Yes, absolutely.

The decision is only final when the next block is mined. At any point prior to that, the miner can and does update the block they are attempting to solve with new transactions which pay a higher fee.

The block a miner is working on is known as a candidate block. They will build a candidate block from the highest paying transactions in their mempool, and attempt to mine it. Building a candidate block is not instant, as the miner has to calculate the Merkle root for all the transactions in that block, and so swapping out even a single transaction has a computational cost involved. Because of this, miners do not update their candidate block constantly with new transactions. They will attempt to mine their current candidate block, and meanwhile in the background they (or more accurately, their mining pool operator) will build a new candidate block, including new high fee paying transactions and dropping older low fee paying transactions. Once the new candidate block has been built, they'll swap from attempting to mine the old candidate block to this new one. After a set period of time, perhaps somewhere between a few seconds and a minute, which will vary between mining pools and will vary depending on how fast new transactions are hitting the mempool, the mining pool will create another new candidate block and the miners will switch to this one. The process constantly repeats until the next block is found, with miners always working on a subset of the highest fee paying transactions.

No. If it takes longer to find the next block, then there is every chance your transaction will be dropped from candidate blocks in favor of higher paying transactions.

This is not correct.

As I explained above, the longest chain does not necessarily contain the most accumulated work. I could fork bitcoin right now, drop the difficulty to 1, and then churn out 10,000 blocks in a few minutes. My new chain would be far longer than the main chain, but have much less accumulated work because the number of hashes required to generate all 10,000 of my blocks would only be tiny fraction of the number of hashes to generate a single block on the main chain. The main chain, although shorter, would have the higher amount of work, and so everyone else would stay on that chain and not switch to my longer chain.

No, they do this by aligning themselves with the chain with most work, which again, is not the same as the longest chain.

This is wrong.

Nodes will follow the chain which has the most accumulated work. This is not necessarily the chain with the longest length.

Usually when we reorganize one or two blocks, then the blocks will obviously have the same difficulty and therefore represent the same amount of work, so the longest chain will be the chain with the most work. However, if a fork lasted long enough to significantly stretch beyond a difficulty retargeting and in to a new difficulty epoch, then blocks on each chain would represent a different amount of work and so the longest chain may not necessarily be the chain with the most work. Nodes will switch to a shorter chain if that chain has more accumulated work.

RSA is still secure. The largest RSA number factored to date is 829 bits. This is a long way away from the 2048 bit numbers commonly used in RSA today, and you can very easily go up to 4096 bits if you are concerned. RSA4096 will likely be secure for decades yet.

Shor's algorithm cannot yet break RSA, despite the clickbait news article which did the rounds earlier this year. The team in question managed to factor a 48 bit integer with a quantum computer, which is absolutely tiny even when compared to the 829 bit integer already factored by conventional computers, never mind the 2048 or 4096 bit integer needed to actually break RSA.

If RSA can be broken by quantum computers, then so can ECDSA.

OP's transaction is now around 4 MvB from the tip of the mempool. If he is lucky, it could confirm within an hour. If he is unlucky and the mempool fills rapidly again as it has been doing recently, it might not confirm for days yet. Impossible to predict at the moment.

It isn't even a request. It is just a rebroadcast. Since OP's transaction is already in (almost) every node's mempool, rebroadcasting will achieve absolutely nothing. Every node which receives the rebroadcast will just ignore it, since they are already aware of the transaction.

Edit: It's confirmed.

Then as I said above - Passport.

This is correct, although you are still vulnerable to the seed extraction attack, so you must use a long and complex passphrase with all Trezor devices.

It can't be fixed. It is intrinsic to the hardware. All Trezor devices are permanently vulnerable. https://blog.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

They could, as could literally anyone at any time. But if you follow some of their staff on Twitter, they are very much pro-privacy and opposed to the surveillance and censorship that Trezor now support. For example:

https://nitter.it/sethforprivacy/status/1653072714800807937
https://nitter.it/zachherbert/status/1650299865056829445

So, exactly as was spelled out in BlockFi's Terms of Service, as I pointed out on this forum dozens of times, including this example from several years ago: https://bitcointalk.org/index.php?topic=5308457.msg56070076#msg56070076

BlockFi quite clearly stated that anything you deposit becomes their property, they will do what they like with it, and when it all goes to shit their users have zero legal protections.
So BlockFi took all the deposits, did anything they liked with them, it all went to shit, and now people are surprised they have zero legal protection?



I don't think bitcoin is that risky at all, especially when compared to ever-more-quickly imploding fiat. Buy bitcoin peer to peer, store in your own wallet, wait. Simple and safe. What is risky is handing your bitcoin over to a bunch of complete strangers because they've promised you a gazillion percent gains.

Reputable open source wallets, such as Electrum, Sparrow, or Samourai.

I would suggest that if a coin doesn't even have its own standalone wallet, it's probably either completely useless or an outright scam and should be avoided altogether. Worst case scenario you can use Ian Coleman's site on an airgapped computer to enter your seed phrase, passphrase, choose the correct coin and correct derivation path and extract the necessary private key for your shitcoins.

They have partnered with Wasabi, who pay the blockchain analysis company Coinfirm to surveil their users. Trezor have not been a great choice since their unfixable seed extraction vulnerability was discovered, but given that they are now pro-surveillance and pro-censorship I don't think anyone should ever buy a Trezor device again.

The best hardware wallet on the market right now in my opinion is a Passport.