If you think your private keys are going to be exposed, then even overpaying a high fee is insufficient to guarantee your safety. Because of the way mining works, the next block might not be found for an hour or even longer simply due to random chance, and there are bots which can broadcast transactions to sweep funds on compromised private keys in under a second.

As Loyce says, you should be signing this transaction offline.

It's a scam: https://spamreports.report/post/716208271598534656/scam. Anyone else receiving such an email should make sure they don't click any links in that email, and if they have, consider their Coinbase accounts/wallets compromised.

Having said all that, Coinbase have already implemented this kind of KYC nonsense in some countries, so they could very well do the same to anyone else, anywhere else. You would do well to get any and all coins you own off of any centralized exchange or any wallet software owned by a centralized exchange, such as Coinbase Wallet or Trust Wallet.

Not entirely. It solves scalability issues at the current number of users, but to scale it up to global adoption needs other technology which is built on top of Lightning, such as channel factories.

I don't think so. Rather, it is still in early stages of development.

As BlackHatCoiner points out above, a faster initial confirmation is not necessarily better. Take a look at this site: https://howmanyconfs.com/. Take a look at BCash for example. You might think the big blocks are better since everyone can get in the next block. But actually, the blocks are almost empty (a few dozen transactions each, compared to 4,000 transaction per block for bitcoin's smaller blocks) because no one is actually using it, bigger blocks make the system more centralized, and it takes over 12 days to reach the same amount of security as bitcoin reaches in an hour.

It is trivial to launch a coin with instant transactions. All you need is a centralized spreadsheet which can update balances instantly. That doesn't make it a good coin.

It is done solely between the Lightning nodes, and nothing touches the main chain until the channel is closed. To get a little bit more complicated (the jar analogy doesn't really hold up beyond this point):

Let's say you and I open a channel with 1 BTC each, for a total of 2 BTC. We both (or rather, our software does this automatically) sign a transaction which sends 1 BTC to you and 1 BTC to me. This would be our closing transaction, if we broadcast it. But we don't, we just save it locally, so no one knows about it except us. Then I pay you 0.2 BTC, so now we both sign a transaction which sends 1.2 BTC to you and 0.8 BTC to me. Again, we save this locally but do not broadcast it. Every time we make a new payment between us, we both sign a new transaction to reflect the new distribution of coins. When we want to close the channel, we simply broadcast the most recent transaction we have saved.

And so it is each participant in a channel who is responsible for the intermediate transactions, while the wider network only ever knows about the opening and the closing transactions.

There are additional complex systems built on top of that in order to encourage honesty and punish any attempted theft. For example, if the latest transaction we had signed was 1.6 BTC to me and 0.4 BTC to you, but you tried to broadcast an old transaction which splits the funds 1 BTC each, there is a mechanism to allow me to dispute that and claim all the funds for myself, meaning you lose everything as punishment for the attempted theft.

I'm not a fan of 2FAS because it harvests way more data than it needs to. (And actually, for a 2FA app, the amount of data it requires about you or your device is exactly zero. All it needs to do is scan QR codes and then combine them with the time and hash them. Zero data required.)

Take a look at its Privacy Policy here: https://2fas.com/privacy-policy/

They collect a lot of information about your device, your email address, records of your usage, drop cookies on you, share your data with Google Analytics, etc. Completely unnecessary and unwanted.

Compare this to the best in class privacy policy from Aegis: https://getaegis.app/aegis/privacy.html

5000 words for 2FAS, versus 10 for Aegis. "Aegis Authenticator does not collect any data from your device."

Sorry, but how is this user not banned?

Having 42 posts in an hour deleted is bad enough, and deserves at a minimum a temp ban. But using AI to make all those posts deserves a perma-ban, no questions asked. It is textbook plagiarism, attempting to pass off something he didn't write as his own, in order to boost his post count, farm merit, and advertise whatever stupid shitcoin is in his signature.

Why do we even have rules if we aren't going to enforce them? I've asked this dozens of times and never had a response. No doubt this user will be back doing the exact same thing again soon.

No, I don't. Users spamming low quality topics in an attempt to gain merit is bad enough. Using AI to tell you which low quality topics to spam is even worse.

Or here's a crazy idea - maybe only open a topic if you have something worth discussing?

If you are using Electrum out of the box and connecting to third party servers, then yes, these servers will be able to link these addresses together.

As Electurm is a light wallet, it connects to third party servers and nodes to download the transaction data and address history relevant to your addresses. It will query all the addresses in your wallet at once, so whichever servers or nodes it queries this with will know that all those addresses are linked. If you want to avoid this, then you need to run your own node and your own Electrum server.

If you do run your own node node and server, then as OmegaStarScream says, the only way to link addresses as belonging to the same user/seed/wallet would be if you use them together in the same transaction (or you accidentally leak this information).

Electrum offers a 2FA wallet. It is a 2-of-3 multi-sig wallet, where a third party known as TrustedCoin holds one of your private keys, your wallet contains one private key, and the third is recoverable from your seed phrase back up. When you want to make a transaction, you enter your 2FA code which TrustedCoin use to confirm you are the real owner of the wallet before co-signing your transaction.

A better solution as I explained above is to just set up your own multi-sig wallet and not rely on a third party at all.

The only other one I am aware of is: https://github.com/raivo-otp/ios-application

The fact remains that Google's 2FA app is closed source, difficult to actually back up locally, and since it is ran by Google will 100% be harvesting your data.

Since I've been tagged, I'll share an analogy I like for explaining the basis behind Lightning in really simple terms below.

Let's say you and I both run our own businesses. Sometimes I buy stuff from you, and sometimes you buy stuff from me. We get fed up of sending money back and forth between our bank accounts (i.e. standard bitcoin transactions), as it is time consuming and the bank charges us a fee every time. So, next time I come to see you to drop off some goods, we get out a jar and both put $100 in it. (Think of this as opening a Lightning channel.) I drop off the goods, and we agree you owe me $20, so we both record that when we open the jar, I get $120 and you get $80. The next day, I need to buy some stuff from you which costs $50, so now we agree that when we open the jar, the split will be $70 to me and $130 to you. This can go on and on for weeks, months, even years, with us both agreeing a new way to split the money, but without actually opening the jar. Changing the balance like this is instant and free. The banks (i.e. the bitcoin network) have no idea this is happening - all they know is that we both took out $100 to put in the jar in the first place. They don't know how we are agreeing to split that money, or how that split is changing.

Next week, I need to buy $20 of stuff from another business down the road. I don't have a jar with them, but you do. So we deduct $20 from my balance in the jar between me and you, and then you give $20 to this other business in the jar that you have with them. You essentially route my $20 to this other business without me having to set up a jar with them, all instantly and for free.

At some point we decide to open our jar (i.e. we close our Lightning channel). At that point we both take out whatever amount of money our final agreement was and deposit it back to our bank account. Only then do we need to make a transaction with a bank (a transaction on the bitcoin network), and only then does the bank/bitcoin network become aware of the final split of funds.

One of us, one of us...

A quick search on my end puts the number of bitcoin sent to OP_RETURN outputs which include the string I mentioned above at 7.85885185 BTC.

I can also find 217 transactions which include the string "Помощь Украину с деньгами от ГРУ хакиров" (which is "Helping Ukraine with money from GRU hackers", again as the article points out) in an OP_RETURN output, which also send bitcoin to the following address, which is known to belong to belong to the Ukrainian government: 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P. The total of these transactions is 1.23766867 BTC.

OP_RETURN is a type of command used by the bitcoin software which marks a UTXO as invalid. Such outputs do not have a private key, and there is no script which could unlock them. Therefore, any coins sent to an OP_RETURN output are burned and can never be spent. There is no security threat.

On searching the blockchain, I found 915 transactions which include OP_RETURN outputs with the string "Иcпoльзoвaны для xaкингa!", which is Russian for "Used for hacking!" as the article points out.

Some of the transactions have no coins being burnt, and instead include the empty OP_RETURN output with the above string and dust outputs to hundreds of other addresses. The person in question would presumably do this to draw attention to their transactions. For example: https://mempool.space/tx/2deb61815c8aff5fe89c39bd8ab632b1110f70be3b9fba52b1f77d68e3bbc622

And then some of the transactions do indeed burn not-insignificant amounts of bitcoin to OP_RETURN outputs, again with the above string. For example: https://mempool.space/tx/a7cfa39733d905eb68c421d4552720cc5198f7be4b163715447b698627d102b1

The most straightforward method is by using BIP38. The buyer will generate their own private key and encrypt with a password they choose using the BIP38 standard, and then provide you with the encrypted private key. You engrave that encrypted private key on to the physical coin. Only the buyer will be able to decrypt the BIP38 encrypted key to the real private key by using the password that they know.

This only works once, however. The buyer will be unable to sell the coin on as it is obvious that they know the private key.

In terms of the private keys, no. It doesn't matter whether you load the address or not - either way you will still be engraving the private key in some format on the coin.

That's correct. Lightning support was initially experimentally implemented in Version 4.0.1, which was released back in July 2020, before being formally implemented in 4.1.0 in March 2021. Either way, it's been around in Electrum for a while now.

The negative effect here is that his 2FA code is now stored on dozens of Google servers around the world, with unknown physical and digital security, transferred there by unknown methods, and which an unknown number of people can access. By having access to his 2FA codes, these people by proxy now have access to one set of private keys for his multi-sig wallet.

I agree with your suggestion about why he needs TrustedCoin at all, though. In my opinion, if you want the safety of a 2FA wallet, then it is cheaper and more secure to run your own multi-sig rather than rely on a third party. But if he wants to keep using a 2FA wallet, then he should create a new one where the 2FA comes from an open source app which doesn't send his shared secrets across the internet to other people's computers for storage.

This is a good thing. You don't want to risk your valuable assets (bitcoin) in a wallet which is filled with junk code and other trash in order to support worthless shitcoins, and you certainly don't want to have valuable assets in a hot wallet that you are using to link to poorly written smart contracts, shady exchanges, and the like. Use a good open source wallet for your bitcoin, and keep your shitcoins somewhere else.

Unstoppable is a reasonable choice. Note, however, that although almost all previous versions have been reproducible from the source code provided, the most recent version is not. This is unlikely to be a major concern, but it is worth noting. See https://walletscrutiny.com/android/io.horizontalsystems.bankwallet/ for more details (and click on "Show Older Reviews").

Yes, each wallet will need its own seed phrase. Electrum seed phrases have a built in versioning system, which means each seed phrase will only generate one type of wallet.

However, Electrum will no longer generate legacy (standard) wallets by default, only segwit ones. If you desperately want a legacy wallet then it can be done via console commands, but I'd recommend just sticking to segwit.

Secondly, be aware that 2FA wallets have nothing to do with the multi-sig set up you were discussing earlier. 2FA wallets use a third party to cosign your transactions, and they charge a fee to do so. If you really want one you can of course generate one, but for your multi-sig set up between computer and phone you shouldn't be using them.