Importantly, an address also includes a checksum.

Knowing an address provides exactly zero help when it comes to bruteforcing a public key, and knowing a public key provides exactly zero help when it comes to bruteforcing a private key. An attacker would still have to exhaust half the search space, on average.

It is not hard to reverse a hash function - it is impossible.

A hash function is not encryption.

There will always be ways to obfuscate where your coins came from - mixers, coinjoin, payjoin, peer-to-peer trading, atomic swaps to and from Monero, and so on. If a state does blacklist your address, there will always be a way around it.

It also becomes an impossible task as time goes on. Because of all the things I've just mentioned, particularly mixers and coinjoins, tainted coins regularly get mixed in among other circulating coins. Lets say there is a coinjoin with 1 tainted input and 50 outputs. Are all those outputs now tainted? What if all those outputs are later coinjoined again somewhere down the line, with another 50 outputs each. Are all 2500 outputs now tainted? If you look far enough back in time, then the majority of coins in active circulation can be claimed to be tainted in some way or another. With the growth of DEXs, mixers, coinjoins, etc., this is only going to get worse as time goes on. You obviously can't blacklist every address, so then you must choose a completely arbitrary cut off for how far back in time you look. 5 transactions? 10? 20?

It can't. It's a scam. Have a read of my post here: https://bitcointalk.org/index.php?topic=5217581.msg53650350#msg53650350. This is essentially exactly the same but instead of being shilled through the "InvestBox" it is being shilled through these "Virtual Miners".

This "token" sprang in to existence out of nothing 3 days ago. If you try to deposit or withdraw it, you are told the wallet is in "maintenance", which is the same error message you get on all these scam tokens. The X10 token from my post above has been in "maintenance" since January. These tokens do not exist. You cannot deposit or withdraw them. There is no blockchain or smart contract. They are a creation of Yobit and only exist on Yobit. They are not cryptocurrencies in any way.

You spend bitcoin, you earn a fake token, either from InvestBox or Virtual Miners - it doesn't matter. You can maybe dump some of your fake token on later suckers to get back a fraction of your BTC if you are lucky. More likely, you lose all your BTC and are left holding millions of a fake token that nobody will buy.

The X10 token from above currently has a 126 billion of these tokens stacked up for sale at 1 satoshi, with zero volume and zero buyers. MINEX will look exactly the same in a few months, but not before Yobit have managed to scam plenty more bitcoin out of idiots buying these non-existent "virtual miners".

I read this today so thought I would share it here: https://www.businessinsider.com/nsa-phone-snooping-illegal-court-finds-2020-9

Despite monitoring all the mobile phone data of millions of Americans for years, the NSA could only point to a single criminal case where this data was used, and it turns out that even then it was irrelevant to the conviction. So not only did the mass surveillance not prevent a single terrorist attack, but it wasn't even useful in convicting terrorists after the attacks had taken place. That, of course, didn't stop them from blatantly lying and saying that such programs are vital to preventing terrorist attacks.

Now, ask yourself why the government would continue to spend hundreds of millions of dollars on mass surveillance when they knew it wasn't preventing attacks or leading to convictions?

Population control.

Absolutely. It's called elliptic curve multiplication. In short, you multiply the private key by the generator point of the secp256k1 curve. The generator point is a fixed value, and is the same for every person and every key, so the same private key multiplied by the generator point will always result in the same public key.

Private keys are only 51-52 characters when they have been converted to Wallet Import Format (WIF). A raw private key is 64 characters of hexadecimal.

In total there are a little under 2²⁵⁶ possible private keys, a little under 2²⁵⁶ possible public keys, and exactly 2¹⁶⁰ possible addresses. Therefore, no two private keys will lead to the same public key, but multiple public keys (and therefore private keys) can lead to the same address.

Guessing the private key from knowledge of only the public key is impossible.

You are continuing to give out bad advice.

Everyone should be afraid of KYC every time you have to complete it. You are sending everything required to completely steal your identity over the internet to an anonymous bunch of strangers. Identity theft can do more damage to you than someone emptying your bank account, and you can be left with life long implications, poor credit, debt, even criminal charges.

Saying "all wallets are not safe" is equally poor advice. Sure, there is no such thing as a 100% secure wallet, but that does not make the security of an encrypted airgapped cold storage wallet equal to that of a third party custodial web wallet.

There is a big difference between making things simple and oversimplifying things so much as to be dangerous.

Sure, but they can still be prevented from operating in a country or state unless they comply with specific rules and regulations, regardless of where they are headquartered.

I'm not sure I follow you here. Bitcoin itself does not have a central authority. Centralized exchanges, services, websites, etc., are free to blacklist coins, since they are private businesses and can essentially do what they like. There is no central authority which could blacklist coins from being transferred or sent to another address altogether, though. The only way to do that would be with a fork which the community would never agree to.

With Bisq, you only provide your fiat payment details to the other party, not to Bisq itself. Having said that, a government agency could still pose as a buyer on Bisq to collect bank details of people trying to trade. If this is a particular concern of yours, then you should look in to anonymous payment methods such as cash or anonymous money orders.

That's why I specifically mentioned Bisq.

Not only is Bisq a decentralized exchange, but the Bisq platform itself is decentralized. You run the software yourself on your own computer, and connect directly to other users via Tor. Just like with bitcoin, even if governments shutdown the the website, shutdown the GitHub, stopped the developers from working on it, you can still run it yourself and connect to other users.

Sure, using DEXs is currently not as easy as using centralized exchanges, but that doesn't make it impossible for the average user. With the caveat I mentioned above, that the real long term solution is the proliferation of DEXs until they have become the "standard" way of buying and selling bitcoin, then I don't see this as an issue.

An individual cannot possibly know all the different algorithms that different centralized services are using to tagged coins as "tainted". But as I said above, this is bad for the long term outlook of centralized exchanges - they are adopting an untenable position that will be impossible for them to continually enforce as time goes on. I don't see this as bad for bitcoin. If anything, it will encourage people to use more peer-to-peer and decentralized services, which I see as a positive.

And completely insecure. And it teaches the newbie to trust an anonymous stranger with their coins, which is the exact opposite of what bitcoin was designed to do. There's a reason a lot of people recommend hardware wallets, and that's because they are a good balance of security and ease of use for newbies. If you teach a newbie to use a web wallet, who is then phished or hacked and loses all their coins, then there is no faster way to turn them away from bitcoin.

Faucets are pointless. You will spend hours filling in captchas to earn a few cents worth of bitcoin. We shouldn't be telling newbies to join signature campaigns either, and every time I see someone recommend a brand new account a signature campaign I cringe.

Bitcoin is money. You can acquire bitcoin the same way you acquire any type of money. Get a job and earn it, sell a good or service for it, or exchange another type of money for it.

I'll agree with you here. We should be teaching newbies that bitcoin is money, to be used for payments and trades, and not just to be hoarded. Bitcoin isn't anonymous, anyway.

It is very difficult to track coins which are traded through a true DEX, for the exact reason that there is no centralized wallet to which the coins must first be deposited. In some cases the coins pass directly from one person to another, and in others they pass first of all through a multi-sig escrow address which is a single use address and is indistinguishable from other multi-sig addresses. Blockchain analysis fails in these cases, and the only way to reliably track these trades would be to infiltrate the DEX in question.

Further, even if government's did manage to taint coins being traded peer-to-peer, then who cares? Provided you don't use centralized exchanges, it doesn't actually matter if they think your coins are tainted or not.

Fiat to bitcoin (and vice versa) DEXs already exist. Look at Bisq as a great example.

There is no answer to this question - it depends entirely on your computing power and how long you are prepared to wait. Much like generating a vanity address, there is no way to calculate an exact time of how long any seed or password brute forcing will take - you could get it right on the first attempt, or it might exhaust every possibility before getting it right on the last one. For example, if you are missing the last 4 words from a BIP39 phrase that gives you 2048^4 = 17.6 trillion possibilities. If you try that on a single 10 year old computer then you could be waiting years, whereas if you use dozens of high end CPUs to split the work you could break it in a few hours. The example I linked to above suggests that OP should be able to descramble his Electrum phrase on a mid range CPU within an hour or two.

The tool also supports easily splitting up the task and spreading the work over multiple devices. See here for a worked example: https://github.com/3rdIteration/btcrecover/blob/master/docs/Usage_Examples/2020-05-23_multi_device_descrambling_12_word_seed_with_extras/Example.md

What is the fee per vbyte on your transaction? You can find out by inputting your transaction ID in to this website: https://blockchair.com/. The likelihood is you simply paid too low a fee. The mempool has been periodically emptying over the last few days, but never below 2 sats/vbyte, so if you paid 1 or 2 sats/vbyte then you will still be waiting for confirmation.

You have a couple of options in this case. You can use "replace by fee" if you enabled it on your transaction to bump the fee to a higher value so it will confirm faster. Alternatively, your friend can use "child pays for parent" and simply spend the unconfirmed transaction with a much higher fee. When his new transaction is confirmed, your currently unconfirmed transaction will confirm at the same time. Further, if the transaction had a change output that you sent back to yourself, you can also use "child pays for parent" by spending this change output with a much higher fee.

His post on Reddit is so close to being self aware:

Just replace ABC with BCash.

I don't think governments (certainly not the US government) will ease up on the restrictions and regulations they are placing on centralized exchanges. Centralized exchanges will always be sticking their noses where they don't belong and freezing accounts and seizing coins for trivial reasons. A multiplicity of centralized exchanges won't change that, as they will all have to play by the same rules. The real solution will be when the majority of users are trading freely and privately on decentralized exchanges.

These companies were not set up or launched by the government, but now that they exist, the government is more than happy to use them. There are many more firms which US government agencies have been paying for their privacy-invading expertise. Here are a few examples you can examine for yourself:

Chainalysis - https://www.fpds.gov/ezsearch/fpdsportal?indexName=awardfull&templateName=1.5.1&s=FPDS.GOV&q=VENDOR_FULL_NAME%3A%22CHAINALYSIS+INC.%22
Elliptic - https://www.fpds.gov/ezsearch/fpdsportal?indexName=awardfull&templateName=1.5.1&s=FPDS.GOV&q=VENDOR_FULL_NAME%3A%22ELLIPTIC+INC.%22
CipherTrace - https://www.fpds.gov/ezsearch/fpdsportal?indexName=awardfull&templateName=1.5.1&s=FPDS.GOV&q=VENDOR_FULL_NAME%3A%22CIPHERTRACE%2C+INC.%22
Coinbase - https://www.fpds.gov/ezsearch/fpdsportal?indexName=awardfull&templateName=1.5.1&s=FPDS.GOV&q=VENDOR_FULL_NAME%3A%22COINBASE%2C+INC.%22

I agree there shouldn't be, but there also doesn't need to be. The community have decided:

BCH's price is currently 2.4% of bitcoin's price.
BCH's hashrate is currently 2.2% of bitcoin's hashrate.
BCH's daily transaction value in terms of USD is <1% of bitcoin's.

A lot of shitcoins are listed on a lot of major exchanges, and the majority of the media channels which support him are owned by him. Much like CSW, he has enough wealth to bankroll his own superiority complex, but that does not mean anything he says is true.

No, nc50lc is right.

You aren't limited to only one "hop" through Lightning nodes, and you don't have to open a channel with either the restaurant or someone who has an open channel with restaurant. Your payment can be routed through multiple nodes. As nc50lc says, if you have a channel open with a node which has lots of channels, then chances are your client will be able to find a route to the restaurant. It make take 2 hops or it may take 10.

The longest path allowed currently is 20 hops, although at the moment it seems 11 or 12 is enough to connect any two public nodes - https://bitcoinvisuals.com/ln-eccentricity

Although I've not used it for such a purpose, this piece of software should be able to help you: https://github.com/3rdIteration/btcrecover

The instructions specific for recovering seed phrases are available here: https://github.com/3rdIteration/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md

There are also some worked examples, including that of descrambling a 12 word Electrum phrase (your exact situation), here: https://github.com/3rdIteration/btcrecover/blob/master/docs/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example.md

It will be much faster to run if you know an address from the wallet you are trying to access. For your own safety, you should download the repository and run it on an offline computer.

Although you've given an example of a hashing the correct numbers to find the correct solution, you haven't really explained how miners end up finding those correct numbers.

The version, previous block hash, and bits, are essentially fixed numbers and cannot be changed by the miner.

The Merkle root is dependent on all the transactions in the block. If a miner was to change which transactions they are including (or even include the same transactions in a different order), then they would end up with a different (unpredictable) Merkle root.

The time does not have to be the current time, as you might expect. It can be any time between the median of the last 11 blocks, and 2 hours in to the future.

The nonce can be any 32 bit number.

The miner will hash the 6 numbers as you have described, and if the result does not meet the target, then they will increment the nonce by 1 and hash them again. They will repeat this process until they either solve the block, or they reach the limit of the nonce.

At this point, most miners will then increment the extraNonce field. This is part of the coinbase transaction of the block. By incrementing it, the Merkle root will change, allowing the nonce to be reset to 0 and the process to begin again.

It all checks out.

There was a matching transaction confirmed shortly before his GitHub post: https://blockchair.com/bitcoin/transaction/ef600c380a239d9b929c6c964deaf7060e309750950a516cee65576232b0c53c

The address his coins were sent to - bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny - is known to belong to the Electrum scammer, and can be found in dozens of reports from other victims on this forum, Reddit, and Twitter.

In addition, the address which was stolen from, plus lots of other addresses which feed in to it show frequent address reuse, including using the same address as both an input and as change in a single transaction, suggesting the user in question was not very technical or knowledgeable about bitcoin.

There are zero reports of an Electrum wallet downloaded from the official source and properly verified resulting in a user losing funds (unless there was other malware on the computer, in which case, that has nothing to do with Electrum). Every one of these cases is because someone has visited a random link, downloaded some unknown software, not verified it, and then installed it.

An Electrum server is not the same thing as the official Electrum site. Anyone in the world can run an Electrum server.

If people are unable to follow very simple instructions which are the first thing you read when you visit electrum.org - "Do not download Electrum from another source than electrum.org, and learn to verify GPG signatures." - then there is nothing else that can be done. This is like blaming the writers of BIP39 for people typing their seed phrases in to random websites.