Of course using .onion link (on Tor Browser) is slower than accessing regular website on regular browser. After all Tor use at 3 hop to access any website and optional additional 3 hop when you access .onion link.


Probably their own mixing method/algorithm. And FYI, whirlpool is a type of CoinJoin.

Other types of Bitcoin address are deemed safer since,
1. It's public key isn't revealed until you spend the coin.
2. QC takes some time to find private key from elevated public key.

And talking about security on P2SH, it gets more complex due to custom script (e.g. P2SH for 2-of-3 multisignature) and 80-bit security size.

Definitely fake, there's no thing such as "Pending Reflection ID". It should show text "Unknown" instead for unsigned transaction and TXID for signed transaction.

Never happened to me, although when i use CEX i prefer local exchange which might be less strict compared with international ones.


Is there any documented case about this? I have doubt any exchange care the funds comes from service which spam this forum.


There shouldn't be any problem the transaction itself since in general Bitcoin transaction is either,
1. Invalid transaction, which cannot be broadcasted to node/miner.
2. Valid transaction, with specific amount of confirmation.

After reading whole accusation and @Mitch212 trust feedback, i thought something interesting. Rather than buying merit (AFAIK starts from $5/merit), merit fishing on Wall Observer or doing certain task (such as sign with PGP/bicoin address), merit/account farmer could choose host small giveaway instead. For example, if @Mitch212 were to deliverer his promise, he could got a good deal ($25/20 merit or $1.25/merit). And the cost could be reduced to almost $0 if he decide to make his altcoin as winner.

And i also agree there's no sufficient proof about connection between @Rbah and @Mitch212. I decide to join his giveaway and see whether he'll deliver his promise or not.

IMO it's not good advice when the receiver could report your PM with reason "unsolicited/unwanted PM". If you ask to multiple users at once and some of them decide to report your PM, you might get temporary ban.

And having people share script (which contain condition to spend/lock the Bitcoin) instead?


Wrong, bitcoin address basically is just abstraction/representative of script. It's also the reason you could send and receive Bitcoin using same address.

If you decide to use software "btcrecover", the author also provide video tutorial on youtube (https://www.youtube.com/playlist?list=PL7rfJxwogDzmd1IanPrmlTg3ewAIq-BZJ) which should give you an idea how to use this tool.


It also depends on which character do you use, which affect total possible password combination. Here's an calculation example with following detail,

• 8 character length.
• The password use lower case (a-z) and number (0-9).
• 1 (One) Nvidia RTX 2080 Ti. Speed data is taken from https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-10-06_Multi-GPU_with_vastai/Example_Multi-GPU_with_vastai/#performance.

Total unique character used = 26 (lower case)  + 10 (number) = 32 character.
Total possible password combination = 32 character ^ 8 character length = 1099511627776 (about 1.09E12).
Speed of RTX 2080 Ti = 6.4 kP/s or 6400 password per seconds.
1 day in seconds = 60 * 60 * 24 = 86400 seconds.
Brute force time (in days) = 1.09E12 / 6400 / 86400 = ~1971 days.

That website basically is BSV propaganda, please don't use it as reference. Who knows what kind of false information they intentionally include.


This article doesn't touch problem of block size in detail. https://en.bitcoin.it/wiki/Block_size_limit_controversy should be good addition of Aaron's article.

This is fair point, especially for small organization/individual who accept Bitcoin as donation option.


I get your point. But the sender could just re-check latest Bitcoin address mentioned by receiver.



Mostly irrelevant due to HD wallet where user only need to backup recovery phrase/words or master private key (also called xprv). And on practice, they need to protect their device and wallet file instead.

CMIIW, but doesn't Redis has faster performance/response time compared to local database since Redis store the data/index on RAM?

It can be done by changing value of minrelaytxfee parameter, but OP's system will not see incoming transaction until it's included on the block. It has some trade-off if OP running a service where the customer want to know the system already detect their transaction.

Did you mistype something? OP already use walletnotify. The only other relevant notification option on Bitcoin Core is blocknotify.

This doesn't make sesnse since walletnotify make notification when the transaction is on mempool (has 0 block confirmation) and included on block (has 1 block confirmation). And time when node receive the transaction or timestamp on block isn't very reliable.

Yes, you can do that. I just tried on testnet version.


Can't think anything since Bitcoin Core already makes it clear by specific "Payment to yourself" if you check the transaction on "Transaction" tab.

I agree with @suchmoon, so it's more realistic to either
1. Keep reporting those posts. At bare minimum, they'll focus spamming on different board.
2. Quote their reply with detailed explanation why their post either doesn't make sense or could be dangerous towards other user.
3. Ignore them.


It'll be nightmare towards VPN and Tor user who already face occasional CloudFlare "security check". And it's publicly known popular CAPTCHA service (such as hCaptcha and reCATCHA) is hostile towards VPN and Tor.

Assuming either the password is either short or your friend remember parts of the password, brute-force is possible within reasonable time. It comes down whether you choose to,
1. Use your own computer. Least amount of trust is required, but you usually either need to be patient (if you have slow computer) or make big initial investment (if you're willing to buy high end GPU).
2. Use cloud computing service such as vast.ai. Some trust is required, but usually is cheaper for short term usage.
3. Ask for help reputable from service. Few member mention https://www.walletrecoveryservices.com/, but i never try to use this service.

Are you trying to say you tried to generate uncompressed public key (which has 130 character) or public key (which has 66 character) based on your private key?


HEX private key with 2 character padding which indicate compressed/uncompressed also exist, see Compressed hex private key with 66 characters?. It's also possible certain software decide to add prefix 0x to indicate the format is hex.

Thanks for the explanation. While i understand rationale behind the decision, there are few things i'd like to comment.
1. I have doubt using time improve the security since the attacker (assuming they know how the private key is generated) could reduce search space between time you create this library and first time the address receive Bitcoin.
2. I'm not sure how useful is 52-bit entropy from 2 different source when anything less than 112-bit no longer recommended these days.
3. Some details of Java's SecureRandom can be seen at https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SecureRandomImp.

Have you tried this tool personally? I did quick check and i'm 99.99% sure this tool is either malware, scam or fake.
1. This software is closed source.
2. The video mention udrop.com to download the application, but link on video description provide download link at mediafire.com and mega.nz instead. For reference, i checked the application based on mediafire.com link.
3. The application was compressed into .rar file with password. This is fairly common method to share pirated software or malware.
4. The application claim to search for ownerless wallet, but doesn't mention location of the wallet file.
5. This application seems to have ability to find seed phrase based on Bitcoin address (video duration 2:53), which is IMPOSSIBLE.
6. The .exe file is flagged by 21 AV. See https://www.virustotal.com/gui/file/13ab2aa012971573519748407a9fe49bb8ae87e85486dcd91f8f593ca672d8ff/detection.


Bisq also has security deposit requirements to protect both party.

This doesn't answer OP's question since you and the source doesn't mention which wallet use C-Lightning as it's backend. In detail,
1. Zeus wallet already mentioned by OP.
2. Zap desktop wallet use LND, not C-Lightning. See https://github.com/LN-Zap/zap-desktop/blob/master/docs/ADVANCED.md#lightning-network-daemon-lnd.
3. BlueWallet use LNDHub, which is wrapper for LND. See https://bluewallet.io/lndhub/.
4. Breez wallet also use LND. See https://doc.breez.technology/Overview-for-Developers.html
5. Wallet of Satoshi is custodial wallet, so obviously there's no option to connect to your own LN node/server.

I don't know what do you mean by "mask generation", but for .txt file you could create .bat file to parse/loop parameter on  .txt file and then execute BitCrack.


You could create a thread on Services to seek people who can do the job.


To be more specific, those algorithm (such as Pollad's Kangoroo and BSGS) have time complexity lower than O(2^bits). For example, Pollad's Kangoroo time complexity O(sqrt(2^bits)).

Even those who create malware/botnet would mine different coin (usually Monero) which could be mined with CPU at profit.


If it's truly possible, Intel would rather optimize source code of their dedicated GPU[1] driver and modify existing open source SHA-256 mining software rather than creating ASIC[2].

[1] https://www.intel.com/content/www/us/en/products/details/discrete-gpus/arc.html
[2] https://www.intel.com/content/www/us/en/products/docs/blockchain/custom-asic-product-brief.html