Jetzt lese aber dazu etwas verwirrende Aussagen. In Electrum selbst öffnet sich so eine Info-Blase, wenn man die Maus über "Replace-by-Fee" legt: Wenn Sie dieses Feld aktivieren, werden die Transaktionen als unbestätigt gekennzeichnet ... beachten Sie, dass manche Händler Transaktionen erst nach einer Bestätigung akzeptieren. Hmm .. heißt, diese Transaktionen werden niemals als bestätigt gekennzeichnet, auch nicht, wenn sie Bestätigungen erhalten haben? Ich meine, dass Händler, Mixer, Exchanger usw. auf eine oder mehrere Bestätigungen warten, bevor sie den Zahlungsvorgang als akzeptiert ansehen, ist ja klar. Das ist ja eigentlich grundsätzlich der Fall (unabhängig von "Replace-by-Fee"), da bräuchte ja Electrum nicht extra drauf hin zu weisen. Nach ein wenig Recherche habe ich u.a. hier noch eine Aussage dazu gefunden: https://kryptozeitung.com/electrum-bitcoin-wallet-leitfaden/Rechts neben dem Gebühren-Schieberegler erscheint ein Kontrollkästchen mit der Markierung “Ersetzbar”. Bei Electrum 2.9.3 ist dieses Kästchen standardmäßig aktiviert. Wenn Sie das Häkchen setzen, wird die Transaktion als ersetzbar markiert. Eine ersetzbare Transaktion kann erneut versendet werden, falls ihre Gebührendichte zu unerwünschten Verzögerungen führt. Viele Dienstleistungen akzeptieren keine unbestätigten, ersetzbaren Transaktionen als Bezahlung für Waren oder Dienstleistungen und erfordern stattdessen eine bestätigte Transaktion. In den meisten Fällen sollte jedoch das Kontrollkästchen Auswechselbar aktiviert werden. Wieder ein klares "Hmm .."! Das wäre ja soz. der GAU, wenn meine Bezahlung irgendwo oder meine Überweisung zum Exchanger abgelehnt wird (was passiert dann eigentlich, es kommt dann wieder automatisch zu mir zurück?), nur weil ich dieses Häkchen gesetzt hatte! Falls dieses Risiko bestünde, würde ich dann (in wichtigen Fällen) doch lieber gleich eine etwas höhere Gebühr einsetzen, damit die Übweisung möglichst in der gewünschten Zeit durchläuft und vor allem nicht Gefahr läuft, abgelehnt zu werden. Keine Angst. Zu 1), die deutsche Übersetzung scheint einfach sehr kaputt zu sein. Was damit gemeint ist, ist dass die Transaktion als "replacable" also "ersetzbar" gekennzeichnet ist. Wenn eine Transaktion in einen Block aufgenommen wurde, dann ist sie bestätigt (1 Bestätigung). Da ist es dann egal ob sie den RBF tag hat oder nicht. Nach der Bestätigung bringt dir das nichts mehr, du kannst sie also nicht mehr ersetzten. Zu 2), Die werden immer und überall akzeptiert. Was damit gemeint war ist vermutlich, dass es manche Services gibt, die auch Transaktionen ohne Bestätigung (also bevor sie in einen Block aufgenommen wurden) akzeptieren. Da darf das Flag dann nicht gesetzt sein. Sonst könntest du die Transaktion ja absenden, deinen Key (oder was auch immer du digital sofort im Tausch bekommst) erhalten und die Transaktion ersetzten. Bei solchen Services (die sehr sehr selten sind, da es einfach nur dumm ist 0-conf Transaktionen anzunehmen), muss die Transaktion eben ohne Flag gesendet werden oder du musst auf 1 Bestätigung warten. Also im Fazit: Einfach immer mit dem Flag versenden. Praktisch schadet es nie. |
|
|
|
My metamask extension can't be accessed after Mozilla firefox version has been updated to the latest one. The wallets created on metamask before it was updated couldn't be seen and I can't open it even though I used to downgrade the firefox version. This is my biggest problem nowadays, so I am hoping those technical buddies here who can give me possible solutions.
Your first mistake was to use a browser extension as a wallet. For the future, just use a proper wallet instead of some stupid browser extension to store crypto. Regarding your problem.. what happens when you downgrade firefox to a version where your extension worked? It simply doesn't work either? You might want to open an issue on github: https://github.com/MetaMask/metamask-extension. The situation is very stressful for me, I got some tokens in there which I never been backed up particular with seed phrase.
This was your second mistake. You always need to have a backup. There are so many scenarios which could have led to a loss of your crypto. After your problem gets fixed, i would recommend, that you switch to a real wallet and create at least 2 (non-digital) backups of your mnemonic code before continuing using crypto. |
|
|
|
And maybe add NoScript to stop any tracker, malicious 3rd party javascript, ads, etc.. It is probably one of the best (if not the best) extension available. Further, HTTPS Everywhere needs one option (Encrypt all Sites eligible) to be activated to block any HTTP request. |
|
|
|
|
It is worth to note, that if your keys have been created on an online pc (which seems to be the case since you synced the blockchain on that computer), your wallet effectively is not really a cold/offline wallet.
For a true cold wallet, the keys have to be generated on an offline device.
Generating them online and storing them offline can work out if your PC was not infected prior to you generating the keys. But a proper cold wallet does protect against that by generating the keys offline.
|
|
|
|
It is better to avoid working with these applications and rely only on old, reliable applications from wallets such as blockchain and coinbas.
Neither blockchain.com nor coinbase are wallets which should be recommended. You shouldn't recommend any web wallets or custodial wallets at all. And if you are referring to the open source android wallet by coinbase, it seems like almost no one has looked at the code. So not really recommendable. There are enough reputable wallets to choose from, i.e. bitcoin core, wasabi and electrum. |
|
|
|
How exactly can you crack a rar without brute forcing it?
By attacking the (poorly implemented) crypto, for example. WinRAR was vulnerable for a very long time because they always used the same IV. Such an encrypted archive could have been decrypted by anyone in less than a minute. Meanwhile, this vulnerability has been fixed. But given the fact that this vulnerability was present for a very long time and is incredibly severe, i wouldn't be surprised if there were more mistakes in the implementation. |
|
|
|
Are there any reliable metrics on how many "bad" servers there are currently in operation?  Is there a way to detect them? I guess one could try to simulate an older electrum wallet by connection to random servers and checking their responses when trying to broadcast a transaction. Creating a list with bad servers and the ratio between bad and good server could be used as a metric. But i am not aware of whether someone has created such a list already. |
|
|
|
In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too?
It is possible. But an attacker would have to compromise 1) the website/server and 2) the PGP key which is (hopefully) stored securely offline. It simply adds another layer of protection. And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Yes, it is. By compromising the server. Yes, those sites differ. One is a multi billion dollar company, the other is an open source project. Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
If your PC never goes online, yes it is cold storage. There is always a possibility of losing coins. For example by getting malware to your cold storage PC via USB and transferring the private keys out via the USB and the online PC. Nothing is 100% secure. |
|
|
|
I'm just not entirely clear whether or not this will be sufficient to completely protect against such an attack.
It is sufficient. Well.. at least if the user is not dumb enough to turn off the extension and still visit the site via HTTP. Use VPN for better security, it encrypts all data even if website is non https://.
That's one misunderstanding people always have. You should always assume that a VPN does not increase the security. There are rare occasions where it indeed protects you from specific attacks. But these are the minority. People think a VPN makes your connection much more secure (probably due to the advertisements everywhere). But this simply is not true. Using a VPN is "ok" if you trust the VPN provider more than your ISP, but never assume your connection to be private or more secure because of a VPN. Your security shouldn't come from the VPN connection. |
|
|
|
I would recommend electrum [1] because it's easy to use and safe or hardware wallet (e.g. trezor [2], ledger [3]).
I disagree. OP actually made a good choice. Wasabi and Samourai are good wallets to recommend. They do not only support the basic features (like CPFP), but also advanced features electrum does not have (i.e. CoinJoin, PayNyms, ..). It is way easier to preserve privacy when using Wasabi or Samourai than when using electrum. However, for newbies.. electrum probably is easier to use and understand. But IMO we shouldn't recommend newbies a wallet, which heavily invades your privacy, but rather suggest some which actually do something for your privacy. |
|
|
|
Das kann man aber kaum selbst entscheiden, da entscheident ist zu welcher adresse man schickt. Ich würde ja gerne alle webseiten die ich nutze dazu zwingen bech32 zu nutzen, habe es aber noch nicht geschafft  Entscheidend bei der Gebühr ist die Sender Adresse, nicht die Empfangsadresse. Eine bech32 -> legacy Transaktion kostet genau so viel wie eine bech32 -> bech32 Transaktion.
Nachfrage zu den Begrifflichkeiten: Mit "Adresse" ist dann eine einzelne BTC-Adresse gemeint (z.B. im Falle von bech32 "bc1...yz"), nicht die gesamte Wallet? Also wäre das mit diesen Inputs nur ein Problem, wenn immer wieder an diese eine Adresse gesendet wird. Wenn ich aber für jede Transaktion eine neue Wallet-Adresse von Electrum generieren lasse, dann nicht oder?
Also, wenn ich 20 kleine Eingänge in einer Wallet habe, die aber alle auf eine eigene Adresse gesendet wurden, besteht kein "Konsolidierungsbedarf"?
[...]
PS:
Nachdem ich jetzt noch mal den von dir verlinkten Beitrag "Fees are low, use this opportunity to Consolidate your small inputs!" gelesen habe, denke ich, spielt es wohl keine Rolle, ob die Eingäge alle auf die selbe Adresse oder verschiedene Adressen gingen.
Dein Nachtrag ist korrekt. Es kommt auf die gesamte Anzahl an Inputs an. Jeder Input hat eine bestimmte "Größe". Hierbei spielt es keine Rolle wie viele Adressen im Spiel sind. Auf dem technischen Level existieren keine Adressen, nur UTXO. Adressen sind für Menschen geschaffen um alles zu vereinfachen. Denn unter "Privacy" schreibt er: Consolidating your inputs links them together on the blockchain. This wouldn't be any different when you use the same funds in any other transaction, but you should consider this before doing it. Der Hinweis würde ja keinen Sinn machen, wenn vorher eh schon alles auf eine Adresse gegangen wäre! Übrigens interessanter Hinweis, der einem noch mal verdeutlicht, wie durchsichtig alles ist, bzw. wird, wenn man nicht aufpasst! Die Privatsphäre schützen ist mit Bitcoin ziemlich komplex. Da darf man sich mit Coin Control (also das Entscheiden wann welche UTXO an wen gesendet werden) keinen Fehler erlauben. Zum Glück gibt es jedoch schon Protokolle, die es erlauben die BTC dezentral und ohne Vertrauen zu mixen (CoinJoin). Das Wallet Wasabi hat CoinJoin z.B. integriert. |
|
|
|
I am not the person who had this issue, this is someone else asked me the help regarding fund recover possibility.
Then tell this person to provide full information regarding sender/receiver wallets, etc.. Especially since the receiver seems to be some service, they are the only one able to help you. By default address wont expire, But its an feature or limitation enabled by wallet custodian for their wallets.
I have already shared one of the examples where the custodian support acknowledges the issue, otherwise they wont.
I have seen some other wallet custodians also having this expiration on their wallets address.
Are you with "wallets" actually referring to a wallet? Please be more precise. Who is the receiver? Which service/website/wallet etc. ? Tell your friend to contact the support of the receiver (website, service, etc.). Addresses do not expire. The used service received the BTC. |
|
|
|
|
If you have an unsolved problem, please describe it as precisely as you can.
As previously mentioned, addresses do not expire, ever.
Transactions can not be reverted.
Please tell us which wallet you have used, where you sent the coins to and what exactly the problem is.
The more information you provide, the easier it is for us to help you and therefore you'll receive a solution faster.
|
|
|
|
It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise.
But this still doesn't justify the core aspects of securing data. Keeping software up-to-date is one of the most important things. There is a reason for windows to auto update itself all the time. Going online with a 2+ year old wallet without updating it and installing a "new version" without verifying the signature (which is exactly described on electrum.org and takes only 2 minutes) is irresponsible. Unfortunately this won't change and most people only adjust their habits after losing their coins. This quite simple phishing attack really shouldn't have achieved so much. I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money. |
|
|
|
Then you believe Exodus is as bad as Electrum in this list?
Depending on what we are talking about. Regarding security, no. Exodus is a horrible wallet. Regarding privacy, yes. They are both shit regarding privacy. Both send all addresses, transactions and balances to a server who can link all your BTC transactions to your IP and your geo location. Why not, it's minor.
There are no "accounts" in bitcoin. This is a huge flaw in your mindset. If this is intended for newbies, you are already teaching them a horrible behavior. It's not that very inconsistent, it did enough to guide newbies, which wallets are the open source/most secure/safest.
It is extremely inconsistent. I just picked a few wrong things i saw. There are way more there which i did not mention. This table shouldn't be used to guide newbies at all. IMO it is worthless. |
|
|
|
[...] Natürlich neg. Trust mit dem Hinweis auf dubiose Quellen wäre gerechtfertigt aber viel mehr auch schon nicht!?
Naja ich denke da bist du recht frei im Auslegen der Regeln. Jedem ist ja bewusst, dass wenn mehr als nur 1 oder 2 Lizenzen zum Verkauf stehen, und das weit unter dem Marktpreis, irgendetwas faul ist. Auch bei 1 oder 2 Lizenzen weiß ich nicht wie das mit dem Weiterverkauf aussieht. Meistens ist dies ja in den ToS ausgeschlossen. Sowas kann nur illegal sein. Daher hat denke ich, dass niemand was dagegen hat wenn diese Threads gelöscht werden. |
|
|
|
I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.
Going online with a cold wallet to make a quick transaction wasn't the smartest move. Signing the transaction offline and broadcasting it on an online device wouldn't take much longer. Especially since he seemed to already be used to it due to using it as an cold wallet for most of the time. Given that the burglary probably was already a few hours(?) ago, this 1 minute most likely wouldn't be an issue. Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack. Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible. We are not yet at that point where storing and using bitcoin without any risks can be achieved by any random person. At least some awareness is still needed. |
|
|
|
Looking at the table.. a lot seems to be wrong and/or weird. Some things picked: - Wallet is API, SPV or a Node?
What the hell is an "API" wallet? Additionally, every wallet is a Node. What this should say is "full node".
- Is the Backend Open-Source?
No one can verify whether the open-source code actually is used. So that is quite pointless IMO when talking about the reputation of a wallet/backend.
- Other BTC Features: Electrum "No"
Since CPFP is mentioned in other wallets, electrum does offer CPFP. Same goes for Wasabi. Also, you have added "Payjoin" to BTCPay, but no CoinJoin to Wasabi. This table is extremely inconsistent.
- Fee Selection
Why does BTPay have "full" and everything just "Yes" ?
- "Bitcoin Unit of Account"
Really?
- Replace by Fee
Wasabi's entry is wrong. It should be "yes" instead of "no".
My conclusion would be that the table is so inconsistent and full of wrong information that it would be easier to delete it and start again with more useful information and a proper formatting. It really is not worth showing a newbie. |
|
|
|
Connectivity to Trezor/Ledger is welcomed but is this SPV client or the wallet that relies on specialized servers just as Electrum does?
Most SPV clients rely on specialized servers, not just electrum. If it connects to its own servers how many of them are available online at once?
I don't think that number is public. Just as you also don't know how many ledger / trezor server there are. Or servers used by exodus, jaxx, coinomi, mycelium, etc.. |
|
|
|
For the future, verify every download before installing. You can find a tutorial for that on electrum.org. 1. Writing all uppercase means this question more important to me.
Writing all uppercase means that we care way less about helping you. 2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.
Then don't call it cold wallet. You were using an online (hot-) wallet and fell for an extremely old phishing scam. Unfortunately you won't get your coins back. |
|
|
|
|
Show Posts
