That's the process of downloading and verifying the blockchain on your own computer a.k.a. full node.
Once you are up-to-date with the current network, your node is synced (with the network).




It is, if you decide to import your private keys into a different (SPV) wallet.
If you want to send a transaction from core, it needs to be synced first.

But you are free to export the private keys and import (or sweep) them into another wallet. For this, your node does not need to be synced.

This is the issue.
You have chosen to run a pruned node (basically limiting the disk space used).

After copying the wallet file into the correct directory, you need to -reindex and therefore downloading and verifying the whole blockchain again.




You can either resync core or export the private keys which hold the balance.
You could fore example dump the whole wallet (dumpwallet in the command line) and then import every private key into a electrum wallet (or any other lightweight client which doesn't require the whole blockchain).

It is your choice.

Indeed, they did.

But there also were lots of reports that TrustedCoin did not help at all even when using the correct email.
And this makes sense to me.

Who would trust a service which lets you reset the 2FA if its enough to message them from your mail account.
That's like saying it is enough to compromise the victims computer to gain access to the wallet without 2FA and the mail addresses etc. to receive the 2FA. In such a case, their whole 2FA service would be useless.

They would need to request some information which only the original creator can know. And this excludes everything an adversary might have access to when compromising the victims system.


@OP:
The chances are very slim. Might still be worth to contact TrustedCoin. You got nothing to lose.
But your best bet would be to find the Mnemonic Code.

According to the OP:



OP, if you only have the alphabetically ordered list of words, you are absolutely out of luck.

I still don't get how this happened.
Doesn't coinomi force you to write them down in order to enter them in the second step?

If your above statement (about only knowing the alphabetical order (i.e no order at all)) is true, there unfortunately is no realistic chance of recovery.

First, are you sure that you were using bitcoin core?
Core doesn't work with mnemonic codes. The backup of a core wallet is the wallet file itself (by default: wallet.dat).

You need this wallet file to access your coins. If you have used a passphrase to encrypt it, you need this too.


Maybe you have used a different wallet? Are you absolutely sure it was core? Do you remember downloading 300GB+ of blockchain data and waiting days/weeks for it to be synced?

No.
Exodus definitely is not a good wallet to begin with. If you decided to use a software wallet, do not use any closed source ones.

You'd be better off using electrum, which is a reputable and properly working open source wallet with tons of functionality.


Also, don't listen to people like:

Coinomi, too, is a closed source wallet with incompetent developer who downplay severe vulnerabilities.

Auf dem selben Wallet können die schon zusammenlaufen.
Ein Wallet ist ja nur eine Software, die die Keys für dich managed. Keiner kann wissen ob zwei Adressen zum selben Wallet gehören, wenn nicht beide als Input verwendet werden. Und genau das ist damit gemeint.

Verwende nicht zwei gemixte UTXO's in einer Transaktion.




Wasabi bringt eine eigene Tor Instanz mit.
Falls bei dir kein Tor läuft, dann benutzt Wasabi die eigene Tor Instanz.




Blutbad? BTC ist fast am Allzeithoch und ein 10% Dip ist dann gleich wieder ein Blutbad? Also echt 

Some of his statement let me doubt whether he is a "pro".

If contacting someone to help with recovery, i'd only recommend dave's recovery service.
He is already quite some time in the business and is the most trusted recovery service here. I personally wouldn't go with others.

Bei solch einem Vorgehen würde ich aber immer auf etablierte Verfahren zurück greifen.
Wörter an Positionen zu vertauschen scheint mir hier ein wenig riskant zu sein.

Da ist die klassische Verschlüsselung + Passwort schon besser. Aber das Problem hier ist, dass wenn eins von beiden verloren geht, die Coins verloren sind.
Noch besser wäre in etwa ein Secret Sharing Scheme. Vorausgesetzt man hat 3 Orte bzw. Personen um ein 2-out-of-3 Scheme zu erstellen.

Well, note that this fee is paying for your next 20 transactions. So its actually 0.00005 BTC per transaction.
That's simply how trustedcoin 2FA works.

IMO a fair price for relatively secure storage on a desktop wallet. But obviously not as good as using offline storage or a more convenient hardware wallet.

Your post is lacking crucial information.
No one will be able to help you without you providing proper information, such as:

• What exactly do you mean with "Electrum-v1 based passphrase"
• What do you mean with "scrambled word-set". Are you talking about your mnemonic code? Don't you remember the order?
• What do you mean with "Electrum-v1 wordlist". The 2048 words wordlist? Or your mnemonic?

Please answer these questions and be as precise as possible.

You could always contact some password recovery.

But i wouldn't recommend keychainx. You would be better off using Dave's recovery service. He is trusted here on this forum.
If i remember correctly, his cut is 20% if he manages to break it.

I mean, you are obviously free to try it yourself first. But if it won't work, contacting him might be worth it.

That's definitely an option for the over-paranoid (some of them probably even are right in being paranoid about this).

Another option would be a completely open source mobile where the software and the hardware is open source.
Precursor is such a project. This isn't just a mobile built with purely open source software, but even the hardware can be verified.

That's a project from bunnie who held a very interesting talk about the supplychain of hardware and how an open source design is not enough to protect against supply chain attacks. This 1 hour long video can be found here. It is definitely worth to watch.

Possible? Definitely.
But is it likely? Not so much.

If you want to be sure that no one is spying on you through your smart phones camera, i'd recommend a webcam cover, i.e. something like that:


Source: amazon.com

They are pretty cheap and are available for all kinds of cameras (smart phones, laptop, webcams).

However, if you fear getting spied on through your smartphone, you'd also have to make sure it can't record ambient sound.
Whether that is paranoid or a possibly used attack vector, is completely up to you and depends on you and the situation you are in.

Are you sure that no one had access to your desk?

Since the transaction happened shortly after this session and you had your mnemonic on your desk, the possibility of someone taking a photo of it to steal your funds theoretically exists.
As well as someone using your ledger to sign such a transaction.

Did you ever use your mnemonic code for anything?

That's right, lets stay on topic: The Black friday promo sale.

BTW, those vulnerabilities have been found more than 2 years ago. The firmware vulnerability has been fixed.

It's funny how you hate on ledger, but endorse trezor with a unfixable hardware vulnerability which leads to seed extraction.

You are obviously the only shiller here with no technical competence to estimate the security of software, hardware and wallets in general.
Believe what you want to, but the picture you posted, just shows whats going on inside of your head.

You really can't.
The transaction you sent is confirmed.
The recipient address is 3DTjFxbN1k8sFi5ro65sdYKSh1QauThzYw.

If this is the address he gave you, you did your part. The coins were sent and received. For everything else, your "friend" is responsible.




I don't know what kind of issues you had, but it doesn't necessarily always have to be your fault.
Maybe the problem is with the person(s) you are sending the funds to?

Not exactly.
OP logged in today after receiving an email.
But his funds were stolen 1 month ago (29th October), roughly 30 minutes (a guess from OP) after logging in.

That's at least the information according to the OP:



OP, in addition to the questions of mocacinno, could you please also answer these:

• Does anyone have access to your hardware wallet ?
• Is your PIN truly random and no one could guess it ?
• Does your Nano look like it has been tampered with (case being opened) ?

It is quite funny that you ask whether someone is able to help you to recover your funds / trace the thief (No. No one is. Your funds are gone.), but don't care about how it happened or how to protect against that.

You gave us as little information as possible, didn't you?

One thing is sure: If you don't find out how it happened and don't care about protecting your keys (or any other personal information stored on your device), similar things will happen again.


So, instead of trying to get your funds back (which you won't, give up), better find out how it happened and what exactly your mistakes were. Then improve.

Nun ja, wenn dein Rechner tatsächlich kompromittiert wurde und du eingeloggt warst dann hätte der Angreifer Zugriff auf deine (eingeloggte) Session und kann damit all die Aktionen ausführen, die du auch ausführen kannst.
Wenn dann keine 2FA für Überweisungen nötigt ist, steht dem Angreifer nichts mehr im Weg.




Dann ist diese Seite/Anwendung mittlerweile geblacklisted.
Erinnerst du dich ob diese Meldung zwischen dem 14. und 16. ebenfalls erschienen ist?

Wenn nicht, dann war die vermeintliche Schadsoftware zu dem Zeitpunkt bei Avast noch nicht geblacklisted.




Malware wird i.d.R. auch nicht immer von Antivirensoftware erkannt.
AV's arbeiten einmal mit Signaturen (quasi das erkennen von bereits bekannter Malware) und mit Heuristiken (auffälliges Verhalten).

Es ist durchaus möglich Malware ohne Erkennung von AV's zu konzipieren. Und das ist gar nicht mal so schwer.


Auch im Autostart muss nicht unbedingt was sichtbar sein.
Nach der Kompromittierung kommt i.d.R. die Einnistung in das System. Das kann über andere Prozesse erfolgen und bedeutet nicht automatisch, dass ein neuer Prozess in den Autostart eingetragen wird.




Schon ziemlich.
Windows 7 erhält keine Sicherheitsupdates mehr.
Zudem sind einige Sicherheitsmechanismen, welche in Win 10 vorhanden sind, hier nicht präsent.

Würde generell immer davon abraten Win 7 zu nutzen.




Scheint für mich auch so als wäre das der Ursprung.
Immer noch nicht klar ist allerdings, wie dein Rechner bzw. deine blockchain.com Session dadurch kompromittiert wurde.

Eine infizierte Seite zu besuchen reicht im allgemeinen nicht einfach so aus.

Entweder wurde was heruntergeladen und geöffnet/ausgeführt oder es wurden Schwachstellen in Browser und Betriebssystem (bei Win7 durchaus im Bereich des Möglichen) ausgenutzt.

Ich frage mich in wie fern der Angreifer es auf Krypto Besitzer abgesehen hat. Die Malware zum Krypto stehlen die sonst so im Umlauf ist, ist ziemlich stumpfsinnig (z.B. ausschließlich Ersetzen von Adressen in der Zwischenablage).


Dein Fall hier scheint schon etwas ominöser bzw. spezieller zu sein.