Has anyone an found efficient way redeem this silly BTG coin using private keys sourced from Electrum?

I've got 160 BTG that I received as part of the BTC fork. Not exactly a huge value but more than I'm willing to walk away from.

I'm an Electrum user. I ran a sweep on my BTC wallet. It's now empty but I still have the private keys (and seed) associated with those addresses which, as mentioned above, should contain approx 160 BTG of unspent BTG outputs. I'd like to claim those BTG outputs.

Researching Google, I learned that...

The first wallet the official BTG crew promoted, an online wallet, turned out to be a fraud.

The second wallet the official BTG crew promoted, an fork of the electrum code base known as Electron Gold (www.electrongold.com), also turned out to be a fraud.

Many, but not all, of the remaining (presumably non-fraudulent) wallets listed on their site either require Android or another hardware device. My preference would be to perform this redemption without buying additional hardware but I'll certainly go that route if necessary. But even if I do, how do I import the private keys? I know enough C# programming to get by and can easily convert my existing Electrum private keys (in WIF format) to binary or any other importable format. What what format? And what wallet would I import the keys into?

All I want is to find a way to get the BTG to a wallet, any wallet, for a few minutes -- just long enough for me to transfer it to Binance and sell it for BTC or another alt.

Gentlemen,

I'm conducting automated, online transactions with a few dozen anonymous parties. They don't know me and I don't know them. There are occasions when my web application, or I as an individual, may hold Bitcoin in a custodial capacity for said parties. It's important that I protect the private keys corresponding to a large number of Bitcoin addresses which my application creates on-the-fly as needed.

I have a software development background and have read as much as I can about protecting sensitive data but am fairly new to the latter so I'd like to present you with an overview of my private key protection strategy and then ask what you, as experts, perceive to be possible vulnerabilities in my plan.

Here's my layout and plan:

My main work computer is a MacBook Pro running El Capitan. It's typically plugged into a multi-monitor setup in my home although I'll occasionally take it on the road with me, making it somewhat vulnerable to theft. The OS's built-in FileVault disk encryption is turned on.

My web application runs on a grid of Windows 2008 servers that live at Amazon Web Services (AWS). This grid of servers, plus my laptop, constitute the entirety of my network.

One of the servers in the grid is running SQL Server and in that database is a table, and in that table is a field called 'privateKey' which contains the private key for a single Bitcoin address. The table will contain many rows since there are many addresses to deal with. The 'privateKey' field is a binary stream containing (1) an initialization vector (length=16 bytes) and (2) an encrypted representation of the private key. My program uses the initialization vector and a secret password (length=32 bytes) as inputs into a symmetric encryption algorithm (.NET/RijndaelManaged) to decrypt and use the private key.

The secret password isn't stored in a file on the server. It's stored on my laptop in a human-readable document called 'specialFolder\myPasswords.txt'' in hex format. When the server app is started, a secondary helper app prompts for the secret password which I then copy/paste into the helper app's console over a Remote Desktop connection. The helper app's console is then closed and the secret password is then only held in RAM on the server, within the process of my application.

There are also Bitcoin private keys held outside of my application in "wallets" managed manually, by me, using a third party program called Electrum. Electrum runs on my laptop and uses one file to represent each wallet. (A 'wallet' is just a collection of Bitcoin addresses and their respective private keys). I've configured Electrum to store the wallet files in 'specialFolder\myWalletFolder' on the laptop. Electrum encrypts the wallet files such that the private keys contained therein can't be used without a strong password which is entered by me as needed at runtime.

Electrum uses a mechanism wherein the public/private keypairs it generates are created in a predetermined fashion using what the documentation refers to as a 'seed.' The seed is a long series of human words. If one knows the seed, the keys can be regenerated and the wallet restored. I keep backups of the wallet seeds in a file called 'specialFolder\myElectrumSeeds.txt' on my laptop.

If you've read this far, you may have noticed that I'm keeping a lot of sensitive information in plain text within 'specialFolder' on the laptop. But this really isn't a folder at all. It's actually a volume created and maintained using a program called VeraCrypt. I only 'mount' this encrypted volume when I need to access its contents and then I immediately 'unmount' it. The laptop is never left alone when 'specialFolder' is mounted. Mounting the volume requires a password. That password is known only to me and isn't stored on the laptop.

VeraCrypt stores and accesses the 'specialFolder' volume through a single file. That file is named 'veracryptFile.' veracryptFile lives on my laptop on a Dropbox-synchronized folder. Whenever the VeraCrypt volume (and thus 'veracryptFile') is modified, the changes are immediately propegated to (1) DropBox-owned servers and (2) a server in the grid at AWS, and (3) another private server at AWS that's in a different geographical location.

In addition, a physical printout of the contents of 'specialFolder\myPasswords.txt' and 'specialFolder\myElectrumSeeds' is kept in a safe deposit box at a local bank, to which only I have the key.

The parties with whom I do business may occasionally login to my app and execute  transactions which result in Bitcoin being sent to them. Password theft obviously weighs heavily on my mind.

The SQL Server discussed earlier contains a table of all of my users, and that table contains a field called 'password.' The 'password' field contains: (1) a random byte sequence (length=32 bytes) and (2) a hash of a concatenation of the user's password and the random byte sequence. My program uses the random byte sequence and the password the user supplies at login as inputs into a hashing algorithm (.NET/SHA256Managed). If the hashing algorithm's output matches the hash stored in the database, the user is considered authenticated.

A user must be authenticated prior to executing a transaction that would result in a Bitcoin disbursement. In addition, each user is required to have a BitMessage address. When the transaction is submitted online, my program creates a 10-digit random string and sends it to the user's BitMessage address. That string must be entered by the user in order to begin execution of his transaction.

This BitMessage confirmation protocol is also required if the user wants to: (1) change his password, or (2) specify a different BitMessage address in his profile.

Given the strategy outlined above, do you see any glaring vulnerabilities ? Here are the attack vectors I've considered thus far:

LAPTOP IS STOLEN: perp would have to defeat Apple's FileVault encryption (assuming laptop was powered off when stolen) plus the VeraCrypt encryption on 'SpecialFolder'. I could recover the lost files via DropBox or my AWS-hosted DropBox peers.

LAPTOP IS TARGETED BY ROGUE APPLE STORE TECH-SUPPORT EMPLOYEE WITH ADMIN ACCESS: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.

DROPBOX ACCOUNT IS HACKED: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.

AMAZON SERVER IS ATTACKED: perp would need physical access to machine and have a way to probe RAM to obtain 'secretPassword' since it's not stored on the hard drive.

USER PASSWORD(S) ARE STOLEN: perp would also need access to the user's BitMessage account in order to steal Bitcoin from the compromised user.

Are there other attack scenarios I've overlooked? For the sake of this forum post, I'd like to limit attack vectors to technical exploits, not those of the violent or gangster variety (extortion, blackmail, etc.).

Thank you for your thoughts.

Best,

Nostril

Just as I was about to toss Electrum aside in disgust and look for a new BTC client, a solution was discovered:

After Electrum starts, the app must immediately be hidden (Cmd-H). Then make it visible again by clicking it from the Dock.

Going through these steps immediately after each launch causes the windowing bugs described in my original post to go away. Hopefully this will save someone a ton of time.

The app constantly crashes and malfunctions. I'm using version 2.5.4. Here are just a few of the problems I experience on a daily basis:

- Clicking 'details' on the context menu of a History item yields nothing. Through trial and error, I discovered that clicking Cmd-O, which is normally used for the open function, will show the details window in addition to the File|Open window. I have no idea why. The details window is then stuck on the screen at that point and can't be closed without Force Quitting the app.

- Using Cmd-O to open a new wallet doesn't actually work. Nothing opens when a particular wallet file is selected from the popup. Clicking Cmd-O will sometimes cause Electrum to show the new wallet that was requested but it leaves the app in an unresponsive state.

- It's virtually impossible to create a wallet on the first try. It usually crashes when trying to create the first set of deterministic addresses.

Is it possible that I'm using a hopelessly out of date version? Site indicates 2.5.4 is the latest.

Any suggestions appreciated...

@HabBear: All you had to do is search Twitter and you could've seen the notice I was referring to. But here, let me take care of that for you:

http://forklog.net/hackers-brought-down-coinbase/
http://www.techworm.net/2015/12/hacker-ddos-coinbase-website-down.html

Seriously dude, it must be exhausting living life afflicted by such paranoia about the motives of random forum posters.

To everyone else who actually provided me with useful suggestions here and on Reddit, thank you very much. I'm going to check out each of the sites you recommended. Bitstamp and Kraken seem to be the favorites. Will check out Circle as well.

Best..

Hey there, Bitcoin experts. Need some advice from you:

My needs are fairly simple; I need a reliable vendor that will allow me to purchase BTC using USD in a straightforward way. I've been using CoinBase successfully for the last few months. My typical monthly usage pattern is:

- Purchase $2,000 - $5,000 of Bitcoin using an ACH link to a USD-denominated account at Bank of America.

- Once Bitcoins are delivered 2-3 days later, they're immediately sent to a mixer which then forwards them to some external wallets that I control.

..and that's about it. I never need to sell the BTC for USD. The BTC I purchase are typically used to pay vendors and other parties with whom I do business. Unless I'm in a midst of a transaction, my USD and BTC balance at CoinBase is kept at zero. Pretty boring stuff. Anyway, CoinBase seems to struggling as of late.

A few days ago when attempting to execute a relatively small purchase ($1,000) I got an error message stating that I need to fill out an extended due diligence form. Not a huge deal, just standard KYC (know your customer) kind of stuff. I provided the necessary documentation but it was never acknowledged. The ACH link seems to be permanently disabled and continually shows this same error message.

I tried linking to other accounts at major banks and although I never received an error message, the micro-deposits used to verify account ownership never arrived.

Posting messages to their support forum yields, "A moderator must approve of your message." And it's never approved.

Messages to their email support have gone unanswered for days.

Creating new support incidents in their help system appears to work but no one ever responds.

In parallel with these problems, there were two other major red flags unrelated to my specific support incidents:
(1) Searching #coinbase on Twitter today yielded an article about a site hack at Coinbase (no balances were stolen).
(2) Today when once again attempting to add an ACH link to a major US bank, instead of simply asking for a routing number and account number, it actually asked for the username and password for my bank account. What's worse, it asked that the extended security on my bank account (i.e. two-factor authentication, etc.) be disabled... HUGE RED FLAG.

I'm not sure what's going on at CoinBase but I'm worried enough at this point that I'm closing out my bank links and changing all of my bank passwords.

What would be a suitable replacement for me given the information I provided about my typical usage scenario? I did a bit of digging and others who are concerned about the situation at CoinBase brought up BitStamp as an alternative. What's your opinion on BitStamp and more importantly, are there other vendors that you feel might be more suitable for me? I'd love to hear your take on the pros/cons of various vendors or exchanges.

Thanks in advance.

Best,

Nostril