|
I don't think phone / email verification / association is possible without some form of centralized oracle.
Both phone numbers and SMS gateways are centrally controlled, so there's no way to decentralize phone verification in an automated manner (similar to how converting crypto- to fiat-currencies requires cooperation with the classical banking system).
Decentralized email verification should be possible in theory, as anyone can run an email server; but good luck reaching any inboxes without being whitelisted by major providers.
I guess one could create a decentralized public-key cryptography based messenger system, similar to BitMessage, but without needing the private key for deriving the recipient's address? Ie. some form of decentralized storage for messages encrypted using public keys associated with Bitcoin addresses. I'm not sure if that would be all that useful though, at least for the use case as described by OP.
|
|
|
|
If I understand you correctly, you have the 12 words that were randomly generated by electrum + 1 extra word that you have chosen. If this is the case, then you can restore the wallet like this:
[...]
[...]
Electrum has always kept its backward compatibility when it comes to seed words and things like that. they even keep the short lived features like the versioning for private keys!
in other words unless there is some sort of strange bug uniquely encountered by OP, there should not be any problem with importing old seeds in newest versions. the wallet will recognize them.
Well I'll be damned. @OP keep us posted whether this solved your issue, the solution provided by Robot1982 is far simpler and preferable to what I suggested above. |
|
|
|
13 word seed phrases where the standard for Electrum 2.0 - 2.6.4: https://bitcoinelectrum.com/frequently-asked-questions/#why-wont-electrum-accept-my-seed-when-i-attempt-to-restore-my-wallet-from-itThey switched to 12 word seed phrases with 2.7.0. You should be able to restore your wallet with the 13 seed words by downloading one of the older Electrum versions from the official archives: https://download.electrum.org/2.6.4 should do the job: https://download.electrum.org/2.6.4/Once you've successfully recovered your old wallet you'll want to send your coins to a new wallet, generated using the latest version of Electrum, as there are some known issues / exploits with the older versions. Don't forget to backup the seed words of the new wallet (should be 12 words) before sending your coins there! Assuming you haven't moved those coins since before the Bitcoin hard forks (August 2017) you'll also have some forked coins to claim. There are plenty of threads that should help with that, but if anything be extra careful with fork wallets because there have been many cases of malware surrounding those (ie. clear out your Bitcoins before trying to claim fork coins and don't install any fork coin wallets on your main PC -- use a VM or an old laptop that you aren't using anymore). |
|
|
|
Yes I'm talking about the recent one, I'm concerned fools are being tricked into investing into Bitcoin without knowing all the facts. Not one bitcoin "investor" I have spoken to has even heard of the bug. People need to be aware that bitcoin is not really 100% safe in a world where code is law.
There is much talk about this subject a quick search of Bitcoin CVE or Bitcoin Exploit shows may topics regarding the issues both old and new. https://bitcoincore.org/en/2018/09/20/notice/https://hackernoon.com/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362While this was a serious flaw it had been fixed and no miners ever exploited it. Also actual usage of any such exploit would have been fairly obvious to an outside observer. It's not like anyone could have covertly inflated the coin supply. Critical bug? Sure. Swept under the rug? Hardly. The exploit was widely publicized with information readily available to anyone keeping track of crypto. |
|
|
|
My system is still finding the occasional SHA256 brainwallet. This wallet stands out because it held 1.7 BTC for nearly 4 years, until being emptied in February 2018: https://www.blockchain.com/btc/address/00790d4c5ec89c0e30e1343a2eafc901ee136e9bThe equivalent balance on the Bitcoin Cash chain was also transferred out. A substantial amount to have sitting in a SHA256 brainwallet through the bubble of 2017/2018. Hopefully the transfer was done by the rightful owner. Maybe cashing out as the downward spiral started? The passphrase is "Thats what she said 1974" It's pretty much a miracle that a passphrase like this went untouched for nearly 4 years. Looking at how both the BTC and the BCH transaction where made in parallel within minutes, forwarding the coins to identical addresses on both chains, I get a feeling that automation may have been in play though -- the kind of automation that scans for brainwallets and steals them, unfortunately. |
|
|
|
Then I will ask you this. Is it an impossible idea that NO CRIMINALS are using mixers, and coinjoins?
Believing that all coins going through them are "clean", would be stupid.
Of course not, and no one ever said that. But if applied correctly they make coins lose your taint (note: taint in the neutral sense of tracked coins, not in a criminal sense). And that's the one you want to get rid of. Tumblers and coinjoins are important for both fungibility and privacy because they make the concept of taint pretty much useless. And you want the concept of taint to be pretty much useless, because otherwise you couldn't accept Bitcoin payments for fear of receiving tainted coins -- even if coins would look untainted to you, they could still look tainted to someone else. And a currency you can't accept is a currency you can't spend is a useless currency. @All: Sorry for having derailed the thread, I hope you enjoy the show. |
|
|
|
Do not manually create or manipulate Bitcoin transactions unless you absolutely know what you are doing (and think twice even then).
You don't want to end up as the guy spending 10 BTC in mining fees on a zero BTC transaction...
Mining fees are not stated on transactions. There's the input data and the output data that is necessary and only the output says the specific amount afaik. P.s it was 15btc  If you import a transaction it goes into the preview window, you should be running transactions that way instead to make it more secure and know exactly what you're doing a bit better. To be more precise, the transaction fee is implicitly stated -- it's the difference between the sum of all inputs and the sum of all outputs  Still easy to mess up though Good point about using Electrum's preview window! I believe the antpool "acceleration" submitter still works even for 0-fee tx now, so in the unlikely event someone inadvertently managed to make such a tx, there's still that one avenue for confirmation.
Is Antpool's accelerator free though? The only free transaction accelerator I'm aware of that actually is working is the one from ViaBTC and that one requires a minimum transaction fee. |
|
|
|
one way of doing it is to preview your tx before signing it, then copying the hex and editing the amount field to include the fee in it (increase it +fee) and then giving it back to electrum to sign. of course you mustn't do it without knowing what you are doing or you may end up messing things up.
Do not manually create or manipulate Bitcoin transactions unless you absolutely know what you are doing (and think twice even then). You don't want to end up as the guy spending 10 BTC in mining fees on a zero BTC transaction... |
|
|
|
One more reason to not use Coinbase then. Any exchange that goes beyond the necessities of KYC / AML should be avoided like the plague. If you get your account frozen on the likes of Coinbase you should have stuck with PayPal. Same difference, but without the extra steps of going through crypto.
That was not the point of the debate, and not using an exchange is an insignificant a solution to the taint problem. Not using an exchange that is trigger happy in freezing accounts beyond what is legally required of them is a solution however. There's plenty of alternatives that are not quite as restrictive while still sticking to global and local regulations -- even amongst centralized exchanges. Additionally using a centralized service as wallet is leading the concept of cryptocurrencies ad absurdum anyway. I absolutely respect if an exchange freezes an account because they are subpoenaed to do so based on concrete suspicions by law enforcement. But if Coinbase starts getting PayPal on people's asses it's time to move out. It goes back to the debate. What kind of users have too much to hide that are incentivized to pay for tumbling, and why should I mix my coins with their coins? Would you, personally, post your bank statements publicly on the internet? No, but neither would drug dealers, money launderers, scammers, or thieves. So does this make you a drug dealer, money launderer or thieve? It doesn't. And neither does wanting some privacy on public blockchains. How much in Bitcoin on average for tumblers? Wasabi is 0.15 Bitcoins? 0.15% of 1 BTC is 0.0015 BTC Most Bitcoin ATMs and Local Bitcoin sellers charge around 2% - 5%. Even Coinbase charges 1.49% [1] which is literally an order of magnitude more expensive. [1] https://support.coinbase.com/customer/en/portal/articles/1826294-how-are-fees-applied-when-i-buy-or-sell-digital-currency-Or people with something to hide.
Not being able to keep private from governments is a threat to democracy. Heck, to any free society that relies on a centralized, hierarchical government. As is the thinking that only "people with something to hide" want privacy. Remember East Germany. I don't even want to imagine what a modern day Stasi could do with modern technology and data at hand. This is the point! In their search for privacy, they might be digging themselves into a deeper hole because they would be mixing their coins with "tainted dirty" coins. As long as it's not their own "tainted" coins their privacy is prevailed. You can't be held accountable for crimes you didn't commit. If you're worried about using privacy enhancing methods because it may make you look suspious, you might be already be living in an oppressive regime. The only antidote against privacy enhancing methods becoming suspicious, is privacy enhancing tools becoming the norm. Keep in mind, only a couple decades back, secure internet connections where deemed technology that should not be available to the regular citizen -- because what would they have to hide? Nowadays a world without HTTPS would be unthinkable, with ecommerce and ebanking being an impossibility. --- Anyway, it's hard to objectively discuss something that is mostly a matter of personal philosophy. Luckily Bitcoin and other cryptocurrencies offer possibilities to be as private or as transparent as personally preferred. Just remember that equating "privacy" with "crime" is not a slippery slope, but the ditch at the end of it. |
|
|
|
Where my wallet should be registered? which the best wallet? I didn't find any information about best wallet.
I wouldn't recommend any wallet where you need to be registered (ie. any online wallet). Some of these services may not even give you full access to your coins, potentially even freezing or confiscating your coins at their whim. For most cases Electrum (electrum.org) should be fine. For more secure storage, purchase a Trezor (trezor.io) or Ledger (ledger.com) hardware wallet. For a more detailed overview, follow the links posted by LoyceV above. |
|
|
|
No they won't. But some exchanges, like Coinbase, will mark your account if your coins are tainted, and will sometimes freeze your account, and confiscate your coins. One more reason to not use Coinbase then. Any exchange that goes beyond the necessities of KYC / AML should be avoided like the plague. If you get your account frozen on the likes of Coinbase you should have stuck with PayPal. Same difference, but without the extra steps of going through crypto. It goes back to the debate. What kind of users have too much to hide that are incentivized to pay for tumbling, and why should I mix my coins with their coins? Would you, personally, post your bank statements publicly on the internet? What is the estimated, average fee to mix 1 Bitcoin?
Wasabi Wallet charges 0.003% per anonymity set which apparently comes down to 0.15% per transaction [1]. ChipMixer relies on donations and can thus be used to mix for free, but will keep any amount smaller than 0.001 BTC as donation [2]. Other options likely fall within similar fee ranges. [1] https://www.reddit.com/r/Bitcoin/comments/9sziy5/privacy_wasabi_wallet_10_is_finally_released/e90mlvu/[2] https://chipmixer.com/faqOr people with something to hide.
Not being able to keep private from governments is a threat to democracy. Heck, to any free society that relies on a centralized, hierarchical government. As is the thinking that only "people with something to hide" want privacy. Remember East Germany. I don't even want to imagine what a modern day Stasi could do with modern technology and data at hand. |
|
|
|
Regarding Bitcoin (blockchain) hard forks, there's a comprehensive family tree over here: https://bitcointalk.org/index.php?topic=2597083.0Apart from that the mapofcoins as posted by AdolfinWolf should provide you with a good overview. While not quite up-to-date I don't think any relevant alt directly forked off the Bitcoin codebase after 2017 anyway (apart from the blockchain hard forks), with many recent alts being built upon different codebases. |
|
|
|
I never liked the idea of devices designed with storing bitcoin as its sole purpose. I've seen some pretty dubious stuff like this: https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/Why would stuff like this be necessary when you can bypass it with a solid linux airgapped laptop? sure it's not as convenient moving a laptop around, but you still a computer with those devices nonetheless. Also beside the potential exploits, it's just a device that screams "there is money inside, please steal it" Using an airgapped linux laptop with an encrypted hard drive is just as fine, IMO. Convenience and ease of use is a big factor though, especially as securing a linux system from attacks involving physical access is not that trivial either. In my opinion, the easier something can be securely used without messing things up, the better. The harder using something securely becomes, the less hardware / software security starts to matter and the more of a liability the human factor becomes. And the human factor is a huge liability. I guess in the end it's mostly a matter of personal philosophy and preference though. I have not been inspired by Ledger's faintly derisive attitude to the people who chip away at their security. Trezor seem to have much more humility and openness. Though I prefer the way the Trezor operates anyway, I'd favour them over Ledger primarily because of their approach to this area.
I feel the same. The exploit used to circumvent Ledger's firmware check is not quite instilling confidence in their software security (contrasted to the 3 months of hardware glitching necessary for the Trezor exploit). That Ledger's security appears to partially depend on security through obscurity is also slightly worrying. In general they nonetheless appear to do good work though, otherwise they wouldn't have gotten off that easily. |
|
|
|
That min limit's been coming down, from 0.1 BTC I believe, as more users join, the smaller the denomination possible if I understand.
There is the assumption that anyone seeking privacy with coinjoin and mixers are criminals and drug dealers... maybe throw in terrorists, blackmailers and kidnappers. It's a wrong assumption, and seeking privacy does not amount to criminality... But you're really not eliminating that risk of mixing coins with undesirable activity if you also use, say exchanges, casinos or trade P2P.
I've done all of that so would be really surprised if none of my coins are thus tainted.
Besides, just because you don't mix don't prevent anyone from dusting you with dirty satoshi.
But think about it, tumblers and coinjoins are not cheap, and who would be willing to pay for them to keep their privacy? I believe an ordinary user would be digging himself into a bigger hole if he mixes his coins with what usually would be the criminals' coins. Unless you mined your coins yourself you likely already hold coins that are tainted in one way or another. Merely holding a couple of sats that are linked to illicit businesses won't implicate you in any crime unless law enforcement has additional reason to believe in your involvement. Same goes for using TOR, prepaid phones and other means of anonymization. Using these tools do not make you a criminal and do not build a case against you (unless you're involved in an illicit business to begin with, obviously). In principal I get why tumblers have a bit of a bad rep, but in general I guess you could also see them as a bit of a workaround to "fix" Bitcoin's transparency. Bank account balances are not publicly accessible either, so why should Bitcoin balances be? While coinjoins and tumblers are more work and require higher fees than regular Bitcoin transactions I wouldn't call them expensive either. Most Bitcoin ATMs and Localbitcoin traders charge higher fees than what coinjoins and tumblers entail. That being said I fully agree that only few people are willing to pay for keeping their privacy. Heck, most people don't even bother rejecting 3rd party cookies when being presented with a GDPR prompt. That shouldn't prevent anyone from making privacy tools easily accessible though. |
|
|
|
[...]
It seems to confirm what I was saying. In short, they used a bug to install custom firmware in the bootloader, but did not access the secure element or manage to extract any PINs or seeds, and the bug will be patched in the next firmware version. I'm also pretty impressed by the response time from the Ledger team here.
Indeed. It seems like we can also expect a Trezor fix by the end of January: https://twitter.com/pavolrusnak/status/1078568510182309889?s=21Turns out the researchers didn't follow customary responsible disclosure procedures, which is slightly disappointing. I guess both Ledger and SatoshiLabs would have appreciated a bit of a headstart, especially given the fact that both companies have a great track record of cooperating with security researchers and fixing found vulnerabilities in a timely manner (something which unfortunately is not quite as common as one may hope). Nonetheless it's good to know that researchers like them are out there, as findings of this kind help hardening hardware wallets. |
|
|
|
Interesting video, I have to admit I looked at the part which show Flashing the Ledger Nano S with custom firmware just because I use that HW. In this part of video we can see that is possible to flash Nano S with custom firmware, and in case they presented we see that instead HW you can turn on this device in miniature game console and play game snake.
Yet this is no threat that can affect current users since requires physical access to the device, but it show that Ledger still have no solution to prevent that device is flash with custom firmware. So if hackers find way to trick users with false firmware update, it is possible that this could be one of the vectors of the attack.
The worst possible scenario : Hackers hack official Ledger site, add fake firmware and try to get as many users as possible. Maybe it's not a true comparison, but who could have imagined a few days ago that hackers will use original Electrum wallet to steal hundreds, and probably thousands of BTC? [...] The problem is less with being able to flash the Nano S with custom firmware, but rather with flashing the Nano S with custom firmware without the device noticing and warning the user. In this regard I have to tip my hat to SatoshiLabs that at least their firmware check was solid enough as to force these researchers to resort to a rather sophisticated attack on the hardware level (for what little good it brought, in the end). So at least in SatoshiLabs' case the scenario of hacking the update server and deploying malicious firmware appears to be non-viable. Still, rather worrying, especially given the fact that for the Ledger Nano S an attack on the software level was sufficient. I think the Ledger vulnerabilities should be fairly straightforward to fix, about the Trezor One I'm not so sure, given the complexity of the issue. Worse still I wouldn't be surprised if one could mount a similar hardware-level attack on Ledger devices. Regardless of would-be attackers requiring physical access to the device I still wouldn't shrug it off as a practical non-threat. Obviously once an attacker is able to attain physical access to your hardware wallet you'll likely have more acute problems than firmware integrity (ie. getting a "memory dump" from you, as a person, is likely more trivial than getting one from your hardware wallet). However at least to me personally results like these mostly serve as a stark reminder of how hard it is to get security right (ie. if it's possible to break the most popular, trusted and peer-reviewed hardware wallets, I don't even want to think about the rest of the market). [...]
The main thing I took away from it is using a 25th password saves you from quite a few sad outcomes.
I guess that depends on the attack vector. If the firmware itself is compromised, the 25th password is likely to get compromised as well. It definitely protects against memory dumps as described in the Trezor One attack though -- or at least it should buy enough time to move your coins before the attacker can access them. --- Come to think of it, I'm now really worried about Ledger's update server getting compromised. I don't think compromising Ledger's update servers would be easy, especially unnoticed, but as long as their wallet's bootloader can be tricked an attack scenario as described by Lucius would allow for remotely compromising Ledger hardware wallets without direct physical access O.o |
|
|
|
A couple of security researchers just presented a talk at the 35C3 regarding a couple of security vulnerabilities in common hardware wallets: https://www.youtube.com/watch?v=Y1OBIGslgGMMost notably they found the following vulnerabilities: 1) Flashing the Ledger Nano S with custom firmware without the device noticing (starting @ 17:00) 2) A sidechannel attack allowing to remotely read the PIN entered into Ledger Blue devices (@ 28:30) 3) Extracting the menomic seed phrase and PIN from Trezor One devices (@ 35:00) 1) and 3) require direct physical access to the device while 2) require an attacker to be rather close by, so obviously the security level is still way beyond regular software wallets. Keep in mind that vulnerabilities found in these devices do not imply that other hardware wallets are more secure. As mentioned in the last few minutes of the talk, the researchers found other vulnerabilities in other wallets as well, the ones they presented are merely a collection of the most interesting ones. Still it will be interesting to see if and when these vulnerabilities will be fixed (responsible disclosure appears to have been made, with the Trezor CTO participating in the Q&A towards the end of the video). |
|
|
|
Either way, if even just a few more people end up with holding their own private keys, that'd already be a net positive.
A significant portion of all bitcoin mined is already held by individuals at their own private key. This movement wants to test solvency of exchanges before the next bull run. The aspect of regaining control over what's yours seems to be rather important as well though: Also the goal should be to create a culture of permanently holding your own private keys and make it a best practice for every single purchase every time. Every single Satoshi off these exchanges every time! IMHO introducing newcomers to the concept of securing their own coins is more important in the long run than ensuring that all these exchanges are solvent. By now I'm less worried about insolvent exchanges than about users getting complacent with centralized custodial services. It's the mindset of trustlessness that people need to be reminded of. |
|
|
|
|
It seems like some people that are feeling like they "missed out" on Bitcoin in the past, are now trying to compensate this by finding "the new Bitcoin". Sometimes even falling back on centralized solutions such as Ripple, while completely forgetting the principles of permissionlessness and trustlessness that made cryptocurrencies big to begin with.
Don't fall for the cargo cult that is "blockchain the technology" or "distributed ledger technology". Try to see what value propositions lie at the core of cryptocurrencies and which cryptocurrencies represent these values. Without understanding these principles, you're more likely to get burned than not. Be careful in your assumption of what's "the next big thing". It might very well be that Bitcoin is the new Bitcoin.
|
|
|
|
A lot of markets have had a bad turn as of recent and as much as people like to speculate that bitcoin is an entity of its own, the reality is people won’t be buying bitcoin as much as they won’t be buying stocks and shares.
[...]
I've been thinking the same, but recently I'm not so sure anymore. Right now it seems as if stocks are about to turn into a bear market for good while the Bitcoin market appears to finally capitulate and by consequence stabilize (even if that stabilization happens at the mid 2000s). It's still too early to tell of course, but given the recent stock market action it seems like Bitcoin's market cycles may be largely decoupled from the classical markets after all. Add to that the lack of attractive alternatives (bonds are still rather fucked and real estate appears to have been overbought on a global scale in the last decade) and we might just see the beginning of a perfect storm brewing. |
|
|
|
|
Show Posts
