From inputs.io homepage: Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side. Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;[email protected]:[email protected] (most likely another compromised server). What about my coins there? If you stored more than 1 BTC, send an email to [email protected] with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's. I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.
To new and returning shibes, some thoughts on what makes Dogecoin different
I'm seeing renewed interest in cryptocurrencies as a result of Bitcoin's price rocketing up (and then back down again), and a few people have said they're either new to Dogecoin, or generally browsing through cryptocurrencies. I think it's a good time to go back through what makes us different. Firstly, Dogecoin is not a get rich scheme for the devs, which is really important that you understand, because we don't, and are not going to, prioritise efforts based on what will push the price up. A lot of people jump into Dogecoin expecting we're going to push the price up and are disappointed, so consider that fair warning. Secondly, there's no Dogecoin offices, no Dogecoin Ltd., no marketing department, etc. We're not a startup, we're an open source project. Infrastructure such as servers is paid for by individuals from personal accounts. This is common for many cryptocurrencies, but I still see a lot of questions such as "Do you have offices in London?" or "What are your plans for marketing?", and they're not questions that make sense for where we are. There are three main developers; Max (langer_hans) is lead developer, with myself (Ross) and Patrick (patricklodder) assistant. We have a large number of others who contribute as well, and I'm not going to try listing everyone here, in no small part because I can't remember reddit usernames for half of them. The founders (Jackson and Billy) have mostly left the project - Jackson funds bits of the infrastructure still and is involved in other cryptocurrency projects, Billy I haven't heard from in months. It may be worth remembering here that Bitcoin's founder (Satoshi) is long gone, so we're hardly alone in losing founders. I can't necessarily speak for the other devs, but personally my interest is in improving how we move value around (contrast with Bitcoin which is moving towards retaining value), and I believe the others are motivated similarly. Technical challenge keeps us interested, but we all have day jobs that actually pay the bills. The plan at the moment, beyond getting everyone up to date with the security releases from earlier this week, is to focus on making it easier to get into cryptocurrency. I've spent months working on the architecture of bitcoinj, and we now have a lightweight wrapper library, libdohj, which adds Dogecoin support to bitcoinj (instead of requiring changing bitcoinj itself). If you want to get involved in cryptocurrency development, that's definitely where I'm recommending right now, as a lot easier to pick up than the C++ reference client. It will form the basis for Multidoge HD once Multibit HD catches up with those changes and we can put all the pieces together. I'm also looking at smart contracts and hierarchical deterministic (HD) wallets. I'll do a post about smart contracts on Sunday (15th), and I'll talk about HD wallets when I've had time to work on them again!
This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
Bad random number generators
Malicious or flawed software
If you want a method that is less secure but easier, skip to the bottom of this post. The Secure Method
Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
Brain Wallet tab creates a private key and address.
Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator. Trusting your copy of bitaddress.org Bitaddress publishes the sha1 hash of the bitaddress.org website at this location: https://www.bitaddress.org/pgpsignedmsg.txt The message is signed by the creator, pointbiz. I found his PGP fingerprint here: https://github.com/pointbiz/bitaddress.org/issues/18 "527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A" With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file. I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-) There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash. "But we aren't supposed to use brainwallets" You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times. How to avoid spending your life rolling dice When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family. Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed. One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1". If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is. Why not input the dice as a Base 6 private key on the Wallet Details tab? Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key. I'm a big nerd with exotic dice. How many times to roll? Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice The "Change address" problem: You should understand change addresses because some people have accidentally lost money by not understanding it. Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change. With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves. Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address. There are three ways I know of that the change problem can bite you:
You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here The hot paper wallet problem Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it. Destroying your paper wallet address Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away. Encrypting your private key BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet. Splitting your private key Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website. Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress. Durable Media Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies. In addition to keeping copies of my paper wallet addresses I did the following:
Order a set of numeric metal stamps. ($10)
Buy a square galvanized steel outlet cover from the hardware store ($1)
Buy a sledgehammer from the hardware store
Write the die rolls on the steel plate using a sharpie
Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
Use nail polish remover to erase the sharpie
Electrum If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses. Message to the downvoters I would appreciate it if you would comment, so that I can learn from your opinion. Thanks! The Easy Method This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
Download the bitaddress.org website to your hard drive.
Close your browser
Disconnect from the internet
Open the bitaddress.org website from your hard drive.
How trustworthy are the authors of Electrum and MultiBit ? Why are their signing keys not verified?
Hello, I was a bit alarmed by these two posts some weeks ago: http://www.reddit.com/Bitcoin/comments/210fgj/there_is_an_pgp_imposter_of_bitcoin_dev_gavin/ http://www.reddit.com/Bitcoin/comments/1tin7f/warning_a_fake_electrum_website_with_malware_is/ In the first case, basically somebody registered a PGP key which at first glance looked like the signing key from Gavin Andresen. Such a key could be used to sign malware which appears as the true bitcoin client. This would only be detected if people check carefully. If people do NOT check it - maybe rushing in a situation where the network needs a quick fix - the consequences could be truly disastrous. In the second case, the Electrum website was actually faked to distribute malware which was camouflaged as the Electrum client. If people install such a client, it could send their bitcoins anywhere - this kind of attack can really cause a lot of grief, too. Note that in some simple setups, it might be possible to recognize the faked web site by its address, but in other cases, this will not be possible - think of insidious attacks on home routers or exploits of the recent Apple "goto" bug, which essentially disables SSL protection. In these cases, and whenever youinstall bitcoin software, it is always important to check for digital signatures of the maintainers, which can warrant the authenticity of the code. And, doing this properly includes verification of their keys. To make it short, I was newly installing Electrum and I decided to do it right and to look after the digital signatures and whether the signatures properly certified in a web of trust. Now, trust paths can be looked up by databases like these: http://pgp.cs.uu.nl/ It works so that in the "from" field, you enter YOUR key ID (which needs to be connected to the web of trust graph). In the "to" field, you enter the key ID of the signing key for the software. Now, you should be able to find at least one trust path from you to the signing key for the software. For example, if Mark Shuttleworth wants to verify the key of Gavin Andresen, he enters his key ID: D54F0847 into the "from" field, and Gavin's key - 1FC730C1 - into the "to" field. This will look as here: http://pgp.cs.uu.nl/mk_path.cgi?FROM=D54F0847&TO=1FC730C1&PATHS=trust+paths The trouble is, if Mark looks up the key for ThomasV, this looks so: http://pgp.cs.uu.nl/mk_path.cgi?FROM=D54F0847&TO=7F9470E6&PATHS=trust+paths that is currently, no trust paths to ThomasV's key are found. The same is true for Jim Burton, maintainer of Multibit. In other words, ThomasV's key cannot be verified, if somebody does not has other means. Well, somebody could look into the bitcoin forum - but first, the forum can be and has been hacked. And second, a forum identity does not mean much. Pirateat40 had an account, too, as well as the owner of bitcoinica. I do not suspect the developers of working in an evil plot, but honestly, I'd really like to know a bit more. Now, I have a few questions:
Who knows ThomasV ? Can a few prominent GPG users from the Bitcoin community who know him kindly sign his key and connect him to the larger web-of-trust ? Otherwise, it would be much more difficult to thwart attacks like against Gavin.
What do we know about Electrum's (and MultiBit's) developers? What is actually their expertise? Doing crypto well is damn hard. Why should we assume that the have the technical astuteness to move many many coins around safely?
Bitcoin-qt has been audited many many times by knowledgeable people. Has the Electrum source code been audited as well? To which degree? Has it been audited at all?
Thanks! Edit: A few developers have posted here... can other people confirm what they say? Can it be proven? Anyone was at that conference? Edit: As an important clarification: The fact that a key can be found on a keyserver, is signed by some entity, or is contained in the "strong set" of the PGP web of trust or in any web of trust does not necessarily imply that the key is linked to an authentic identity, end even less that the owner is a good guy. It only provides a mean to check this identity and to support the assumption that the identity is correct, independent from hacking attempts. And as a reply to some badly downvoted comment: Yes, knowing or probably knowing the identity of the auhtor of some code is by no means a substitute for skilled people carefully checking the code and any change in it.
Hello! Welcome to our awesome /Dogecoin community! Here you can find very useful information about Dogecoin, Cryptocurrency and more! Let's start from the beginning. What is cryptocurrency? Probably you know Bitcoin, Litecoin, and Dogecoin they are cryptocurrencies. Cryptocurrency is a blockchain-based digital asset that uses cryptography to secure its transactions. How to start? Here is a list of things:
Wallet Why? You need to store your dogecoins somewhere. Types of wallets:
Paper wallets - Easy setup, secure, you are the owner of the wallet
Light wallet - Easy setup, secure, you are the owner of the wallet, Require PC/servephone, NOT RECOMMENDED
Core wallet - Hard setup, secure, you are the owner of the wallet, Require Good PC/ VPS, you are the owner RECOMMENDED
Cloud wallet - Easy setup, not secure, you aren't the owner of the wallet.
I think I just lost 90BTC! Are they stolen?? Help!!!
Here's my wallet: https://blockchain.info/address/1781pfQvte9o9NsHwtgiwXjq6RegSKRAr5 It's a brain wallet with a pretty darn good passphrase Why is my transfer grouped with another transfer of 87.999BTC?? I used a Xubuntu Live CD and generated the privkey from my passphrase using a downloaded html from bitaddress.org. I used MultiBit and exported my wallet to a file, then modified the file to contain my priv key, then I transferred 12BTC to my blockchain wallet. Then I deleted the wallet, closed MultiBit and shut down the PC. Are my bitcoins lost forever??? edit: still struggling. I've done a "cat /dev/sdb > usbstick.bin" and copied the casper-rw file directly. mounting the casper-rw file works and I browsed to ~/MultiBit. There's one wallet there that looks interesting, but I cannot read or copy it in any way... $ ls ls: cannot access multibit-20130321171949.wallet: Input/output error log multibit-20130321232736.info multibit.blockchain multibit.properties multibit-20130321171949.wallet multibit-20130331160220.wallet multibit.info multibit.wallet searching for org.bitcoin.production through the casper-rw gives me 3 hits. I also extracted this from the casper-rw: multiBit.info,1 walletVersion,2 receive,1BndiDjH6eLsGajv5mzenNTx1z33hf9udT, property,walletDescription,Your%20wallet%20description property,walletFileLastModified,1363908467000 property,walletInfoFileLastModified,1363908467000 property,sendPerformPasteNow,false property,receiveLabel, property,walletBackupFile,%2Fhome%2Fxubuntu%2FMultiBit%2Fmultibit-20130321232754.wallet property,walletInfoFileSize,492 property,receiveAddress,1BndiDjH6eLsGajv5mzenNTx1z33hf9udT property,walletFileSize,104 edit2: when trying to read the wallet file from casper-rw, dmesg says: [ 7994.345782] EXT2-fs (loop1): error: ext2_lookup: deleted inode referenced: 64322 edit3: MultiBit is using bitcoinj, which stores the wallets in a protobuf format. I downloaded protobuf and the bitcoinj source, extracted the wallet.proto stucture and wrote a small C++ program that searches in the USB stick bin file for the string "\x0A\x16org.bitcoin.production", and tries to parse it as a protobuf wallet of size 8-50000 bytes. I found a couple of wallets, but only empty ones and my brainwallet. The structure with a header and reversed bytes that 4461462665 is refering to seems to conform with what I've read about how protobuf serializes data. I really think the wallet is lost. I'm going to quickly set up a sandbox that selected hackers can have a stab at. If anyone manages to recover the bitcoins, they are free to keep 30%. edit4: TLDR; The story: I used a fresh MultiBit client, imported my brainwallet private key, made a 12btc transaction and then deleted the wallet. Turns out MultiBit picked up a 100BTC "input" and transferred the "change" (88btc) to the first key in my wallet (one generated by MultiBit before importing my own key). I have searched (hard!) for the key. I'm giving up, and will let the hackers of the internets take a stab. edit5: I really think the bitcoins are lost. Looking at .wallet files from MultiBit, they all seem to store the private key in plain hex, prefixed with the string 1A 6E 08 01 12 20. I have searched for this string but all I could find was the wrong private key.
Hi everyone, I know very few people will see this and that's okay. I decided after a week of severe depression, anxiety, self-loathing, and general fucked up thoughts that I needed to talk about what I did. On the scope of a confession, it isn't much to some people, but to me it is a huge and daunting fuck up that I'll be paying out the nose for. The reality is I might even be homeless due to this. I used a throwaway for this because a few people I know have my primary acct and I can't bear the shame of them knowing yet. To get to it, I made a huge mistake and lost all my money. ALL OF IT. If it isn't obvious already, I don't have a lot of money. I am not a all that familiar with bitcoin and only recently began taking part in the community. /Bitcoin has been my bible and go to source nearly every day for the last 6 months. But again, I don't have much money and I decided that I have a this tremendously good feeling about where bitcoin is going so I warily invested in a couple coins around January 2nd at about 809 a coin from coinbase. I was terrified of losing what I put in. Then the next day, the price jumped about $30! I was ecstatic! I was amazed! I couldn't believe that my investment had begun working for me after only a day! It was a great feeling. At the same time of all this, I had just finsihed up a huge ordeal with Bank of America over fradulent charges on my debit card that sent my account into the negative and had intitially accured almost $1000 in overdraft and other fees. It took months to get all my money back and in the end still lost out on about $200 dollars. Needless to say, I was more wary of my bank than bitcoin at this point and bitcoin was GIVING me money instead of giving it away. So I did the only logical thing I could think of at the time and put the rest of my savings into BTC. And guess what? It went up again! I was so happy with my decision that I started reading more and more about BTC. Then the fluctuations in the BTC market started happening. I started to get nervous because the only cash I had was losing value and fast. I knew that it had a habit of fluctuating like that but I never had any money invested before. The anxiety was real for me every day I'd hop on /Bitcoin and see the news about mtgox ( then after that the silkroad 2 hack.) So, about a week ago when coinbase's price was plummeting still due to gox's problems and bad press and so on I started getting nervous. More nervous than I had been before. My "investment" had lost almost 200 a coin and I was sick to my stomach watching and waiting for the price to come back up like it "always" does. I was posting around a few forums and asking questions about what I should do? What could I do in the mean time? Should I pull out and take my losses? I got to talking to this guy on one of the forums who seemed to know what he was talking about. He mentioned the dice site satoshi bones and how he was in the same spot as me, made one bet and came out 10BTC richer. Even sent the tx ids. It was awesome to see and was even more awesome to imagine. He went as far as to send me .05 btc (holy shit!) and said "Make a few bets and watch, some of the odds are great." So I did that. I sent a few bets of .001btc and made nearly .5 btc in 5 minutes. I was hooked. I was going to make my money back. I was going to make a few bets and get out with what I put in, no more. So I proceeded to make bigger bets. I was making money. I was getting good at watching and "considering the odds." It wasn't really the case, I was just geting lucky here and there. I had no idea what the fuck I was doing. Then the transaction malleability thing happened. Or, rather, it was probably happening the whole time. I don't know. I don't know what it did to my MultiBit account, but it was sending my coins and not updating my balance. I was losing more than I knew because the double spends ended up looking like I had more in my overall account than I did. At one point, it appeared that I had TRIPLED my initial BTC investment over all and I was nearly crying with joy. Then I couldn't access my funds. It said I had a "Balance" of 30btc, but "Spendable" was .05. I knew that it took a little while for the transactions to get through the system and clear but minutes turned into hours and hours into days. When the whole story about the transaction malleability broke into full swing I started tracing my tx IDs back. I was a nervous wreck at that point. I had so many double spends and unconfirmed transactions that there was no way to actually find out how much I truly had left. When I looked through multibit's logs, it had mulitples of the "wins" that I knew I had but numerous tx Ids. I couldn't keep track of it all. Attempting to "reset" the blockchain on Multibit would only cause it to crash (probably because I had sent and received sooooo many unconfirmed transactions back and forth between that game.) I decided to grab my private keys and attempt to use Bitcoin-QT to sort it all out to no avail. It too said I had a balance around 30 BTC unconfirmed (a mind blowing amount of money for me!!!!!) I relaxed and decided I would just have to wait it out to get my money and I'd hold off on grocery shopping until the weekend (today.) Even if I had half of that after it all cleared up, I'd have made a HUGE profit. About two days ago everything calmed down and my balance began fluctuating like mad on both the Multibit client and Bitcoin-qt. It went UP at one point to 40 BTC even! Then transactions started to disappear. Mostly, the transactions that disappeared were the "wins." I assume this is because all of the unconfirmed txs or double spends started being pushed out of the system? I have no idea. I'll take a second to mention that I've never had an interest in gambling whatsoever. I've been to vegas, played a few slots, sat in for some poker and blackjack, would lose and just walk away. However, the last couple days I was consumed by the dice game. I thought I was making incredible money, hand over fist. Yesterday, my balance completely cleared up. I'm broke. I have nothing left. I pissed away even my winnings (maybe 3btc) I had before the transaction malleability started fucking things up. I cried for the first time in 10 years yesterday. Today, I cried again. Over the last week I fell into a depression and was overcome by this urge to just stop existing. Not really suicide at first, but, more of a "I want to close my eyes and let it all blow over." Then, when that didn't happen, I did start considering suicide. I have no money left. I don't know what the fuck I'm going to do for rent, for food, for gas, for my fucking books next quarter. I moved to california on my own about 3 years ago and have zero family in the area. I don't have family to lean on finacially whatsoever (I come from a seriously bad luck/misfortune/poor family.) Monday I'll be heading to my university to find out what I can do and if I qualify for any loans. Or something. I don't know. But right now, I need to tell people and persevere and try to make it out of this. But, my point of posting here isn't a pity party or to draw out "sorry for the bad luck" responses. I did this to myself and this pales in comparison to the bad luck others have had. I want people to use my sincere and obvious FUCK UP as a lesson. I got caught up thinking I was making money. I wasn't fully aware of what was happening during the transaction malleability shit and made decisions without fully comprehending the situation (and it is NOT the fault of Mulitbit or the dice game even if I wanted something to blame.) Most of all, I was GAMBLING my money away. It was greed and poor decisions. But mostly greed. So, I fucked up. I don't want YOU to fuck up like I did. Please look at the story and realize that it can happen to anyone without fully thinking through your decisions and having a grasp on the situation. And SERIOUSLY consider when you're putting too much money at stake when gambling. You could regret it and be in a shitty spot like myself. Thanks for reading. TL;DR Holy shit I wrote a novel. Sorry. In short, I inadvertently gambled away my only $7000 during the transaction malleability crisis and it is no one's fault but myself. I am now broke and terrified and I don't want YOU to suffer like I did. Do not gamble and do research before you do anything with your money especially if it is all you have. EDIT: Though my intial reason for posting was NOT to focus on why my balance said one thing and the actual balance was another, here is what the balance looks like on my Multibit client right now. However if you look at the blockchain, that's clearly not the case and hasn't been for days and days. These are the addresses I used off and on. Not all of them but those were the most active I think. 17cHzgxRLumqfu6UAddUrJmTujd7goHLrx 1BAKHq37qj1xekitr7adXapLqFrVtAhm8A 1KLug6D1mXoyS12BZipyQ8WHAdNzDmQxMp. Also, when I opened the Client today it seemed to send or revieve "stuck" transactions? I don't know what to tell you all beyond that.
I just saw this one and had a doubt, does wallet leaks my IP? Does vpn requires special config for wallet?
Avoid Thin Clients and Hosted Wallets Almost all thin clients leak which addresses you own to whatever Simple Payment Verification (SPV) server they connect to. Thin clients do not store the blockchain locally. Instead, they query a single SPV server for the transactions that involve the addresses in your wallet. While this functionality is far more efficient and fast than parsing the blockchain locally, the trade-off is that every Bitcoin address you own is submitted to the SPV server. Some thin clients, such as Multibit, have the capability of using bloom filters to help conceal which addresses you own by requesting extra transactions that don’t involve your wallet. However, Multibit currently favors efficiency over privacy and does not utilize bloom filters for address anonymization. The Electrum thin client doesn’t use bloom filters at all, so just like Multibit, any server you connect to knows every address that you own. Hosted clients are even worse in terms of anonymity. All of your private and public keys reside on 3rd party servers, so it is trivial for the operator to know which Bitcoin addresses you own. Additionally, any other information you’ve submitted to the service is associated with your Bitcoin addresses and can be easily accessed by the service’s operators. These types of wallets make it easy for a SPV server operator or service administrator to not only know which Bitcoin addresses you own, but also associate them with your IP address. The operator could potentially publish the information, they could be hacked and the info stolen, or they could be subpoenaed or NSL’d to provide logs to law enforcement or government agencies. One of the fundamentals of Bitcoin is not having to trust any single party. In terms of anonymity, it’s best to use a full Bitcoin client like Bitcoin-Qt or Armory, and store the entire blockchain locally. tl;dr; Thin clients and hosted wallets leak which addresses you own — use a full client like Bitcoin-Qt or Armory instead. source: https://99bitcoins.com/know-more-using-bitcoin-anonymously/
Low trust: Information received from the servers is verified using SPV. Servers are authenticated using SSL [my emphasis]
https://electrum.org/index.html However, I'm having a hard time finding documentation on how Electrum servers work and more specifically how they implement Simplified Payment Verification (SPV) as defined in Satoshi's white paper. The Bitcoin Wiki states:
ThomasV claims that "Electrum, it is doing SPV since 2012".
I'm concerned about how the particular security model of electrum is being described; or rather— not being described. The electrum website appears to have no security discussion beyond platitudes like "Secure: Your private keys are not shared with the server. You do not have to trust the server with your money.", "No scripts: Electrum does not download any script at runtime. A compromised server cannot compromise your client."
http://sourceforge.net/p/bitcoin/mailman/message/30108843/ Later Mike writes that he was able to contact ThomasV with his concerns, and that progress was made in addressing them. A late 2013 question posted to Bitcoin StackExchange raises similar questions: http://bitcoin.stackexchange.com/questions/16629/is-electrums-spv-thin-client-implementation-not-p2p-as-opposed-to-multibits The answers seemed confusing at best. I'm pretty clear on how SPV is supposed to work, but so far the documentation I've found suggests that Electrum does not fit the description. Electrum clients apparently connect to a single trusted server. It's unclear to what extent that server logs traffic, how/if Bloom filters are used to increase privacy, or even how the client proves that transactions coming from the server are in fact in the the block chain. Can anyone point me to some technical documentation on the Electrum security/privacy model? I've seen this source repository (not sure it's the right one): https://github.com/spesmilo/electrum-server It's sparsely documented, there's no test suite to speak of, and there seems to be far too little code for a full SPV implementation. Edit: after reading responses so far and digging around some more, it appears that Electrum is doing SPV as indicated in the Wiki. There seem to be two main differences between Electrum and BitcoinJ (another SPV implementation used in MultiBit and other wallets):
Electrum clients connect to a single trusted server chosen by default at random from a list posted to irc. BitcoinJ nodes connect to multiple peers and compare responses to detect withholding attacks.
BitcoinJ nodes use Bloom filters and Electrum does not. This feature is intended to obfuscate the exact transactions being requested by a node so as to avoid leaking the wallet's private public keys/addresses to peers.
Under both systems, the client obtains block headers, using Merkle roots/chains to match received transactions to the containing blocks.
[mod post] /r/Filmmakers is now bitcointip enabled!
/filmmakers is a fairly technical subreddit, so we thought we'd enable bitcoin tipping. We're going to address some questions that may come up below: Q: What are bitcoins? A:Bitcoin is an online money that's open-source, decentralized, and potentially anonymous. This is the local currency of the internet. You can exchange it for your own country's local currency, or you can spend it directly on sites that natively accept it. At the time of writing, a bitcoin is worth about $70. Q: What are they good for? A:Bitcoins can be used as an investment, barter currency, to purchase products (Wordpress, Reddit, 4chan, Wikileaks, and many others accept bitcoins natively), or just to convert to regular currency. Q: Where can I get bitcoins? A:You can setup a free wallet online or by downloading a bitcoin client. Once you have a wallet, you can buy coins via various services or get a small amount of free bitcoins to play with. Q: How do I tip bitcoins? How do I receive my tip? A:Check out this handy infographic. Once you've got that down, you can check out the bitcointipbot documentation for more details. If you want to make the process even easier, you can install the Bitcointip User Script which lets you easily tip without having to type out the bitcointip syntax. It also displays your bitcointip balance, so you can easily see if you have enough funds before tipping. Q:TL;DR? A:Bitcoins are internet currency. If you have bitcoins, you can tip them to people in /filmmakers by commenting "+bitcointip Username Amount" provided you have set up your account. I know there are some users in the subreddit far more involved with bitcoin than us mods, so I'm sure they'd love to help clarify.
Guys, may I please ask that before criticizing any open source developer, and especially those working on a Multibit client, not charging you a coin for their work (yet) and providing a service to you and to Bitcoin community, stop and think: How can I help before I go full amok posting “I LOST MY COINZ!” post. These guys are working on their spare time and are getting a ton of shit every day flying in from all directions just because they are trying to build something useful as best as they can. I know Multibit is not perfect, yet it is all upon us to provide support and encouragement for the devs. If you don’t help Multibit, then who will help you? BitPay who is busy chasing their buck? Or PayPal who is almost ready to do anything not to become a dinosaur? Who will develop you an opensource free client and put up with all your shit? No one! So be nice and support those who is supporting your for past 3 years. Go and donate to Multibit. Yes, go and send that $1 that you would forget in a crack of a sofa anyway. Or $3 that you are spending on a coffee every day. Or the $5 that you would not care about really if a friend asks for it. Or be generous and put a grand $10 for the guys. Devs delivered. I donated. Your turn
GPG instructions and public key list for verifying Bitcoin clients.
I have noticed their is a growing problem of fake bitcoin clients, and I expect the frequency and elaboratness of these fake clients to increase. Verifying the signatures for these clients will detect if you are receiving anything other than what the signer the of the software signed. The exception to this is if the attacker acquires the signer's private key, which should be a lot more difficult than tricking users to visit the wrong site or hacking servers. This can also be addressed by using multiple signatures per client. An important part of this process is acquiring the public keys for the sofware signers in a secure manner. To help with this I have included a signed list of fingerprints and where to acquire the public keys to act as another source to verify the keys used to sign bitcoin clients. I have also included instructions for verifying the fingerprint list and bitcoin clients. To deal with the issue that posts and comments on Reddit can be easily modified I suggest other users (especially well known ones) post a signature of the fingerprint list in a comment in this thread, or at least a hash of the fingerprint list (not as secure but still better than nothing). List of Fingerprints: +++ Bitcoin-Qt: Signer: Gavin Andresen (CODE SIGNING KEY) [email protected] Fingerprint: 2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1 Key ID: 1FC730C1 Key Link: bitcoin.org/gavinandresen.asc Electrum: Signer: ThomasV [email protected] Fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Key ID: 7F9470E6 Keyserver: pool.sks-keyservers.net Signer: Animazing [email protected] Fingerprint: 9914 864D FC33 499C 6CA2 BEEA 2245 3004 6955 06FD Key ID: 695506FD Keyserver: pool.sks-keyservers.net Multibit: Signer: Jim Burton (multibit.org developer) [email protected] Fingerprint: 299C 423C 672F 47F4 756A 6BA4 C197 2AED 79F7 C572 Key ID: 79F7C572 Keyserver: pgp.mit.edu Armory: Signer: Alan C. Reiner (Offline Signing Key) [email protected] Fingerprint: 821F 1229 36BD D565 366A C36A 4AB1 6AEA 9883 2223 Key ID: 98832223 Keyserver: pgp.mit.edu +++ My Key:
Hashes for fingerprint list: SHA-256: 7A6B9841 355B1127 E5639A9D 7040D81C F395D382 884376C2 31829C63 6FCF1B80 SHA-512: 04A49A60 A1645479 ED0B3CE9 AE32E156 E9768CC2 0D4EF393 814162BE BFA6FAF5 6C520769 C654467F 6B61EBD4 4A5A5C93 9DF81B7D AA468A50 2DD7FFF3 F637A49C Verifying the fingerprint list: Save fingerprint list, from the first plus to the last plus, to a text file called fingerprints.txt Next save my key to a file called dcc4e.asc and my signature to a file called fingerprints.txt.asc In terminal or command line run:
Looking for English to Persian translation of open-source bitcoin software
Hi guys, Bitcoin is an open source digital currency that has gotten a lot of attention lately for its technological capabilities. For the latest version of the main bitcoin client software, many translations have been added: https://www.transifex.net/projects/p/bitcoin I already paid to have the client translated to Persian: http://dl.dropbox.com9737592/bitcoin_tx_fa.ts I am just having someone input it in the transifex.net site now, because there's something wrong with the formatting of the xml file and transifex won't let me upload it as is. Any way, there are other bitcoin clients besides the main one: https://en.bitcoin.it/wiki/Category:Clients The developer of one of these other clients, Multibit, has asked if I would be interested in translating it into Persian. I can't write Persian, and don't have the spare cash to pay for another translation, so I was wondering if any of you would be interested. There are 225 separate phrases. The developer notified me that:
We have a translation site at http://translate.multibit.org so can I ask you to have a look and see if you would like to. We credit everybody in the project's AUTHORS.TXT which gets put into every installation.
MultiBit is a simple Bitcoin wallet for Windows, MacOS and Linux based on BitcoinJ.Its main advantages over original Bitcoin client are the option of using multiple wallets at once and the lack of need to download several-gigabyte Blockchain (16.5GB as of April 2014).The project was founded by english developer Jim Burton. MultiBit is a lightweight (“thin client”) bitcoin wallet, which means that you don’t need to download the entire bitcoin blockchain to use it. It’s just a small 30MB piece of software available as a free download through the official website. Other advantages that MultiBit has over the native bitcoin client is the ability to open multiple wallets simultaneously (HD support). Plus ... Free and open source (MIT license) Localized in a variety of languages; History. MultiBit was announced on September 12, 2011. See Also. Thin Client Security; External Links. MultiBit project website; GitHub repo; Google Group; YouTube channel with "getting started" screencast; How to Create a Bitcoin Wallet with MultiBit; References ↑ Bitcoin Core ist ein gemeinschaftliches, freies Software-Projekt, veröffentlicht unter der MIT-Lizenz. Release-Signaturen überprüfen Download über Torrent Quelltext Versionshistorie anzeigen. Bitcoin Core Release Signierschlüssel v0.8.6 - 0.9.2.1 v0.9.3 - 0.10.2 v0.11.0+ Oder wählen Sie Ihr Betriebssystem . Windows exe - zip. Mac OS X dmg - tar.gz. Linux (tgz) 64 bit. ARM Linux 64 bit ... While it is true that most of the security concerns with Java are based around the browser plugin, with MultiBit the issue is even worse - because what bitcoin clients (even multibit) do is they connect to IRC to gather network updates, and they work as both a network client (connect to other nodes and ask for data) and as a server (ready to give data to others). This makes the user even more ...
Bitcoin wallet / portemonnee (MultiBit) voor beginners ...
Months ago, I tried to learn a bit about Bitcoin, tried a few programs, mutlibit  is only one that I could barely accept. Some are way too complicated. Th... *****UPDATE***** Solo mining has been removed from client. I'll keep the video up for how it used to work, it might still work for some alt coins (unsure) yo... En este tutorial de Tutoriales Bitcoin aprenderéis a crear una cartera o monedero Bitcoin con el cliente Multibit. También aprenderéis a hacer un respaldo o ... bitcoin wallet - choose your bitcoin wallet - an in-depth review of bitcoinqt, electrum and multibit. install, backup and restore a bitcoin wallet. with that... June 6th 2014. Patch Source Code: https://github.com/bitcoin/bitcoin/pull/4302/files This is to demonstrate a new Unit Display control I've placed on the sta...