Download TronWallet: Bitcoin Blockchain Wallet for PC

Bob The Magic Custodian



Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
See - all problems are solved! All we have to worry about now is:
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):



Thoughts?
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

lost 2349 LTC

Electrum-ltc,
Today I found out Two thousand three hundred ninety nine Litecoins were stolen from my wallet on April 12, 2018.
Here is what I did that day:
1- On the morning of April 12, I decided to reset Windows 10 using the recovery option. and wipe out all files, which I had already backed-up on another drive. 2- After installing Windows office, Chrome and Adobe Reader, I then decided to download the Electrum Litecoin wallet from . 3- I downloaded the "Windows installer" version, typed in my seed during the setup and next a message indicating an error popped-up. The message said something about not being able to connect to the server. 4- I tried once again and the same thing happened. I quickly goggle for an answer but couldn't find a simple one. 5- I then downloaded the "Standalone Executable" version, typed my seed during the setup and the wallet opened. I don't remember checking the balance, but I do remember deciding to give it a few minutes to update. So, I then went to install other wallets and programs, etc. and totally forgot about the wallet. 6- Then, I restarted my computer after some windows updates or something, got carried away with work, and didn't check my Litecoin wallet. 7- Today, April 17, 2018, I decided to check my wallet and I found out my wallet had been emptied. 8- After trying to figure out how I had been hacked I found out that my wallet was emptied seconds after I installed the wallet on April 12. The hack didn't just stop there, my seed was also used to claim and take my Litecoin Cash.
Because the hack happened exactly at the moment of the Electrum Litecoin wallet was installed and seems like it was an automatic process, I suspect the hack came through the wallet downloaded web page electrumltc.org.
New information/ Add 4/24/2018 6:26 pm East time
Through the Bing search, we typed electrum ltc, and the false page appeared. Electrumltc.org
I had the windows wallets from that site analysed by a programmer. We discovered that it sends the seeds 12 words to this address ip 111.90.149.131. I beg the community for any help . We will be very attentive .. We have been studying how the Litecoins have moved in the Blockchain, and we notice that they were sent to some wallets that, according to Chainz's explorer. belong to Bitfinex and Binance. In the end, the coins arrived to Wallet LTU2cds4aSdXFip9sV4gXphnhxGQjgfjmg. I would like to ask you from my heart to help from the whole community, to publish this information, in hopes that Binance and Bitfinex, recognize the Litecoins as stolen and take actions. From our wallet the coin passed through their systems. I remember when I started in the world of cryptocurrencies, Bitfinex was hacked for an amount of 60million dollars equivalent in Bitcoin, at that moment ...time flies. We are following the Litecoin and organizing all the information to let the cryptocurrency community know about the stolen 2,449 LTC (first 2,399 LTC and then 50 LTC).
In the following direction, a whole discussion on the subject was started ... and there are images related to the theft: https://github.com/pooleelectrum-ltc/issues/176
submitted by danbel79 to litecoin [link] [comments]

The Exhaustive EOS FAQ

The Exhaustive EOS FAQ

 
With the large number of new readers coming to this sub we need to make information easy to access so those readers can make informed decisions. We all know there is an unusually large amount of Fear, Uncertainty and Doubt (FUD) surrounding EOS. Frankly, when clear evidence is provided it’s not that difficult to see EOS for the extremely valuable project it is. This post hopes to begin to put an end to all the misinformation by doing the following:  
  • Giving a clear and concise answer to the most frequently asked questions in regards to EOS.
  • Giving a more in-depth answer for those who want to read more.
  • Allowing readers to make informed decisions by making credible information easy to access.
 
As EOS climbs the ranks we need to recognise there are going to be a lot of skeptical readers coming over and posting their questions. Sometimes they will be irrational, hostile and often just looking for a reaction. We should make it our responsibility to welcome everyone and refrain from responding emotionally to provocative posts, instead providing factual and rational answers.
I will add to this post as and when I can, if you have any ideas or spot any mistakes let me know and I'll get them fixed ASAP. Im planning to add a bit on the team, centralisation and DPOS, governance and EOS VC shortly but please let me hear your suggestions!
 

FAQ

1. How do you registeclaim your EOS tokens before June 2018?

 
Answer courtesy of endless. If you have not done so, you will need to create a new pair of EOS public and private keys and register them with an Ethereum address. This only needs to be done once.
On or around June 1, 2018 all EOS Tokens will become frozen and non-transferable on the Ethereum blockchain. Not long after, I suspect that EOS community members will create a snapshot of token balances that carry over onto a new community generated and selected EOS blockchain. block.one will not be launching EOS blockchains or operating any of their nodes. Additionally, this is a community subreddit unaffiliated in an official capacity with block.one
Method #1: MetaMask (recommended)
Video guide: https://www.youtube.com/watch?v=8K1Q5hX_4-o
steemit tutorial: https://steemit.com/eos/@ash/full-walkthrough-how-to-join-eos-ico
Method #2: MyEtherWallet
steemit tutorial: https://steemit.com/eos/@sandwich/contributing-to-eos-token-sale-with-myetherwallet-and-contract-inner-workings
Method #3: Exodus Wallet
Official website tutorial: http://support.exodus.io/article/65-i-ve-received-eos-tokens-in-exodus-how-do-i-register-them
Important note courtesy of dskvry bka Sandwich, the author of Method #2's steemit tutorial:
claimAll will not work for most users. When you get to the claim step, please use the following tutorial: https://steemit.com/eos/@koyn/minimizing-the-cost-of-gas-when-claiming-eos-using-myetherwallet
Did you buy your EOS tokens on an exchange? (Courtesy of IQOptionCoin)
REMEMBER YOU ONLY NEED TO REGISTER YOUR TOKENS IF YOU BOUGHT THEM ON AN EXCHANGE. YOU DON'T NEED TO CLAIM THEM.
  1. Go to the EOS website https://eos.io
  2. Scroll down and select "GET EOS"
  3. Tick all the required boxes and click "Continue"
  4. Scroll down and click "Register"
  5. Select Metamask, MyEtherWallet, or Ethereum Wallet
  6. Follow the guide.
  7. Remember that the reason you need to register your Ethereum ERC-20 address is to include your EOS tokens in order for the balance of your EOS Tokens to be included in the Snapshot if a Snapshot is created, you must register your Ethereum address with an EOS public key. The EOS snapshot will take place prior to the 1 June 2018. After this point your ERC-20 EOS tokens will be frozen. And you will be issued EOS tokens on the EOS blockchain.
So PLEASE REGISTER your Ethereum address NOW, don't forget about it, or plan on doing it some time in the near future.
There are a lot of submissions about this in /eos, so rather than making a new one please reply to this thread with any questions you may have. Don't forget to join the EOS mailing list: https://eos.io/#subscribe and join the EOS community on your platform(s) of choice: Telegram, Discord and/or Facebook.
And remember, if anyone instructs you to transfer ETH to an EOS contract address that doesn't match the address found on https://eos.io you are being scammed.
 

Sources:

How to registeclaim your EOS tokens before June 2018 by endless
Official EOS FAQ
 

2. How will the token the ERC-20 EOS tokens be transferred to the native blockchain?

 

Quick answer:

There isn't one! Read the long answer then read it again, registering your Ethereum wallet is mandatory!
 

Long answer:

Within 23 hours after the end of the final period on June 1, 2018 at 22:59:59 UTC, all EOS Tokens will become fixed (ie. frozen) and will become non-transferrable on the Ethereum blockchain.
In order to ensure your tokens are transferred over to the native blockchain you must register your Ethereum address with an EOS public key, if you do not you will lose all your tokens! I am not going to link any tutorials as there are many that can be found by searching Google and YouTube.
block.one is helping with the development of snapshot software that can be used to capture the EOS token balance and registered EOS public key of wallets on the Ethereum blockchain. It is then down to the community to create the snapshot. This snapshot can be used when generating a genesis block for a blockchain implementing eos.io software. block.one will not be launching EOS blockchains or operating any of their nodes.
 
Exchange Support
Some exchanges have announced that they will support the token swap. Although using this method will undoubtedly be much simpler than registering the tokens yourself it also comes with its pitfalls.
  • It is highly likely there are going to be multiple networks running on the eos.io software that use the snapshot. It is highly unlikely that exchanges will support them all.
  • It is highly likely that exchanges will not support airdrops that use the snapshot.
Exchanges that have announced support for the token swap include:
 

Sources:

EOS.io
 

3. What does EOS aim to achieve?

 

Quick answer:

EOS.IO software is aiming to provide a decentralized operating system which can support thousands of industrial scale DApps by enabling vertical and horizontal scaling.
 

Long answer:

EOS.IO is software that introduces a blockchain architecture designed to enable vertical and horizontal scaling of decentralized applications. This is achieved through an operating system-like construct upon which applications can be built. The software provides accounts, authentication, databases, asynchronous communication and the scheduling of applications across multiple CPU cores and/or clusters. The resulting technology is a blockchain architecture that has the potential to scale to millions of transactions per second, eliminates user fees and allows for quick and easy deployment of decentralized applications.
 

Sources:

Official EOS FAQ
 

4. Who are the key team figures behind EOS?

 
  • CEO Brendan Blumer - Founder of ii5 (1group) and okay.com. He has been in the blockchain industry since 2014 and started selling virtual assets at the age of 15. Brenden can be found on the Forbes Cypto Rich List. Brendan can be found on Twitter.
  • CTO Dan Larimer - Dan's the visionary industry leader who built BitShares, Graphene and Steemit as well as the increasingly popular Proof of Stake Governance and Decentralised Autonomous Organization Concept. He states his mission in life is “to find free market solutions to secure life, liberty, and property for all.”. Dan can also be found on the Forbes Cypto Rich List. Dan can be found on Twitter and Medium.
  • Partner Ian Grigg - Financial cryptographer who's been building cryptographic ledger platforms for 2+ decades. Inventor of the Ricardian Contract and Triple-Entry Accounting.
 

Sources:

Forbes Crypto Rich List
 

5. Where can the latest EOS news be found?

 
Official:
Community:
Developers:
 

6. Which consensus mechanism does EOS use and what are Block Producers?

 

Quick answer:

Delegated Proof of Stake (DPOS) with Byzantine Fault Tolerance. Block Producers (BPs) produce the blocks of the blockchain and are elected by token holders that vote for them. BPs will earn block rewards for their service, these block rewards come in the form of EOS tokens produced by token inflation.
 

Long answer:

Taken from the EOS.IO Technical White Paper v2:
“EOS.IO software utilizes the only known decentralized consensus algorithm proven capable of meeting the performance requirements of applications on the blockchain, Delegated Proof of Stake (DPOS). Under this algorithm, those who hold tokens on a blockchain adopting the EOS.IO software may select block producers through a continuous approval voting system. Anyone may choose to participate in block production and will be given an opportunity to produce blocks, provided they can persuade token holders to vote for them.
The EOS.IO software enables blocks to be produced exactly every 0.5 second and exactly one producer is authorized to produce a block at any given point in time. If the block is not produced at the scheduled time, then the block for that time slot is skipped. When one or more blocks are skipped, there is a 0.5 or more second gap in the blockchain.
Using the EOS.IO software, blocks are produced in rounds of 126 (6 blocks each, times 21 producers). At the start of each round 21 unique block producers are chosen by preference of votes cast by token holders. The selected producers are scheduled in an order agreed upon by 15 or more producers.
Byzantine Fault Tolerance is added to traditional DPOS by allowing all producers to sign all blocks so long as no producer signs two blocks with the same timestamp or the same block height. Once 15 producers have signed a block the block is deemed irreversible. Any byzantine producer would have to generate cryptographic evidence of their treason by signing two blocks with the same timestamp or blockheight. Under this model a irreversible consensus should be reachable within 1 second."
 

7. How does the voting process work?

 
The voting process will begin once the Block Producer community releases a joint statement ensuring that it is safe to import private keys and vote.
Broadly speaking there will be two methods of voting:
  1. Command Line Interface (CLI) tools
  2. Web portals
EOS Canada has created eosc, a CLI tool that supports Block Producer voting. Other Block Producer candidates such as LibertyBlock are a releasing web portal that will be ready for main net launch. There will be many more options over the coming weeks, please make sure you are always using a service from a trusted entity.
Remember: Do not import your private key until you have seen a joint statement released from at least five Block Producers that you trust which states when it is safe to do so. Ignoring this warning could result in tokens lost.
 

8. What makes EOS a good investment?

 
  • Team - EOS is spearheaded by the visionary that brought us the hugely successful Bitshares and Steem - arguably with two projects already under his belt there is no one more accomplished in the space.
  • Funding - EOS is one of the best funded projects in the space. The block.one team has committed $1B to investing in funds that grow the EOS echo system. EOS VC funds are managed by venture leaders distributed around the world to insure founders in all markets have the ability to work directly with local investors. Incentives such as the EOS hackathon are also in place with $1,500,000 USD in Prizes Across 4 Events.
  • Community Focus - The team is aware that the a projects success depends almost entirely on its adoption. For this reason there has been a huge push to develop a strong world wide community. There is already a surplus number of block producers that have registered their interest and started to ready themselves for the launch and incentives the EOS hackathon are being used to grow the community. A index of projects using EOS can be found at https://eosindex.io/posts.
  • Technical Advantages - See point 9!
 

9. What are the unique selling points of EOS?

 
  • Scaleability
    • Potential to scale to millions of transactions per second
    • Inter-blockchain communication
    • Separates authentication from execution
  • Flexibility
    • Freeze and fix broken applications
    • Generalised role based permissions
    • Web Assembly
  • Usability
    • Elimination of transaction fees
    • True user accounts with usernames, passwords and account recovery (no more having to remember long cryptographic keys)
    • Web toolkit for interface development
 

Sources:

eos.io
EOS Whitepaper
 

10. Is there currently a working product?

 

Quick answer:

This depends entirely on your definition of working product. If a fully featured developer release meets your definition then yes!. Otherwise the public release will be June 2018.
 

Long answer:

EOS differs from other projects in that it aims to deliver a fully featured version of the software on launch. The Dawn 3.0 RC1 feature complete pre-release became available on April 5th. This version has all the features of the final release that is due June 2018. Further development will involve preparing the final system contract which implements all of the staking, voting, and governance mechanics. The common notion that there is no viewable code published is wrong and the initial Dawn 1.0 release has been available from September 14th 2017.
 
EOSIO V1 - June 2nd 2018
Dawn 3.0 RC1 - April 5th 2018
Dawn 3.0 Alpha - January 23rd 2018
Dawn 2.0 - December 4th 2017
Dawn 1.0 - September 14th 2017
 

Sources:

 

11. EOS is an ERC-20 token, how can it possibly be a competitor to other platforms?

 

Quick answer:

The ERC-20 token is used only for raising funds during the token distribution; all tokens will be transferred to the native blockchain once launched.
 

Long answer:

EOS team has clearly stated their reason for choosing the Ethereum network when they described the rationale behind the ICO model. Specifically, the ICO should be a fair and auditable process, with as little trust required as possible. If you believe that an ICO should be fair, auditable, and trustless, you have no choice but to use a decentralized smart contract blockchain to run the ICO, the largest, and by-far most popular of which is Ethereum. Since EOS is intended to be a major competitor for Ethereum, some have seen this as a hypocritical choice. - Stolen from trogdor on Steam (I couldn’t word it any better myself).  

Sources:

The EOS ico for dummies by trogdor
Official EOS FAQ
 

12. Why do the eos.io T&C’s say the ERC-20 token has no value?

 
The EOS T&C’s famously state:
"The EOS Tokens do not have any rights, uses, purpose, attributes, functionalities or features, express or implied, including, without limitation, any uses, purpose, attributes, functionalities or features on the EOS Platform."
 

Quick answer:

This is legal wording to avoid all the legal complications in this emerging space, block.one do not want to find themselves in a lawsuit as we are seeing with an increasing amount of other ICOs. Most notably Tezos (links below).
 

Long answer:

This all comes down to legal issues. Anyone who’s been into crypto for 5 minuets knows that government bodies such as the Securities and Exchange Commission (SEC) are now paying attention to crypto in a big way. This legal wording is to avoid all the legal complications in this emerging space, block.one do not want to find themselves in a lawsuit as we are seeing with an increasing amount of other ICOs. Many token creators that launched ICOs are now in deep water for selling unregistered securities.
 
A filing from the Tezos lawsuit:
"In sum, Defendants capitalized on the recent enthusiasm for blockchain technology and cryptocurrencies to raise funds through the ICO, illegally sold unqualified and unregistered securities, used a Swiss-based entity in an unsuccessful attempt to evade U.S. securities laws, and are now admittedly engaged in the conversion, selling, and possible dissipation of the proceeds that they collected from the Class through their unregistered offering."
 
To ensure EOS tokens are not classed as a unregistered security block.one has made it clear that they are creating the EOS software only and won’t launching a public blockchain themselves. This task is left down to the community, or more precisely, the Block Producers (BPs). The following disclaimer is seen after posts from block.one:
 
"block.one is a software company and is producing the EOS.IO software as free, open source software. This software may enable those who deploy it to launch a blockchain or decentralized applications with the features described above. block.one will not be launching a public blockchain based on the EOS.IO software. It will be the sole responsibility of third parties and the community and those who wish to become block producers to implement the features and/or provide the services described above as they see fit. block.one does not guarantee that anyone will implement such features or provide such services or that the EOS.IO software will be adopted and deployed in any way.”
 
It is expected that many blockchains using eos.io software will emerge. To ensure DAPPs are created on an ecosystem that aligns with the interests of block.one a $1bn fund will be has been created to incentivise projects to use this blockchain.
 

Sources:

EOS.io FAQ Great video on this topic by The Awakenment EOS $1bn Fund Announcement Article on the Tezos lawsuit Article on the Gigawatt lawsuit An official block.one post featuring disclaimer
 

13. Why is the token distribution one year long?

 
Official statement from block.one:
“A lot of token distributions only allow a small amount of people to participate. The EOS Token distribution structure was created to provide a sufficient period of time for people to participate if they so choose, as well as give people the opportunity to see the development of the EOS.IO Software prior to making a decision to purchase EOS Tokens.”
 
It is also worth noting that block.one had no knowledge how much the the token distribution would raise as it is determined by the free market and the length of the token distribution is coded into the Ethereum smart contract, which cannot be changed.
 

Sources:

EOS.io FAQ
 

14. Where is the money going from the token distribution?

 

Quick answer:

Funding for the project was raised before EOS was announced, the additional money raised from the token distribution is largely going to fund projects on EOS.
 

Long answer:

A large portion of the money raised is getting put back into the community to incentivise projects using eos.io software. block.one raised all the money they needed to develop the software before the ERC-20 tokens went on sale. There are some conspiracies that block.one are pumping the price of EOS using the funds raised. The good thing about blockchain is you can trace all the transactions, which show nothing of the sort. Not only this but the EOS team are going to have an independent audit after the funding is complete for piece of mind.
 
From eos.io FAQ:
“block.one intends to engage an independent third party auditor who will release an independent audit report providing further assurances that block.one has not purchased EOS Tokens during the EOS Token distribution period or traded EOS Tokens (including using proceeds from the EOS Token distribution for these purposes). This report will be made available to the public on the eos.io website.”
 

Sources:

EOS.io FAQ EOS $1bn Fund Announcement
 

15. Who's using EOS?

 
With 2 months from launch left there is a vibrant community forming around EOS. Some of the most notable projects that EOS software will support are:
A more complete list of EOS projects can be found at eosindex.io.
 

16. Dan left his previous projects, will he leave EOS?

 

Quick answer:

When EOS has been created Dan will move onto creating projects for EOS with block.one.
 

Long answer:

When a blockchain project has gained momentum and a strong community has formed the project takes on a life of its own and the communities often have ideas that differ from the creators. As we have seen with the Bitcoin and Ethereum hark forks you cant pivot a community too much in a different direction, especially if its changing the fundamentals of the blockchain. Instead of acting like a tyrant Dan has let the communities do what they want and gone a different way. Both the Bitshares and Steem were left in a great position and with Dans help turned out to be two of the most successful blockchain projects to date. Some would argue the most successful projects that are actually useable and have a real use case.
What Dan does best is build the architecture and show whats possible. Anyone can then go on to do the upgrades. He is creating EOS to build his future projects upon it. He has stated he loves working at block.one with Brendan and the team and there is far too much momentum behind EOS for him to possibly leave.
 

Sources:

Dans future beyond EOS
Why Dan left Bitshares
Why Dan left Steem
 

17. Is EOS susceptible to DDoS attacks?

 
No one could have better knowledge on this subject than our Block Producer candidates, I have chosen to look to EOS New York for this answer:
"DDoS'ing a block producing is not as simple as knowing their IP address and hitting "go". We have distributed systems engineers in each of our candidate groups that have worked to defend DDoS systems in their careers. Infrastructure can be built in a way to minimize the exposure of the Block Producing node itself and to prevent a DDoS attack. We haven't published our full architecture yet but let's take a look at fellow candidate EOSphere to see what we mean. As for the launch of the network, we are assuming there will be attacks on the network as we launch. It is being built into the network launch plans. I will reach out to our engineers to get a more detailed answer for you. What also must be considered is that there will be 121 total producing and non-producing nodes on the network. To DDoS all 121 which are located all around the world with different security configurations at the exact same time would be a monumental achievement."
 

Sources:

eosnewyork on DDoS attackd
EOSSphere Architecture
 

18. If block producers can alter code how do we know they will not do so maliciously?

 

Quick answer:

  • Block producers are voted in by stake holders.
  • Changes to the protocol, constitution or other updates are proposed to the community by block producers.
  • Changes takes 2 to 3 months due to the fact block producers must maintain 15/21 approval for a set amount of time while for changes to be processed.
  • To ensure bad actors can be identified and expelled the block.one backed community will not back an open-entry system built around anonymous participation.
 

Long answer:

For this question we must understand the following.
  • Governance and why it is used.
  • The process of upgrading the protocol, constitution & other updates.
  • Dan’s view on open-entry systems built around anonymous participation.
 
Governance
Cryptography can only be used to prove logical consistency. It cannot be used to make subjective judgment calls, determine right or wrong, or even identify truth or falsehood (outside of consistency). We need humans to perform these tasks and therefore we need governance!
Governance is the process by which people in a community:
  1. Reach consensus on subjective matters of collective action that cannot be captured entirely by software algorithms;
  2. Carry out the decisions they reach; and
  3. Alter the governance rules themselves via Constitutional amendments.
Embedded into the EOS.IO software is the election of block producers. Before any change can be made to the blockchain these block producers must approve it. If the block producers refuse to make changes desired by the token holders then they can be voted out. If the block producers make changes without permission of the token holders then all other non-producing full-node validators (exchanges, etc) will reject the change.
 
Upgrade process
The EOS.IO software defines the following process by which the protocol, as defined by the canonical source code and its constitution, can be updated:
  1. Block producers propose a change to the constitution and obtains 15/21 approval.
  2. Block producers maintain 15/21 approval of the new constitution for 30 consecutive days.
  3. All users are required to indicate acceptance of the new constitution as a condition of future transactions being processed.
  4. Block producers adopt changes to the source code to reflect the change in the constitution and propose it to the blockchain using the hash of the new constitution.
  5. Block producers maintain 15/21 approval of the new code for 30 consecutive days.
  6. Changes to the code take effect 7 days later, giving all non-producing full nodes 1 week to upgrade after ratification of the source code.
  7. All nodes that do not upgrade to the new code shut down automatically.
By default, configuration of the EOS.IO software, the process of updating the blockchain to add new features takes 2 to 3 months, while updates to fix non-critical bugs that do not require changes to the constitution can take 1 to 2 months.
 
Open-entry systems built around anonymous participation
To ensure bad actors can be identified and expelled the block.one backed community will not back an open-entry system built around anonymous participation.
Dan's quote:
"The only way to maintain the integrity of a community is for the community to have control over its own composition. This means that open-entry systems built around anonymous participation will have no means expelling bad actors and will eventually succumb to profit-driven corruption. You cannot use stake as a proxy for goodness whether that stake is held in a bond or a shareholder’s vote. Goodness is subjective and it is up to each community to define what values they hold as good and to actively expel people they hold has bad.
The community I want to participate in will expel the rent-seeking vote-buyers and reward those who use their elected broadcasting power for the benefit of all community members rather than special interest groups (such as vote-buyers). I have faith that such a community will be far more competitive in a market competition for mindshare than one that elects vote buyers."
 

Sources:

The Limits of Crypto-economic Governance
EOS.IO Technical White Paper v2
 

19. What is the most secure way to generate EOS key pairs?

 
Block producer candidates EOS Cafe and EOS New York have come forward to help the community with this topic.
The block producer candidate eosnewyork has kindly posted a tutorial on steemit detailing the steps that need to be taken to generate key pairs using the official code on the EOS.IO Github.
The block producer candidate eoscafe has gone a step further and released an Offline EOS Key Generator application complete with GUI for Windows, Linux & Mac. Not only can this application generate key pairs but it can also validate key pairs and resolve public keys from private keys. This application has also been vouched for by EOS New York
 

Sources:

EOS.IO Github
eosnewyork's key pair generation tutorial
eoscafe's offline key par generation application  
submitted by Techno-Tech to eos [link] [comments]

CRYPTOCURRENCY CARDANO (ADA)

CRYPTOCURRENCY CARDANO (ADA)

https://preview.redd.it/ajbfzpprwmt31.png?width=1901&format=png&auto=webp&s=6509343a0c882b97a7fe55eeccb873062ba09c66
Cardano is a cryptocurrency running on a decentralized blockchain platform that is under development. The project team strives to gain the trust of users by ensuring transparency of everything that happens in the system.

THE HISTORY OF THE EMERGENCE

Cardano (ADA) was created by a team led by Charles Haskinson, who previously worked on Ethereum, but left the number of cryptocurrency developers before the ICO. In 2014, he and Jeremy wood formed IOHK. In the same year, a group of Japanese investors signed a 6-year contract with this firm to create a blockchain project based on the use of algorithms for independent execution of exchange operations with different types of assets.

https://preview.redd.it/2i65etfaxmt31.png?width=308&format=png&auto=webp&s=29c9fbda1552a59c33452e60afb1bd1b8d6c3d48
The platform was named after Gerolamo Cardano, an Italian mathematician, engineer, philosopher and astrologer. The Ada token was composed of 3 letters of the scientist's surname so that the name of the world's first female programmer-Ada Lovelace - turned out.
The currency ICO was held in several stages in 2015-2017. as a result, $62 million was collected during operations only within the ADA Coin system. Until 2019, the developers plan to launch a number of decentralized applications and services for the implementation of smart contracts.
In the beginning, the team warned that the low speed of operations (only 5-10 transactions per second) can affect the rate of cryptocurrency. Experts plan to increase the speed of transactions by introducing the system of bandwidth nodes, the Protocol of which will be written in the programming language Haskell. Also prevent the success of the project could reputation of the author of the idea of Charles Hoskinson, who left his previous job without explanation. But the cost of the coin was not affected by these factors, the prospects for the project are good.

Cardano Presentation
The success of the project is also facilitated by the fact that it is engaged in 3 institutions performing different functions:

  • IOHK is responsible for the construction of the siege system. This institution is engaged in the technical side of the platform, its improvement.
  • The Cardano Foundation is located in Switzerland. Responsible for the control of the organization and its development, standardization and protection of technologies.
  • Emurgo is based on the Isle of man. The organization was created to promote the company's products in the market.
The goal of the creators of the project is a sustainable system that is able to attract investment and thereby support itself.

MAIN FEATURES OF CARDANO COIN

Cardano (ADA) is a cryptocurrency whose task is to secure smart contracts between users on terms beneficial to both parties. Such principles of asset exchange will be the basis for further development of digital currencies. The Ada token has many pluses, but there are also minuses.

Advantages

  • Democracy in the control of transactions and mining.
  • Scientific approach in the development of the mathematical block of the platform, allowing to have a good traffic generation.
  • High degree of protection against hacker attacks.
  • Anonymity.
  • Protection of users from unscrupulous partners.

Disadvantages

  • Using test software.
  • Incomplete platform management.
  • No protocols for long-term planning.
  • Insufficient control over the data provided by users.

HOW TO MINE CARDANO

The Cardano platform is based on the Proof of Stake algorithm. This means that the chances of a miner to create a block are directly proportional to the assets available to him, the results of work on solving a mathematical problem do not matter.

Advantages of Cardano mining:

  • Easy entry.
  • No expensive equipment is required.
  • Don't need a lot of electricity.
  • Relative stability.

WHERE AND HOW TO BUY CARDANO ADA CRYPTOCURRENCY

Cardano coins are traded in pairs with other cryptocurrencies on most exchanges (Finance, Bitrix, Http, Upbit, Bithumb, Cryptopia, etc.). There are exchangers (Prostocash, Xchange, 60 cek) and Exmo exchange, where you can buy Cardano cryptocurrency for rubles and other Fiat currency, after exchanging it for bitcoins or ethers. You can pay in exchangers via PayPal or Bank card.
Purchase instructions ADA:
  1. To buy in exchange for Bitcoin or Etherium.
  2. Register on the exchange and install a wallet with Cardano support.
  3. Exchange purchased bitcoins or ethers for Cardano.
  4. Withdraw ADA to wallet.

Purchase on Binance
Crypto exchanges provide the ability to store funds, but it is better to withdraw tokens to the wallet immediately after purchase. If this is not possible, you should take care of the security of your account. Asset storage is better not to trust little-known exchanges.

CARDANO WALLET

Until March 2018, the only e-wallet in which ADA could be stored was Daedalus. There are versions for Windows, Mac and Linux. The wallet is suitable for anonymous transactions. The Cardano team plans to issue a debit card that can be replenished through this e-wallet.
Daedalus installation instructions:
  1. Go to the site Cardanohub.org.
  2. Find the Get started tab and go to Deadalus wallet.
  3. Click on Download, download the app.
  4. Open the file, configure the installation settings.

https://preview.redd.it/tyomywqj2nt31.png?width=400&format=png&auto=webp&s=d0cf94f05c85c2205abde505831e5aeaca03dd8e
In March, it became possible to store ADA tokens in the Centra wallet. This means that the currency can be withdrawn using the Centra card in 36 million terminals around the world.

Web wallets are popular because of convenience. Many sites offer to download them to store ADA, but this should not be done, so as not to fall for the tricks of scammers. On the official website of the company there is no data on cooperation with owners of online wallets.

WHAT ARE THE PROSPECTS FOR THE ADA CRYPTOCURRENCY

Given the big plans of Cardano developers, the forecast for 2020 regarding this cryptocurrency is good. If the team implements its ideas to expand the use of coins, ADA may become popular in the market after a while, despite the fall in user confidence in cryptocurrencies.

Road map of Cardano

The author of the platform Hoskinson said that the work on scaling the data will not yield results until 2019. Developers want to introduce innovative technologies into their project, their creation and research takes a lot of time. By the end of the year, it is planned to standardize the protocols and improve the reliability of the system, but the achievement of these goals may be delayed due to the complexity of the ideas. At this stage of operation of the platform, information about the use of high technologies in support of Cardano's work is not proven.
Cryptocurrency faces competition among firms providing such services. It interferes with its development. Specialists working on improving Litecoin and Dash use similar principles when conducting transactions. Ripple plans to become an element combining currencies recognized as official and digital assets, making it more attractive to investors.
The exclusivity of the project is that its development is scientifically justified. But this is not a significant advantage, as most traders do not want to spend time figuring out the details of the technical side of the project, and are interested in its functionality.
If the Cardano project team fulfills its plans by the end of the year, the prospect of this currency is quite good. The success of ADA depends on how convenient the token will be to use.
submitted by AVAY11 to u/AVAY11 [link] [comments]

Profit Trailer : A Newbie Guide to Setting up your first Crypto Trading Bot!

Hello Everyone! Unless you’ve been living under a rock, you’ve likely heard all about BitCoin, LiteCoin, Ethereum and a whole host cryptocurrencies. As cryptomining profitability fades underneath increasing difficulties and the rising cost of mining machines, the world is dazzled by the utterly insane profit margins to be made in TRADING cryptocurrencies. This typically leads the average Joe to look into and, likely, invest some money into the cryptocurrency market. And, as time progresses (especially if profits are being made), one inevitably must make a choice to use a trading bot or not.
Now, I’m not trying to sell you one way or the other. My goal here is to take one of the newest and seemingly most profitable of the numerous trading bots out there, Profit Trailer, and break down getting the bot installed and running. There are numerous guides to Profit Trailer Installation and all of them are good. Crypto Gnome has some excellent information at https://github.com/CryptoGnome/Profit-Trailer-Settings/wiki/Setup-Guide. I’m not trying to knock him or anyone else with a guide out there. BUT………….
There are a few things that, in the course of installing this bot for a family member who has gotten on the crypto wagon in a big way, I noticed were lacking in the main set of guides. This being that not one of them had been designed with the true noob in mind. Each assumed a level of knowledge and discourse that can ( and would) leave a newbie cursing the fact they just spent .03 of a Bitcoin on something that refuses to even start.
Anyway, the point is, if you don’t have a tech savvy person handy, you could be left with, at best, the program downloaded but unable to start it or at worst, out a nice chunk of your crypto because of failing to understand EXACTLY what is needed to make the bot operate. Any suggestions on how to make this guide more complete, such as adding specific exchange instructions would be most appreciated.
Have an account at either Bittrex, Poloniex or Binance ACTIVE! I have read horror stories regarding buying this bot and installing it without having your account open and logged into. Just in case there is truth to them, better to be safe than sorry. Open your account of choice ( we used Binance so that is the exchange that this guide refers to. ) Use the account interface to create TWO(2) sets of API keys. One will be public, one will be secret in each set. You will notice that, at least on Binance, that each set of keys will have 2 permissions checked and one, withdrawals, unchecked. This is as it should be. If for some reason the withdrawals permission is checked, delete the key and start over. I would suggest that, for ease of use sake, you label each of the sets of keys. The first should be labeled (yourexchange)Default and the second should be labeled(yourexchange)Trading. This will help you recognize which keys are which later in the setup process. Copy these into a Notepad file, Word file, write them on your bedroom walls in blood, just keep BOTH SETS OF THESE API KEYS SAFE! Anyone with these keys has access to your exchange account. The first key will be initially used when you buy the Profit Trailer bot. The others will be used when you set up Profit Trailer. Ensure that you have JAVA 8 installed and running on your computer. It is extremely important that it be JAVA 8 and not 9. Profit Trailer WILL NOT WORK WITH THE JAVA 9 JRE. This problem was likely the biggest hurdle with Profit Trailer until I realized what was happening. Download and install Notepad++. Very Important. Some guides make it sound like you can do the settings changes on a regular NotePad file. This may be true, but Notepad++ is an actual IDE (software writing program for the uninitiated) that will give you the same view that all the guys in their YouTube Videos have up when they discuss their settings. Just saying guys, you’ve got people who, while they might know how to trade, might not know squat about IDE’s and their function. Buy the bot. This can be accomplished at https://profittrailer.com/pt/CryptoGnome/ At check out, you will be asked for the FIRST of the API keys you created. This will be the, first PUBLIC key you created. Pay for the bot. Wait for BitCoin to go from wallet to Profit Trailer creators. Have a beer….Smoke a cigarette….watch a movie. Seriously, you’re gonna be waiting awhile. One good idea while you spend hours waiting for the license key to be sent to you is to ensure that, if you have a newly created exchange account, you should place some cryptocurrency/money in the account…otherwise you’ve got another wait. Most guides say to next get a VPS(Virtual Private Server or Cloud Server). I was unable to get a VPS enabled at the time of this installation, so I will be posting another article regarding that process as soon as I can get it up and running on this installation. UPDATE We now have a Windows VPS running. You can visit Profit Trailer And You: A Newbie Guide To Setting Up Profit Trailer Part 2: Windows VPS here. Get Profit trailer Up and Running!!!! Here’s what you’ve been waiting for and trust me, all the other “prep stuff” will make this part a whole lot smoother. First, go to https://github.com/taniman/profit-trailereleases download the latest version of Profit Trailer. Next, unzip the files and navigate to the new folder. Open the file named application.properties with Notepad++ and then stare at it. I mean… really stare at it. Scary huh? Looks like you’re about to start coding the next Destiny game doesn’t it? Relax. this is a simple IDE that is giving you a series of settings that have to be adjusted manually instead of using a graphics user interface like the ones we’ve all grown to know and love. What you really need to know is what you are looking at. You’re going to see things like “trading.exchange” and “default_apiKey”. Each of these lines will have an equals sign on the end of them. Concentrate on what’s on the right side of the equals sign, cause that’s where your info is going to go. Remember those API keys you made? Well, here’s where they go.
Update these settings:
trading.exchange = THE EXCHANGE YOU ARE USING e.g. BITTREX (This MUST BE IN ALL CAPS. using lower case letter will give you an error code on startup)
default_apiKey = THE FIRST API KEY YOU CREATED (The key you labeled (yourexchange)Default )
default_apiSecret = THE FIRST SECRET KEY YOU CREATED
trading_apiKey = THE SECOND API KEY YOU CREATED (The key you labeled (yourexchange)Trading )
trading_apiSecret = THE SECOND SECRET KEY YOU CREATED
server.password = PASSWORD HERE (This is a password you create here. it is not tied to any other account)
Click save
You with me so far? Keep in mind that, so far the bot IS NOT RUNNING. we haven’t turned on anything yet, so don’t worry.
Most of the other guides say to start the bot up at this point and I would tend to agree, except you may want to look at the default settings in the pairs and DCA files to ensure that they are set the way you want them. DCA settings are a huge factor in Profit Trailer and I would suggest watching several videos regarding them. I do not claim to be a crypto expert and do not pretend to understand all the terms. The Profit Trailer Wiki at https://wiki.profittrailer.io/doku.php/dca.properties has in depth articles dealing with each of the settings and I suggest getting very familiar with them and understanding exactly what each does before turning the bot on.
Ok, with that being said, if you feel like your settings are just the way you want them, open up the pairs.properties file in Notepad++ and change “ALL_trading_enabled=false” to “ALL_trading_enabled=true” and save the file. Next you will want to click ‘run’ on the ProfitTrailer.cmd file. This will actually start the bot and will open an old style black Windows command line window. Ignore this as it is just the bot starting up, not where you will see what the bot is doing and open your web browser and enter http://localhost:8081/monitoring in the URL field. This will bring up a login page. Use the Password you created in the application.properties file here. This opens the web monitoring dashboard for your bot.
Again, I cannot stress enough the importance of following each step and understanding what each of the settings in Profit Trailer are and what they do. There are several important safety valves in Profit Trailer to keep the bot from chewing through your crypto like cookie monster on a 3 day bender.
One is “ALL_max_cost = x.xxxxx” in pairs.properties. This sets the amount of coin, in BitCoin, that the bot will use for trading. Just because you have have 1.5 BTC in your exchange account doesn’t mean you’ve gotta let the bot play with it all. “ALL_min_buy_balance = x.xx” in the pairs.propertiesfile will accomplish the same thing, just specifying an amount in the account that the bot will not take the account below. There are several important safety triggers in the DCA files as well, one being “min_buy_balance = x.xx” which will keep a specified minimum of BTC in your account, below which NO DCA buys will occur. This is an important distinction from the “ALL_min_buy_balance = x.xx” found in the pairs.properties files; DCA buys will STILL OCCUR even if the account is at or below the minimum specified in the pairs.properties file. Confused yet? It makes sense really, but if you’re like me, DCA really doesn’t mean anything to you. ( It’s Dollar Cost Averaging and it’s a profit mechanism used by Profit Trailer) What it really means is that, if you don’t know or understand what you are doing, it can cause big problems trading. Use your safety triggers and brush up on your trading terms cause soon you’ll be hip deep in EMAGains and Dust Bags…..whatever that means.
Any info on other exchange procedures with reagrds to setting up Profit Trailer would be greatly appreciated. I am not affiliated with or paid by any exchange, developer or site.
Credit & Thanks for this guide by: https://steemit.com/@demonsthenes
submitted by treasuregnome to CryptoCurrency [link] [comments]

Blockchain Wallets

Hello! My name is Inna Halahuz, I am a sales manager at Platinum, the largest listing service provider for the STO and ICO projects. We know all about the best and most useful STO and ICO marketing services.
By the way, we developed the best blockchain platform:
[Platinum.fund] (https://platinum.fund/sto/)
We also created the UBAI, the unique educational project with the best and most useful online courses. We not only share our knowledge but also help the best graduates to find a job! After finishing our courses you will know all about crypto securities, ICO and STO advertizing and best blockchain platforms.
What a Blockchain Wallet is? What is its purpose?
Find the answer after reading this article.
Public/Private Key
The public key is the digital code you give to someone that wants to transfer ownership of a unit of cryptocurrency to you; and a private key is what you need to be able to unlock your own wallet to transfer a unit of a cryptocurrency to someone else. The encoding of information within a wallet is done by the private and public keys. That is the main component of the encryption that maintains the security of the wallet. Both keys function in simultaneous encryption systems called symmetric and asymmetric encryption. The former, alternatively known as private key encryption, makes use of the same key for encryption and decryption. The latter, asymmetric encryption, utilizes two keys, the public and private key, wherein a message-sender encrypts the message with the public key, and the recipient decodes it with their private key. The public key uses asymmetric algorithms that convert messages into an unreadable format. A person who possesses a public key can encrypt the message for a specific receiver.
Accessing wallets
Methods of wallet access vary depending on the type of wallet being used. Various types of currency wallets on an exchange will normally be accessed via the exchange’s entrance portal, normally involving a combination of a username/password and optionally, 2FA (Two factor authentication, which we explain in more detail later). Whereas hardware wallets need to be connected to an internet enabled device, and then have a pin code entered manually by the user in possession of the hardware wallet in order for access to be gained. Phone wallets are accessed through the device on which the wallet application has been downloaded. Ordinarily, a passcode and/or security pattern must be entered before entry is granted, in addition to 2FA for withdrawals.
Satoshi Nakamoto built the Satoshi client which evolved into Bitcoin in 2009. This software allowed users to create wallets and send money to other addresses. However, it proved to be a nightmarish user experience, with many transactions being sent to incorrect addresses and private keys being lost. The MtGox (Magic the Gathering Online exchange, named after the original intended use of the exchange) incident, which will be covered in greater detail later, serves as a reminder of the dangers present in the cryptosphere regarding security, and the need to constantly upgrade your defenses against all potential hacks. The resulting loss of 850k BTC is a still unresolved problem, weighing heavily on the victims and the markets at large. This caused a huge push for a constantly evolving and improving focus on security. Exchanges that developed later, and are thus considered more legitimate and secure, such as Gemini and Coinbase, put a much greater emphasis on vigilance as a direct result of the MtGox hacking incident. We also saw the evolution of wallet security into the physical realm with the creation of hardware wallets, most notable among them the Ledger and Trezor wallets.
Types of Wallets & Storage Methods
The simplest way to sift through the dozens of cryptocurrency storage methods available today, is to divide them up into digital and non-digital, software and hardware wallets. There are also less commonly used methods of storage of private keys, like paper wallets and brain wallets. We will examine them all at least briefly, because in the course of your interaction with cryptocurrencies and Blockchain technology, it is essential to master all the different types of hardware and software wallets. Another distinction must be made between hot wallets and cold wallets. A hot wallet is one that is connected to the internet, and a cold wallet is one that is not. Fun fact: The level below cold storage, deep cold storage has just recently been implemented by the Regal RA DMCC, a subsidiary of an internationally renowned gold trading company licensed in the Middle East. After having been granted a crypto trading license, Regal RA launched their “deep cold” storage solution for traders and investors, which offers the ability to store crypto assets in vaults deep below the Almas Tower in Dubai. This storage method is so secure that at no point is the vault connected to a network or the internet; meaning the owners of the assets can be sure that the private keys are known only to the rightful owners.
Lets take a quick look at specific features and functionality of varieties of crypto wallets. Software wallets: wallet applications installed on a laptop, desktop, phone or tablet. Web Wallets: A hot wallet by definition. Web Wallets are accessible through the web browser on your phone or computer. The most important feature to recognize about any kind of web wallet, is that the private keys are held and managed by a trusted third party. MyEtherWallet is the most commonly used non-exchange web wallet, but it can only be used to store Ethereum and ERC-20 tokens.
Though the avenue of access to MEW is through the web, it is not strictly speaking a web wallet, though this label will suffice for the time being. The MEW site gives you the ability to create a new wallet so you can store your ETH yourself. All the data is created and stored on your CPU rather than their servers. This makes MEW a hybrid kind of web wallet and desktop wallet. Exchange Wallets: A form of Web Wallet contained within an exchange. An exchange will hold a wallet for each individual variety of cryptocurrency you hold on that exchange. Desktop Wallets: A software program downloaded onto your computer or tablet hard drive that usually holds only one kind of cryptocurrency. The Nano Wallet (Formerly Raiwallet) and Neon wallet for storage of NEO and NEP-5 tokens are notable examples of desktop wallets Phone Wallets: These are apps downloaded onto a mobile phone that function in the same manner as a desktop wallet, but actually can hold many different kinds of cryptocurrency. The Eidoo Wallet for storing Ethereum and its associated tokens and Blockchain Wallet which currently is configured to hold BTC, ETH and Bitcoin Cash, are some of the most widely used examples.
Hardware wallets — LedgeTrezoAlternatives
Hardware wallets are basically physical pathways and keys to the unique location of your crypto assets on the Blockchain. These are thought to be more secure than any variety of web wallet because the private key is stored within your own hard wallet, an actual physical device. This forcibly removes the risk your online wallet, or your exchange counter party, might be hacked in the same manner as MtGox. In hardware wallet transactions, the wallet’s API creates the transaction when a user requests a payment. An API is a set of functions that facilitates the creation of applications that interact and access features or data of an operating system. The hardware then signs the transaction, and produces a public key, which is given to the network. This means the signing keys never leave the hardware wallet. The user must both enter a personal identification number and physically press buttons on the hardware wallet in order to gain access to their Blockchain wallet address through this method, and do the same to initiate transfers.
Paper Wallets
Possibly the safest form of cryptocurrency storage in terms of avoiding hacking, Paper Wallets are an offline form of crypto storage that is free to set up, and probably the most secure way for users, from beginners to experts, to hold on to their crypto assets. To say it simply, paper wallets are an offline cold storage method of storing cryptocurrency. This includes actually printing out your public and private keys on a piece of paper, which you then store and save in a secure place. The keys are printed in the form of QR codes which you can scan in the future for all your transactions. The reason why it is so safe is that it gives complete control to you, the user. You do not need to worry about the security or condition of a piece of hardware, nor do you have to worry about hackers on the net, or any other piece of malware. You just need to take care of one piece of paper!
Real World Historical Examples of Different Wallet Types
Web Wallet: Blockchain.info Brief mechanism & Security Blockchain.info is both a cryptocurrency wallet, supporting Bitcoin, Ethereum and Bitcoin cash, and also a block explorer service. The wallet service provided by blockchain.info has both a Web Wallet, and mobile phone application wallet, both of which involve signing up with an email address, and both have downloadable private keys. Two Factor Authentication is enabled for transfers from the web and mobile wallets, as well as email confirmation (as with most withdrawals from exchanges). Phone Wallet: Eidoo The Eidoo wallet is a multi-currency mobile phone app wallet for storage of Ethereum and ERC-20 tokens. The security level is the standard phone wallet level of email registration, confirmation, password login, and 2 factor authentication used in all transfers out. You may find small volumes of different varieties of cryptocurrencies randomly turning up in your Eidoo wallet address. Certain projects have deals with individual wallets to allow for “airdrops” to take place of a particular token into the wallet, without the consent of the wallet holder. There is no need to be alarmed, and the security of the wallet is not in any way compromised by these airdrops.
Neon Wallet
The NEON wallet sets the standard for web wallets in terms of security and user-friendly functionality. This wallet is only designed for storing NEO, Gas, and NEP-5 tokens (Ontology, Deep Brain Chain, RPX etc.). As with all single-currency wallets, be forewarned, if you send the wrong cryptocurrency type to a wallet for which it is not designed, you will probably lose your tokens or coins. MyEtherWallet My Ether Wallet, often referred to as MEW, is the most widely used and highly regarded wallet for Ethereum and its related ERC-20 tokens. You can access your MEW account with a hardware wallet, or a different program. Or you can also get access by typing or copying in your private key. However, you should understand this method is the least safe way possible,and therefore is the most likely to result in a hack. Hardware: TrezoLedger Brief History Mechanism and Security A hardware wallet is a physical key to your on-chain wallet location, with the private keys contained within a secure sector of the device. Your private key never leaves your hardware wallet. This is one of the safest possible methods of access to your crypto assets. Many people feel like the hardware wallet strikes the right balance between security, peace of mind, and convenience. Paper Wallet Paper wallets can be generated at various websites, such as https://bitcoinpaperwallet.com/ and https://walletgenerator.net/. They enable wallet holders to store their private keys totally offline, in as secure a manner as is possible.
Real World Example — Poor Practices
MtGox Hack history effects and security considerations MtGox was the largest cryptocurrency exchange in the world before it was hacked in 2014. They were handling over 70% of BTC transactions before they were forced to liquidate their business. The biggest theft of cryptocurrency in history began when the private keys for the hot wallets were stolen in 2011 from a wallet.dat file, possibly by hacking, possibly by a rogue employee. Over the course of the next 3 years the hot wallets were emptied of approximately 650000 BTC. The hacker only needed wallet.dat file to access and make transfers from the hot wallet, as wallet encryption was only in operation from the time of the Bitcoin 0.4.0 release on Sept 23rd 2011. Even as the wallets were being emptied, the employees at Mt Gox were apparently oblivious to what was taking place. It seems that Mt Gox workers were interpreting these withdrawals as large transfers being made to more secure wallets. The former CEO of the exchange, Mark Karpeles, is currently on trial for embezzlement and faces up to 5 years in prison if found guilty. The Mt Gox hack precipitated the acceleration of security improvements on other exchanges, for wallets, and the architecture of bitcoin itself. As a rule of thumb, no small-to-medium scale crypto holders should use exchange wallets as a long-term storage solution. Investors and experienced traders may do this to take advantage of market fluctuations, but exchange wallets are perhaps the most prone to hacking, and storing assets on exchanges for an extended time is one of the riskiest ways to hold your assets.
In a case strikingly similar to the MtGox of 2011–2014, the operators of the BitGrail exchange “discovered” that approximately 17 million XRB ($195 million worth in early 2018) were missing. The operators of the exchange were inexplicably still accepting deposits, long after they knew about the hack. Then they proceeded to block withdrawals from non-EU users. And then they even requested a hard fork of the code to restore the funds. This would have meant the entire XRB Blockchain would have had to accept all transactions from their first “invalid” transaction that were invalid, and rollback the ledger. The BitGrailexchange attempted to open operations in May 2018 but was immediately forced to close by order of the Italian courts. BitGrail did not institute mandatory KYC (Know your customer) procedures for their clients until after the theft had been reported, and allegedly months after the hack was visible. They also did not have 2 factor authentication mandatory for withdrawals. All big, and very costly mistakes.
Case Study: Good Practice Binance, the Attempted Hack
During the 2017 bull run, China-based exchange Binance quickly rose to the status of biggest altcoin exchange in the world, boasting daily volumes that surged to over $4 billion per day in late December. Unfortunately, this success attracted the attention of some crafty hackers. These hackers purchased domain names that were confusingly similar to “binance.com”. And then they created sufficiently convincing replica websites so they could phish traders for their login information. After obtaining this vital info, the scammers created API keys to place large buy orders for VIAcoin, an obscure, low volume digital currency. Those large buy orders spiked VIA’s price. Within minutes they traded the artificially high-priced VIA for BTC. Then they immediately made withdrawal requests from the hacked BTC wallets to wallets outside of the exchange. Almost a perfect fait accompli! But, Binance’s “automating risk management system” kicked in, as it should, and all withdrawals were temporarily suspended, resulting in a foiled hacking attempt.
Software Wallets Web/Desktop/Phone/Exchange Advantages and Limitations
As we said before, it is inadvisable to store crypto assets in exchange wallets, and, to a lesser extent, Web Wallets. The specific reason we say that is because you need to deliver your private keys into the hands of another party, and rely on that website or exchange to keep your private key, and thus your assets, safe. The advantages of the less-secure exchange or web wallets, are the speed at which you can transfer assets into another currency, or into another exchange for sale or for arbitrage purposes. Despite the convenience factor, all software wallets will at some point have been connected to the internet or a network. So, you can never be 100% sure that your system has not been infected with malware, or some kind of keylogging software, that will allow a third party to record your passwords or private keys. How well the type of storage method limits your contact with such hazards is a good way to rate the security of said variety of wallet. Of all the software wallets, desktop and mobile wallets are the most secure because you download and store your own private key, preferably on a different system. By taking the responsibility of private key storage you can be sure that only one person has possession of it, and that is you! Thereby greatly increasing the security of your crypto assets. By having their assets in a desktop wallet, traders can guard their private key and enjoy the associated heightened security levels, as well keep their assets just one swift transfer away from an exchange.
Hardware Wallets Advantages and Limitations
We briefly touched on the features and operation of the two most popular hardware wallets currently on the market, the Ledger and Trezor wallets. Now it will be helpful to take a closer look into the pros and cons of the hardware wallet storage method. With hardware wallets, the private keys are stored within a protected area of the microcontroller, and they are prevented from being exported out of the device in plain text. They are fortified with state-of-the-art cryptography that makes them immune to computer viruses and malware. And much of the time, the software is open source, which allows user validation of the entire performance of the device. The advantages of a hardware wallet over the perhaps more secure paper wallet method of crypto storage is the interactive user experience, and also the fact that the private key must at some stage be downloaded in order to use the paper wallet. The main disadvantage of a hardware wallet is the time-consuming extra steps needed to transfer funds out of this mode of storage to an exchange, which could conceivably result in some traders missing out on profits. But with security being the main concern of the vast majority of holders, investors and traders too, this slight drawback is largely inconsequential in most situations.
Paper Wallets Advantages and Limitations
Paper wallets are thought by some to be the safest way to store your crypto assets, or more specifically, the best method of guarding the pathways to your assets on the Blockchain. By printing out your private key information, the route to your assets on the Blockchain is stored 100% offline (apart from the act of printing the private key out, the entire process is totally offline). This means that you will not run the risk of being infected with malware or become the victim of keylogging scams. The main drawback of using paper wallets is that you are in effect putting all your eggs in one basket, and if the physical document is destroyed, you will lose access to your crypto assets forever.
Key things to keep in mind about your Wallet Security: Recovery Phrases/Private Key Storage/2FA/Email Security
Recovery phrases are used to recover the on-chain location for your wallet with your assets for hardware wallets like ledgers and Trezors that have been lost. When you purchase a new ledger for example, you just have to set it up again by entering the recovery phrase into the display and the lost wallets will appear with your assets intact. Private key storage is of paramount importance to maintain the safety of your on-chain assets! This should be done in paper wallet form, or stored offline on a different computer, or USB device, from the one you would typically use to connect to the 2 Factor Authentication (2FA) sometimes known as “two step authentication”. This feature offers an extra security layer when withdrawing funds from cryptocurrency wallets. A specialized app, most commonly Google Authenticator, is synced up to the exchange to provide a constantly changing code. This code must be entered within a short time window to initiate transfers, or to log into an exchange, if it has also been enabled for that purpose.
You must always consider the level of fees, or the amount of Gas, that will be needed to carry out the transaction. In times of high network activity Gas prices can be quite high. In fact, in December 2017 network fees became so high that some Bitcoin transactions became absolutely unfeasible. But that was basically due to the anomalous network congestion caused by frantic trading of Bitcoin as it was skyrocketing in value. When copying wallet addresses, double check and triple check that they are correct. If you make a mistake and enter an incorrect address, it is most likely your funds will be irretrievably lost; you will never see those particular assets again. Also check that you haven’t input the address of another one of your wallets that is designed to hold a different variety of cryptocurrency. You would similarly run the very great risk of losing your funds forever. Or, at the very least, if you have sent the wrong crypto to a large exchange wallet, for example on Coinbase, maybe you could eventually get those funds back, but it would still entail a long and unenjoyable wait.
How to Monitor Funds
There are two ways to monitor you funds and your wallets. The first is by searching for individual wallet addresses on websites specifically designed to let you view all the transactions on a particular Blockchain. The other is to store a copy of your wallet contents on an application that tracks the prices of all cryptocurrencies. Blockchain.info is the block explorer for Bitcoin, and it allows you to track all wallet movements so you can view your holdings and all the historical transactions within the wallet. The Ethereum blockchain’s block explorer is called Ether scanner, and it functions in the same way. There is a rival to Ether scanner produced by the Jibrel Network, called JSearch which will be released soon. JSearch will aim to offer a more streamlined and faster search method for Ethereum blockchain transactions. There are many different kinds of block explorer for each individual crypto currency, including nanoexplorer.io for Nano (formerly Rai Blocks) and Neotracker for NEO. If you simply want to view the value of your portfolio, the Delta and Blockfolio apps allow you to easily do that. But they are not actually linked to your specific wallet address, they just show price movements and total value of the coins you want to monitor.
That’s not all! You can learn how to transfer and monitor the funds in and out of your wallet by clicking on the link.
To be continued!
UBAI.co
Contact me via Facebook, Instagram and LinkedIn to learn more about the best online education:
LinkedIn Facebook Instagram
submitted by UBAI_UNIVERSITY to u/UBAI_UNIVERSITY [link] [comments]

Groestlcoin Release September 2018

Introduction

As always, the past 3 months since 22nd June have been crazy busy. The bears might still be around, but the show must go on and of course has not slowed the Groestlcoin development team in the slightest. Here’s a quick overview of what has already happened since the last release: - Integrated into the bitbns exchange, with the ability to buy Groestlcoin directly with the Indian Rupee. - Groestlcoin Rebrand Vote – Whilst there was much talk and push for a rebrand vote, the overall result was almost unanimously in favour of keeping our unique and conversation-starting name. With just 83 votes to Rebrand, and 2577 votes to No Rebrand. Thank you for all who voted, the funds raised are being used to fund ongoing hosting and development costs. - Integrated into the Cryptobridge exchange. Cryptobridge is a popular decentralised exchange where you always hold the private keys to your funds, only YOU have access to them. - Groestlcoin has been added to SimpleSwap – Groestlcoin can now be swapped with over 100 other cryptocurrencies, without signing up! - Groestlcoin has been added to UnoDax, one of the leading cryptocurrency exchanges in India, with TUSD, BTC and INR trading pairs. - Groestlcoin has been added to SwapLab.cc, where you can buy Groestlcoin using Bitcoin and over 50 other altcoins. Purchasing with VISA/Mastercard is coming VERY SOON. Discussed later: - Groestlcoin has been listed on #3 largest exchange in the world on volume, Huobi Global! More on this to come further on in the announcements. - Groestlcoin has been added to the Guarda Multi-Currency Wallet. - Groestlcoin has been added to Melis Multi-Device, Multi-Account, Multi-Platform, Multi-Signature advanced wallet! Already this list is far more than most other cryptocurrencies have achieved in the past 3 months. But this is just the tip of the iceberg of what has been developed.

What's been Happening?

GRSPay Released

We are so excited for this, that it has it's own separate reddit thread. Head over there now at https://www.reddit.com/groestlcoin/comments/9ikr5m/groestlcoin_releases_grspay/? to see more on this!
https://www.melis.io/assets/logo-navbar-4b6f0d372f15b2446d3fa4c68f346e4fb08ee113941186cee58fd6135f3f8b7d.svg

Melis Wallet

The the most advanced wallet for Bitcoin, Bitcoin Cash, Litecoin and now Groestlcoin.
With Melis you have the complete control of your bitcoins and private keys, you can define spending limits policies and make use of two or more factors authentication. Melis is open source, published on GitHub.

How Melis Works?

You can create as many accounts as you want. An account is a part of your wallet that can be customised to your requirements. You can choose how many co-signers are required to spend funds. The accounts are completely independent and act like separate wallets from each other but can be accessed via the same details. A core feature of Melis is the ability to set a ‘primary’ device. With this you can set an account as ‘Secure’ so it is only viewable (and accessible at all) from the Primary device. You can have a savings account hidden from the outside world whilst also having your ‘spending’ funds available on the go. With Melis you can create a multi-signature account between N people, where up to N signatures are required to sign a transaction, choosing if any of those should be mandatory.
Core Features:
https://guarda.co/assets/images/1PGo4ID.svg?1537791124643

Guarda Wallet

Safer than ever! Desktop Light Wallet - Anonymous and fast!
With Guarda Multi-currency Desktop Light Wallet you don’t need to register. Guarda has no access to your private keys or funds. You can receive, send, store, buy and exchange cryptocurrencies in complete anonymity and safety. All these features are available on Linux, Windows or MacOS. Choose the one that suits you!
More info about Guarda wallet on www.guarda.co
https://holytransaction.com/images/logo.png

Integrated into HolyTransaction

What is HolyTransaction?

HolyTransaction gives users access to the crypto world with a universal cryptocurrency wallet and instant exchange.

Features

For more information, visit Holy Transaction here.
https://www.groestlcoin.org/wp-content/uploads/2018/09/next-grs-groestlcoin.jpg

Integrated into NEXT Wallet

What is NEXT?

NEXT is a modern, next-generation stylish open-source Desktop wallet.

Features

For more information, visit NextWallet here.
https://blockchainfinancial.com/mediaserve2018/09/admin-06143647-bcf_logo_vec_256x256.png

Integrated into Blockchain Financial

What is Blockchain Financial?

Blockchain Financial is a set of web based services for individuals and companies that want to make things happen with the Cryptocurrencies Ecosystem. - For those that don't know anything about cryptocurrencies, we offer tools that will let them receive, send and operate with an assortment of coins. - For those that are already riding the wave, we offer tools that will let them do all those things that they weren't able to do.

Blockchain Financials mission

We're not here to reinvent the wheel. We're here to make it run smoother for you, and we provide some of the most useful services you'll find on the internet, made in a way that is easy to understand and use on a daily basis. In short, we're a bunch of people that claim to be Crypto Evangelists. We strongly believe in cryptocurrencies, and our main promise is to push them up so more people get involved and take all the advantages they offer.

More information from Blockchain Financial

Back in 2014, the world was taken by storm when Facebook approved the first cryptocurrencies tipping apps. The first was for Dogecoin, and the second was for multiple coins.
The project was hosted on whitepuma.net, and persisted for almost two years, built up a massive user community and gave a home to Bitcoin, Litecoin, Dogecoin and dozens of other bitcoin-based altcoins.
After very active months, the tipping hype started to fade away. Then, the developers decided to jump into the next stage: bringing not only tipping, but also mining and a widget that could be embedded on websites to allow everyone to accept payments. Sadly, the work was never completed because the project started to require an unsustainable amount of resources. Then, in a painful decision, a shutdown was announced by December 2015.
A couple of months after whitepuma.net was closed, the source code was released by its creator as Open Source on GitHub. But it wasn't maintained.
Now, some of the original members of the dev and admin teams gathered up with a handful of the WhitePuma's elite users, and decided to make something good with the best pieces of the old source code. That, with fresh new ideas and the power of the BardCanvas engine, synthesized the core of Blockchain Financial.
More info about Blockchain Financial wallet on .
For more information, visit [Blockchain Financial](www.blockchainfinancial.com)
https://www.huobi.com/image/logo.aeb4723.svg

Groestlcoin Listed on Huobi

Who are Huobi?

Huobi was founded in China and is now based in Singapore, with offices in Hong Kong, South Korea, Japan and the North America, currently sitting #3 in volume on Coinmarketcap. Huobi is a great leap forward for our growing presence in Asia and we are very excited to be listed here!
You can find the official Huobi announcement here.

Groestlcoin Core v2.16.3 - Please Update ASAP

A new major Groestlcoin Core version 2.16.3 is now available for download which includes both a Denial of Service component and a critical inflation vulnerability, so it is recommended to upgrade to it if you are running a full Groestlcoin node or a local Groestlcoin Core wallet.
v2.16.3 is now the official release version of Groestlcoin Core. This is a new major version release with a very important security updates. It is recommended to upgrade to this version as soon as possible. Please stop running versions of Groestlcoin Core affected by CVE-2018-17144 ASAP: These are 2.13.3 and 2.16.0.
As a result in this, all exchanges and services have been asked to upgrade to this version, so please be patient if wallets go in to maintenance mode on these services.

What's new in version v2.16.3?

This is a major release of Groestlcoin Core fixing a Denial of Service component and a critical inflation vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2018-17144) exploitable by miners that has been discovered in Groestlcoin Core version 2.13.3 and 2.16.0. It is recommended to upgrade to 2.16.3 as soon as possible. If you only occasionally run Groestlcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it. If you know anyone who is running an older version, tell them to upgrade it ASAP. Stored funds are not at risk, and never were at risk. At this time we believe over half of the Groestlcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability. However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.

The Technicals

In Groestlcoin Core 2.13.3, an optimization was added (Bitcoin Core PR #9049) which avoided a costly check during initial pre-relay block validation that multiple inputs within a single transaction did not spend the same input twice which was added in 2012 (Bitcoin Core PR #443). While the UTXO-updating logic has sufficient knowledge to check that such a condition is not violated in 2.13.3 it only did so in a sanity check assertion and not with full error handling (it did, however, fully handle this case twice in prior to 2.1.0.6). Thus, in Groestlcoin Core 2.13.3, any attempts to double-spend a transaction output within a single transaction inside of a block will result in an assertion failure and a crash, as was originally reported. In Groestlcoin Core 2.16.0, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists. Thus, in Groestlcoin Core 2.16.0, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur. However, if the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Groestlcoin as they would be then able to claim the value being spent twice.
Groestlcoin would like to publicly thank Reddit user u/Awemany for finding CVE-2018-17144 and reporting it (https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2018-Septembe000064.html). You deserve gratitude and appreciation from cryptoworld, and you have ours. If you want to support him for his work, please consider donating to him on his bitcoin cash address: bitcoincash:qr5yuq3q40u7mxwqz6xvamkfj8tg45wyus7fhqzug5
http://i.imgur.com/3YhyNZK.png

Groestlcoin Electrum-GRS 3.2.2 - Ledger & Trezor Edition

What is Electrum-GRS?
Electrum-GRS is a lightweight "thin client" groestlcoin wallet Windows, MacOS and Linux based on a client-server protocol. Its main advantages over the original Groestlcoin client include support for multi-signature wallets and not requiring the download of the entire block chain.

Changes:

http://i.imgur.com/3YhyNZK.png

Electrum-GRS Mobile Android

What is Electrum-GRS Mobile?

Electrum-grs is a lightweight "thin client" groestlcoin wallet Android based on a client-server protocol. Its main advantages over the original Groestlcoin client include support for multi-signature wallets and not requiring the download of the entire block chain.

Changes

Groestlcoin EasyVanity Released

Groestlcoin EasyVanity is a Windows app is built from the ground-up in C# and makes it easier than ever before to create your very own bespoke Groestlcoin address(es), even whilst not connected to the internet! You can even generate multiple keys with the same prefix and leave it on overnight whilst your CPU or GPU collects and stores these addresses locally.
If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then Groestlcoin EasyVanity is the right choice for you to create a more personalized address.

Features

• Ability to continue finding keys after first one is found • Includes warning on startup if connected to the internet • Ability to output keys to a text file (And shows button to open that directory) • Ability to make your match case sensitive (Where possible) • Show and hide the private key with a simple toggle switch, and copy the private key straight to your clipboard • Show full output of commands • Includes statistics whilst the application is running • Ability to choose between Processor (CPU) and Graphics Card (GPU) • Automatically detects 32 or 64 bit systems • Features both a Light and Dark Material Design inspired Themes • EasyVanity's search is probabilistic, and the amount of time required to find a given pattern depends on how complex the pattern is, the speed of your computer, and whether you get lucky. • EasyVanity includes components to perform address searching on your CPU (vanitygen) and your OpenCL-compatible GPU (oclvanitygen). Both can be built from source, and both are included in the Windows binary package. • Prefixes are exact strings that must appear at the beginning of the address. When searching for prefixes, Easyvanity will ensure that the prefix is possible, and will provide a difficulty estimate. • The percentage displayed just shows how probable it is that a match would be found in the session so far. If it finds your address with 5% on the display, you are extremely lucky. If it finds your address with 92% on the display, you are unlucky. If you stop EasyVanity with 90% on the display, restart it, and it finds your address with 2% on the display, your first session was unlucky, but your second session was lucky. • EasyVanity uses the OpenSSL random number generator. This is the same RNG used by groestlcoin and a good number of HTTPS servers. It is regarded as well-scrutinized. Guessing the private key of an address found by EasyVanity will be no easier than guessing a private key created by groestlcoin itself. • To speed up address generation, EasyVanity uses the RNG to choose a private key, and literally increments the private key in a loop searching for a match. As long as the starting point is not disclosed, if a match is found, the private key will not be any easier to guess than if every private key tested were taken from the RNG. EasyVanity will also reload the private key from the RNG after 10,000,000 unsuccessful searches (100M for oclvanitygen), or when a match is found and multiple patterns are being searched for. • Free software - MIT. Anyone can audit the code. • Written in C# - The code is short, and easy to review.

Groestlcoin Sentinel (Android & Blackberry) – Mainnet + Testnet

What is Sentinel?

Groestlcoin Sentinel is the easiest and fastest way to track/receive/watch payments in your offline Groestlcoin Wallets. Groestlcoin Sentinel is compatible with any standard Groestlcoin address, BIP44 XPUB (Extended Public Key) BIP49 YPUB and BIP84 ZPUB
Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets). Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that particular wallet.

What's New?

The P2SH paperwallet supports creating P2SH paperwallets in bulk, keypair generation with QR codes and sweeping tool. Groestlcoin believes strongly in privacy, the live version does not collect and store IP or transaction data.
Changes
Features
The BECH32 paperwallet supports creating BECH32 paperwallets in bulk, keypair generation with QR codes and sweeping tool. Groestlcoin believes strongly in privacy, the live version does not collect and store IP or transaction data.
Features
![WebWallet](https://i.imgur.com/Z2oj7bj.png)

Groestlcoin Web Wallet Update 1.4

What is Groestlcoin Web Wallet?
Groestlcoin Webwallet is an open source, multisignature, HD Wallet and more! Webwallet is a a open source browser based Groestlcoin webwallet.
Webwallet is a playground for Groestlcoin in javascript to experiment with. It supports multisig, OP_HODL, RBF and many more. Groestlcoin believes strongly in privacy, the live version does not collect and store IP or transaction data.
Changes:
submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

How To Stake Kava On Binance? [Staking Kava] Creating Binance API keys free bitcoin 2020 ALL windows BITCOIN- Nova carteira para criptomoedas da binance Trust ... Using Walletconnect with Trust Wallet and the Binance Mainnet Dex Sicheres Bitcoin Wallet erstellen - Schritt-für-Schritt ... Binance Coin (BNB) Wallet How To Buy XVG Verge in Binance Platform Luno Bitcoin Wallet Tutorial and How Does It work - YouTube Binance Margin Trading Full guide for beginner to pro in HINDI - CRYPTOVEL

Binance cryptocurrency exchange - We operate the worlds biggest bitcoin exchange and altcoin crypto exchange in the world by volume BitPay Wallet – Bitcoin Wallet for Windows (Overview, Installation, Use) Cryptocurrency Wallets ; Software ; Сryptocurrencies ; BitPay Wallet – Bitcoin Wallet for Windows (Overview, Installation, Use) Cool Mining 03.06.2020 . With a BitPay wallet, your private keys and your money always remain under your control. And you use 100% open source code to test and audit the community. BitPay is ... Bitcoin wallets can also exist on third party exchanges, like Binance, which will temporarily store your Bitcoin after you buy it, or while you’re waiting to use it for trading. 2. Download the apk file of the application you need (for example: TronWallet: Bitcoin Blockchain Wallet) and save to your phone 3. Open the downloaded apk file and install TronWallet app is a simple, secure & decentralized p2p crypto wallet for Bitcoin (BTC), TRON (TRX) and other top tokens, coins and cryptocurrency assets. With over 180,000 ... Bitcoin Wallet oder 'Schildbach Wallet' war die erste mobile Bitcoin-Wallet. Bitcoin Wallet ist sicherer als die meisten anderen Bitcoin-Wallets, weil sie einen direkt mit dem Bitcoin-Netzwerk verbindet. Bitcoin Wallet hat ein simples Interface und genau die richtige Menge an Funktionen, die sie zu einer großartigen Wallet und einem großartigen Lernhilfsmittel für Bitcoin-Anfänger macht. Perpetual futures trading is now available on the latest version of our Windows PC Client (V 1.12.9). Users can now directly login to their Binance account on our PC Client and begin trading perpetual futures. Click here to download and install the latest PC client. Thanks for your support! Binance Team. 2020/06/19 Its HD bitcoin wallet app was originally only available for iOS but an Android version was released in 2016. It’s easy to use and ideal for beginners. This wallet includes the option to buy bitcoin, so it can double as an exchange. Bitcoin is the only cryptocurrency available. Copay. iOS, Android, Windows, MacOS, Linux, Chrome So in short, the place where you have both your bitcoin address to receive bitcoins and the private key to send/spend bitcoins is called a Bitcoin wallet. In an even more simplified way, a wallet is a digital file which stores your bitcoins. Bitcoin Address + Private Key = Bitcoin Wallet; So what kinds of Bitcoin wallets exist on the market? Trade over 40 cryptocurrencies and enjoy the lowest trading fees in America. Each bitcoin wallet contains at least one, or sometimes more, private key. The keys are saved within the wallet file and are mathematically related to all of the bitcoin addresses which are generated for the wallet. Put simply, this is your “ticket” which will allow you to spend your bitcoins. As such, it is quintessential that you keep it secure. This is the reason for which all reputable ...

[index] [21643] [2865] [12297] [21313] [10802] [9159] [10264] [9678] [11510] [14094]

How To Stake Kava On Binance? [Staking Kava]

Short video for those who need help creating API keys on Binance. Kostenloses & Sicheres Bitcoin Wallet - Electrum - https://electrum.org/ 🐃 Bitcoin & Co. einfach kaufen (inkl. 10€ Bonus) https://talerbox.com/go/bison/?ut... Luno helps you buy Bitcoin and Ethereum in three easy steps: 1. Sign Up here - https://www.luno.com/invite/Y9UKZ - Sign up for a free Luno Wallet on web, iOS... Let's create a non-custodial Binance Coin wallet to manage BNB in a decentralized way. Go to https://AtomicWallet.io, download the file for your operating system and install the App. Now you can ... How To Buy Bitcoin On Binance With Debit Card Fast? - Duration: 7:34. TheAppsWorld 1,189 views. 7:34. Building a 3.5kWh DIY Solar Generator for $650 - Start to Finish - Duration: 33:01 ... If you don't have the knowledge to fund your Binance account with btc, I will make another tutorial, The best way to buy cheap or less fee bitcoin and put directly to your Binance bitcoin wallet ... Have a specific question? Check me out on Worthyt: https://worth.yt/thecryptodad Want to upgrade your skill set and support the CryptoDad? Check out my Patre... current bitcoin price, bitcoin wallet, bitcoin stock, bitcoin price chart, bitcoin usd, bitcoin chart, 1 btc to usd, how much is bitcoin worth, bitcoin price live, bitcoin calculator, bitcoin ... Nova carteira trust da binance, mais uma opção para guardar suas criptomoedas com segurança no celular. Site http://bit.ly/2XCobu9 BTH Solutions http://bit.l... WINDOWS LAPTOP : HP 15 Core-i3 7th G (8GB/1 TB HDD/Win 10/15.6-inch Full HD) ... How to swap token in trust wallet - Uniswap Token Swap - Trustwallet DEX - Trust wallet in Hindi - Duration: 9:32 ...

http://abudabi-binary-option-trade.binaryoptionstrader.site