Reddit Posts
Low-Custodial hybrid hot / cold DCA method guide for HWWs
Sonar acquires $2M in funding and soon moves to Arbitrum
Driving me crazy!! Bitcoin core / Sparrow wallet connectivity issues, cant figure it out!!
how can i check my funds in electrum if i have my 24 words + passprhase
How to navigate this upcoming bull run? Please critique my plan.
Amidst legal dramas, crypto behemoths bet on innovation
Chromebook or another device good for DEFI?
Host your own Payment System with your own Bitcoin & Lightning Node, you can even add your own Nostr Relay in PC or Mac for Free, see video.
So I got this spam email with someone's bitcoin address lol
QANplatform Launches the Quantum-Resistant Private Blockchain: The New Era for Web3 OS – | Press release Bitcoin News
Crypto hot wallets on chrome OS / extension?
Should I get the Saga (Solana mobile phone)? Is it worth it?
I keep my bitcoin in electrum on a bootable Tails OS harddrive. Is this safe enough??
Bridge>add network>add token>add more networks>add more tokens>swap>bridge again>wrap and unwrap is the stupidest shit I ever had to do just to accomplish one simple transaction.
Why do you think Microsoft, Google, and Apple are not supporting crypto wallet efforts.
Alpine Racing 3D Reddit collectible avatars -
Every post is about corruption or fraud. I’m adding 1+
Using Old Laptops and mining rigs to run Full Node and Lightning nodes
Which mobile phone is best for multiple crypto wallet ?
GrapheneOS, a privacy preserving mobile OS, just got permanently locked from their PayPal account that they used to receive donations. The alternative solution?
Blockchain will be the Linux of financial systems if it isn't already
Create your own hardware wallet tutorial.
Somebody getting scammed out of 700K worth of NFTs by a malicious contract is not some flaw in the system that inhibits mass adoption, it's extremely negligent user error by a person who has brazenly ignored all security advice.
Did I purchase/transfer Monero correctly & efficiently?
Ledger claiming to be Open Source? "WE ARE OPEN SOURCE AND DEVELOPER-FRIENDLY"
Mac OS Compromised with Atomic Hack
How to (instruction) quickly make wallet with right balance of safety and usability
Ledger CEO Evades Answer About Potential Subpoena Response
Wake up again - it's 2032...
Ledger announces they will accelerate opensource road map and delay the release of Ledger recover Service.
Hate to state the obvious but don’t store your crypto in your daily driver devices if you haven’t got a HW wallet !
Nothing has changed. Ledger OS has always had access to your keys.
An extract from Coin Bureau newsletter regarding the Ledger fiasco
Is your smartphone fit for Web 3.0? Tectone OS runs on all mobile devices, Android and IOS, and provides users with a Web 3.0 data layer to manage and share data. Our OS leverages the power of blockchain to provide users with enhanced security features and control over their data.
How Open-Sourciness Prevents the Ledger Seed Issue
hardware wallets - here are the facts
Ledger and hardware wallets - here are the facts
How Open-Sourciness Prevents the Ledger Seed Issue
How Open-Sourciness Prevents the Ledger Seed Issue
Only ever use open source hardware wallets...and always use Linux
"If you opt-in for the service, as a user, you'll have to enter your PIN and consent to the backup process. Then the OS will encrypt and split the shards to send them to 3 different parties." - Ledger CTO
This is a beginner friendly interface to send and receive crypto I made. If you like it I will add more currencies and features.
What are you all doing to prepare for another bull run?
Katheer Project | Decentralised Blockchain Linux based operating system | NFT Marketplace | Wallet | Audited and KYC | Launching on 2nd May
Katheer Project | Blockchain decentralised Linux-based operating system | Audited and KYC | NFTs Marketplace | Wallet | Launching on 2nd May
Katheer Project | Blockchain decentralised Linux-based operating system | Audited and KYC | NFT Marketplace | Wallet | Launching on 2nd May
How to Stay Secure from the Perspective of a Cyber Security Professional
Please help. Trying to verify signatures for recent bitcoin core download on linux
Config settings for node & BTC RPC Explorer on a Mac?
Crypto is hella strsssful. Everyday I wake up not knowing if my wallet will be empty. Whenever Metamask takes too long to show my balance I freak out. Even as someone in IT
An update on the crypto hack currently taking place
Serious Apple OS Vulnerability Could Jeopardize Crypto Security
Stephen Gary Wozniak and Steve Jobs are Satoshi Nakamoto
Is my cousin getting scammed in some way? (Explanation in post)
Wow Reddit avatars gen 3 has been a shit show, everyone loses but the artists, Reddit, and bots.
Why you should be using Linux while moving coins on MM etc, and why it isn't as hard as it seems
[SATIRE] Steve Jobs, the CIA, Facebook and the real truth behind Bitcoin
Steve Jobs, the CIA, Facebook and the real truth behind Bitcoin
Why your hardware wallet wont protect you [SERIOUS]
Verified: Apple included in each release of MacOS the Bitcoin white paper
1 in 3 US Crypto Investors was the victim of a hack. Here are some good tips to help you take caution
Reddit hasn't learned - TLDR Bots are still winning!
How to protect your crypto accounts tips for device and network security and password management
What we in crypto can learn from Linus Tech Tip hack
Mentions
Install Tails OS on an USB drive, boot from there, enable admin and persistence, install sparrow-waller, generate new wallet, and just export the public Descriptors With that you can open a view only account on your PC. With the seed phrase or the private key, you can use this account to view and receive. You cannot transact. So even if there's malware on your PC, your btc is safe
Here is an extra paranoid analysis. Points of failure: your phone might be compromised. Also, which wallet app? That's important. It might also be compromised to produce weak seeds. See what happened with Trust wallet. I would recommend [https://iancoleman.io/bip39/](https://iancoleman.io/bip39/) (the first result on Google for "generate bip39"). Press save as, and store the .html file. Disconnect the PC from the internet. Boot a live Ubuntu USB stick (live, without installing). Open the saved web page. Generate and write down the phrase. Shut down Ubuntu live. Why this is better: \- Ian Coleman's seed generation implementation is a trusted one. \- By booting another live OS (Ubuntu), we minimize the risk that your Windows installation is compromised. \- By keeping the PC offline while Ubuntu live is booted, we airgap it during the key generation. \- When Ubuntu live is shut down, it leaves no traces on your PC. It's like your variant deleting the wallet app of your phone, but way more thorough. Possible attack vectors: practically none. Perhaps if somehow the BIOS/EFI firmware of your PC was compromised, but that would be a state-actor level of sophistication.
There's a way to do it In a Linux OS. I would recommend starting here. https://hashcat.net/forum/thread-8878.html Also backup your wallet.dat file immediately and store it as securely as possible. If you have an idea of what the password might be it can be A LOT easier to crack it, if you have no clue brute forcing it can be impossible or take a LONG amount of time. If you want to try it and dont know anyone with Linux skills it's going to take a lot of research and time. I suggest you do it yourself if possible to avoid having someone take it from you or paying a bounty.
The answer is a Tails USB drive with pre installed electrum. There are several good desktop wallets, but they are equally insecure on a Windows OS connected to the internet and heavily used for browsing etc.
Non Google phone OS is the only way
Doesn't take much power as it is centralised! Only has 23 nodes all run by big corporations - The hardware requirements are massive! The hardware requirements for Hedera nodes are quite specific and depend on whether you are running a consensus node or a mirror node. It's important to note that you can't just run a consensus node; they are currently permissioned and operated by the Hedera Governing Council members. However, anyone can run a mirror node. Consensus Node Requirements The requirements for a consensus node are very high-end and are designed for enterprise-grade performance and security. These are not for a typical home setup. * CPU: A high-performance, multi-core processor (e.g., Intel Xeon or AMD EPYC) with a minimum of 24 cores/48 threads is required. There are also specific performance benchmarks (Geekbench, Passmark) that must be met. * Memory (RAM): A large amount of ECC Registered DDR4 RAM is needed, with a minimum of 256GB and a recommendation of 320GB or more. * Storage: A substantial and very fast storage solution is essential. The requirements include at least 5TB of usable NVMe SSD storage with high sequential and random read/write speeds (e.g., 2,000-6,200 MB/s sequential read). The use of RAID arrays (e.g., RAID 1 for the OS, RAID 0 or 10 for data) is recommended for redundancy and performance. * Network: A sustained, unmetered 1 Gbps internet connection is required to handle the high volume of traffic. The node must also be deployed in an isolated DMZ network with specific ports open.
Probably true, but I'm also one of these people. I have a bitcoin hardrive from 2012, but I accidentally reinstalled windows over the original OS, and then stopped immediately after the reinstall when I realized what I did. Now it's in a box with 50 other hard drives (unlabeled). Not even sure if it's worth the effort to try and figure out which one it is or whether the wallet file can be recovered. Suggestions for recovery software are appreciated though.
I have a laptop computer. I don't trust the OS it runs; I don't want the OS to be there while I'm dealing with my private key. So instead, I use a different OS, called Tails. It's an operating system based on Linux, and it's designed to be 'frozen'. By frozen, I mean it 'forgets' everything you did with it, leaving no trace after you switch it off. Tails is designed to be installed and run from a USB drive, so the idea is you download it, load it into a USB using a small software (there's a tutorial on the Tails website on how to do it), and then you boot your computer from it. It's fairly straightforward, and once you are on it, Tails has the wallet Electrum within. With that, you can create your seed, generate wallets, yadda yadda. Here, this is a good tutorial [https://blog.areabitcoin.co/tails-and-electrum/](https://blog.areabitcoin.co/tails-and-electrum/) of if you like it in video, here: [https://www.youtube.com/watch?v=1e6IDTP3g5o&ab\_channel=AdamSoltys](https://www.youtube.com/watch?v=1e6IDTP3g5o&ab_channel=AdamSoltys)
why are commenters so ignorant in this thread?! the point of the law is to scan messages BEFORE they're sent to any app. this means it doesn't matter if you use a VPN or download an indie app or anything. the only way your messages stay private is if you fully jailbreak the device. here is hoping that some well funded geekball genius company quickly builds an open source smartphone OS that can compete with apple and android so we can all divest ourselves from this duopoly.
I have moved crazy amounts of crypto on OS X
By using a trusted OS where you know there is a good randomness source. And provide a bit of your own entrypy. Uniqueness is guaranteed by the randomness. The likelyhood of two seeds colliding is 1/(2\^128) which is an extremely small number, on the level that it can never happen.
You can use Tails OS and Electrum to safely generate your private key offline. You can use that USB setup to sign transactions as well. You can safely generate your private key in any software wallet, provided you: - Do it offline. - Delete everything after. Hardware "wallets" do the same shit, but they're specialized to do that, and you can sign transactions with these things.
It's a good analogy actually. I would argue that concrete don't last either - but that's nitpicking. Maybe some proper examples... Y2K. It never happened - because everyone scrambled to fix it (especially the banks). Bitcoin will have the Y2106 timestamp problem. Last block to mine will be Y2140. That's really far off in the future - but someone will be there to fix that. Then there's also the operating systems that bitcoin nodes will be running on. OS's will never stagnate. Compute architectures will change. Bitcoin will need to be maintained with the same cadence. Those are just a couple of examples at the top of my head. I'm pretty sure some PhD level folks can come up with something more. (I should ask ChatGPT).
If you have an old computer or a RPi, downloading Start9 OS and setting it up is fairly easy to do. There is little that can go wrong. Umbrel has also a very friendly UI and UX, but I like Start9 more
Make sure your bootloader is locked on whatever hardware you're loading that OS from. Phones and computers have vulnerability at the bios level as well. It's just not worth it. Spent $70 and get a clean cold wallet solution... So you know 100% nothing else has ever seen your words except you.
Use a live booting system like Tails or use Quebes. (less secure still better than VM) you could set up a second encrypted! partition. That is never connected to the internet. Maybe even switch the router off, while setting it up. Then you need a fresh USB Stick to transfer the software wallet to the offline partition. Here malware could jump ship. Still if the OS has no means to connect to the internet you should be save. From here you can prepare and sign transactions, so that a wallet that uses only the viewkey on your online system can broadcast this transaction. Problem might be: if the malware that has jumped ship changes the target address before signing (on the offline machine) then you would send your funds to the wrong receiver. But i assume that hardware wallets face the same problem? You have to double checkt the addresses there as well. Otherwise the transaction is gone.
Hey, I'm a beginner with wallets. I was thinking of doing this too. I'm not sure if it's entirely feasible though judging by the other comments, but it sounds doable to me. I thought of using my work laptop for the View-only Electrum wallet and a completely offline air-gapped Pi for key generation. Just need to reconfigure the OS to disable bluetooth, wifi, etc. before booting it on the Pi. And I'll only need to generate the master public key from And once I have the seed, just like you, I'm thinking of wiping everything clean from Pi and using my laptop for receiving crypto. So the online device will only get the master public key. I just know that I'll need to restore the offline electrum in the Pi whenever I need to send crypto, which can be done through the seed. And I won't be doing any sending for years. Does this sound like the way you're thinking? This has multiple steps, but it's super cheap at least where I'm from, much more affordable than hardware wallets for me, and I don't mind setting up everything. Any thoughts on this?
if you choose to do this then it must be on an airgapped computer that must never be connected to the Internet or even local network. perhaps a raspberry pi or a cheap mini PC using Tails OS.
You can dual boot if you want a really separate OS-es, rather than forking money for a new rig. Someone suggested VMs too but I wouldn't recommend as VM image files can get corrupted. As long as the new account is encrypted, you should be fine even if your main account gets compromised by malware
>However I'm not sure if that's any better. still closed source so not really any better. The security game is linux or losses. > .still no to the passphrase? Generally speaking, the passphrase as used by most people makes the system wildly less secure. And when used properly by an opsec expert, makes it only slightly less secure only due to being more complex. The bonus word cannot improve anything. They are only good for make-believe situations that can never happen. > May I ask how you store your crypto? If you have only small amounts to secure, all you need is electrum on a linux. That will be 99.9% of what anyone would ever need, and donig more is overkill for most people. Coinbase published a guide called the "glacier protocol" which i think is a half decent starters guide if you have very large amounts. It has a few flaws, such as using USB drives instead of using SD cards, but its a decent overall description. >.should I just buy into an ETF? not your keys not your coins >grift is the name of the game in 2025. Not at all, not with bitcoin at least. What we are seeing is an awakening to personal security. For over 40 years, people have accepted insecure personal computing practices, purely idiotic password policy, social media violations of their privacy, and many other opsec failings are normal and acceptable. In reality, the concept of your computer catching a virus should sound as silly as your car catching cold. Closed source software should be laughed out of the room. Windows OS should have never existed. Security is honestly easy to do right. We just dont have a culture of people doing what is right, so the average person has no privacy and no opsec. And the average person thinks doing things right is too hard, even when its really not. And that will cause pain until it changes.
remember that the hardware wallet is an easy way for someone to get your key; every single one on the market has been shown to have a backdoor way to get the key out with physical access to the device. One way to deal with that weakness is to always blank/clear/factory reset the wallet when its not being used. Never leave it loaded. (some hw wallets dont handle this well, check your docs) Also, a hardware wallet is not a substitute for a secure computer. Whether you are trying to get a address to send money to, or to transmit an address to receive money from someone, if your computer is running a closed source OS like windows, it can silently replace the address and you will have no way to detect it until its too late. The hardware wallet cannot help in this case. I recommend always using a hardware wallet with linux to prevent this attack. Good luck!
* running windows OS * altcoins * metal backups * hardware wallets * trading
If your PC is hacked, they can do man in the middle attack (hacked app displays you the address you want, but sends different one to your wallet to sign), unless you really verify every letter of the "to" address on the tiny screen of your Ledger or Trezor. It's really better to have $20 additional drive with separate OS just for sending crypto. Boot the system, send, shutdown, boot your normal Windows.
I understand your concerns, but I have a few things to mention: 1. The SeedSigner is purely a signing device, it is not a wallet. 2. The open source OS is a specialised version of the Buildroot Linux OS, it's very barebones, this is to keep it lightweight and reduce any possibility of attack surfaces. 3. Only two things touch the SD card: transaction files, public key for watch-only. Private keys and seed phrase stay purely offline. 4. The signing device is stateless, when powered off it does not retain any memory. 5. The hardware itself has no WiFi, radio, Bluetooth modules - and comes from a reputable UK based company. 6. Everything used in the setup is open source, Sparrow (wallet), SeedSigner (air gapped signing device). If you're more security inclined, have Sparrow be on a Linux Laptop running on TailsOS, running your own bitcoin node, and link it to Sparrow via TOR, and only ever use that device for BTC. I much prefer this open source setup than trust a commercialised company.
Very few devices are truly safe for key generation and crypto wallets. Windows allows low level access to the kernel for sht like anti-cheat and God knows what else gets installed. Defender, cloud platforms and browser extensions further add potential for data loss. You need a hardware wallet via a Linux based OS with all unnecessary packages uninstalled, or a paper wallet generated on an equally secure system. You should know how to, and verify application installers as well. I'm not going to victim blame but if you can't do the above in future, buy shares in an ETF with BTC exposure (on the ASX in Australia) and you'll be a lot safer.
hahaa, that is fair. The HD had resting encryption before deletion and a new OS installed after formatting corrupting the encryption headers. We did try
2-of-3 multisig with the mnemonics stored in 3 different locations. Get rid of the Ledger and get yourself a good stateless, airgapped hardware wallet: Coldcard, Jade, Seedsigner, or even just a PC with a live OS and its radios removed. Don't mess around trying to reinvent the wheel. Encrypting mnemonics is a fool's errand.
After a few days Bitcoin Knot node loses connection and I have to restart manually to re-sync. Anyone know why this is happening? Currently solo mining BTC to own node. FYI. Umbrel OS running Knot and DATUM.
If all you're doing is DCA and hodl, honestly you don't even need a hardware wallet. Wallets were specifically made to make spending more convenient. All you need is to temporarily airgap a PC with a fresh OS, generate your mnemonics, then enter your xpubs in a phone. Stamp the mnenonics on steel and you're set. You'll be able to receive funds, and if you ever need to spend frequently, then you can get yourself a hw wallet.
browser based seed phrase generator !! then how did the laptop have no internet access? LOLLLLLLLL yall know Tails OS comes pre loaded with a bitcoin wallet right ? -,-
If it’s for longterm, you need to look at some very important things that a lot of people seem to ignore or fail to mention: Inflation. Invest in projects / crypto that are low or deflationary. Bnb=> utility token of the biggest crypto exchange in the world. It’s a more defensive coin because its not that extreme. If the market goes up, itll go up, if the market goes down itll go down but always less heavy then others in both ways. This in combo with a good burning mechanism makes this a deflationary crypto, so in the longrun it’ll go up anyways. => good crypto for your core Btc=> low inflation, well known, benchmark for all crypto. Wether you like btc or not, it’s a must have. Eth=> same thing, low inflation, sometimes deflationary when there’s high usage. Eth = benchmark smartcontracts (see it like microsoft/apple OS). Iaw must have Some others you should check out: Link Aave Cardano Just stay away from memecoins unless you want to actively manage those positions every 5 seconds. They are useless, are insanely high inflationary, dependant on whales pumps and dumps. If the market crashes and stays down for some years, inflation would absolutely flood the market which makes it even worse. Also meme coins make you doubt, because they dont have utility, so they usually get sold at heavy losses.
If long-term storage is what you want, you merely need to create the wallet with as many risk mitigating factors as possible; you do this once. you can either use a fresh USB with Tails OS + Electrum, or a factory-reset phone with no SIM. You back up your seed-phrase, passphrase, derivation path and public master key. You then delete/destroy everything. You export the master public key (xPub). You can then import that xPub anywhere as a "Watch-Only" wallet to receive Bitcoin. You don't need a signing device for that. I use a "Watch-Only" wallet that can generate receiving addresses. I can import my xPub anywhere, on any wallet, on any phone. Currently, I use Bluewallet. I can accumulate Bitcoin and monitor every single transaction. 5 years from now, when I'll inevitably replace my phone, I'll install Bluewallet and import my xPub again. A decade from now if Bluewallet isn't available, I'll use a different wallet and import my xPub there. I don't mean to argue, I'm just passionate about Bitcoin and witnessing how deceptive the marketing for these hardware "wallets" are, and the over-relience on this middle-man, people need to be aware that other options to preserve their multi-generational wealth exists. As long as your aware of that, do what you believe is right with your wealth.
1. Your smartphone has various interfaces, radio and physical, through which it can be hacked 2. It is never offline. It is connected to cell towers even without a SIM card 3. You can't neither control nor verify the software running on your smartphone. Beside the main OS, it has proprietary closed-source code running in radio chips 4. If it is an old smartphone never connected to the Internet, it doesn't have the latest security updates for the operating system and could probably be hacked in 0 clicks by simply connecting it to a computer 5. All the cryptographic operations are done in a general purpose CPU On the other hand: 1. Hardware wallet is a bare minimum device designed specifically for signing transactions, it doesn't have unnecessary unsafe interfaces 2. You can verify the software running on it 3. A hardware wallet uses a dedicated secure chip to store the keys and do the signing
It's just two acronyms. EVM (Ethereum Virtual Machine) OS(operating system)
If I remember this right, 2011 was back in the era when you would mine bitcoin using your computer's CPU with what is now called the **Bitcoin Core** client. There should be a file called **wallet.dat** on that hard drive that contains the private keys needed to "move" or transfer the bitcoin. If you lose that file, you lose access to the bitcoin. Bitcoin Core from that era did *not* encrypt the wallet.dat file, but your friend's father may have encrypted it some other way to keep it safe. See if you can find the wallet.dat file by mounting the hard drive to a computer not connected to the internet. Better if it's a freshly installed OS that has never been connected to the internet. You don't want malware stealing a copy of that file. In parallel to this, install Bitcoin Core on your computer and it will set up a new, empty wallet. Learn how to buy bitcoin on an exchange and move the bitcoin into and out of this wallet. This becomes your learning platform where you can make mistakes and not lose big. When you've learned enough, you can then start working with the really valuable ancient wallet.dat file (on a fresh computer). When you open Bitcoin Core and have it use this file, it will show you the transaction history and bitcoin balance that it holds. Good luck and be patient!
There were no hardware wallets in 2012. You commented that you were using Wasabi Wallet, but that [first released in 2018](https://github.com/WalletWasabi/WalletWasabi/releases/tag/v0.7.0). Also a BSOD is not "a critical failure". It's just the OS informing you that something's wrong. >a computer that has since experienced a critical failure—specifically, a blue screen of death. ...is like saying "my car experienced a critical failure—specifically, an OBD-II code." Which brings me to the most important part: Those em dashes. This post *reeks* of ChatGPT. Idk what your end goal is OP, but you need to get better at this, because you've been shit at it so far.
Ah thanks! There is a 6th level too, the actual libraries/protocols/OS used to run the wallet apps. Although this may not be as much of a concern due to OSS and whatnot. However, there could be fringe cases where library injection occurs, hijacking code or whatever. Another fun fact, private keys are public. The chances of finding a working key are slim, but the chance is there, just from guessing. Check out keys.lol, a centralized list of all btc keys.... Lol.
easy; bitcoin is the ideology of not blinding trusting other people. If you are okay with blind trust, you can just use fiat banks, and trust them to act in your interest. If you are okay with blind trust you can just use windows os; and trust that bill gates will keep your computer free of viruses and malware. Its pretty obvious that blind trust fails every time. The bitcoin ideology of not trusting, is also the open source ideology: Show me the code. \> diving into unknown waters A completely ignorant person at least has a chance of safety with linux. with windows you have zero chance of safety. You will be compromised. Its the same as just holding fiat savings and hoping the value will go up. A person who doesnt understand money is still better off with bitcoin than fiat. Windows, and similar closed source products, are a non-option for opsec. Its a non-starter to use them an expect any safety or privacy. It doesnt matter how hard you try, windows cannot be secured. A completely computer illiterate person has a reasonably good chance of safety on a linux, because it just lacks any easy way to be compromised. While a windows can be backdoored by clicking a single link in an email or on a website. picking up a cheapish laptop and installing a linux on it is super easy. then slap on electrum or wasabi wallet and you are in a good starting place. If you want a hardware wallet, get a coldcard or whatever brand is open source. There is even more you can do if you want higher levels of security; but the starting point is always the same: open source OS with open source wallet. Never compromise there or you will be building a house on a foundation of sand.
If your priority is true cold storage and long-term peace of mind, you’ll want to look deeper than just brand recognition. \- Trezor is widely known, but it’s USB-connected and not fully air-gapped a step removed from pure cold storage. \- Tangem is convenient, but it’s NFC-based and reliant on your smartphone. You’re still introducing a hot element into the flow. If you’re serious about Bitcoin security, look for, 100% offline signing (no Bluetooth, no USB, no NFC), EAL7-certified OS (the highest security certification in the world, No private key exposure, ever (even during setup) That’s where truly air-gapped, QR-based wallets like NGRAVE ZERO stand apart. Designed in Belgium. Manufactured in Europe. No attack surface, no compromises.. You want the Coldest.
Why don't you open an OS repository and document it? That would definitely help a lot of people and increase trust. So no, thanks, I don't have time to waste reading your script.
Didn't those Covid apps require an official API to be released by Apple/Google specifically to enable the contact trace use case? I understand that something like this would be possible to implement on an OS level. I just suspect that this wouldn't fly if an app tried to do it.
"They are smart UPS units—programmable, updatable, and capable of communicating directly with the election system **via USB, serial port, or Ethernet.** ES&S systems, including central tabulators and Electionware servers, rely on Tripp Lite UPS devices. ES&S’s Electionware suite runs on Windows OS, which automatically trusts connected UPS hardware." Reading comprehension.
Can none of you read, at all? "They are smart UPS units—programmable, updatable, and capable of communicating directly with the election system *via USB, serial port, or Ethernet.* ES&S systems, including central tabulators and Electionware servers, rely on Tripp Lite UPS devices. ES&S’s Electionware suite runs on Windows OS, which automatically trusts connected UPS hardware." They're not communicating via a power cord. My god. The work is all done for you and you still can't grasp it.
They're more secure than computers, but they're an unnecessary risk with a wide attack surface depending on the various apps you install, what sites you frequently visit, how up to date the OS is. If you're using a shitcoin software wallet on top, your risk just compounded two-fold, because they're prone to hacks, scams and deceptive tactics via shit like "contracts". The function of a hardware wallet is to keep your seed-phrase completely offline and only allow transactions to happen with the hardware wallet. Thus, mitigating the risk to 0.
I'm not sure if this has been emphasized enough: Whatever you do, **don't just delete the wallet with your seed phrase in it**. Otherwise, you will never be able to do anything with the bitcoin you receive. You need to have the seed phrase recorded in some form. Make sure it's stored in as secure a manner as possible, since if anyone finds it, they will be able to "restore" the wallet and steal your coins, and you most likely won't know they found the seed phrase until it's too late. And yeah, a hot wallet is potentially insecure. It's best to avoid generating the seed phrase on a system that is connected to the Internet, or even that *will* be connected to the Internet, in case some malware captures the sensitive data and uploads it somewhere later. > buying a cold wallet would cost me a lot "Cold wallet" is not the same as "hardware wallet". "Cold" just means not having an Internet connection. If you can't afford a hardware wallet, there may be other possible solutions. Not as good, probably, but maybe good enough for your purposes. If you have some sort of PC, you can use a "live operating system", which should reduce malware risks. 1. Take a bootable medium, like a USB drive, and put a live OS on it, with suitable wallet software installed. 2. Shut down. 3. For extra security, disable the network capabilities at as low a level as possible (if by chance you are connected solely through a wired connection, or you use wireless but the adapter is not built-in, just unplug it; if you're connect through wireless with a built-in adapter, though, disabling it would have to be at the BIOS/firmware level). 4. Boot the live OS. 5. Run the wallet software, and use it to create a new wallet. 6. Write down both the seed phrase and the xpub/zpub (used to generate the watch-only). 7. **Test that you can restore from the seed.** If this fails, generate a new wallet, and try again. 8. Write down the first one or two addresses in the wallet. 9. Shut down (and re-enable Internet if you disabled it before). 10. Create your watch-only based on the xpub/zpub. Check that the first one or two addresses match what you wrote down before. What is suitable wallet software? Well, a popular choice is [Electrum](https://electrum.org/). Do note, however, Electrum generates its own seeds that are incompatible with the BIP 39 standard most other wallets use. So only use it if you plan to use only it when you eventually need to spend the coins. You can still use many different applications for the watch-only. Another choice I can vouch for is [Sparrow](https://sparrowwallet.com/), which does fully support BIP 39, so you would be able to use most any other wallet for spending later. It's less popular, though, and is less likely to be installed in a live OS image. Expect to have to install it yourself, and maybe an appropriate Java VM as well; you could download it/them from within the live OS (but only if you haven't disabled Internet), or put the downloadables on the medium beforehand. The interface is also less straightforward, though there is documentation (you may ignore the parts about configuring a server for now).
I bought an NM miner that came without any OS on it, so I had to flash the firmware onto it. I got it working by itself, but It felt like I was missing something, so I looked into getting a screen. I got a screen for the esp32 board I have but I found out later that my board is so heavily modified it would be almost impossible to add a screen to it, because it wasnt meant for tampering. I tried to make the screen work and I emailed NM Miner to try to get the pinout because they didnt label any of the pins. After I got that I got the screen to be white when its turned on but this just hasnt been done with this board before so its very difficult to figure it out with no help on something I know nothing about. I somewhat gave up on the screen part, I will probably just try to get a mineable esp32 board and try to make a crazy solo miner, instead of a plug and play esp32.
I like to have heavy weight on BTC and then a little ETH staked and SOL staked. Because we don’t know which one might actually become the OS for blockchain.
Pretty sure anything malicious monitoring keystrokes doesn't care if it's a keyboard or otherwise. The key input is being grabbed at the OS level.
Being Dutch, I used to be an active member of the tech-site [Tweakers.net](https://tweakers.net/). Through the forum I came across [this video](https://www.youtube.com/watch?v=GmOzih6I1zs) in a mining thread ([still a fun read today]()), which got me experimenting with mining on simple CPUs at the time. I was about to switch jobs, and since mining on my desktop was way too slow, I (stupidly) decided to use the terminal servers of my employer to mine. That was a terrible idea: I got caught and lost my job on the spot… Luckily, this was just two weeks before I could start at my new job. At my new job, I was responsible for prepping laptops and desktops for new hires, so I had access to a lot of (powerful) systems before they were handed out. Just before a laptop or desktop went to a new colleague, I would reimage it with a fresh OS and hand it over. Nobody would ever know. :) Eventually, I switched to my first real miner: a BitForce Jalapeno (10 GH/s) that mined about 0.5 BTC per day. I paid around €250 for it and put it in the comms room at work (I worked in IT, so I had server room access) to avoid paying for electricity. I was young, had no sense of responsibility, and in hindsight took a lot of risks, but I truly believed BTC could change my life. Over time, I managed to accumulate a decent triple digit stack of BTC and never sold a single coin. Then in 2014, I lost everything in the [Mt. Gox hack](https://en.wikipedia.org/wiki/Mt._Gox). I also never received any repayments. This completely crushed me, and I stayed away from crypto for a long time. It wasn’t until the 2021 bull run that I found myself interested again, but this time more in alts and shitcoins. In the end, I guess crypto really taught me how to lose a job, lose all my coins, and still get rugged years later – all without ever having to pay for electricity. So technically, I mined “free lessons for life.”
compare to linux: it was meant as an OS for nerdy coders who compile the software for their 80386 computer directly from the sources. These days, it doesn't just run on intel CPUs, and you don't need to know anything about compilers. It's preinstalled on most routers and other network hardware, and you can download ready-to-run images to boot from any USB stick. Does this mean linux has failed it's original intention? I doubt so. I'd say, it's grown beyond it.
In a world where privacy and security become increasingly important and increasingly compromised, I become increasingly bullish on GrapheneOS. And the newer Pixel phones (Graphene only runs on Pixels) have good hardware support for local AI, etc. If you're not running open source OS's on everything, what are you doing? I think this is probably gonna be considered too off topic for this subreddit, though.
The laptop doesn't have to be old, I only said old because it will be used only for a single purpose (as a cold wallet). Using a USB drive instead of a DVD is fine too, but with USB there's a greater risk that someone could tamper with it and, for example, make the random generator used for creating the seed not random anymore. > What would be the drawbacks if I unplug my PC internet cable and wifi dongle, and boot Tails OS directly from the USB drive? It would probably be just as secure, but since you're doing it on your daily desktop, you can never be 100% sure that nothing unwanted has tampered with your boot process or the operating system you're loading
This is similar to how I am thinking of doing it. You are recommending burning the iso on a DVD, why not use Rufus and a USB drive? And is it important to use an old laptop? What would be the drawbacks if I unplug my PC internet cable and wifi dongle, and boot Tails OS directly from the USB drive?
Because thats whats currently happening. How many retail giants exist now? Its just amazon. How many OS companies exist now?? Its just apple and MS now. The giants can afford to eat the little guys so they will always be the last one standing
>I keep a decoy seed with a little bitcoin on it in my documents to ensure my OS has not been compromised. Hah! A wallet canary, nice. 🤓 Definitely stealing this— Err, the idea 😅
That cold card is not going to export the key, regardless of direct connection. And far more important than connection type, is your OS hygiene. Dual boot so you're not bitcoining in the same environment that you game or run pirate or free software. Preferably a security-focused linux distro like Fedora. I keep a decoy seed with a little bitcoin on it in my documents to ensure my OS has not been compromised. And so I use my cold card va usb because it is way more convenient and I'm safe as houses already.
There's no function within the software to allow for private key extraction. (*Expect for Ledger devices, because fuck them*) You cannot update the OS remotely with a hacked version, as the bootloader will detect this and inform the user accordingly. Yes, it feels weird connecting a hardware wallet to a computer, but HWWs are basically dumb vending machines. You insert a bitcoin transaction and it'll sign it; you insert anything else, and your HWW won't even know what it is, let alone execute it. If that weirds you out, go with an airgapped HWW.
Yeah there's definitely something awry about it. "fake link, fake call" what does that mean? Did he download something? There's tons of malware but you don't just click a link and get your wallets drained. There *technically* are ways for a sophisticated enough attack to take place where you literally click a link and it initiates drive-by download installing malicious code or spyware etc. But that's exceptionally rare, exceptionally targeted and requires preexisting weaknesses in the system. This is state-sponsored level of sophistication that costs way too much. He must have done something in order to get drained like that. Threat actors are no joke but the teams working on OS, browser and wallet security aren't amateurs either. Usually it requires (you) to do something in order to initiate the scheme or activate the malware. You don't just click a link and get drained unless you've been specifically targeted for a while by an entity with massive resources.
fair enough I will be starting my first node project soon.Any recommendation on hardware? and OS? (UK)
And [smart contracts are coming to Litecoin](https://x.com/BTC_OS/status/1928074743472869441) soon 😁
Why do you think Sparrow on live OS has better random number generation than a hardware wallet? Why do you think an anonimized browsing OS can double as secure secrets management OS?
I know it is a meme at this point, but be patient. It still is the most decentralized crypto that is programmable. There still is a lot of big financial players who are investing into Eth future and developing on top of it. I view it as comparable to Linux. Mainstream just wants an OS that works for desktop. Big companies build their servers on Linux. Normal users have a hard time understanding why. Ethereum has expanded to be so complex that very few see the full potential of such a system. One of the things I believe it will be used for is to reliably and anonymously verify votes. For boards, city councils and even nation states. These applications are barely in the experimental state, but already solve some very real and complex problems. Right now the project has grown so complex that it is hard to sell. IMHO the project is on a very interesting path.
Great question—and you’re absolutely thinking in the right direction. Phantom and MetaMask are great for daily use and DeFi, but **they’re hot wallets**, meaning your keys are always online. That’s fine for small balances or active trading, but for **long-term (10–15 years) storage?** That’s risky. Hacks, device theft, OS vulnerabilities, browser extensions—too many variables. # 🔐 Hardware Wallets: The Safer Path Yes, hardware wallets are much safer for long-term storage. They store your keys **offline**, drastically reducing the chance of them getting stolen. But your concerns are valid: # ❓“What if the device physically breaks?” If you’re using a traditional hardware wallet like Ledger or Trezor, you recover your crypto using the **seed phrase** you backed up when setting it up. So even if the device fails, you can restore your wallet on a new one—as long as you have that seed phrase. **Problem?** The seed phrase becomes the weak point. If it’s lost, stolen, or exposed, you’re at serious risk. And paper fades. Metal backups can corrode. It’s a lot to plan for over a decade. # ✅ What I Personally Recommend: Cypher rock Cold Wallet I switched to a **Cypher rock X1** for long-term holds, and here’s why I think it’s one of the best for 10–15 year storage: * **No seed phrase** at all — It uses **Shamir’s Secret Sharing** to split your private key into **5 pieces**: 1 vault + 4 smart cards. You only need **any 2 parts** to recover your funds. So even if one breaks or is lost over time, your crypto is still safe. * **Redundant and durable** — Unlike a single paper or metal backup, Cypherock’s setup builds in resilience. Store pieces in different places (fire-safe box, trusted family, etc.) to protect against theft, damage, or natural disasters. * **Open-source and security-audited** — Reviewed by KeyLabs & WalletScrutiny. No hidden backdoors. * **Future-proof features** — Supports over 18,000 assets, dApp interaction, and even has a legacy/inheritance system in the works. # Final Thought: If you're planning for 10–15 years, **decentralization, redundancy, and no single point of failure** are what matter most. Hot wallets don’t offer that. Traditional hardware wallets do, but rely heavily on a single fragile seed phrase. **Cypher rock** solves that middle ground by giving you recovery options without exposing your entire key in one place.
tldr; Tether plans to open-source its Bitcoin Mining OS (MOS) by Q4 2025 to enable new miners to enter the market without relying on costly third-party vendors. CEO Paolo Ardoino described MOS as scalable, modular, and built with a peer-to-peer IoT architecture. The initiative aims to promote decentralization within the Bitcoin ecosystem, complementing Tether's previous efforts like partnering with the Ocean mining pool. The open-source software will support existing mining infrastructure, enhancing competition and network security. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Pengycoin Built a crypto centered OS. Partnered with Solana Mobile. Lowcap, check them out: Pengycoin.com
One way you could do it is to get the PSBT in debian, then use a separate tool to generate a fixed QR code from the PSBT, then capture that on a phone, to then transfer on the other OS. Or you could literally write down the contents of the PSBT then type it back. Have you tried using tools like [this](https://github.com/tony-xlh/QRTransfer/)? Basically scan the animated QR, then display it back after switching OSes.
Look up public pool. You can host your own instance of that which talks to your node and to your asic. The easiest way would be to use some server OS like umbrel or Start9. They have one click installs for the node and pool software.
Yea your right..I even asked chat gpt how to over come naturally skeptical bitcoiners. It is a difficult problem. Chat gpt suggested: like wallet hardware, trng..I need to build things that I can show people how to verify themselves. Possibly make a free pdf or video, showing how to flash the OS, and format the ssd, that way. U dont HAVE to trust, you can verify. That's what im really trying sell...self sovereignty. Im just provding the tools. I appreciate your constructive criticism.
Yeah, but much better to generate it offline. A hardware wallet will do it for you. Alternately a laptop with a fresh OS install and wifi turned off. Point being the keys on your hardware device should never have been connected to the internet in any way, shape, or form.
> Then continued to lose until IOS. Which is based on Mac OS X. >Unlike Bitcoin. So what are Liquid, Ligthning, Rootstock, Stacks etc? Taproot allows for on chain stuff like Ordinals and BRC-20. Any functionality Ethereum has can be built on top of Bitcoin. >So wait, when it makes Bitcoin look good, we look at activity and usage. When it makes Ethereum look good, we pretend it doesn't exist or doesn't count. That pretty much your philosophy? Ethereum has Bitcoin above it. There's nothing above Bitcoin.
I partially agree with you, but not at the main point that HWW are useless and only existent to be sold. The real risk is, that your OS, doesn't matter which, getting compromised and your PK gets stolen. A HWW will eliminate that risk. Personally I took it a little too far in securing my environment, but mainly because I have the knowledge and I had fun with the project. Environment : Notebook with proxmox, pfsense as a VM to control Net traffic/access, Modified, LUKS encrypted Ubuntu desktop as a VM with Application firewall, Vaultwarden LXC. The notebooks monitor and peripherals are connected to the Ubuntu VM, so you cannot see or recognize the rest. At every shutdown/reboot the Ubuntu VM is getting reset to a snapshot. I'm thinking about also making the file system read only with a pre-boot Trezor Suite update. But doesn't matter, what I wanted to say and show is, that I also like to have a secured and clean environment, but a HWW will add the security directly on your PK.
> Using practically the same interface. MS started over also with their OSs. They won before they started over. They won after. Apple won, then lost, then started over. Then continued to lose until IOS. > Anyway an OS is an OS, not a protocol. Right, and both have in common... people build things on them! Unlike Bitcoin. > Which might be Ethereum judging by it puny market cap (compared to Bitcoin's). So wait, when it makes Bitcoin look good, we look at activity and usage. When it makes Ethereum look good, we pretend it doesn't exist or doesn't count. That pretty much your philosophy?
Don't use hardware wallets. They are useless but heavily shilled by people who have something to sell you. They cannot and will never make it safe to use bitcoin on windows. The OS is what matters; hardware wallets can't change that. Get a Linux computer, use an open source software wallet, you don't have to buy anything from anyone.
>The entire operating system codebase that existed at that time was scrapped and relaunched with OS-X in 2001. Using practically the same interface. MS started over also with their OSs. Anyway an OS is an OS, not a protocol. >You can't be a protocol when no one builds on or uses your system. Which might be Ethereum judging by it puny market cap (compared to Bitcoin's).
> And yet Apple eventually prevailed. Every computer OS company that existed at that time failed, including the version of Apple that was dependent upon Macintosh OS, the Apple-II, and the LISA. The only reason apple even exists today is the ipod and iphone. > TCP/IP is far from perfect yet is still the preferred internet protocol. Bitcoin doesn't have to be perfect to keep its crown. Protocols are hard to usurp. You can't be a protocol when no one builds on or uses your system.
I mean yes i guess I COULD but for starters. Its all open source. You can inspect everything. And next. Im just a pleb like you trying to provide some bitcoin related services. What do I have to gain by shooting my income opp in the foot , so to speak. I thought about bitcoiners neutral paranoia..believe me..but we all trust umbrel and start 9..to down load and flash and run the code they tell us is the OS.
I have 0.04 in a wallet I have no idea how to access as the software it was on is outdated and no longer runs on the OS :(
Let’s pump this!! Come on, it ain’t your average useless shitcoin. This is a legit project with goals and vision. It will become the operating system for all crypto users! The preferred OS interface for all crypto related transactions and news. We just need support to build more. This is a project that literally takes suggestions and input from the community. So we can turn this into whatever crypto users need. Please think about the possibilities. An OS like Ubuntu or Windows, but centered around trading/investing in crypto and current news, stats, and games. Because in the end PengyOS should be about having fun while navigating the world of crypto. I know the transaction volume is low, but we continue to build. But she also need new talented and ambitious holders that are willing to contribute to its growth. Just check it out and imagine how big it can become. Right now it has a crazy low market cap considering what already is, and the growth and possibilities are endless. We are here to stay. No matter what PengyOS will exist and grow. You don’t want to fade this, because you’ll regret it. It should easily be at a 1-10million mcap based on what it already is. Don’t miss this incredible entry price!
Not as stupid as commenting "fucking Americans" on an American platform, using device likely running OS designed by an American company on microprocessor likely designed an other American company.
Maybe better to run the OS(umbrel or whatever) directly on a Bootable 2tb. Then it's only 1 USB and reboot. Boom!
Sure, a Trezor is probably somewhat more secure than an old laptop that has had the networking hardware disabled or removed and is running Electrum under a Linux OS. But in comparison to the security level of using a wallet on a connected device, the difference is not that high. In any event, the greatest security risk with any wallet, including the Trezor line has nothing at all to do with the hardware -- it's how the end user protects their seed phrase and/or private keys from loss or inadvertent disclosure. I'm curious if you have any examples of a serious attack against a dedicated and air-gapped laptop wallet that aren't valid against a hardware wallet.
So here's the thing, which might get me shot, actually probably will, but I don't give a toss: if I didn't design it, and build it OR its a machine with an OS I know the ins and outs of, it ain't going to have my wallet on it. End of.
I use Trezor on my MacBook just fine. Their Mac OS software is sleek and updated frequently. No issues.
I use iPhone and Mac OS. So, it does look like Trezor won’t be good for me, as my previous research has shown. Thanks for confirming. Appreciate it.
I think I recall that on Trezor’s website, that they said they don’t support both iOS and OS. They only support one of those (can’t remember which one, thought I think they said they do not support OS). I need my wallet to support both. Am I mistaken?
There is nothing wrong with that. All I am really saying is if you are building smart contracts, wouldn't you want to use the best? Right now, Hedera Consensus is being utilized by SpaceX, Nvidia chips, Decentralized physical infrastructure (DePin) like Neuron, Carbon credit market/ supply chain OS named Dovu, and also a killer borrow lend platform, DEX, and all that. Dovu migrated from etherum to Hedera and was recently awarded 2 different billion dollar contracts in the last month. The price of Dovu tokens shows that, it is up 175% in the last month and still climbing because it is something innovated, and all through Hedera. Neuron will be another big player. Also WiseKey and SealSQ are utilizing Hedera as well, and they are also big players. Most people don't even talk about Hedera because they don't want to admit that there is a DLT out there being used by real business that is not a blockchain. And there is good reason that companies are using Hedera, partnering with Hedera. And the developer community is very helpful and not at all some centralized network masquerading and decentralized.
Modern CPUs absolutely, but how modern OS uses them it is another story. There are several random number generators, mostly pseudo-random, with seeds from time, decay of isotopes, mouse, keyboards, .... If after that they continue using ECC, there might be a back door.
Mnemonic is a backup. A nice feature a "wallet" has is the ability to securely sign transactions. A hardware wallet does that very well. Creating all the "secure" "offline" "air gapped" signing environments every single time without error can bite ya. Some people have never booted from a live OS USB.
An app can work just fine for such a small amount. If you get a significant amount, like a years salary, you might want to upgrade to something better. I would suggest being wary of hardware wallets. People like them because they are easy, but in truth they are less secure than your phone. The reason is that windows is the core problem, and the hardware added to windows can do nothing to make windows safe or secure. In fact nothing can make windows secure, no virus scanner or firewall or anything can help. If you use windows with bitcoin you will eventually lose it all. So dont make that mistake, no matter how many hardware wallet shills comment at you. If you want higher levels of security: you need a linux computer and an open source wallet like electrum. Open source is the key to bitcoin security, most importantly at the OS. Avoiding closed source is the key to security, at all levels.
The laptop doesn't matter that much as the OS. Don't use windows. Install whatever linux distribution you like selecting full HD encryption on setup. For full bulletproof privacy you should also run your own node and setup sparrow to only use that for transaction propagation and block explorer.
Malwarebytes is a pretty powerful tool. The free version allows scans and removal power. Depending on the malware It should be enough to scan, remove, restart the computer and scan again. But formatting the ssd and reinstalling the OS is the safest route. (I will now share more esoteric information. It shouldn't worry you) There are extremely rare cases (maybe 0.0003%) of malware that penetrates down from OS level into the firmware itself in which case a new OS isn't enough.
No definitely get a hardware wallet first. When you buy your bitcoin move it to the wallet immediately. You don't want to be waiting weeks for your wallet to arrive in the mail while your bitcoin sits on an exchange. Your exchange account could be frozen, or the exchange goes insolvent, or it gets hacked and you lost all your money. If you want to do this the right way, have a wallet ready and take your btc into self custody immediately. Since $5,000 is a lot to you, you shouldn't risk keeping it on an exchange or even a software hot wallet. Hardware wallet is the best security. Order your hardware wallet directly from the manufacturer's website. Do not order through a 3rd party like Amazon because the wallet could be tampered with. Whatever wallet you choose, make sure it's open source, bitcoin only. If you're not able to order a hardware wallet from where you live, there are other ways of setting up an air gapped wallet like Tails OS + USB stick + Electrum software wallet or build your own and install seedsigner software. You just need a raspberry pi 0 and and a small lcd screen.
It's understandable that you're feeling frustrated and confused by this situation. Losing access to your crypto assets is a serious matter. Let's break down the information you've provided and explore potential explanations for how your wallets might have been compromised. Analyzing the Transactions: * METAMASK: The rapid swapping to ETH and subsequent transfer using Mimic:Swapper suggests an automated process likely initiated by a malicious actor who had already gained access to your wallet. The similar timestamps for the ETH and BNB transactions to the same address point to a coordinated action. * TRUST WALLET: The dormant nature of this wallet for over a year with no recent connections makes this particularly concerning. The near-instantaneous activation and draining of XRP to a newly created account ("register") strongly suggests a direct compromise rather than interaction with a malicious dApp in the recent past. * PHANTOM: The swapping to Solana and the Bitcoin transfer to a separate address indicate the attacker had broad control over your wallet. The mention of "arbitrage bots" in relation to the Bitcoin transfer might be a red herring or a detail the attacker left behind, but it doesn't directly explain the initial access. * KEPLR: The ability to transfer Akash and initiate un-staking actions shows the attacker had full control over your account within the Keplr wallet. The fact that you could cancel some un-staking but not the Akash suggests the attacker acted quickly. Potential Attack Vectors: Given your precautions, the most likely scenarios involve a compromise that bypassed your recent interactions: * Compromised Seed Phrase (Past Exposure): Even though you haven't shared it recently, your seed phrase might have been compromised in the past. This could have happened through: * Phishing Attack (Past): You might have unknowingly entered your seed phrase on a fake website sometime ago. * Malware: Malware on your computer or phone in the past could have logged your keystrokes or clipboard data when you entered your seed phrase. * Compromised Backup: If you stored your seed phrase digitally in an unencrypted or poorly secured location (e.g., notes app, email), it could have been accessed. * Compromised Device: It's possible that your computer or phone was compromised by malware that allowed the attacker to gain persistent access to your device and monitor your wallet activities, even without you actively connecting to websites. This malware could have: * Keylogger: Recorded your keystrokes when you unlocked your wallets. * Clipboard Hijacker: Swapped the intended recipient address with the attacker's address when you tried to make a legitimate transaction in the past. * Remote Access Trojan (RAT): Allowed the attacker to remotely control your device and initiate transactions. * Vulnerability in Software: While less likely given the simultaneous compromise across different wallets, a zero-day vulnerability in the wallet software itself or a core dependency could theoretically be exploited. However, such widespread exploits are usually quickly identified and patched. * SIM Swapping: In a SIM swap attack, the attacker convinces your mobile carrier to transfer your phone number to their SIM card. This allows them to intercept SMS-based two-factor authentication codes, potentially granting access to accounts linked to your phone number. While this wouldn't directly give access to your wallet seed phrases, it could be used in conjunction with other compromised information. Addressing Your Hypothesis: Your hypothesis about importing a compromised wallet into another wallet and gaining access to pre-existing accounts is incorrect. Each wallet within Metamask, Trust Wallet, Phantom, and Keplr is independent and secured by its own private keys derived from the seed phrase used to create or import that specific wallet. Importing one compromised account into a wallet application would not automatically grant access to other unrelated accounts within the same application. Deleting the compromised account from the wallet application would prevent you from accessing that specific account through that application, but it would not revoke the attacker's access if they have the private keys or seed phrase for that account. They could simply import it into another wallet elsewhere. Regarding the Trust Wallet XRP Transaction: Yes, the timestamps strongly suggest that the attacker created the "register" account and drained your XRP within approximately 19 seconds (4:10:50 UTC - 4:10:31 UTC). This rapid action further supports the idea of a pre-existing compromise (like a known seed phrase) that allowed for immediate exploitation upon the new account's creation. Recommendations: * Secure Your Devices: * Run a full malware scan on all devices you've used to access your crypto wallets. Consider a clean OS install for maximum security. * Ensure your operating system and all software are up to date with the latest security patches. * Be extremely cautious about clicking links or downloading files from untrusted sources. * Revoke All Permissions (If Possible): Although your funds are drained, it's still good practice to revoke any website permissions connected to your wallets (if you can still access the interfaces). * Generate New Seed Phrases on a Clean Device: For your new Ledger hardware wallet and any software wallets you decide to use, generate entirely new seed phrases on a clean and trusted device. * Use a Hardware Wallet (Ledger or similar): This is the most crucial step moving forward. Hardware wallets store your private keys offline, making them significantly more resistant to online attacks. * Be Vigilant: Continue to be extremely cautious about phishing attempts and only interact with trusted websites. Double-check URLs carefully. * Consider Reporting: Depending on your jurisdiction and the amounts involved, you might consider reporting the incident to local law enforcement and potentially the cryptocurrency exchanges involved (although fund recovery is often difficult). It's important not to blame yourself excessively, as these attacks can be sophisticated. However, learning from this experience and implementing strong security measures is crucial for protecting your assets in the future. Investing in a Ledger is definitely a wise step.
Damn bro that sucks. Sorry for your loss, and hate to say that you fucked up by generating a wallet on a website. You probably realise this now, but jesus this approach was wrong. Really the best approach is to get a hardware wallet. If you must take risk to save 50 bucks on the hardware wallet, download and install Tails OS on a USB stick, boot from that, generate the wallet address through electrum (in offline mode, which is default on Tails OS).
> 25-50 coins mined in 2010-2011 > Forgets > HDD formatted and new OS installed > Remembers in 2014 > :(((
It is on. Banking apps never auto update though. Always got to fetch. Point is, that it's not going to be straightforward for either side, especially if there are new authentication flows and storage models. Testing is always a mare, might have to update your device's OS first to reach compatibility level, back-end node upgrades, vpn etc. Much to plan and think about for everyone, a lot of dependencies and getting all that communicated. If your comms still work, of course! We have to trust that there are people thinking and planning for all the things, front- and back-end.
Yeah my credit was already frozen from the 2024 NPD breach. I also have physical 2FA on all mobile OS, emails and banking etc. But what's more concerning is photo ID's were included in the leak, along with USD balance. That alone is enough to incentivize crazies to try and show up and peoples doors.