Pages:
Author

Topic: Can't send money from Electrum Wallet (Read 367 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
December 22, 2020, 03:41:25 AM
#22
NotATether - “In general, services should not be giving people QR codes as a recovery option”

I hope you never need something recovered in future, and if you do, that you can do it by verifying yourself. I’d hate to think that someone’s bitcoin could be lost and unrecoverable because a service they’re using refuses to help them if they get stuck.

You misunderstood my point. I said that rather offering QR codes, they should've been providing one-time passwords from the beginning. It's similar to something Google already does; They give you 10 codes that look like this:

12345-67890

Which are shown on their creation, which you are to store somewhere safe, and they are never shown again. And each of them can only be used once (which for 10 codes makes 10 recoveries)

It is more secure than the entire system of providing QR codes. I never said they shouldn't have given you the QR code.

For TrustedCoin this would have provided protection in case the email account that they send the QR code to is compromised, because it is actually very easy for somebody to gain access to someone's email if they have control of the recovery email associated with it, or (particularly with Gmail and Outlook) the date you signed up, your previous passwords, date of birth etc.

Actually I can apply this suggestion to any site that sends you a code to recover a forgotten password, which is the majority of sites. But most of those sites do not store people's money in them so this reduced security is acceptable.

Personally, when money is on the line I wouldn't feel comfortable using a service that is able to recover my wallets through email, because that system can be compromised and recovery codes stolen, and I'd rather that I'd be able to do so by using a means that malicious third-parties can't access e.g. OTPs and seed phrases (which by the way I'd also expect online banks to support but they are very very behind on this unfortunately).
newbie
Activity: 6
Merit: 2
December 21, 2020, 04:26:59 PM
#21
So many assumptions Smiley

TryNinja thanks so much for your insight, very helpful indeed. The world needs more people like you Smiley

Yes - to those who suggested it, I DID manage to somehow setup multiple wallets with different mnemonic codes. One of which had an extended seed with custom words, the other didn’t. I don’t know how or why I did that on setup (possibly because I hardly knew WTF I was doing) but I now realise my mistakes.

I must have deleted trustedcoin listing from my Authenticator (I guess I must have thought it was dodgy as there was no reference to Electrum and I don’t recall their name ever being used. The exchange I was using got hacked so I was a nervous I guess). Anyway, I contacted TrustedCoin and because I used the same email address that I signed up with, they sent me a new QR code and also confirmed that I had multiple wallets setup. I notice now the listing in my Authenticator shows as ‘trustcoin/electrum’. Which would have been nice initially, and should hopefully help any others avoid this same problem.

I then tried to complete a transaction and it failed (got a server error). Went back to TrustedCoin with the error, who could see that I was using an older version of Electrum. They suggested I update Electrum and so I did and BOOM, all worked perfectly fine!

So i managed to get it sorted, YAY. Thanks for everyone’s help.

NotATether - “In general, services should not be giving people QR codes as a recovery option”

I hope you never need something recovered in future, and if you do, that you can do it by verifying yourself. I’d hate to think that someone’s bitcoin could be lost and unrecoverable because a service they’re using refuses to help them if they get stuck.
legendary
Activity: 2268
Merit: 18771
December 19, 2020, 04:53:56 PM
#20
So, bascially.. the whole reason for a 2FA option is completely negated by that business practice.
Most people use 2FA completely incorrectly across the board.

Having both the wallet file and the email account username/password or logged-in session stored on the same computer completely negates the point of 2FA, as you say. However, people do the same thing with exchanges and web wallets (for example), with the log ins for both their exchange account and their email account which they use for 2FA both saved in the same browser on the same device. Or they use an authenticator app on the same device as the exchange app they are logging in to, or an SMS sent to the same phone they are logging in to the web wallet from, or so on. The majority of uses of 2FA are not 2FA at all. Most people simply use 2FA to protect themselves from the fact that they have chosen a short, non-random password which they have likely used across multiple accounts as opposed to providing real protection from a compromised device.

When it comes to Electrum, using 2FA in this manner makes even less sense since your wallet cannot be hacked in the same way an online account can be. The only benefit I can think of is it would have protected against the malicious Electrum 4.0.0 malware provided the 2FA was already in place, and it would offer some protection to anyone stupid enough to back up their wallet file on some cloud server.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
December 19, 2020, 11:03:37 AM
#19
So, bascially.. the whole reason for a 2FA option is completely negated by that business practice.

If the used device is clean, no 2FA is necessary.
If the used device is compromised, the 2FA won't protect in most practical cases. An edge case would be that the mail account used is only accessed through a single clean device. And at that point, we are already far away from a simple to use 2fa wallet.

In general, services should not be giving people QR codes as a recovery option. That's why one-time passwords exist, so that someone can request a few at wallet creation, authenticate with one of them when they forget their 2FA and move their whole balance to a new wallet.

I doubt that TrustedCoin will add support for one time passwords though.
legendary
Activity: 1624
Merit: 2481
December 19, 2020, 10:45:20 AM
#18
Update: just got an email back from Trusted Coin after I asked about their instance on the matter.
[...]
2. In certain instances, if a user has lost both their authenticator and their seed, but still controls the email address that they provided when they originally created their wallet, I can send that signup email (and only that signup email) a recovery QR code.


So, bascially.. the whole reason for a 2FA option is completely negated by that business practice.

If the used device is clean, no 2FA is necessary.
If the used device is compromised, the 2FA won't protect in most practical cases. An edge case would be that the mail account used is only accessed through a single clean device. And at that point, we are already far away from a simple to use 2fa wallet.
legendary
Activity: 2268
Merit: 18771
December 19, 2020, 03:02:18 AM
#17
The new wallet I made, using my seed to recover, shows as no funds in it.
Does this recovered wallet show the same addresses as your 2FA wallet?
If yes, it means you new wallet is simply not syncing up properly.
If no, it means you have either used the wrong seed phrase, or you used a passphrase which you have not entered.

Are you 100% sure the seed phrase you have written down is for this wallet? Do you have any other seed phrases backed up anywhere? When you created the wallet, did you extend it with any custom words?
legendary
Activity: 2758
Merit: 6830
December 19, 2020, 01:14:07 AM
#16
At this point, your best only option is to email TrustedCoin from the same email address that was originally used when creating the 2FA wallet. If you are able to provide sufficient proof of ownership, they may be able to reset the 2FA code (or provide the old secret key) for you.
I definitely wouldn't rely on getting the code recovered.
Update: just got an email back from Trusted Coin after I asked about their instance on the matter.

Quote
1. If a user still has their seed, it's possible to configure a new authenticator by restoring their wallet from the seed

2. In certain instances, if a user has lost both their authenticator and their seed, but still controls the email address that they provided when they originally created their wallet, I can send that signup email (and only that signup email) a recovery QR code.

legendary
Activity: 3710
Merit: 1586
December 18, 2020, 06:28:06 PM
#15
The new wallet I made, using my seed to recover, shows as no funds in it.


as in zero balance in the bottom left or forever stuck on synchronizing or not connected?
HCP
legendary
Activity: 2086
Merit: 4363
December 18, 2020, 04:53:03 PM
#14
The new wallet I made, using my seed to recover, shows as no funds in it.
Then, unfortunately, it would appear that you do not have the correct seed mnemonic written down. Recovering from the seed should generate an identical wallet (including all the addresses and funds). If you don't see the same addresses and wallet history, then you don't have the correct seed mnemonic Undecided


Quote
I can still access my original wallet (the one with the funds in) and can see the funds.
That wallet is effectively useless to you unless you have the 2FA code to match it... without your old device that has the 2FA code setup, you're a bit stuck.

With Electrum 2FA wallets, to be able to spend (or recover) coins you need either:

1. 2FA wallet file + wallet password (if any) + 2FA code from authenticator app
or
2. The (correct) seed mnemonic

You don't appear to have either of these things Sad Undecided


At this point, your best only option is to email TrustedCoin from the same email address that was originally used when creating the 2FA wallet. If you are able to provide sufficient proof of ownership, they may be able to reset the 2FA code (or provide the old secret key) for you.
legendary
Activity: 2758
Merit: 6830
December 18, 2020, 04:52:24 PM
#13
But it's also possible that this was a pretty dumb employee who got fired afterwards or that the story wasn't that true at all.
Highly doubt.

Before OP:
2017 - https://www.reddit.com/r/Electrum/comments/7i5h56/resetting_2fa_direct_from_trustedcoin_too_easy/

After OP:
2018 - https://www.reddit.com/r/Electrum/comments/9sekl5/lost_two_factor_authentication_phone_no_seed/
2019 - https://bitcointalksearch.org/topic/m.52959353

I also don't see why anyone would create a fake story about this.
legendary
Activity: 1624
Merit: 2481
December 18, 2020, 04:40:01 PM
#12
It shouldn't, but it is possible. OP just needs to email them from the same email he used when creating the 2FA wallet and they will (most likely) send him a QR of his lost 2FA token.

For reference: https://bitcointalksearch.org/topic/m.28063968

To be fair, there was no other case since then. Or was it?  Huh

I wouldn't trust the post of a single random person too much. I mean, it is very well imaginable that they recovered his code.
But it's also possible that this was a pretty dumb employee who got fired afterwards or that the story wasn't that true at all.

I definitely wouldn't rely on getting the code recovered. And i also definitely wouldn't rely on trusted coin not doing this a.k.a. being relatively secure.
legendary
Activity: 2758
Merit: 6830
December 18, 2020, 02:27:35 PM
#11
This shouldn't be possible.
It shouldn't, but it is possible. OP just needs to email them from the same email he used when creating the 2FA wallet and they will (most likely) send him a QR of his lost 2FA token.

For reference: https://bitcointalksearch.org/topic/m.28063968
legendary
Activity: 1624
Merit: 2481
December 18, 2020, 01:24:36 PM
#10
The new wallet I made, using my seed to recover, shows as no funds in it.

If the recovered wallet shows 2fa but does create different addresses, then it seems like it is the wrong mnemonic.

Do you remember setting up multiple wallets? Did you maybe backup / write down the secret key for the 2FA ?



I'd suggest contacting trusted coin and asking them for the masterprivste to cosign it but im not sure what you'd be bale to use to authenticate yourself.

This shouldn't be possible.
Their service is meant to offer some kind of security. Even if the pc of a user is compromised, no transaction should be possible.
With a "recovery" option, the chance exists that a malicious actor with full control over the users system can recover that key himself. This would be counterproductive.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 17, 2020, 10:11:00 PM
#9
The only other possibility is that you've used a different mnemonic seed for the one with funds than the one you wrote down.

I'd suggest contacting trusted coin and asking them for the masterprivste to cosign it but im not sure what you'd be bale to use to authenticate yourself.
newbie
Activity: 6
Merit: 2
December 17, 2020, 09:34:13 PM
#8
The new wallet I made, using my seed to recover, shows as no funds in it.
I can still access my original wallet (the one with the funds in) and can see the funds.
I am not actually sure what Abdussamad is suggesting? I can't use the authenticator entry as I don't have it setup under Trusted Coin.
I'm also not sure what you mean by "I'd advise on deleting the wallet file with it disabled if the one with it enabled works (and you can't accidentally delete the wrong one)"
Please excuse my lack of experience with this!
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 17, 2020, 09:25:59 PM
#7
Hi thanks for your reply.
Yes it says 2fa on my wallet with the funds in.
With the new wallet. I selected 'disable 2fa' when setting it up, yet it also shows as [2fa]
I'm really confused!

If the new wallet with it disabled has funds in it you can use thst!

If you do as abdussamad suggests, I'd advise on deleting the wallet file with it disabled if the one with it enabled works (and you can't accidentally delete the wrong one).
newbie
Activity: 6
Merit: 2
December 17, 2020, 09:24:40 PM
#6
Hi thanks Abdussamad for your reply.
I am not sure my wallet with funds in is disabled?
I can't see Trusted Coin on my authenticator app. I'm not sure why. Maybe I had set it up on a previous phone? I'm not sure.
All I want to do is send my BTC to another wallet. When I try do that I get asked for 2fa code, which i don't have.
Any ideas on what I can do here?
legendary
Activity: 3710
Merit: 1586
December 17, 2020, 09:20:34 PM
#5
Hi thanks for your reply.
Yes it says 2fa on my wallet with the funds in.
With the new wallet. I selected 'disable 2fa' when setting it up, yet it also shows as [2fa]
I'm really confused!

yeah but you won't need the otp code from google authenticator to spend from a disabled 2fa wallet.

alternatively you could still use the original wallet with 2fa enabled. the google authenticator entry is called trusted coin not electrum so i'm sure that's the mistake you are making.
newbie
Activity: 6
Merit: 2
December 17, 2020, 08:59:27 PM
#4
Hi, to answer your other question.

When I put my seed in, before clicking past it, it says Seed Type : 2fa

I can click on options button, and tick 'Extend this seed with custom words' and 'BIP39 seed'

?
Thanks
newbie
Activity: 6
Merit: 2
December 17, 2020, 08:50:25 PM
#3
Hi thanks for your reply.
Yes it says 2fa on my wallet with the funds in.
With the new wallet. I selected 'disable 2fa' when setting it up, yet it also shows as [2fa]
I'm really confused!
Pages:
Jump to: