Pages:
Author

Topic: [coinb.in] Open Source, Multi Signature, HD Wallet, SegWit/Bech32 and more! - page 3. (Read 74845 times)

legendary
Activity: 1662
Merit: 1050
  • Supports altcoins such as litecoin, but not bcash! Wink

Where is the litecoin support? Cant find any Litecoin option under Network!
hero member
Activity: 714
Merit: 601
[Spam][Spam][Spam][Spam]

@JonnyScience Please don't post your shitty ads here again.

Post deleted.

Idiot.
hero member
Activity: 714
Merit: 601

-- snip --

After some further research, I discovered that someone else other than coinb.in may have had access to a private key.
I will update here once I compile some proof and reveal the identity of the scam artist. Sorry if my original post implied that coinb.in was the perp as it doesn't seem very likely anymore.  Undecided

That's unfortunate that someone else has access to your private keys.

But to confirm, coinb.in has not been compromised and that the source code found on the site and github does not leak your private keys. Aside from its thousands of regular users who i'm sure we'd hear from if there was an issue there are also honeypots in place and scripts regularly checking the files being served (https://github.com/OutCast3k/File-Integrity-Checker) which you can also setup.
full member
Activity: 378
Merit: 107
BCH Wallet: 1PmR3k4cA4YVy7r7RVgYdSjnon2A1aJSLk
I just got 0.048049 BTC lost/stolen because I entered my private keys online trying to sign transactions to spend 0.1999 BTC I had stuck in a 3-of-3 multi-sig address. I managed to receive only

0.131 and 0.008 from https://blockchain.info/tx/bcbd90c0a4d198206865b8cccb227d6166d9b78b3c45d4ee66f8d83c6b69422f

and then from the 0.06 (that wasn't created by me), I received 0.011951 from https://blockchain.info/tx/fea862bdc6e827a0b25ad2d53a64cc3b5d408e27011a01adfbef165b643e8219

The remaining 0.0480377 BTC was sent to https://blockchain.info/address/1KT7sG84birTF2YvW5yP7G4NPeMs7Fcdbh and is lost/stolen

Also, they stole ALL of my 0.1999 BCH that was in https://blockdozer.com/address/33RZTwkqqixKySFim1oSXVcFFBAPUiBwLG

2 out of 3 outputs are yours: 3Lzs3s6p (0.131 BTC) and 1MoTG1qn (0.008 BTC)
but the 3rd isn't? however you've received 0.011951 BTC back to your address 3Lzs3s6p
so the thief sent you back 0.011951 BTC and only stole 0.0480377 BTC
this just doesn't make sense, and why wouldn't he just steal all of them at the first chance he got?
I've been thinking about that and I have a few theories, but it doesn't change the fact that although 0.0480377 BTC was stolen, all the BCH was stolen!
One reason could be that the perpetrator was coinb.in site itself and did that so it can ask the same question you did as self-defense and keep me occupied (trying to figure out what happened) while they steal all the BCH and other forks.

how exactly you created the multisig address in the first place? in 2015
Using Dark Wallet stealth addresses. The three participants (not stealth) can be seen under RELATIONS tab in https://oxt.me/address/33RZTwkqqixKySFim1oSXVcFFBAPUiBwLG
BTW feel free to check out https://www.reddit.com/r/Bitcoin/comments/8i1ev8/help_please_i_have_btc_stuck_in_dark_wallet_080/ Your questions are answered here as well as more info.

why 3-of-3 multi-sig? do you hold all the private keys?
I was a newb back then (still not a pro currently) and was experimenting with Dark Wallet and multi-sig. Of course I have the 3 private keys and that's why I was able to sign and broadcast the transaction with all 3 private keys.

and how did you compose/sign the transaction before broadcasting it?
1) Samurai Wallet dev gave me a redeem script for my multi-sig wallet.
2) I went to https://coinb.in/#newTransaction
3) Entered the redeem script and clicked on Load
4) I entered my outputs and amounts as seen in this screenshot: (screenshot was taken during the process, as I was preparing a guide to help others trying to do the same as me in the future)

5) I recorded the encoded transaction from above and went to the Sign tab (https://coinb.in/#sign)
6) I signed my transaction with all three private keys, one-by-one
7) then I broadcasted the 3 signed transactions
8 ) 0.06 BTC went to the unauthorized output causing 0.0480377 BTC to go "poof" as well as the full 0.1999 BCH amount

edit: just noticed... both BTC and BCH transactions used the same tx fee of 0.0009
As seen in the above screenshot, the tx fee that I assigned was 0.00001 BTC which was supposed to be 4 sats/byte and more than enough at the time. 1 sat/byte would have worked too...
Thank you for your input.

EDIT May 23rd, 2018:

After some further research, I discovered that someone else other than coinb.in may have had access to a private key.
I will update here once I compile some proof and reveal the identity of the scam artist. Sorry if my original post implied that coinb.in was the perp as it doesn't seem very likely anymore.  Undecided
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
I just got 0.048049 BTC lost/stolen because I entered my private keys online trying to sign transactions to spend 0.1999 BTC I had stuck in a 3-of-3 multi-sig address. I managed to receive only

0.131 and 0.008 from https://blockchain.info/tx/bcbd90c0a4d198206865b8cccb227d6166d9b78b3c45d4ee66f8d83c6b69422f

and then from the 0.06 (that wasn't created by me), I received 0.011951 from https://blockchain.info/tx/fea862bdc6e827a0b25ad2d53a64cc3b5d408e27011a01adfbef165b643e8219

The remaining 0.0480377 BTC was sent to https://blockchain.info/address/1KT7sG84birTF2YvW5yP7G4NPeMs7Fcdbh and is lost/stolen

Also, they stole ALL of my 0.1999 BCH that was in https://blockdozer.com/address/33RZTwkqqixKySFim1oSXVcFFBAPUiBwLG

2 out of 3 outputs are yours: 3Lzs3s6p (0.131 BTC) and 1MoTG1qn (0.008 BTC)
but the 3rd isn't? however you've received 0.011951 BTC back to your address 3Lzs3s6p
so the thief sent you back 0.011951 BTC and only stole 0.0480377 BTC
this just doesn't make sense, and why wouldn't he just steal all of them at the first chance he got?

how exactly you created the multisig address in the first place? in 2015
why 3-of-3 multi-sig? do you hold all the private keys?
and how did you compose/sign the transaction before broadcasting it?

edit: just noticed... both BTC and BCH transactions used the same tx fee of 0.0009
full member
Activity: 378
Merit: 107
BCH Wallet: 1PmR3k4cA4YVy7r7RVgYdSjnon2A1aJSLk
Hi,

After going through all the process I wrote about here: https://www.reddit.com/r/Bitcoin/comments/8i1ev8/help_please_i_have_btc_stuck_in_dark_wallet_080/

I just got 0.048049 BTC lost/stolen because I entered my private keys online trying to sign transactions to spend 0.1999 BTC I had stuck in a 3-of-3 multi-sig address. I managed to receive only

0.131 and 0.008 from https://blockchain.info/tx/bcbd90c0a4d198206865b8cccb227d6166d9b78b3c45d4ee66f8d83c6b69422f

and then from the 0.06 (that wasn't created by me), I received 0.011951 from https://blockchain.info/tx/fea862bdc6e827a0b25ad2d53a64cc3b5d408e27011a01adfbef165b643e8219

The remaining 0.0480377 BTC was sent to https://blockchain.info/address/1KT7sG84birTF2YvW5yP7G4NPeMs7Fcdbh and is lost/stolen

Also, they stole ALL of my 0.1999 BCH that was in https://blockdozer.com/address/33RZTwkqqixKySFim1oSXVcFFBAPUiBwLG

I am trying to find out how this happened since I never shared my private keys with anyone other than Coinb.in

Could this have been some coding issue and maybe coinb.in can send my coins back to me?

I sent an elaborate email to Support with all the steps I did including my signed transactions and some error message "18: txn-mempool-conflict" that I got while broadcasting the 3 signed transactions.

Hopefully, they can provide a solution, otherwise, I would strongly recommend that everyone stays away from this site or use only a downloaded offline version if they need to sign transactions with their private keys.

I am using a MacBook Pro and have no malware or viruses that I know of.

Now I am trying to figure out if I can save any of the rest forked coins (since November 2015) before the perpetrator does the same with them.
staff
Activity: 3500
Merit: 6152
so, no one checked the open source code for this  Huh Do I need to buy a hardware wallet or is it enough?

The project has been forked multiple times and people are contributing by reporting issues etc. It should be safe to use. I don't know what you're trying to achieve but a hardware wallet is a must-have for everyone at this point.
hero member
Activity: 1988
Merit: 593
so, no one checked the open source code for this  Huh Do I need to buy a hardware wallet or is it enough?

hero member
Activity: 1988
Merit: 593
I know this, from viruses and the Creator of the operating system user's private key is protected by 100%, but I am interested in the question: can the Creator of the service to determine the user's private key by signature, which introduces by user? The private key cannot be determined from the public address, but is it possible to determine it from the signature?
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
Hi, can the service determine the user's private key by sign, have you checked the public code?
afaik there's no malicious code. the site has been around for quite some time  
you can download and run it offline, you just need to be online to retrieve inputs and broadcast signed rawtx
in between that time, you can compose and sign the transaction while offline
if you really want extra safety, do the signing on detached offline computer and use USB as an intermediary
hero member
Activity: 1988
Merit: 593
Hi, can the service determine the user's private key by sign, have you checked the public code?

Please add ZEC, this coin does not have a good wallet so far
legendary
Activity: 2758
Merit: 6830
Can I use coinb.in for bitcoin cash transaction?
I know this works with bitcoin.. but bitcoin cash has structure similar bitcoin.
I'm not sure if you can. But this one should work: http://www.motelmaya.com/BCH/BCH.html

I used this version to spend some BCH I had in a time-locked address and it did the trick.

sr. member
Activity: 1330
Merit: 258
Can I use coinb.in for bitcoin cash transaction?
I know this works with bitcoin.. but bitcoin cash has structure similar bitcoin.
hero member
Activity: 588
Merit: 500
BitcoreService.com
can you support : P2WSH-over-P2SH ?
im tried use multisign but seem not same as my type wallet
hero member
Activity: 529
Merit: 527
I just successfully redeemed a HODL transaction on Bitcoin Gold:


https://btgexplorer.com/tx/fe5618d7af17b25aded43a409a22ee12092f453aaf7e002cb2e3a1c62aff3281


This is after multiple failures, not sure what I did different, but at least I know it is possible now.

Okay, I figured out the problem. The code is fine, it is txid.io site for loading BTG inputs and broadcasting signed BTG transactions. Their block chain seems to be running way behind. I am guessing about 3-4 weeks.

So if you are just patient, you can use it to get your BTG.
hero member
Activity: 529
Merit: 527
I just successfully redeemed a HODL transaction on Bitcoin Gold:


https://btgexplorer.com/tx/fe5618d7af17b25aded43a409a22ee12092f453aaf7e002cb2e3a1c62aff3281


This is after multiple failures, not sure what I did different, but at least I know it is possible now.
hero member
Activity: 529
Merit: 527
Very cool! Is this the go-to for making secure multisig paper wallets?

I have tested multisig on BCH. You have to do signatures in the correct order. Also after you sign a transaction, copy/paste the signed tx back up and sign it with the second signature. It took me a few minutes to figure that part out.

I very strongly suggest testing this out first with very small amounts until you are sure you know how to do everything properly.
sr. member
Activity: 448
Merit: 255
Very cool! Is this the go-to for making secure multisig paper wallets?
full member
Activity: 241
Merit: 107

If you're developing an altcoin, asking this is unacceptable - you should know better!
The correct private key version is probably
Code:
0x9e
, according to the source code (address version + 128).

Ouch! quite a nasty remark - even the most educated was once an idiot!

To answer you on your statement, no I am not developing an altcoin, I am just interested in all the projects that I find interesting.

Anyway, I do appreciate you taking the time to reply to my question, I did however eventually found what I was looking for. Hopefully your reply will also be of some assistance to someone else in the future.

H.
full member
Activity: 157
Merit: 113
Hi,

I have used
Code:
coinjs.pub = 0x1E;
for my Address to start with D - DKo6y9Cfuwu8imVUz2MWbAeYXHtmgYkFFF the wallet that I use to verify the address confirm that the address is a valid address.

What should I replace
Code:
coinjs.priv = 0x80;
with in order for my Private key (WIF key) to start with the capital letter Q - the wallet return an invalid private key message

Tnx,

H.

If you're developing an altcoin, asking this is unacceptable - you should know better!
The correct private key version is probably
Code:
0x9e
, according to the source code (address version + 128).
Pages:
Jump to: