I'm theorycrafting here but I don't see any reason to actually run a full node (or pruned node) because the goal is to monitor the mempool not to verify blocks or transactions or even keep the mempool, relay stuff, etc.
Worse case scenario is that you receive an invalid transaction and when spending that the nodes reject your tx.
Topic: funds immediately leaving electron wallet after receiving from TestNet faucet (Read 248 times)
October 26, 2022, 10:30:50 AM
October 26, 2022, 08:59:36 AM
Weird, but not that surprising. In past, there are shady ICO/airdrop which give people worthless token in exchange for Bitcoin testnet.
What's weird? Worthless token can be exchanged equally with another worthless token. 
That's good point, but i expect you could run such bot that with pruned node to lower operational cost. ZeroMQ also could be used to notify new transaction on mempool to your own script/application, which eliminate the need of wallet.dat which contain lots of address.
Exactly. You don't need to handle the entire chain, only enforce the consensus rules on mempool transactions, which requires to have verified the entire chain. 
October 26, 2022, 07:32:20 AM
If you did not verify the Electrum binary's authenticity, then you probably have a fake copy and that is probably why you are losing coins instantly. I always check that all the GPG signatures match before using a new version of Electrum.
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.Weird, but not that surprising. In past, there are shady ICO/airdrop which give people worthless token in exchange for Bitcoin testnet.
.. Then, you have a full node that must run 24/7.
A good bot should have some good infrastructure.
A good bot should have some good infrastructure.
That's good point, but i expect you could run such bot that with pruned node to lower operational cost. ZeroMQ also could be used to notify new transaction on mempool to your own script/application, which eliminate the need of wallet.dat which contain lots of address.
October 25, 2022, 11:15:46 AM
[...]
But it largely depends on this known list. Does it include all locking scripts whose unlocking scripts are known? Does it contain all addresses whose private keys are revealed, such as known brain wallets? Does it contain bitcoin-key-words, such as all block hashes, transaction IDs etc.? Does it contain predictable private keys such as k=1, k=2, k=3 etc.? From those, how large is the predictable private key range? It could be [1, 2^32]. Increase the exponent by 1, and you've approximately doubled the work. Then, you have a full node that must run 24/7. A good bot should have some good infrastructure.
October 25, 2022, 10:14:57 AM
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.
I wonder how much it costs to run something like that 24/7. Maybe it could be run on some sort of free VPS service considering that running such a "bot" shouldn't take up that much resources. All it takes is a list of keys, a tx signing library and a remote SPV server (like Electrum nodes) to subscribe to and listen for incoming transactions to "steal". There is no need for blockchain or blockheaders, wallet history, etc. either. 
October 25, 2022, 07:29:00 AM
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.
Right. With stealing testnet coins, the hacker actually warns about using a fake version of electrum. No hacker would do that. Did you try out some brainwallet, or used a locking script which has a publicly known unlocking script? There are some bots that search for known private keys in the mempool and withdraw any sent coins immediately.
OP already said that he/she generated the private keys through a brainwallet and used so simple words. See this post. October 25, 2022, 06:40:18 AM
If you did not verify the Electrum binary's authenticity, then you probably have a fake copy and that is probably why you are losing coins instantly. I always check that all the GPG signatures match before using a new version of Electrum.
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins. I'm afraid you've just generated your private key improperly. Did you try out some brainwallet, or used a locking script which has a publicly known unlocking script? There are some bots that search for known private keys in the mempool and withdraw any sent coins immediately.
October 25, 2022, 05:02:28 AM
Am I missing something with this procedure?
You have to check the authenticity of the Electrum download using GPG. There is a guide for doing that at https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594
If you did not verify the Electrum binary's authenticity, then you probably have a fake copy and that is probably why you are losing coins instantly. I always check that all the GPG signatures match before using a new version of Electrum.
October 24, 2022, 10:04:27 PM
Merit?
What do you mean?
No, I have over 30 years of experience developing software, it just I just started with blockchain, and the only way I know to learn it's just by doing.
this is why I'm doing the wallet from scratch (almost, I'm using the NBitcoin library, but I'm planning to replace it as soon as I have a stable wallet)
What do you mean?
No, I have over 30 years of experience developing software, it just I just started with blockchain, and the only way I know to learn it's just by doing.
this is why I'm doing the wallet from scratch (almost, I'm using the NBitcoin library, but I'm planning to replace it as soon as I have a stable wallet)
October 24, 2022, 06:39:23 PM
Why would you generate your wallet from brain wallet this is already discuss here it is not safe to generate from brain wallet.
If you want to generate a safe wallet then let the Electrum generate a wallet for you.
Let see if you can still experience that issue after you generate wallet from Electrum and receive testnet coins from faucet.
If you think that you are not a nrwbie what is the purpose of creating this thread? Is that for merit?
If you want to generate a safe wallet then let the Electrum generate a wallet for you.
Let see if you can still experience that issue after you generate wallet from Electrum and receive testnet coins from faucet.
It shows that I'm a newbie :-)
Thanks
Thanks
If you think that you are not a nrwbie what is the purpose of creating this thread? Is that for merit?
October 24, 2022, 06:37:03 PM
Why would you generate your wallet from brain wallet this is already discuss here it is not safe to generate from brain wallet.
If you want to generate a safe wallet then let the Electrum generate a wallet for you.
Let see if you can still experience that issue after you generate wallet from Electrum and receive testnet coins from faucet.
If you want to generate a safe wallet then let the Electrum generate a wallet for you.
Let see if you can still experience that issue after you generate wallet from Electrum and receive testnet coins from faucet.
October 24, 2022, 12:02:50 AM
It shows that I'm a newbie :-)
Thanks
If you know this then maybe it is not such a good idea to create your own wallet, even if you are using an existing library because you will end up with serious security flaws that you may not even notice.Thanks
Hope you are just experimenting.
October 23, 2022, 10:45:12 AM
It shows that I'm a newbie :-)
Thanks
Thanks
October 22, 2022, 11:17:48 PM
I think I've figured out the problem and it's not what you think :-)
let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".
That's because you didn't mentioned it in the first place.let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".
If so, anyone would figure that it's the problem since it's the very issue why brainwallet was discontinued.
Even if it's a complex set of phrase (actual phrase, not random words) or small set of random words, the outcome would be the same.
For reference, there's list of cracked brainwallets: https://bitcointalksearch.org/topic/collection-of-18509-found-and-used-brainwallets-4768828
October 22, 2022, 07:08:10 PM
I think I've figured out the problem and it's not what you think :-)
let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".
What I think happened is that somebody is "scanning" the "memory pool" of the block chain for any money going to those addresses and immediately run a Vin on those, and they are using the TestNetwork to "test it" :-)
In order to test this "theory" this time I've created a trully random KEY and copy and pasted into the Electron wallet (via WIF) and nothin happened.
I appreciate the comments,
For those that asked for the link to the source code I didn't poste them because it's currently connecting to a "Bitcoin Explorer" that i'm developing (in conjunction with the wallet) an is in my internal network.
As soon as it's stable enough I plan to put it public
Thanks again for all the support.
Grate community !!
let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".
What I think happened is that somebody is "scanning" the "memory pool" of the block chain for any money going to those addresses and immediately run a Vin on those, and they are using the TestNetwork to "test it" :-)
In order to test this "theory" this time I've created a trully random KEY and copy and pasted into the Electron wallet (via WIF) and nothin happened.
I appreciate the comments,
For those that asked for the link to the source code I didn't poste them because it's currently connecting to a "Bitcoin Explorer" that i'm developing (in conjunction with the wallet) an is in my internal network.
As soon as it's stable enough I plan to put it public
Thanks again for all the support.
Grate community !!
October 22, 2022, 03:38:39 AM
I've created another public KEY, this time I didn't even look at the prive key.
i've created on the wallet that I'm developing using NBitcoin library.
I'm compiling everything from source code
The public address is "mwT5PqSoLCeojDhghhBdXFCMMwGYxb34Ge"
Did you check the private key to see if it is actually created randomly (convert to hex, it makes it easier to see)?i've created on the wallet that I'm developing using NBitcoin library.
I'm compiling everything from source code
The public address is "mwT5PqSoLCeojDhghhBdXFCMMwGYxb34Ge"
Maybe the code you wrote has some flaw in it when it calls the RNG and creates a non-random key which some bot is already watching to steal its funds right away.
P.S. you don't need to reinstall everything, you could just download a Linux distro like Ubuntu, burn it on a DVD or create a live USB disk and run that OS live (without installation). Then you could use VS code to compile your code for Linux inside that live OS and run it again to see if the same problem occurs.
October 22, 2022, 02:43:30 AM
Here is what you need to do to know the source of the problem:
Create a new wallet with Electrum not with the wallet you are developing. Send it some test coins then see if those coins will be moved.
This simple test will help you figure out whether the issue is with your device/Electrum or with the wallet you are developing.
Create a new wallet with Electrum not with the wallet you are developing. Send it some test coins then see if those coins will be moved.
This simple test will help you figure out whether the issue is with your device/Electrum or with the wallet you are developing.
October 21, 2022, 05:30:31 PM
1- I'll reinstall a fresh copy of iOS on an old mac laptop that I happened to have
2- download from Microsoft .NET dev kit.
Why would you install Microsoft .net it seems that you are following other guides related to windows 7?
Check this "How to install Electrum in Mac OS x"
Do you have other device with Windows OS?
October 21, 2022, 02:58:15 PM
3 - post the source code of my wallet on GitHub
I don't know what you mean by this, can you elaborate?
4 - download on the "fresh" computer the code from GitHub
Are you doing this through the terminal, or are you downloading using a web browser? Either way, can you share the link where the download is coming from?
5 - compile, run and create a new "one address wallet"
6 - request some test coins.
7 - examine result.
6 - request some test coins.
7 - examine result.
Since you mentioned "Electron," can you confirm if that was a typo? The reason I ask, Electron Cash is the Electrum fork designed to be used with Bitcoin Cash (BCH,) not Bitcoin (BTC.) I'm wondering if you're confused about the two. Bitcoin Cash is not bitcoin, but the scammer behind that fork intentionally tries to cause confusion between the two coins.
October 21, 2022, 11:54:43 AM
First of all I really appreciate all the feedback and responses.
This is what I'll try next in order to rule out any posible compromised software/hardware.
1- I'll reinstall a fresh copy of iOS on an old mac laptop that I happened to have
2- download from Microsoft .NET dev kit.
3 - post the source code of my wallet on GitHub
4 - download on the "fresh" computer the code from GitHub
5 - compile, run and create a new "one address wallet"
6 - request some test coins.
7 - examine result.
Am I missing something with this procedure?
Could this be compromise in any way?
This will take me some time but I'll post my results as soon as I have them
Thanks
This is what I'll try next in order to rule out any posible compromised software/hardware.
1- I'll reinstall a fresh copy of iOS on an old mac laptop that I happened to have
2- download from Microsoft .NET dev kit.
3 - post the source code of my wallet on GitHub
4 - download on the "fresh" computer the code from GitHub
5 - compile, run and create a new "one address wallet"
6 - request some test coins.
7 - examine result.
Am I missing something with this procedure?
Could this be compromise in any way?
This will take me some time but I'll post my results as soon as I have them
Thanks
Jump to: