Topic: Receiving BTC Security/Safety Nano Ledger Questions (Read 120 times)

That's why everyone recommends using a new address every time you want to receive Bitcoin. So just do that. Stop being lazy or think about being lazy. Generate a new receiving address for every incoming BTC transaction! Enough...  

One confirmation is enough almost all the time. I am giving you 3-6 just to be absolutely certain and avoid further discussion. I seriously doubt you are transferring and holding millions of dollars/Bitcoin. 1-2 should be enough for small transactions. If you are transferring millions of dollars wait for 3-6.

You don't need to check the transaction on a block explorer if you don't want to. You can see the incoming transaction in your Ledger Live. If only one person in the world knows the Bitcoin address you are supposed to receive the coins to (the person you gave it to), when a transaction is made to that address, it was made from the person who you gave the address to. It is highly, highly, highly unlikely that someone mistakenly transferred coins to an address you just generated. Your next question will be how often that happens and if anyone knows an example when that happened.

So don't click on the links. That's what I am trying to tell you, but you don't get it. You don't need to click on the link. You know the address where your coins are supposed to be sent to. Check the history of that address manually any way you want.

We already covered that. That's the first thing you asked in your reply. Why are you asking the same question in 2-3 different ways?

I would suggest that the procedure for receiving a transaction from a stranger in person should be something along the lines of as follows:
1 - Before you leave your home, generate a new receiving address using your Ledger.
2 - Store the address on your phone or computer, and leave your Ledger in a safe place, such as your house, that is away from your meeting point.
3 - If you have access to a full node, use your full node to confirm you have received the agreed upon amount of bitcoin to the agreed upon address. Otherwise use an electrum watch-only wallet to confirm the transaction has been received. You can alternatively use a block explorer to confirm the transaction was received, although you will be less certain about any given transaction
4 - Once you have confirmed the transaction has the number of confirmations you are comfortable with, you can leave.

A transaction ID alone isn't clickable by default ^{[you're probably referring to a "transaction link" instead]} but having said that, anyone can easily add a link to those alphanumeric strings ^{[I'm referring to a feature on this forum]}!

Depending on the situation, the answer to that is both YES and NO...

• YES: If you'll be receiving that link from someone on this forum.
  
  • Hover over the following link and check what appears on the bottom left corner of the page:
    e.g. A random unconfirmed transaction link: https://www.blockchain.com/btc/tx/d44ae35fffeae760e62a05f2ef0864740710654ca1d5a81699356972e35a434d
  
  
• NO: If you're not a tech-illiterate person, it's hard to "not" notice the difference between a spoofed URL and the original one, but even if you are, you can always use a URL redirect checker tool ^{[e.g. here's one]} to see where it lands!

The easy way: Use a block explorer to check its history.
The hard way: EXPORT OPERATION HISTORY AS CSV

Sounds good. However, you will need to be extra careful when you decide to spend your coins. Ledger Live might automatically combine inputs from different addresses in the same transaction which would leak that you control all of them. You can use coin control in Electrum to get around this problem. Alternatively, you can use different accounts in Ledger Live if you really don't want to mix up two or more different addresses.


Learn about chain reorganisations and a 51% attack. You should be fine with 1 confirmation for most of the time. Even if your incoming transaction is included in an orphaned block, it should be also mined in the longest chain as miners select transactions mostly based on their fees.


No, there are quite a lot of block explorers out there, for example: mempool.space, blockcypher.com, blockchair.com. You can use whichever you find to be the most intuitive.

Thanks for the response.


When I say lazy way... I mean imagine everytime you want to receive btc from someone, you give them the exact same btc receiving address that you once generated with nano ledger.   Thus that is not good for privacy or security since those people can see all your transaction history right?  Now if you use a new address each time for receiving, the person who is sending you btc could see no transaction history with that address you provided them and even after they send you btc, well thats the only transaction they will see?  Someone said always generate a new btc receiving address you receive each time you receive so that way... people wouldn't know about your transaction history and they wouldn't know if you own how much btc.  Would you say that is accurate then?


You say


Wait for 3-6 blockchain confirmations to be safe.  


So once it shows minimum 3 confirmations, there is zero concern?  Someone else mentioned at least 3 confirmations if its a big amount.  2 confirmations if its smaller amount.  So you telling me if there is 1 or 2 confirmations, its still possible for a transaction to get reversed/cancelled?  Or is the only term for that called double spend?  The thing is I would be trading with stranger so I want to make sure I am receiving the btc.  



Someone else said you don't even need to click on that link the sender gives you with the blockchain info and you can just check your btc receiving address to see if there is any ongoing transactions.  You say that as well.  So you telling me its the same as you searching the blockstream info link?  Well I mentioned last time I want to be more careful with clicking links so I'm not sure why you are being so hard on me here.  Such that someone sending you the transaction id... well it might look like it... but it could be malware/virus.  So you never heard of cases of that?  Its like someone give a link to something but when you click on it... its something else.  But its hard to do this with a transaction id?  Yea I know you can copy the id from the end of the link and paste it... but when you do that, you gotta be very careful in case you click on it.  That is another issue I have here etc.  



So blockstream.info is the main website for checking the status of a transaction?



I meant if you give someone your btc receiving address but say you do tons of transactions with the same address, that is obviously not safe since someone can look up all your transactions?  That is what I meant by that.  I phrased that in a bad way.  Thus I meant I wouldn't want to give someone my btc receiving address where they could check my entire btc sending/receiving history.

Today's episode of Bitcoin Saturday is brought to you by our sponsor - jerrydoescrack.com

No, it's not. It's exactly the same. Get a receiving address from your Ledger Live or via Electrum and send it to  the person who is supposed to send you the coins.

Multisig addresses also start with "3", but the ones you get from Ledger Live are Nested Segwit, yes.  

If address 1 gets funded, Ledger Live will generate address 2 for you. Once address 2 gets funded, it's time for address 3, etc.  

Nothing has changed.  

Obviously not all cryptocurrencies work the same way. Your Ethereum/Tron/ Stellar/X altcoin address doesn't change. If you have verified it once, the address stays the same.  

Lazy how? If it's the same address, it doesn't matter. It can have privacy implications depending on where you save it, but I am not sure what you mean with lazy.
 
No, it doesn't as long as you aren't using a service that still doesn't support native segwit addresses, for example. And some still aren't.   

Wait for 3-6 blockchain confirmations to be safe.  
 
Wait for the transaction to confirm. Like I said, 3-6 is OK.

In contrast to many of your other questions?

If you are the one who is receiving the Bitcoin, you don't need anyone else to send you a transaction ID. You can search the history of your address on a block explorer and see what transactions it has received. Better yet, you see if incoming on Ledger Live or Electrum. 

Ask for the transaction ID like this c4ca7d6bb3141dc994fc5b7023260b9b008646099b386df901ccea919aa6d10a (a random one from a recent block) and just paste it into an explorer of your choice. If you get the whole link from someone (https://blockstream.info/tx/c4ca7d6bb3141dc994fc5b7023260b9b008646099b386df901ccea919aa6d10a), copy the ID yourself from the end of the link and paste it into a blockchain explorer of your choice if you are that worried.

Bitcoin is pseudo-anonymous and uses a public ledger. The Ledger doesn't contain names and whereabouts of users, but it contains addresses and amounts. You can follow the trail of money as it moves from address to address if you know who the addresses belong to. 

What's wrong with you!? How else do you expect to receive a transaction without giving out your address? Via SMS? Should a dove bring it you to through the window?

So I will be planning to receive some btc from someone and trading funds with them and have a few questions.  I don't believe I ever done this once with my nano ledger ever.  But I have requested btc from sites before without issue.  But dealing with people is obviously much different than just giving a site my btc address and saying okay send the btc here.




1. I know when I check my btc receiving address on my nano ledger s with ledger live, it starts with the number 3 which means its a nest segwit address right?  The thing is after I do that transaction with that receiving address... say the next day I connect my nano ledger to my laptop again and request a receiving address, will the btc receiving address always be different?  I remember people said never use a same receiving address more than once.  So this is still accurate right?  So each time you want to receive btc or any crypto on your nano ledger, always connect to it and get a receiving address which will be new?  The lazy and unsafe way would be use the receiving btc address and just save that address and just give that btc address to anyone who you planning to receive btc from?
 



2.  Now when someone else sends me btc, does it matter what address they are sending from?  Such as legacy, nest segwit or the other segwit?  As long as it copy and paste them my btc receiving address, that is all that is needed?  I know with sites, that is no issue as I never had a problem with a site requesting btc.  But with other people, I want to make sure of this.  Such that they don't say I sent btc and I say... well it didn't go through.




3. After they tell me they sent me the btc, how many confirmations before I know the transaction will go through?  I remember the rule a while back was if it was below a certain amount, x number of confirmations.  If its between a certain amount, it should be x confirmations.  And if its higher than a certain amount, like minimum x confirmations?   I will most likely send funds first since well they would be sending a nonreversible method.  But if they are sending btc first, how do I make sure the transaction will eventually go through without that double spend thing that I heard of years ago?  Such that I don't want to see the transaction showing with say 2 confirmations, then only for the transaction to get cancelled?  

---

4. Also this might be a foolish question but when someone sends btc or any coin and does a transaction, I know there is a transaction id where you click on and it goes to the blockchain and you see how many confirmations there are and the process of the transfer.  Now... is there any chance someone can send you a link to that seems to be the transaction id but when you click on it, it could be malware/virus?  I assume this can be easily done right?  Such as you click on it and it doesn't direct you to the blockchain of the transaction but could be malware?  If so, how do you counter this?  I assume you could just manually type in that entire long letter/number of the transaction id in the blockchain to track it?  Imagine someone going okay here is the transaction id info on the blockchain of the btc I just sent... then you click on it and it could be malware/virus?
 



5.  I read a thread not long ago that someone asked if you have someone's btc receiving address, you could see their history or a lot of details about it.  I remember I thought the answers I was going to read was going to say false especially if someone doesn't reuse their btc receiving address more than once.  But apparently that is not true?  I remember people said someone could actually find out all your btc transaction history that way?  I remember back when I used electrum, I did used the same receiving address multiple times.  I had no idea that it was bad.  But I did it way too much already.  So by the time I stopped doing that, there were too many transactions already with that receiving address.  I then used other addresses and eventually got tons of different change addresses.  Then I eventually moved my coins from electrum to nano ledger.  Each time I would receive btc, I would connect my ledger to laptop to get the btc receiving address.  I do not know for sure if I ever reused a receiving address more than once.  Is there a way to find this out or not?  But giving my btc receiving address to someone for them to send to me, does that pose much of any security risk?