Bitcoin Security Info: Why to Never Sell Forked Bitcoin Imagine the situation in which Bitcoin just got forked. Now everyone has two versions of bitcoin associated with their wallet. It seems tempting to sell the one which seems worthless in the future but is currently still traded for a reasonably amount of money. The problem is called "the replay attack." Here’s how the attack works: when you sell you have create and broadcast a transaction to sell your forked coins. This transaction is signed with your private key. The big issue is that this transaction doesn't say which version of Bitcoin it's for. The person who buys your forked coins can take that exact same published transaction and broadcast it on the original Bitcoin network. Since the transaction is signed correctly, the original Bitcoin network accepts it, and your original coins get transferred to the buyer too. You just lost your original Bitcoin by accident. There is a solution to it, but that's not in your hands. Both chains (not only one) need to have a marker which makes transactions unique between different chains. For now just think of it like adding a special watermark to a check for one bank that the other bank won't accept. This "marker" is a technical change that the developers of the forked coin must build into their system. It makes it so any transaction for the new coin is automatically rejected by the original Bitcoin network. If this is the case, you need to make a code analysis before you sell the bitcoin fork. Some people think you can taint your UTXOs, but this is not protecting you at all from the replay attack. The idea of "tainting" is to make a small test transaction first to somehow separate your coins, but that test transaction itself can be replayed, so it doesn't work. Even sending the bitcoin which you want to keep to a brand new wallet first doesn't protect you from the replay attack!! The attacker just replays that transaction too, and now both sets of your coins are in your new wallet, still stuck together. @nunchuk_io @craigraw Could you build in checks and warnings for known forks without replay protection?

Someone sent me a serious stack of sats a few hours ago. Whoever it was - thank you! 😎 Always very appreciated! 🙏🧡

A Privacy Loophole When Installing @GrapheneOS on a Pixel For anyone serious about de-Googling their life, you need to know about this. I've seen privacy concerned people overlook a crucial step in the GrapheneOS installation process that creates a direct link to Google. The Step: On a Google Pixel, before you can unlock the bootloader, you must enable "OEM unlocking" in the Developer Options. The moment you toggle that setting, your phone makes a network request to Google's servers. Google receives that request and can see your IP address. If you're doing this from your home network, an IP tied to your name, you've just created a digital fingerprint linking you (and your location) to that specific device's serial number before you even wiped it. Google now knows that 1) the person at your IP address is in possession of that specific Pixel phone, and 2) that you intended to modify its software!!! How to Mitigate: Use a trustworthy VPN, or preferably, public Wi-Fi (like a café) that is not associated with you.

I have a security question that has been bugging me. When a wallet broadcasts a Bitcoin transaction, we trust it's only sending the signature and transaction data. But how can we be certain that fragments of the private key aren't being secretly embedded in the broadcast over time? For example, could a malicious hardware wallet manufacturer design a device that, after many transactions, allows them to reassemble the bits and know the private key? Has anyone ever done a public test where the same seed phrase is used on different hardware wallets (like @Coinkite @DETERMINISTIC OPTIMISM 🌞, Trezor @karliatto, @Keystone) to sign the exact same transaction? If the resulting signatures are identical, would that be definitive proof that both devices are performing the standard, non-corrupted signing process?

Currently traveling.. So I'm visiting many new places including gyms. This super cool gym was happy to try accepting bitcoin payments 🧡 and received their first payment today! 🙌 Unfortunately, @AQUA Wallet seems to be blocked by Apple and Google Store in the United Kingdom👎 Can we do something about that? We instead downloaded @Phoenix Wallet, worked fine - only the channel size management is not ideal.

Please feel free to join my talk: "21 Million Bitcoin?" When: Tomorrow morning - Saturday, January 3rd - at 10:00 AM GMT (ending at 10:30) I'll walk you through parts of the Bitcoin source code to explain exactly how the supply is capped at ~21 million BTC. We'll also cover why this cap cannot be changed (people have tried before!). To protect your privacy, please avoid sharing your real name, keep your camera turned off, and don't share any personal sensitive information about you. 🙂 Just dial in here:

Brave Talk

Unlimited, private video calls. Right in the Brave browser.

Just gave my first webinar last week on Bitcoin’s core mechanism - had such a lovely audience! 🧡 So I’m doing more! The next one will be on January 3rd: I’ll explain how Bitcoin’s supply is capped at 21 million. It’s free - check out my site and register :)

Bitcoin with BitRoot