Jump to content

at3n

Member
  • Content Count

    306
  • Joined

  • Last visited

  1. at3n

    Ripple Network forked to create SystemD

    Impossible or unlikely? And is it even unlikely? LastLedgerSequence is not required to be set, although it's good practice. And I expect that currently the majority of accounts still have an identical Sequence number on both XRP and SystemD networks, due to infrequent use. I do not believe that AccountTxnId is frequently used. I asked the BigQuery database to search through all XRP Payment transactions in the last four months of 2018: This query returns all successful payment transactions which (have a LastLedgerSequence greater than 20,000 ahead of the ledger that the transactions was included in, OR did not specify LastLedgerIndex at all) AND do not use AccountTxnId. The query returned 902,334 transactions. I think (but correct me if I'm missing anything), if transactions like this are created today, then the only thing stopping them being replayed on the SystemD network is a misaligned Sequence number? But if a wallet for some reason is not routinely using LastLedgerSequence or AccountTxnId, then it would be easy to replay all transactions since the fork and keep the Sequence number in sync? I also queried the same period for any successful Payment transactions using AccountTxnId, and that returned only 2284 results, the vast majority from the same account: rp123ueGwZTCu5ADoFMGHxE7sBUSKiwnBc. This feature does not seem to be in wide use. I don't personally have anything against your project, but I disagree with your statement that transaction replay is not possible, based on the above, and your previous reasoning. Of course it's possible to deliberately make a transaction unreplayable, but the majority of users will not be aware.
  2. No, for that you need to record your secret key. Go into Advanced in your wallet and you can display the secret key.
  3. No, it just allows you to decrypt your encrypted account details (including secret keys) that are stored on Gatehub's servers.
  4. at3n

    Escrows

    Escrow is not a security measure in that sense, it just shifts the target. You still need to protect the key of the destination account as much as any other key. As soon as an attacker finds out the key of an escrow destination, if they're smart they'll assign a new regular key and disable the master key, which removes your control over the destination wallet, no matter how long until the expiry, then they just have to wait. If an attacker got the key to your current wallet, and you managed to escrow the funds to a different destination address, and without the ability to cancel the escrow, before the attacker got the XRP, then the funds would be protected. But the same would be accomplished by just sending the XRP directly to another wallet that was not under control of the attacker. If anything, an escrow transaction for a large amount is like sticking a big target on your XRP, telling attackers that X amount will be sitting here for Y days/years. They know that they definitely have that much time to work out who holds the key and try to hack/phish/beat it out of them.
  5. @hallwaymonitor @LordVetinari Here you go, it was actually made on the 8th November: Tx hash: 1948D9BB2DC22C78BD3CC58BBFB24219EB75E0E0A24189AB0E60857BABD7192F Credit to @xrptipbot's Google BigQuery database
  6. I think it looks more like two companies who both happen to have an interest in blockchain have decided to settle in XRP of their own accord? Seems like BPG was required to report to ASX because it's a publicly listed company, and the original settlement involved significant transfer of share ownership, but the case was not involving ASX. Correct me if I'm wrong. The original settlement agreement that this referred to also contained reference to crypto: https://www.marketscreener.com/BYTE-POWER-GROUP-LIMITED-10353146/news/Byte-Power-Group-Limited-ASX-BPG-Update-on-Legal-Action-against-Soar-Labs-Pte-Ltd-26645411/ As a side note, interesting that one of the XRP amounts settled was to 9 decimal places!
  7. at3n

    XRP Wallet secret key not valid

    @Bornstellar did you find anything else? If you'd like to do some detective work to at least locate your missing XRP, I'd suggest something like the following: Identify Changelly's outgoing hot wallet (the wallet that Changelly sends XRP from). For example by making another trade with them. Identify as accurately as possible, a time period during which you made one of the 2017 purchases from Changelly. For example by using credit card/bank statements, or transaction logs from exchanges/wallets for other cryptos. Work out using the exchange rate of the time approximately how much XRP you would have bought. Find all outgoing XRP payments from the Changelly wallet within that time period, and identify the ones that are approximately the right amount of XRP that you bought. Look through the wallets receiving these transactions and try to work out which was yours. At least then you'd know where you sent them, maybe it would help to piece the puzzle together. This is assuming that Changelly only uses one wallet to send XRP from, and that today's wallet is the same as the 2017 wallet.
  8. at3n

    XRP Wallet secret key not valid

    Actually it's possible to reduce the balance below 20 by burning it as a transaction fee. This is why I suggested checking for historical transactions on the new wallet, just in case it reveals that an attacker did that deliberately.
  9. at3n

    XRP Wallet secret key not valid

    It's almost definitely not the same wallet that you deposited into in 2017 then. If you put the public address into Bithomp, can you see any past history? When you deposited XRP into the wallet in 2017, if you sent it from an exchange, there should be logs on the exchange with details of what was sent and where. You should be able to retrieve the old address from those. Then check if that address still holds the XRP, at least then you'll know where it is, if not how to access it yet.
  10. at3n

    XRP Wallet secret key not valid

    Do you know if the public wallet address generated this time is the same as the one you were using in 2017? Is the wallet empty or with 20 XRP?
  11. Most people wouldn't, and it's not necessary in most cases. But it's an option, with official instructions. Hey, open up the eBay one, never know, maybe you'll see something.
  12. Agree with @XRP-JAG, this is largely overkill. If you believe in the strength of the Nano S as a wallet (which clearly you do, given that you're willing to keep using it), you should realise that most of the actions that you listed do not give any additional security benefits. Keeping it completely offline actually prevents you from performing crucial checks (see further down). You should be focusing most of your efforts on working out the best way to do this ^. You know that this is the way that someone will steal your XRP. The whole offline laptop strategy is much more appropriate for a paper wallet/cold wallet setup, and the purpose of doing it is so that when you enter the secret key on the laptop (which a paper wallet requires you to do), there is no way for it to be stolen. A hardware wallet won't send the secret key to the computer, which makes all of this extra effort redundant. If you don't believe that the Nano S will never send your secret key to the laptop, then you probably shouldn't be using it in the first place, because you mistrust the fundamental principle of hardware wallets. I think this is fair - although it's not a conclusive test. If the Nano has been compromised, it could have been programmed to generate any number of predictable addresses and just cycle through them. But at least it could reveal a less sophisticated attack. Perhaps more important is to make sure that it passes the official Ledger tests of whether it's genuine or not. See https://support.ledger.com/hc/en-us/articles/115005321449 and https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine. Your method should also include a test that you are in control of the wallet once it's generated. So send a test transaction of a small amount when you only have a small amount of XRP on it. Of course, this requires connecting the Nano to an online computer, which again invalidates all of your efforts in setting up an offline one. But the importance of this test IMO is much greater than the importance of keeping the whole system offline. If you honestly think that the Nano S itself was compromised, then you should not continue to use it, because it might become compromised again. If you think that your wallet was compromised because the 24 words were leaked, then all of your effort should go into keeping the next set of words safe.
  13. Use the same software you used to set the trustline. Seeing as you've given up on the security of that wallet, you could choose to do it online if you wanted (your choice). In that case, use the Payment tab. Otherwise use the Tools tab to do it offline, with Payment transaction type. In the "Amount" section, tick "IOU", and set "currency" to ALV, and "issuer" to the same address that you set the trustline to (the one on the Allvor website). You need a trustline set on any wallet that holds the ALV, no way to avoid this. The payment transaction will fail if there's no trustline set on the receiving wallet. There's no way to do this with the native Nano S software, so you need to do something like you've already done with ripplerm. If you really want the ALV on your Nano, the best option to set the trustline is to set up a fully offline environment and follow the instructions you linked to, making sure that you destroy all traces of the recovery phrase and secret key afterwards. If you want to trade them for Fiat or another crypto, you need to use the decentralised exchange built into XRPL. You can use ripplerm (the software you're already using), or if you have a Gatehub wallet you can send the ALV there and trade them. Or use theworldexchange.net, or any wallet that allows trading.
  14. Whatever method you used to create the trustline on your old Nano wallet, should be able to make a payment out of it, no? Did you use ripplerm?
  15. at3n

    Best way to keep XRP safe?

    I would say that they're pretty solid benefits, and I disagree that they're the only ones. Running a VM on an otherwise online Windows PC is not equivalent to setting up a standalone PC in terms of security. A VM can't access resources on the host OS, but the host OS has various ways to access to the VM resources. €/$100 for security and peace of mind is not a huge amount to pay IMO, but of course that depends on your circumstances.
×