I have the transfer-to addresses. The thief has done this multiple times...for 7.5 BTC too, in one instance. He's not lying and has never been known to lie.
I'm sure in the same way you can be sure that if you were tasked with doing the same thing, you'll feel 100% confident that no one would be able to access that paper. And even if they did, they wouldn't know what they were looking at.
Why would a thief use the same address more than once? Especially one that is sophisticated enough to do what You have described? Is it possible that the address in question is a public address pointing to a gambling or tumbling service? Have You Googled it?
yeah, the Ledger situation is still a mystery to me, and i can’t profess to know all that much about the security of the device.
i mean, humans make mistakes, and i suppose there is the chance that he slipped up at some point and typed it into his (probably) compromised computer at some point. but if i were take your word on it that that never happened... i really don’t know.
on the trust wallet - it doesn’t matter if he had a passcode. if his computer was compromised, and he signed into iCloud on it at -any- point, an attacker could do whatever they wanted with it.
>The paper with the seed words was written a few years ago. It has been hidden since.
How good is the hiding place? Both in terms of security (eg. a rock outside your house vs a safe deposit box) and obscurity (eg. on your desk vs buried in a field in the middle of nowhere).
Plus, if someone has a copy of his recovery words, they would be able to actually recover / clone his hardware wallet I think, because that’s what they are for.
If your nephew didn’t access that paper for years, it doesn’t mean someone hasn’t. Was it stored in a box with glitter nail polish on the lid ? Just something that can prove the location wasn’t opened without his knowledge. Believing it, is not enough.
Could he has noted those words on a block notes and the piece of paper below it recorded an imprint of those words that were recovered be someone else?
Have fun being a Sherlock! But I guess not much can be done.
Not sure the police would consider such a case as a valid theft (at least not yet)
Can you imagine a scenario where you secretly write some words down on paper, three years ago, near no devices, and you store it somewhere where you absolutely know for sure no one will ever access? I can imagine such a scenario for myself.
That's what he did.
Then we have the whole Trust Wallet compromise on his iPhone.
But that doesn't explain his Ledger wallet! I'll keep saying it...those seed words were on paper, hidden from all sight, without anyone knowing they exist...for years.
Then, on February 24th, both wallets get cleaned out at around the same time. Why sit on the seed words for years?
I cannot stress this enough. The seed words on paper were never exposed.
iCloud could explain his Trust Wallet, but not his Ledger wallet (with the seed words on paper, hidden and literally not seeing the light of day for years).
I want to make it clear that the Ledger passphrase, on paper, and hidden, was not ever accessed. And, even if it was, which it wasn't, his Trust Wallet on his iPhone was also compromised.
How can someone guess both passphrases, from separate wallets, in separate locations with different words? It's literally impossible.
Whatever technology is used to generate the passphrases in each of those wallets must be compromised.
Was his ledger manipulated or compromised in some way before using it? Was the seed already pregenerated? Was the paper actually compromised, or some other system got the data?
There are plenty of other ways.
You keep saying it is impossible the paper was accessed, but that doesn’t mean it wasn’t- or the information got compromised another way.
>Was his ledger manipulated or compromised in some way before using it? Was the seed already pregenerated?
The timing of that (ie. two separate wallets compromised at about the same time) makes that unlikely. What are the chances that the guy who shipped him a compromised ledger is also the same guy who hacked his iphone?
I built https://hnrecommends.com a little while ago. It's the start of a curated list of Hacker News recommendations. I'm adding recommendations and products daily.
It's made a few dollars from affiliate links so far.
Thanks, that looks quite interesting. I have already found a book I might like.
> I'm adding recommendations and products daily.
Do you add the recommendations manually or do you use a crawler/API to copy the comment? How automatic is it?
Finally, I have two suggestions: You're only selling to people in the US. Maybe you could also add links to other Amazon domains (or use a service like geni.us)?
And how about linking back to the comment thread? Sometimes, a comment only makes sense in its context, and I couldn't find a link back.
I do it all manually, but I use the API to get the actual comment text. I have been collecting recommendations for years. This is my way of organizing and sharing them.
Amazon has a service called OneLink that supposedly routes users to the Amazon store that's closest to their country (presumably, from their IP address). I'm using it (a simple script tag) but I don't know how reliable it is.
Thanks, I was wondering if you can parse all comments for a link to Amazon or something (but even that probably wouldn't get the recommendations without links).
At least for me, OneLink doesn't work. Apparently you need to be in the US, Canada or UK; the other countries aren't supported so far. Pity.
As you noted, you would still miss many recommendations without an Amazon link.
But even so, that would kind of defeat the purpose; I don't just want to aggregate recommendations. I want to include, more so, the ones that are interesting than frequent.
Additionally, besides books, I'll be posting other types of recommendations (travel, hardware, etc.).
