Search content
Sort by
Showing 20 of 89 results by cedricfung
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
I realize this when i was using the mixin safe for the first time as we are not used to it before but now i don't feel anything difficult at all and its all on my finger tips. Think for a moment a person's first time configuring a meta mask wallet and adding a Binance chain to the meta mask. He will be confused the first time configuring if he had never used the meta mask before.
The same thing with the mixin app, use it for few times and then one may feel it is easy to use it.
Just like many others, I also recently reviewed the MixinSafe product (if you are interested, you can check out my review here). So, I figured it is a good idea to give this discussion a little bump.
So, from my point of view, going through the whole thing has been a bit tricky. Honestly, without a step-by-step guide or a video to show the ropes, I can totally see newbies running into a few issues. I get that the software is still in the testing phase, but I think they could make the whole process much smoother.
For example, when someone's making their first safe, they could set up a step-by-step wizard. It would walk them through everything and give a detailed explanation for each step.
So, from my point of view, going through the whole thing has been a bit tricky. Honestly, without a step-by-step guide or a video to show the ropes, I can totally see newbies running into a few issues. I get that the software is still in the testing phase, but I think they could make the whole process much smoother.
For example, when someone's making their first safe, they could set up a step-by-step wizard. It would walk them through everything and give a detailed explanation for each step.
I agree , thank you both. There is a lot to improve, and I believe the idea of multisig+timelock is the way to real safe decentralized Bitcoin custody for general public.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
Enabling an unlimited number of attempts is again not a good solution from a security point of view.
Yes, it is. Security that relies on the limit of attempts isn't true security. You have unlimited attempts to break a Bitcoin private key. You have unlimited attempts to break into someone's password-protected wallet. Both are very secure. On the other hand, the PIN in Mixin is not secure, as I have already said in my review, because there are less than a million different combinations. Here we don't argue about the choice. Just focus on the project itself. No perfect security.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
So here is my experience. I got my TRX refund instantly. However i do not understand the role of EPC and how it can be a surety to avoid assets lost through Mixin Wallet ?
The whole procedure for a refund is mentioned here. https://help.mixpay.me/en/articles/7063792-how-to-get-a-refund
The whole procedure for a refund is mentioned here. https://help.mixpay.me/en/articles/7063792-how-to-get-a-refund
I know there are too many different names involved in using Mixin Safe, but MixPay is a third party app on Mixin Messenger. They issues EPC for you so that you can verify your Mixin Messenger PIN while doing something. So you need to transfer EPC to them to get back the refund. In that procedure you proved that you knew the PIN, otherwise if they just sent back your TRX and you didn't know the PIN at all, then the money is lost.
And these small amount of TRX can't be transferred out of of Mixin Messenger because it doesn't even cover the withdrawal fee. So it's recommended to use it inside Mixin Messenger or MixPay.
MixPay is supported online in many places, like https://www.coinsbee.com/en/
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
I have installed both Mornin key and Mixin messenger, but in the Mixin app I'm incapable of creating a wallet. When I open up the app, I get the following message:
When I'm entering the (correct) PIN, error "PIN incorrect" pops up:
Has anyone experienced this before? I have tried to uninstall, and reinstall it but it still persists.
When I'm entering the (correct) PIN, error "PIN incorrect" pops up:
Has anyone experienced this before? I have tried to uninstall, and reinstall it but it still persists.
From the screenshots it looks like you have tried to set up a PIN and interruppted somehow, and now you need to continue that process with the old PIN you have tried to set.
But it makes a good point to let a new user to choose a new PIN though. But for now, you must use the old PIN, even if it's failed.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
You should definitely state on the website that version 25.0+ is required for creating the Safe (ideally in the combo-box where you can select the type of Safe you want to create). It was the only way I was able to sign the PSBT.
note: this allows you to sign PSBTs from Safe wallets created in older versions of Core
Yes we still need to improve the flow a lot, that's why we are testing and doing reviews. Thank you so much
Re: [CFNP] Mixin Safe - Decentralized Bitcoin Custody Solutions | Review Campaign
After installing and verifying the app, I was hoping to continue on my desktop. Unfortunately, there's only a Microsoft or Apple version, and nothing for Linux users.
safe.mixin.zone
Are those numbers real? The average customer transferred $1M, and the total amount of assets managed are transferred almost daily? When I see claims like this, it instantly raises doubts. Especially when I see this after creating a Mixin safe:
safe.mixin.zone/decentralized-recovery
safe.mixin.zone
Are those numbers real? The average customer transferred $1M, and the total amount of assets managed are transferred almost daily? When I see claims like this, it instantly raises doubts. Especially when I see this after creating a Mixin safe:
safe.mixin.zone/decentralized-recovery
We do have the Linux desktop version and listed in the website, also open source https://github.com/MixinNetwork/flutter-app/releases
The numbers are definitely real. The real numbers could be even higher considering the past Bitcoin price. Two years ago, the number AUM was $3B. You may also check all the numbers from a third party explorer of Mixin transactions. https://viewblock.io/mixin/assets
Mixin is an old product since 2017, the numbers are about all the products we provided. Only Mixin Safe is new, so we are showing this warning.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
I thought I would post a few things here that happened after a mead a review about a week back
Especially this parts;
Especially this parts;
I never set the lock time to 4 days, so I have no idea what happened. How one can modify the lock time, if it's even possible? What if I want 10 days or 30 days?
Why does the time lock automatically set to 4 days or is it just a default for testing purposes?Regarding the timelock, it's by default 4 days for the test purpose. It's possible to set it before creating the safe, but we didn't show the option on the website.
For recovery transactions, the website has improved a lot to show more details. It was not that good a week ago. And as always, you can find all transactions about your Safe address in a Bitcoin explorer.
Can you find a solution to substitute "Mixin Messenger" with a more well known platform? You say you use it to create the wallet... but will Electrum not do the same thing?
It is about time that someone figure out a more user-friendly method to use Multisig and timelock features. In any way, I will monitor and follow this thread... it has potential to be one of the good solutions in the Bitcoin space.
It just needs to be more decentralized and Open-source for transparency.... preferably without revealing your private telephone number.
It is about time that someone figure out a more user-friendly method to use Multisig and timelock features. In any way, I will monitor and follow this thread... it has potential to be one of the good solutions in the Bitcoin space.
It just needs to be more decentralized and Open-source for transparency.... preferably without revealing your private telephone number.
No other wallets have the support for these bitcoin features yet. And the most important thing is we are trying to provide a decentralized solution to people that are used to traditional financial apps and centralized exchanges. Electrum will never provide the same user experience as Mixin Messenger does.
And all Mixin apps are open source since day one, the first commit is six years ago. https://github.com/MixinNetwork
Mixin Messenger is also pretty known I think
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
@Royse777 I was about to finish to review, but unable to complete last process (sign PBST transaction with Bitcoin Core) use Bitcoin Core and i got locked from recovery process. The details of the problem can be seen on my review post[1]. Anyway, is it acceptable if my review is about "attempt to make transaction and use recovery instead" rather than "make transaction" ?
[1] https://bitcointalk.org/index.php?topic=5460259.msg62626762#msg62626762
I sent a PM to cedricfung to write you a response. Hopefully you will hear soon from him.[1] https://bitcointalk.org/index.php?topic=5460259.msg62626762#msg62626762
Quote
Anyway, is it acceptable if my review is about "attempt to make transaction and use recovery instead" rather than "make transaction" ?
The real experience will be appreciated whether it is a recovery attempt or transaction.For the Bitcoin Core signature issue, I got some test results that suggest you may have used the cli in Bitcoin Core GUI? That seems unable to produce valid PSBT signature.
You need to use bitcoin-cli from your OS terminal.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
Coins in Mixin Safe will be secure, no worry if you keep at least one private key. Mixin Messenger or Bitcoin Core.
Now it looks like some instructions issues, the team is trying to make it more clear to use.
Now it looks like some instructions issues, the team is trying to make it more clear to use.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
Second, we have been running for 6 years, that's long enough, we have no incentive to go offline.
Don't you think it's hypocritical to call your product decentralized respecting, and requiring your presence at the same time? Neither does Coinbase has incentive of going offline, but shit happens. Shouldn't the average user be able to do this alone, with their family member, when your service shuts down?Also, I'm sharing the same thoughts with dkbit98 and examplens. What's the phone number for? In your website, it says "Social recovery with phone number and PIN". Is it compulsory? I don't want to give my real phone number, and I neither want to give a temporary that isn't mine, because then the third party can recover the wallet.
I'm preparing the review, so I'm trying to figure out what's wrong.
Here we want to make sure there is no bug of the system. Like for Bitcoin itself, we just discuss the blockchain technology, the implementation, the product itself. We are not trying to raise debate over PoW good or bad for environment.
Everyone has their own argument over any product, let's just focus on the development aspect for now.
But we don't need to discuss this anymore, I think all these questions are already in the previous discussions in this topic.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
Anyway, I'm having trouble getting $10 worth of bitcoins out of the Safe. I can approve the transaction with the app, but I can't for the life of me get the PSBT to sign on Bitcoin Core so that I can give it the "final approval".
Code:
# The PSBT I'm given to sign:
cHNidP8BAG0CAAAAAUFu84YkNsGPV2cIqxFcO59PXJ8pJY9TMw90ew6qXp+VAAAAAAD/////AkCcAAAAAAAAFgAUH8WFFsDMwDYR8WzeafSpjeMzGXUAAAAAAAAAABJqEGraR8OsQUhlhYdcPQRibgMAAAAAAAEBK0CcAAAAAAAAIgAgaN/B/zX5booLeWET8OQDmgXWR24Fx1wvU4fIw7mWekQBAwSBAAAAAQV4IQLsNyxLbWpvwJZOB91IRIvISSFGn7/cTFItqQ86a5VP6ax8IQPWQXejk5icX/nIYD30IeKJDQORPx4eXnlItj9+E2pX0ayTfIKSYyEC2E82kxxhOPGCWknCn1xNmvlSTKeV4TO4z8ZaAazXfJqtArABspJok1KHAAAA
# I have the following address and public key in the private key wallet:
02ec372c4b6d6a6fc0964e07dd48448bc84921469fbfdc4c522da90f3a6b954fe9
16THpFJrhKtiWKtZGZ6BsKCJpeR5Bvpuim
# The script imported into the script wallet is:
wsh(thresh(2,pk(02ec372c4b6d6a6fc0964e07dd48448bc84921469fbfdc4c522da90f3a6b954fe9),s:pk(03d64177a393989c5ff9c8603df421e2890d03913f1e1e5e7948b63f7e136a57d1),sj:and_v(v:pk(02d84f36931c6138f1825a49c29f5c4d9af9524ca795e133b8cfc65a01acd77c9a),n:older(432))))#pdtn7kxw
cHNidP8BAG0CAAAAAUFu84YkNsGPV2cIqxFcO59PXJ8pJY9TMw90ew6qXp+VAAAAAAD/////AkCcAAAAAAAAFgAUH8WFFsDMwDYR8WzeafSpjeMzGXUAAAAAAAAAABJqEGraR8OsQUhlhYdcPQRibgMAAAAAAAEBK0CcAAAAAAAAIgAgaN/B/zX5booLeWET8OQDmgXWR24Fx1wvU4fIw7mWekQBAwSBAAAAAQV4IQLsNyxLbWpvwJZOB91IRIvISSFGn7/cTFItqQ86a5VP6ax8IQPWQXejk5icX/nIYD30IeKJDQORPx4eXnlItj9+E2pX0ayTfIKSYyEC2E82kxxhOPGCWknCn1xNmvlSTKeV4TO4z8ZaAazXfJqtArABspJok1KHAAAA
# I have the following address and public key in the private key wallet:
02ec372c4b6d6a6fc0964e07dd48448bc84921469fbfdc4c522da90f3a6b954fe9
16THpFJrhKtiWKtZGZ6BsKCJpeR5Bvpuim
# The script imported into the script wallet is:
wsh(thresh(2,pk(02ec372c4b6d6a6fc0964e07dd48448bc84921469fbfdc4c522da90f3a6b954fe9),s:pk(03d64177a393989c5ff9c8603df421e2890d03913f1e1e5e7948b63f7e136a57d1),sj:and_v(v:pk(02d84f36931c6138f1825a49c29f5c4d9af9524ca795e133b8cfc65a01acd77c9a),n:older(432))))#pdtn7kxw
The first key is my public key, the second key I assume belongs to my Mixin Wallet and the third is probably owned by the network, so it seems that the timelock will not help me in any case.
I wish you had set this up with Testnet first...
Sorry to hear this
You lost the private key in your Bitcoin Core? Or any errors that prevent you from using Bitcoin Core to sign the PSBT? And you need both the private key wallet and script wallet to sign the PSBT, and follow the guide in correct order https://support.mixin.one/en/article/how-to-use-bitcoin-core-to-approve-transactions-74l0ro/
In anyway, if you can't do it with Bitcoin Core, go to the Recovery section, and start a recovery with Members Key using Mixin Messenger.
It's not the mainnet issue, because it just works, that's the beauty of this project based on pure Bitcoin script.
The maximum timelock allowed in Bitcoin is 0xffff, about 455 days. So you can't make a timelock of 120 years.
OP_CLTV is different from OP_CSV (absolute vs relative). It allows for the locking of Bitcoin to be evaluated either by unix time or block height, the latter for which is up to >9000 years while the former is until 2106.You are right, forgot about the absolute timelock value.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
Here is a screnshot of me approving the tx with the almost-lost second signer, in a Windows 7 computer that I found in my hotel.
@TryNinja
Maybe it is better if Mixin Safe had a UI (within both the desktop/web and the mobile apps) for you to revoke unsafe computers? It's very easy for a public computer (particularly Windows) to get loaded with malware that steals auth tokens and approves an unauthorized transfer.
@cedricfung what do you think? It would be a welcome addition to already asking the other devices for authorization of another device that's about to log in.
Agree, for now you can revoke all authorizations from Mixin Messenger -> Settings -> Account -> Security -> Authorizations.
And whenever you sign in to Mixin Safe from a different browser, the old one will also be logged out.
Now adding the feature to logout of the service when inactive for some time.
Sorry to hijack but can anyone help with spending a transaction from a time lock address???
I accidentally made the time lock 7140000 instead of 714000 and that means I have to wait 120 years to spend the coins. Please can anyone help?
If you created the script correctly then there is no way to spend these coins and nobody can help. The Bitcoin protocol is solid and will not allow these coins to move until block #7140000I accidentally made the time lock 7140000 instead of 714000 and that means I have to wait 120 years to spend the coins. Please can anyone help?
Otherwise the only chance you have is if you made a mistake (wrong locktime value, using a branch that could be skipped, etc.) in which case you can post your full redeem script (like the ones you see in this topic) containing the OP codes, the locktime value and your public key here for people to see if there is any chance.
The maximum timelock allowed in Bitcoin is 0xffff, about 455 days. So you can't make a timelock of 120 years.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
As I said, I don't like miniscript[1], but why was Timelock chosen and why exactly at least 1 year? Also, the phrase at least may mean for more than a year.
If we assume that the use is for the heirs, it is possible after the members return the key with the recovery key and be able to withdraw the money without the consent of the owner key. Therefore, here we cannot apply it as a model for the heirs (it may be a good service if it is linked to biometric indicators that activate a lock for a period of 6 months from the date of death of the owner key holder)
I hate to say it but centralized solutions or trust in heirs are the logical ways to solve the problem of the death of the bitcoin owner.
[1] https://bitcointalk.org/index.php?topic=5459839.msg62556275#msg62556275
If we assume that the use is for the heirs, it is possible after the members return the key with the recovery key and be able to withdraw the money without the consent of the owner key. Therefore, here we cannot apply it as a model for the heirs (it may be a good service if it is linked to biometric indicators that activate a lock for a period of 6 months from the date of death of the owner key holder)
I hate to say it but centralized solutions or trust in heirs are the logical ways to solve the problem of the death of the bitcoin owner.
Quote
That means the recovery key can only be used after your safe address is inactive for at least 1 year.
[1] https://bitcointalk.org/index.php?topic=5459839.msg62556275#msg62556275
The lock means to limit the ability of the recovery key, the timelock duration can be set on a per safe basis, 1 year is just a default setting. And for the test service, this duration is only 3 days.
I agree with on the logical ways. That's what Mixin Safe is doing, provides a good service to do the inheritance in the logical way. You add your trusted people to the safe, setup the trusted inheritance key manager, in a multisig and timelocked way, and easy to manage, and everybody is able to master it.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
⭐ Merited by Coin_trader (1)
@cedricfung, I created a safe 2 hours ago and until now it's still on draft status. The note shows that the summary process only takes a minute. Am I missing something here to make my safe active? The support now is inactive while they have the online status. I decided to post it here to get an immediate solution to complete my test on the safe.
The image below is the current status of my pending safe.
The image below is the current status of my pending safe.
Hi,
Sorry for this inconvenience, which owner wallet are you using? May you send me the safe id through private message? Just the URL of this safe represents the id.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
⭐ Merited by bitmover (2)
I just want to give a thumbs up to Mixin support for being quick to solve issues encountered on Mixin Safe. I recently encounter error code 500 when I'm trying to create a safe. They fixed immediately the bug and notified me via email to continue my test. Customer support is very active in helping customers. I hope this will continue in the long term.
Thank you
Will keep improving the product and customer support.
There is a similar website, which the team should consider buying:
safe.mixing.zone/
This domain is owned by another company, and I mistakenly put it in my web browser.
Suggestion: put all your products in the same domain and redirect them. Multiple domains is confused for the user.
Currently domains that i noticed mixin team has:
https://safe.mixin.zone/
https://mixin.one/
https://messenger.mixin.one/
https://mornin.one/
I think adding all to the same domain and creating subdomains is much easier to users and customers. I am always worried when I move to another domain, specially within the same company/service
safe.mixing.zone/
This domain is owned by another company, and I mistakenly put it in my web browser.
Suggestion: put all your products in the same domain and redirect them. Multiple domains is confused for the user.
Currently domains that i noticed mixin team has:
https://safe.mixin.zone/
https://mixin.one/
https://messenger.mixin.one/
https://mornin.one/
I think adding all to the same domain and creating subdomains is much easier to users and customers. I am always worried when I move to another domain, specially within the same company/service
Thanks for pointing out this, we are working on the website and brand improvement, now I also feel they look fragmented.
We will put everything under domain mixin.one, and the mixin.zone domain is only for beta test service, once the product is ready, it will be available at the one domain.
Thank you
The wallets listed are the only supported so far as I know, and only Bitcoin Core, Ledger, Mornin Key have been tested. And I'm sure Trezor doesn't support the miniscript feature yet, so not Mixin Safe compatible.
Thanks for quick answer.I will have to explore miniscript topic more, especially for hardware wallets, and I will try to find all wallets that support them.
If Coldcard supports miniscript than there is a good chance Passport wallet is also supporting it (they forked from old Coldcard code), unless they decided to opt out.
This is interesting topic for discussion, but if I remember correctly ledger once had a bug that was related with miniscript feature in their wallet.
Yes, ledger had that bug that generates a wrong address. For Mixin Safe, we don't use Ledger to generate the address, and we can make sure the address script is correct. Ledger is only doing the private key management.
Re: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution
Technically they can use any software to do the CMP-MPC
it's technically possible to do the process to access the members key
Emphasis mine, and that's my concern. It's technically possible to set up this inheritance and recovery type of multi-sig arrangement yourself, but as you correctly point out, it is beyond the skill set of the vast majority of average users. It will also be beyond their skill set to recover their coins if your service disappears, and that's a very dangerous situation to be in. And you are not incentivized to release a tool to allow them to do so, since then they can easily bypass your pricing model.it's technically possible to do the process to access the members key
the plan is not to let the users develop software, it's to provide another software to help them. A decentralized system allows a new software to do the job, unlike a centralized system rug.
You are essentially hoping that some unknown developer will be kind enough to develop a tool to allow users to recover their coins, for free, in their own time. That's a big assumption. At first, Mixin Safe makes bitcoin multisig+timelock conveniently usable for average users, otherwise they have no other choices.
Second, we have been running for 6 years, that's long enough, we have no incentive to go offline.
Finally, even if we are offline, many developers or companies should be incentive enough to develop new tools. Imagine Mixin Safe can attract customers to pay $1000 per year, why no other companies want to do this? If we have 1000 customers, a new company can easily have 1000 customers to use their service.
Re: Mixin Safe (Decentralized Multisig+MPC+Timelock solution) review preperation
⭐ Merited by dkbit98 (1)
OK, I somehow managed to register with Mixin and download everything that is needed for testing, so I decided to send my application for review.
I do like the idea of Multisig but let's see how this Mixing setup works in my real life testing.
Question for cedricfung:
Some people in my local board are not sure what wallets are supported except ones mentioned so far (Ledger, Bitcoin Core, Bitbox, Coldcard, Mornin key, etc), so can we get a full list of all supported devices/wallets?
Is Trezor hardware wallet supported?
I do like the idea of Multisig but let's see how this Mixing setup works in my real life testing.
Question for cedricfung:
Some people in my local board are not sure what wallets are supported except ones mentioned so far (Ledger, Bitcoin Core, Bitbox, Coldcard, Mornin key, etc), so can we get a full list of all supported devices/wallets?
Is Trezor hardware wallet supported?
Thank you
The wallets listed are the only supported so far as I know, and only Bitcoin Core, Ledger, Mornin Key have been tested. And I'm sure Trezor doesn't support the miniscript feature yet, so not Mixin Safe compatible.
Let's say I'm an Ethereum whale with x million assets in Ethereum.
Is there a way to convert my Ethereum or USDT / USDC to Bitcoin without KYC?
Bisq or HodlHodl are attractive, but the liquidity there is too low for me.
To be honest, central swaps like SimpleSwaps are too risky for me, the past has shown where this can lead.
My idea would be to use wallets like Exodus / Incognito / Ledger / Trezor and convert the Ethereum into Bitcoin in smaller 10 - 20k steps.
Then whirlpool everything and put it on my cold wallet.
Do you maybe have better suggestions for me?
Is there a way to convert my Ethereum or USDT / USDC to Bitcoin without KYC?
Bisq or HodlHodl are attractive, but the liquidity there is too low for me.
To be honest, central swaps like SimpleSwaps are too risky for me, the past has shown where this can lead.
My idea would be to use wallets like Exodus / Incognito / Ledger / Trezor and convert the Ethereum into Bitcoin in smaller 10 - 20k steps.
Then whirlpool everything and put it on my cold wallet.
Do you maybe have better suggestions for me?
Maybe try https://app.pando.im with MetaMask?
A single transaction with millions could cause big slippage, but you could do a few hundreds of thousands.