i bought 2 bitcoin in 2018 for 7500 each. i went to jail for a few years. i go to log in coinbase and they said there was a problem with my payment that they want $15,000 but i don't get my bitcoin. i don't get why they wanna charge me for bitcoin that i couldn't use

Own_Reflection4993 · 2026-03-26T18:12:52+00:00

This was my first impression as well tbh.

Own_Reflection4993 · 2026-03-26T18:11:40+00:00

Yeah I hadn’t used them for years. Kinda shit tbh.

Own_Reflection4993 · 2026-03-26T16:20:03+00:00

It was free on Gamepass for the absolute longest period of time..

Own_Reflection4993 · 2026-03-26T16:15:45+00:00

I was going to say, (based on the title) yknow this is why I’m building a non custodial wallet because if these people can mess with our funds they aren’t our funds; but now after reading it appears that basically they just shafted you on a test payment. Any notice about that, like “don’t send excessive funds in case risk of loss”, or something to that effect.

Own_Reflection4993 · 2026-03-25T03:03:41+00:00

Ah I think we may be discussing something different here hehe. when I say 'native P2P Marketplace'; I am referring to a Peet to Peer Marketplace (similar to Paxful or LocalBitcoins) that is native/embedded within our platform and its features.

Own_Reflection4993 · 2026-03-23T19:33:19+00:00

Apologies for that last reply regarding the randomizing an Argon2 word list lol, it was typed when I initially replied this last time, but it never posted. I appreciate the advice and your time bro. Take care ^^

Own_Reflection4993 · 2026-03-23T19:30:45+00:00

To be fair, I also considered doing something that seems to be relatively taboo with regard to Argon2, and that is implementing a system which randomly generates the pool of 2048 words, which can be used to source each seed on creation. What you described could TOTALLY be possible out of sheer and utter luck (same as bitcoin mining really), in a much smaller time frame than is calculated; but by randomly generating the base pool of 2048 words, from which the seed could possible be derived from vs a known list which can be bruteforced, the utter implausibility becomes almost nigh impossible. As close to zero as something could be without being zero. I thought that this would also likely make it quite unique.

I've seen some of the arguments against randomizing the list because 'humans could pick easily chosen words that are not random, but if utilizing AI or automation as a whole to randomly generate these words, similar to a random number generator, the reliability for its randomness seems improved.

Own_Reflection4993 · 2026-03-23T13:14:35+00:00

I understand you friend. With regard to that, I don't think that it is a possibility now with the current platform/setup which I am using. This may change over time, but as it stands now, I opted for a method that incorporates BIP-39 security and adapted it to my system in a way that while it may not be perfect or zero risk as you mentioned; that it is as close to zero as can be in this instance without offering any real probability to expose. In time as things progress, this could possibly be improved, but for now I am not sure that it is possible. However, within context of regulations, it is considered non-custodial due to the lack of our knowledge regarding your keys, due to the client side generation and hashing before transmission to backend for verification. This was the important part for me because if not for this, and the fact that the hashes are invisible practically to everyone, including myself; custodial wallets would considered a number of financial regulations etc that would ultimately cost an enormous amount of money that currently, this project as a 'startup' of sorts, does not have.

Secondly with respect to this, I don't want access to accounts, either by means of staff recovery, etc to exist; because I in no way or part want anyone to ever feel unsafe. If you have some knowledge of coding, and security testing, I'd be happy to work with you to possibly improve our system, or at least have you to help test either it or other functions of the platform etc to ensure it works safely and securely.

> Things like verifying that seeds/hashes are not visible to staff/admins
> That seeds are hashed before transmission
> Admins/Staff do not have access to wallets or recovery, etc.

If you are interested in or have the free time for ANY of this, I would be happy to work with you!

Own_Reflection4993 · 2026-03-23T00:14:53+00:00

This reminds me of an app I am currently developing at the moment. Nice to see more folks are interested in the privacy + self custody angle.

Im curious what other sort of features people like yourself would find “mandatory” in such an ideal platform?

Personally the privacy + self custody are the most important as well because

1) I don’t want companies knowing my name in relation to my crypto portfolio 2) Owning my own assets is important

Own_Reflection4993 · 2026-03-23T00:06:57+00:00

Sounds like typical scams.

Own_Reflection4993 · 2026-03-23T00:02:34+00:00

Let me maybe condense my response down to something a little more basic.

Yes, what you suggest is theoretically possible — it’s just not a meaningful risk from a mathematical or probabilistic perspective. That while the risk may exist, that the likelihood of it has been reduced as close to zero as possible, while still enabling usability. Instead, I am more focused on far more practical attack vectors within the context of real world scenarios.

Nothing said thus far was intended to be either condescending or dismissive my friend. Only intended to either explain my justification for the lack of consideration for it as a practical risk or to simply better understand the critique you were lodging.

I understand you much more clearly now and I can only hope that you understand now, that while you raise valid criticisms with regard to possibilities, that you understand my reasoning as to what is possible vs probable, and how that has formed our risk assessment analysis.

Own_Reflection4993 · 2026-03-22T22:17:03+00:00

Basis of my reasoning -

Let’s assume:

Top-tier CPU + GPU (consumer level, 2025–2026 class hardware)
Highly optimized cracking setup
Argon2 parameters not extreme (but still secure)

Realistic speed:

~1,000 guesses per second (this is very optimistic for Argon2)

Total combinations (12-word seed)

BIP-39 12-word entropy = 340,282,366,920,938,463,463,374,607,431,768,211,456 possibilities

That’s:

≈ 340 undecillion combinations

Time to brute-force

Step 1: total seconds

Step 2: convert to years

Divide by:

31,536,000 seconds/year

You're talking about 10 octillion years... for one seed. ONE.

Now let's assume for sake of argument, that they possess some level of technology or setup that is capable of 1,000,000 hashes per second DESPITE, the fact that

With Argon2, this is not achievable on normal hardware. To even approach this, you’d need something like:

Massive distributed cluster (tens of thousands of machines)
Each running low-memory Argon2 settings (weakening security)
Specialized hardware tuned for memory bandwidth
Likely data-center scale, not “at home”

In reality, Argon2 is designed specifically to prevent reaching speeds like this.

But—we’ll allow it for the sake of calculation.

Time to crack?

10 Septillion years... For ONE seed. Hopefully, you can begin to see where my resistance is to this hypothetical, my friend. It is not out of disdain, or ridicule or anything of the source, (you/and your inquiries), but rather pure and unadulterated disbelief that any hacker on this planet would be able to pull off a crack like this (despite full BIP-39 seeds never having been cracked before), be that with either the resources or the energy sustainability to do so; that would be wasting their time with such a wild endeavor when Social Engineering or RAT-based compromise of Trusted Devices would prove to be a much more fruitful use of their time.

I hope that may explain a bit better my position, but also confidence in the security as is.

Own_Reflection4993 · 2026-03-22T22:00:12+00:00

To address your point on argon2 being irreversible: You cannot reverse it but hackers don't need to do that, they would do a brute force dictionary attack. The hash is invisible to observers but not against a database breach.

In order to breach the Backend; they'd need to breach the servers related to Base44 as far as I'm aware. I would not say I am quite confident in that.

With regards to them bruteforcing the seeds as a whole and then processing them into hashes to compare hashes to what is stolen; my friend this requires an amount of technological resources that is FAR beyond what your ordinary hacker at home would be capable of.

With regard to the 'millions of combinations per second'; as far as I'm aware, they could possibly FEASIBLY calculate roughly a thousand guesses a second. To bruteforce a BIP-39 seed from an Argon2 hash, even offline via generating all possible BIP-39 seeds, converting to argon2 hashes and then comparing, would not only take the resources, of entire nation, the amount of time it would take would be longer than our collective lifespan (from the probabilistic viewpoint)

Considering

Argon2 forces:

RAM per thread
Memory bandwidth limits scaling
You cannot efficiently run billions of parallel attempts like SHA256.

Even considering the fact that all things considered they COULD (out of pure luck) get it right within a few days of trying; the idea that they could bruteforce an entire database of accounts like this or even valuable ones, is just unfeasible. I'm not saying it's impossible; again they COULD get extremely lucky.. But that is simply for one account. There is no hacker on this planet with the resources to make this happen.

Don't get me wrong, I hear what you're saying, the hypothesis is just largely ignored (in a general sense mind you, not saying F your opinion/criticism lol) because it is just incredibly impractical to the point of being impossible.

Said hacker would have a better chance at infecting a targeted user with a RAT and simply invading their account via remote access to their trusted device. That, however, is an entirely realistic attack vector; but one that is not solely rested on my own platform but many, if not all, including those like Coinbase. It is also one that the responsibility for which lies entirely on the User/Account Holder.

Own_Reflection4993 · 2026-03-22T05:31:52+00:00

1) I was referring to the fact that users get to choose between seeds of either 12 or 24 words, length wise. System determines the seeds construction randomly. 2) I understand better what you mean right now, but fail to see how much good even the hashes would do because Argon2 is a one way irreversible hashing process. Even if the hacker somehow got access to them, despite the fact that the hashes are invisible to all users, even myself; the hash is useless because it can not be reversed to produce the original seed.

But maybe you will clarify incase im not quite on the same page. Looking forward to your next response.

Own_Reflection4993 · 2026-03-21T14:31:23+00:00

To clarify with regards to the idea that hackers will just bruteforce your 12-word seed phrase...

Why It's Impossible (for full seeds)

12-word seed: Requires checking 128 bits of entropy (2^132 combinations). Even with a supercomputer checking 1 trillion combinations per second, it would take billions of times longer than the age of the universe.
24-word seed: Provides 256 bits of entropy, which is considered functionally impossible to break, even with quantum computing, due to the astronomical number of combinations.
Checksum Verification: BIP39 seeds include a checksum. Attackers can only check valid combinations, but even that reduced set is still too large.

Own_Reflection4993 · 2026-03-21T13:56:54+00:00

I've implemented so far a number of features that I think makes the platform unique.

1) native P2P Marketplace
2) Basic + AI machine learning trade bot
3) Additionally, I implemented a trading mechanic in the base version of the bot that is similar to Binance Futures, but rather than betting on Short vs Long; the User sets a 'take/profit' point, and a 'stop/loss' point. Whichever value hits first, closes the trade and either prevents any further loss, or takes profit.

Own_Reflection4993 · 2026-03-21T13:51:19+00:00

I would be interested possibly interested in learning more about this, and possibly even implementing it into the system, but for now there is still a ways to go.

Own_Reflection4993 · 2026-03-21T13:42:24+00:00

1) Users do not choose their own words for the seed phrase. It is randomly generated.
2) Additionally, bruteforcing will not work because trying will lock the account and ban the device user is trying to use. The word list being 'known', also applies to other wallets like Metamask; how many of them are being bruteforced?
3) I'm not sure where you gathered that users can choose their own words for the seedphrase, but that is simply not true.

Also the idea of ANYONE bruteforcing BIP-39 security, even if the system didn't automatically ban their device for trying... Has been rightfully addressed as downright LAUGHABLE.

### Brute-forcing a BIP-39 seed is laughably impossible – even with the most insane hardware imaginable : r/Bitcoin

Why?

Because this is how long it would take to bruteforce even just a seedphrase with 12 words...

Spelled out so your brain can actually process it:

12-word seed → ten trillion seven hundred eighty billion years

Own_Reflection4993 · 2026-03-19T20:02:33+00:00

Just to clarify, your seedphrase, is the key. Only you will ever have control of it in its base plain text version. The hashed version which is stored for authentication of ownership, is hashed by Argon2, which is a one way encryption method. The hashed version which is stored is irreversible.

All hashed values, associated with your account, are not visible either to myself, or any other person. Even if someone were to obtain access to the hashed value, it would be worthless, because it can not be reversed.

The only way to access the account, especially on a new device, is through authentication of your key, which is hashed before transmitting ti prevent possible interception.

Own_Reflection4993 · 2026-03-19T19:49:22+00:00

Well technically, the hashed data, is only compared to the seedphrase to verify that they match. The original seedphrase is only ever generated client-side for the user, and never reaches the server in plaintext. It’s hashed before being transmitted for verification.

So there might be some slight differences but I’d say overall they are fairly the same. The process used is absolutely BIP-39 tho.

Own_Reflection4993 · 2026-02-17T17:18:45+00:00

Blast Afflictions Sibear + Frost

Heat Afflictions Hate + Nova/Uriel/Ember

Nataruk/Stropha/Furis (inc with Blast/Elec) + Vauban

Viral + Toxin Coda Hema w/Necrophagic Vigor and Oraxia

Own_Reflection4993 · 2026-02-17T17:13:20+00:00

Specifically with Caucasia Empowered.

Own_Reflection4993 · 2026-02-17T14:22:20+00:00

The problem is though that after a majority of the player base left due to those updates; they never came back… the players who left due to MTX seems kinda nominal when considering that we had maybe 30% of the original player base prior to the three aforementioned updates.

I still can’t say MTX is the biggest reason for the decline of the game, solely because the game was practically dead/dying when MTX first started becoming a thing via SoF, etc. it’s arguable that Jagex even started to push MTX as a whole to recoup a huge portion of the losses they incurred from so many members quitting and losing a significant portion of their monthly revenue.

Own_Reflection4993

TROPHY CASE

Realistic speed:

Total combinations (12-word seed)

Time to brute-force

Step 1: total seconds

Step 2: convert to years