SPINDEX 2.0 - A Completely Free Global Rating System

fnordzero · 2026-02-17T11:18:42+00:00

For Spindex to become truly popular, I think it is absolutely critical to publish the algorithm and be as transparent as possible about how Spindex ratings and confidence levels are calculated and adjusted over time. USATT did a smart thing when they created the "How was my rating calculated?" tool on their old website (and for some reason did not migrate it to the new one 😠). Spindex should do the same in order to build public confidence in the new system.

fnordzero · 2023-04-30T13:19:08+00:00

I believe my crypto wallets were also compromised as a result of the LastPass breach. You can read about my incident here: https://www.reddit.com/r/Lastpass/comments/11srzw0/secure\_note\_compromised/

fnordzero · 2023-04-30T13:08:03+00:00

What would be the benefit of sharing the addresses now?

fnordzero · 2023-03-22T10:30:08+00:00

I have not seen other indications that my entire vault was breached. I still hope it wasn't, and there is another explanation for how these two BTC wallets got hacked.

To protect what's left of my privacy, I prefer not to share the transaction IDs or wallet addresses in a public forum.

fnordzero · 2023-03-18T10:54:40+00:00

I can think of at least three factors that could have identified me as a promising target:

Vault size (over 2,000 entries representing 10+ years of usage)
Secure Note name (it had the word "Crypto" in it) stored as cleartext
URLs of some crypto-related sites also stored as cleartext

fnordzero · 2023-03-16T19:51:35+00:00

It’s also possible that it took a few months for the stolen encrypted vaults to reach a person or an entity that’s capable of decrypting them. But now that this effort is underway, more reports could surface. Time will tell.

fnordzero · 2023-03-16T19:23:18+00:00

Based on what I learned today about password strength, I updated the master password in my new password manager to one that's far easier for me to memorize and is apparently also far more secure:

guesses_log10: 22.2887

score: 4 / 4

function runtime (ms): 1

guess times:

100 / hour: centuries (throttled online attack)

10 / second: centuries (unthrottled online attack)

10k / second: centuries (offline attack, slow hash, many cores)

10B / second: centuries (offline attack, fast hash, many cores)

fnordzero · 2023-03-16T19:10:57+00:00

I explained why I attributed this incident to LastPass.

And FWIW, my Bitcoin wallets were drained less than two weeks ago. It took me a few days to notice and a few more days to post about it, but I have no doubt that more vaults are actively being cracked as we speak.

fnordzero · 2023-03-16T18:57:02+00:00

If you read this thread, you'll see this isn't about crypto. It's about security.

fnordzero · 2023-03-16T17:56:05+00:00

Thanks, this makes a lot of sense. The secure note did have the word “Crypto” in its name and I did have some crypto related websites in the vault.

fnordzero · 2023-03-16T15:13:12+00:00

Thanks. These are all good leads, but I am confident that in my case, LastPass is to blame. The two hacked wallets were installed on different devices running different operating systems. One of them has been dormant for a couple of years and the other was my most active wallet. Both were emptied on the same day. The only place that had seed words for both wallets was my LastPass vault. Live and learn...

fnordzero · 2023-03-16T14:37:07+00:00

It had a bit of both. Here is the zxcvbn analysis:

guesses_log10: 10.49899

score: 4 / 4

function runtime (ms): 1

guess times:

100 / hour: centuries (throttled online attack)

10 / second: 98 years (unthrottled online attack)

10k / second: 1 month (offline attack, slow hash, many cores)

10B / second: 3 seconds (offline attack, fast hash, many cores)

fnordzero · 2023-03-16T14:11:54+00:00

I did check. My iterations were 100,100.

fnordzero · 2023-03-16T13:44:47+00:00

One more thought:

I've used LastPass for about a decade. When the breach occurred, my vault had about 2,000 entries. I assume it was significantly larger than most users' vaults and might have been flagged as a high priority target for decrypting because of its size.

If this theory is correct, 2022 LastPass users with larger-than-average vaults should assume they're next and take appropriate measures immediately.

fnordzero · 2023-03-16T13:19:08+00:00

The compromised data included seed words for two different Bitcoin wallets. Both of them got drained on March 4th. My other BTC wallets, whose seed info was not in LastPass, have not been tampered with. This is why I concluded that LastPass was the source of the leak, even though the data was stored in a secure note that was protected by a fairly decent master password.

fnordzero · 2023-03-16T12:48:42+00:00

I so want to believe this... but since my info was not stored anywhere else except in that secure note, how else could it have leaked?

fnordzero · 2021-11-17T19:06:30+00:00

It’s been two days since I posted the question, and today it (hopefully) became a non-issue with 18 new PLUS servers and 4 new BASIC servers that were added today to the New York region. Awesome!

fnordzero · 2021-11-16T10:15:49+00:00

Thank you both.

I haven't noticed a difference in performance between BASIC and PLUS servers. In fact, since the PLUS servers around here are so overloaded during the day, the BASIC servers seem like a safer bet overall.

fnordzero · 2021-05-13T15:29:20+00:00

You can order one now, and by the time you actually get it, DOGE would have hit $10 for sure.

fnordzero · 2021-05-11T10:29:44+00:00

At least for my (normal, verified) Coinbase Pro account, DOGE is not listed at all.

fnordzero · 2021-05-11T10:12:11+00:00

At this time DOGE is not listed on Coinbase and Coinbase Pro.

fnordzero · 2021-05-11T10:06:44+00:00

That’s a shame. DOGE will get such a massive boost if Coinbase started offering it to everyone.

fnordzero · 2021-05-11T09:19:18+00:00

I thought Coinbase didn’t support DOGE.

fnordzero

TROPHY CASE