This content graciously created by: Andre van Zegveld (Thank you Andre!)
This manual is for FIRST USERS. If you’ve used a wallet in the past and your balance says ZERO IOTA’s …… don’t panic, go here:
But FIRST: No matter who or what, *never* give your seed to anyone. Especially not if they say they are an IOTA developer who will help you recover your balance. These people are scammers and will steal your IOTA.
If you are a first user, read this VERY CAREFULLY :
I will try to tell you how to use the light wallet. The problem with the current wallet is that IOTA is designed for the IoT. Those devices will happily obey the rules without fail. The wallet shows the IOTA design in all its aspects. But a human is not equipped to follow the rules. They fuck up constantly. Which means they give hackers ample opportunity to step in and take the funds.
Q: My iota’s are still on bitfinex, when are they showing up in my wallet? A1: If the status of your bitfinex witdraw is PROCESSING it means they haven’t send the iota’s yet. Contact bitfinex. A2: If the status of your bitfinex witdraw is PENDING it means they have send the iota’s. Have Patience. In the meantime: DO NOT SEND IOTA’S FROM YOUR WALLET till all transactions are confirmed.
For everyone with stuck transactions 1. goto 2. change node to the lowest ping one 3. reaatach your transactions 4. repeat the process with 3-5 diffrent nodes from the list. after that 90% confirm rate even higher i assume!
If you want to use the LIGHT WALLET:
1 – install the LATEST light wallet from here:… 2 – Create SEED, see our FAQ how to do that SAFE 3 – Run wallet
After installing a new wallet you need to set up your wallet correctly. What you need to do is go to Tools->Edit Node Configuration. Make sure that a Host node is selected. If you see ‘Select Your Host’ in the Host field, use the drop down to select one. Usually any one will do. However, keep in mind that a host may be temporarily offline, so if after selecting one the wallet indicates No Connection you may want to select another Host. My experience shows that the hosts are pretty reliable and fast. Make sure that Min Weight Magnitude is set to 14. Higher values should be no problem but will just cause the Proof of Work to take longer unnecessarily. Finally, you see a field that says Curl Implementation. The default is WebGL, which is a new setting that allows the wallet to use your graphics card to do the Proof of Work, thereby speeding up the process. However, some people will find that they get an Invalid Transaction Hash when they use this setting. The solutions for that are to either select CCURL instead, or to follow the instructions found in this link to make sure the wallet uses the correct graphics card: Note that it may be necessary to close and restart the wallet after changing any of those settings. I would do that just to be sure that the changes are active. 4 – Copy Paste your SEED where it says “Seed” (the 3 characters that show up next to your seed is the checksum)
5 – click on “LOGIN”
6 – IF you want to SEND IOTA FROM EXCHANGE TO YOUR WALLET: GOTO 7 IF you want to SEND IOTA FROM WALLET TO YOUR EXCHANGE: GOTO 15 IF nothing else, quit wallet. 7 – In your wallet: click on “RECEIVE”
8 – Click on “ATTACH(ed) TO TANGLE” and if it says “GENERATE NEW ADDRESS” click on “GENERATE NEW ADDRESS”. (you have billions of them)
This will generate a new address….. and after a while you’ll see:
9 – Click on the address to copy the address to the clipboard
10 – Goto the exchange of your choice, and send the iota’s to the address you just copied. ( NEVER USE THAT ADDRESS AGAIN !!!! )
11 – Click on “HISTORY”. You’ll see the address you just attached to the tangle, it is a zero iota transfer, it is “Pending” (waiting to be confirmed) and it will stay pending. Zero transactions will never be confirmed but they are INSIDE the tangle, that’s what you wanted, now the sender can “find it”
12 – After a while you’ll see also your transfer from the exchange as “Pending”. BETWEEN 12 AND 13 DO NOT SEND ANY IOTAS FROM THIS WALLET !! 13 – After again a while your deposit will be “Confirmed” 14 – CLOSE wallet
15 – IF you want to send iota from your wallet to the exchange or an other wallet: 16 – IF there still is a NON-ZERO transaction pending in your wallet THEN GOTO 16 17 – Click on “SEND”
18 – Fill in Recipient address, the amount of iota’s and click “SEND IT NOW” 19 – In recipient wallet: GOTO 11 (or check the wallet at your exchange)
20 – GOTO 6
======== end of program ==========
4 rules to NEVER break:
1. NEVER re-use an address 2. ALWAYS attach a new address to tangle 3. ALWAYS wait for a transaction to be confirmed before sending anything else. 4. NEVER EVER reuse an address, not even for receiving iota in your wallet.
Failing to comply with these simple rules, MAY result in your funds getting stolen due to compromised addresses being hacked by others or your funds being locked in due to double spend addresses.
Q: (1) If I use a “receive” address more than once, that’s dangerous, right? But the receive address resets any time I log back in, so that’s fine, then, right? Just don’t reuse those addresses more than once?
(2) I can send from an address multiple times without a risk; it’s just that I shouldn’t send TO the same address repeatedly? Am I understanding that right?
A: 1: yes, that’s dangerous. And: An address does NOT reset with login.
2: you can send FROM an address only once. The wallet does that for you. You do not know FROM which address the wallet sends from. The wallet collects enough funds from 1 or multiple addresses and sends the iota’s from all those addresses. Any remainder is send to a new fresh address (that you do not know of) and the addresses that are spent from will be zeroed, having no more iota’s. If one of these addresses is your previous receiving address and someone sends again to this address, they’ll get stuck into that address because the wallet refuses to multiple send from the same address.
When you have 5 iota in ‘an’ address ‘A’ in your wallet (you don’ know anything about that address and you should not, you send from your wallet, NOT from an address), and you want to send 2 iota to the bitfinex exchange wallet address ‘B’ , the wallet creates a BUNDLE of transactions (hence the name BUNDLE you can click on) These are the transactions that are created: 1 – move 5 iota out of ‘A’ 2 – move 2 of those iota’s to ‘B’ at bitfinex 3 – Create a new address ‘C’ and send the remaining 3 iota to ‘C’ THAT’s your BUNDLE
Address ‘A’ is now empty and can not be used anymore.
BUT if you send from bitfinex to ‘A’ again, they will arrive in ‘A’ normally. And if you want to send them again to bitfinex, the wallet refuses that because address ‘A’ has been used and can not been send from again. From that moment on these iotas are STUCK in address ‘A’ because of DOUBLE SPEND ERROR
You want to send 5 iota from bitfinex to your wallet, so you GENERATE NEW ADDRESS and you ATTACH TO TANGLE. That one is address ‘D’. You send 5 iota to ‘D’
So now we have ‘C’=3 and ‘D’=5 iota
We want to send 6 iota to bitfinex at address ‘F’ Wallet creates this BUNDLE: 1 – move 3 out of ‘C’ 2 – Move 5 out of ‘D’ (together 8 = more then 6, so it’s enough) 3 – send 6 iota to bitfinex address ‘F’ 4 – send remaining 2 to new address ‘E’ in your wallet
So now you have ‘E’ = 2 and A,C and D are empty and can not be used again. A, C and D will get deleted at a snapshot.
NOTE that address ‘B’ and ‘F’ at bitfinex also can not be used again !
(The picture below uses other addresses and values) Picture: Raul Pte
IOTA is a protocol designed for use by IoT devices. These devices will happily follow any rules to use the protocol strictly, optimally and safe. Sadly, humans are not so good at following rules -if they know them at all- and they often have no idea of the consequences of certain actions. So I decided to write a list of best practices and explain the why in this article.
Here are the rules:
RULE 1: NEVER re-use an address. NEVER. NO exceptions.
RULE 2: ALWAYS attach a new receive address to the Tangle.
RULE 3: ALWAYS wait for a transaction to be confirmed before sending anything else.
And here are the whys:
It all has to do with multi-spending. Which is spending more than once from the same address. The problem here is that IOTA uses one-time signatures. After spending addresses are not supposed to be used any more because in the process of spending a random 50% of the private key to the address gets exposed. This in itself is not a problem, any funds arriving after a single spend are still pretty safe. Breaking the other 50% of the key is still a daunting task.
But when a second spend happens on the same address a new random 50% of the private key for that address gets exposed. Theoretically, statistics will tell you that now 75% of the private key is exposed. But here is the difference between theory and practice. Since it is a *random* 50% of the key that gets exposed, you could be unlucky enough that both 50% exposures only have a 10% overlap. In which case a whopping 90% of your key is exposed already! In which case your private key is toast and broken relatively easy.
So in short: 2 or more spends from the same address is VERY BAD!
Now let’s see what scenarios could occur that will end up in a multi-spend and why these rules are good:
RULE 1: NEVER re-use an address. NEVER. NO exceptions.
I can immediately hear some people say: “But you are allowed to receive multiple times at a address!” And they are technically correct. IoT devices will do this all the time. But they have the advantage of knowing exvactly what the parties they are talking to are going to do and when. So they can safely do this. Here is a scenario that shows just one example of why it is a bad idea to send multiple times to the same address:
Let’s say I withdraw X iotas from an exchange to address A in my wallet. The whole process takes a little time, but I end up with X iota in address A.
Encouraged by this success I decide to withdraw another Y iotas to that same address A. After all, I can send *to* an address multiple times, right? So I put in the order and the exchange starts processing the order. Note that this processing can sometimes take hours or even days.
In the mean time I tell my friend about IOTA, and to encourage him I want to send him a few (let’s say Z) iotas. So he installs the wallet and gives me a receive address B. I tell the wallet to send Z iotas to address B. The wallet happily obliges and takes the iotas in address A, sends Z iotas to address B, and -to guard address A from multi-spending- it also sends the remaining X – Z iotas safely to a newly generated address C in my wallet.
Everything seems okay so far. But with one problem: The exchange did not process my withdrawal yet. When it finally does process it, the Y iotas will be sent to address A just like I instructed. Except that address now already has an earlier spend on it! Oops!
This situation could have been simply avoided by generating a new address D for the second withdrawal and using that instead of address A. So case in point: NEVER re-use an address. Not even for receiving.
RULE 2: ALWAYS attach a new receive address to the Tangle.
I can immediately hear some people say: “But you don’t really *have* to do this!” And again, they are technically correct. It is perfectly fine to send iotas to an address that was not attached to the Tangle explicitly. They will arrive just fine. Again, IoT devices do this all the time, but they also keep track of what addresses they gave out as receive addresses.
The IOTA wallet does it differently. Because it is possible to install the wallet on different devices, and log in both wallets with the same seed, the developers are determining the state of the wallet directly from the Tangle. That way both wallets will respond the same to events. Otheriwse one could have kept track of some important addresses and the other would have no knowledge of that. Pretty elegant solution.
But this solution comes with a hidden cost. To understand this we need to look at how the wallet decides which addresses have been used already. It does that by asking the node it is connected to for a list of transactions that incorporate that address. If there are no transactions yet it concludes that it has not used the address yet.
By attaching an address to the Tangle you explicitly create a zero-transfer transaction for that address. Now the wallet can find that transaction in the Tangle, so it knows it is in use already. And yes, in case someone sends iotas to that address, the wallet can find that transaction in the tangle and again sees that it is in use already. Therefore we don’t need to explicitly attach it, right? Bzzzzt! *Wrong*!!
Let’s say I have X iotas in address A. I decide to withdraw another Y iotas from the exchange to address B. That’s what I learned from rule 1. Use a different address. I don’t bother explicitly attaching address B to the Tangle, because I was told before that that was not strictly necessary. So I put in the order and the exchange starts processing the order. Which again takes time.
To spread more joy I decide to send Z iotas to my friend again. I initiate the transfer, and this time the wallet can take from address A, send Z iotas to my friend’s address, and then it wants to send the remaining X – z iotas to a new receive address. So it looks in the tangle which address is not in use already. Aha! Address B is not used yet. So it merrily sends the results to address B. Oh dear. Now we are in the same situation as we were in with rule 1.
So if we now decide to send another amount of iotas to another friend, we will be spending address B before the withdrawal *to* address B has executed. And we end up with a guaranteed multi-spend again.
This situation could have been simply avoided by explicitly attaching address B to the Tangle. In which case the wallet would have seen it was in use already, and it would have sent the remainder to a new address C instead. So case in point: ALWAYS attach a new receive address to the Tangle.
RULE 3: ALWAYS wait for a transaction to be confirmed before sending anything else.
I can immediately hear some people say: “But the wallet will keep me from multi-spending!” And again, they are technically correct. The wallet will check before spending if there already has been a confirmed spend on the address, and won’t allow a second spend in that case. But consider the following scenario:
I have X iotas in address A. I now decide to send Y iotas to an exchange. This will generate a transaction #1 spending Y iotas from address A. Now I also decide to send my friend his Z iotas before transaction #1 has been confirmed. Since the wallet still sees the X iotas in address A it will happily generate transaction #2 spending Z iotas from address A. Oops! Two spends from the same address.
This situation could have been simply avoided by waiting for transaction #1 to be confirmed before sending transaction #2. So case in point: ALWAYS wait for a transaction to be confirmed before sending anything else.
Note that a lot of these situations are even muddier because you have no idea what address(es) the wallet is going to pick as input(s) for sending iotas somewhere.
Also note that I only provide one example of where things can go wrong for each rule. Things become even muddier when snapshots happen. But that is something for another article.
There are several other wallets under development right now, until then, BE CAREFULL!