Bitcoin Forum

How to identify whether a wallet has been stolen or not? In particular the Balance wasn't change and without any transactions? ???

The balance was not stolen if it is showing no transactions. Make sure your wallet.dat file is in your C:\Users\your name\AppData\Roaming\Bitcoin directory. also you can use http://blockexplorer.com/  to check an address to see what transactions have happened.


Good luck
 :)

It would be like having your password on your desk for a while and wondering if someone wrote it down. There is no way to know for sure. If you are worried you can always create a new secure wallet to send your money to. You can only know for sure it was stolen once your money disappears.

So basically how could you tell if anyone copied any file from your computer ?

If the file was stored in an OS with a secured filesystem that had the ability to log the timestamp of all reads/writes to log file and the UserID of the person accessing the file(s) it would be easy.

Under Linux 2.6 kernel (and later) this can be achieved by enabling the Linux Audit Daemon (http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html).

If you are using windows, there is a basic check, depending on the exact OS your using the procedure may differ slightly:
Right-click the folder that the file is in, click views>details.
Right-click the folder again, click "sort by" and check the "date accessed" box to see when the file was last accessed.
If it's more recent than the last time you accessed the file, it would imply that someone else has handled the file.

Maybe there is a better way under MS Windows, but I don't use it enough to know.

EDIT: I did a bit of Googling, maybe this will help http://support.microsoft.com/kb/310399
In Windows 7 it could be setup by using the "Local Group Policy Editor" by enabling "Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit Object Access". Once enabled then each file should have a new Properties\Security\Advanced option to log read/write/modify access when you right click on any filename.

I checked http://blockexplorer.com/ and found Balance:0.34...... by
Ledger / transaction list which should be payout by Eligius pool for my mining and it's the only one transaction, but my Bitcoin client (Mac OS) display Balance:0.00, 0 transaction. Is that normal?

Thanks for jebathga, bitlotto, and Bert's answer!

Have you downloaded all the blocks?

Hi! bitlotto,

Displaying 5000 blocks now, how many blocks it needed? Thanks!

In a terminal type "ls -at ~/Library/Application Support/Bitcoin/wallet.dat" will show the last access time under OSX (it is just a BSD flavour of UNIX).
Under Mac OSX you can Enable Security Auditing and use it in a similar way to audit_control under FreeBSD.
Page 220 http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf

As for Bitcoins arriving on your client it can take a while depending on mining pool, and your client having downloaded all blocks (http://blockexplorer.com/q/getblockcount). For all blocks in the security chain to arrive the first time you run the Bitcoin client, give it a few hours.

135927 to catch up to current state.

Hi! Bert,

Very useful information. Will try that. Thanks!
The blocks download seems very slow. It reached only 2XXXX at present.

bitlotto,

Thanks! 28XXX blocks right now...