Bitcoin Forum

I have a remote server running Bitcoind along with my server programs where a fraudulent user tried to hack me and one of the accounts is stuck with 825 "fake" bitcoins.

I tried move, I tried SendFrom, I tried SendToAddress all of which fail to send ANY coins at all. I am trying to "filter" the bad ones from the good ones so I expected to send all of them and see the real balance appear but it just throws an exception and nothing happens.

FAKE coins?

Can you post the address?

Due to security reasons I can't.

Can you kindly point me through the steps you were about to make with the address? Thanks.

EDIT: It shows 0 balance in http://blockchain.info even though I know for a fact there are at least 0.3 real coins there



What I mean by "fake" is they are only verified once by the server since there is no point verifying transactions more than once if the transfer is between local accounts but the hacker managed to fake his balance in the MySQL database I patched up the problem but I am left with 800 of these "fake" coins.

Just run a recovery tool on wallet.dat, no differently than if you were trying to recover it from a failed hard drive. That should sort everything out.  With a brand new bitcoind and copy of the block chain of course.

In other words I would be extracting the private keys and then reconstructing a brand new wallet based on them.

Most probably that you have stolen, and "injected the fake bitcoins", so typical for do these magical applications that offer out there

I testing with the same wallet on different devices, I had balances wrong, fix it by exporting and importing my addresses to a new wallet.


EDIT:

blockchain 0 balance...nothing left to say

Ok here is the address: 15hjpvA5PGb4RuJKMspwqwdhaLaP6JLT79

I know for a fact it contains at least SOME real coins since I checked the transactions myself.

No it doesn't and never had.
http://blockchain.info/address/15hjpvA5PGb4RuJKMspwqwdhaLaP6JLT79

Ok well I have 2 addresses, one on my remote server Bitcoind and one that's not mine, the user has claimed he has sent 1 Bitcoin from his address to his address on my server I checked the address he sent the bitcoin from and found the transaction and it seems legit, yet blockchain.info shows NO bitcoins have been EVER received at my address while the Bitcoind on the remote server shows it's all there.

No transactions found for this address, it has probably not been used on the network yet.

This guy is funny.

Even if it was an unconfirmed or double-spend transaction it would be known.

I think he is confusing the MySQL database saying the address has coins with bitcoind saying it.

I am using a JSON call and yes it shows that it has it. Not the MySQL database

Then you're not using the same blockchain as the rest of us.

http://blockexplorer.com/address/15hjpvA5PGb4RuJKMspwqwdhaLaP6JLT79
http://blockchain.info/address/15hjpvA5PGb4RuJKMspwqwdhaLaP6JLT79
Checked also with my bitcoindlocal blockchain using znort's parser and with btcbalance.net and they tell me that address never had any balance.

Sounds to me like you are connected to a the hacker's blockchain honeypot and he is just WAITING for you to send a payment of some sort :-D

Sounds like someone used a bitcoin doubling software(Trojan) from that was hawked on youtube or someone really forked there own blockchain/client with fake coins and got this guys bitcoind to connect to it

Did you use IRC bootstrapping alone? There is a known attack which involves filling an irc channel with malicious nodes, then feeding bad blocks to anyone who joins. One problem with this attack is that the blocks need to be real, but a few hundred BTC (6 blocks) is less than 825...

You ought to save your bitcoin directory into a zip file and send it to a trusted member for analysis. It would be interesting to find out if there is a fake bitcoind going around.

Imagine a fake bitcoin client that ensures your money goes to a thief but pretends you have the money, up until the moment you try to spend it (because of course you can't). You get some meaningless system error when you go to spend, so you think it is your system instead of being tipped off to an attack.  This has happened in the regular banking world, no reason why it couldn't be happening to bitcoin now.

I didn't use any trojans or third party applications that I didn't write along with bitcoind.

I am thinking maybe the problem is with another address associated with the account since I'm using GetBalance on the username.

your change is probably in another address from a transaction you sent
try getbalance("*", 0)

I have got all the addresses associated with that account and there are 120 of them all of which show a 0 balance both on the server and on blockchain.

It seems to work with other accounts that have less addresses associated with them.

... i'm not sure what that means the result of getbalance("*", 0) was...

0.49, there are other accounts that aren't bugged though

Ok, now I'm really confused.

I re-downloaded the blockchain, replaced it, re-scanned it and it still shows the same 825 coins.

The problem is not on your blockchain, but in your wallet.dat

Export your addresses and import them into a new wallet.

How do I do that? BackupWallet?

Do you have direct console access? Could you post "bitcoind getinfo" result? Do you have some wallet backup before all this happened?

Allot of questions I know, try to answer at least some of them

Yes, yes and I have no backups

{
  "version": 60006,
  "protocolversion": 60000,
  "walletversion": 60000,
  "balance": 0.0,
  "blocks": 172110,
  "connections": 5,
  "proxy": "",
  "difficulty": 1498294.36281651,
  "testnet": false,
  "keypoololdest": 1337701139,
  "keypoolsize": 101,
  "paytxfee": 0.0,
  "errors": "URGENT: upgrade required, see http://bitcoin.org/dos for details"
}

Thank you people, you have been more than helpful. I just updated it to the newest version and it's currently synchronizing with the network.

Hope you work it out, although I see you have 0 balance in there. Don't confuse server balance with accounts, they are two different things, the later only helps you out with the user accounting on your server, while the main balance are the coins it currently stores in all wallets put together.

Seem like an upgrade was needed yeah  :)

Btw, having backups is crucial for any online service, at least for the "wallet.dat". On Rugatu we store encrypted backups on three different mediums and locations, like for example server's HDD, separate pendives and wuala cloud storage every hour. You can never be completely sure that everything will work just fine.

3 different locations? Seems like that would compromise security and anonymity it seems much more secure to have backups on an external HDD in a server with 24/7 physical security.

Well thanks everyone I hope it's going to work now.

Ok I have updated to the newest version:
{
  "version": 60300,
  "protocolversion": 60001,
  "walletversion": 60000,
  "balance": 0.22,
  "blocks": 189965,
  "connections": 7,
  "proxy": "",
  "difficulty": 1866391.30500321,
  "testnet": false,
  "keypoololdest": 1337701139,
  "keypoolsize": 101,
  "paytxfee": 0.0,
  "errors": ""
}
It seems that some coins have been lost I still get 825 coins in my account, can anyone give me directions how to get rid of that?

Great, now "sendtoaddress" those 0.22 then "backupwallet .bitcoin/wallet.bak" :)

You will have to "listaccounts" and see if any other account has the same 800+ amount, but negative, and "move" bitcoins from yours to that one, or if they are really faked with a bitcoind bug or something move them to a new account that the server would not touch at all.

Ok, I am going to try to send them out to a temporary address and create a new account move the exact same amount of bitcoins but negative and send there those 825 bitcoins.