Bitcoin Forum

Hey all, I was hoping someone could help me out with an issue that occurred on localbitcoins.

So the transaction went like this:
At 02/17/19 16:58:05 I initiated a withdrawal of my bitcoins from my LocalBitCoins wallet.
At 02/17/19 16:58:18 the funds were received into my local wallet address - https://tradeblock.com/bitcoin/address/16RHTgJrt8ry4XP7GuTyQnqPtPRPjYduws. The localBitCoins website was still loading and looked like it was hanging.
At 02/17/19 16:58:33 I received "Bad Gateway; request timed out" from the localbitcoins server when my withdrawal was being processed.
At 02/17/19 16:58:34 I received another transaction, which I have no idea where it came from, into my local wallet. It completely reversed the entire transaction. Both transactions get confirmed and I am left with a zero balance. The resulting funds ended up at https://tradeblock.com/bitcoin/address/19B1NqnzKiMzVDLskDmJGTm5zAqK6ourwo where it is still sitting.

I would always have to enter a password to send Bitcoins out of my local wallet but this did not happen. Does any know how this could happen? I have heard that transactions can be reversed whilst they are pending confirmation. Is this true? I was using Electrum as my local wallet.

Thanks to anyone who can shed some light on this.

What version of Electrum are you using and from where did you downloaded the update?
It seems like you've been a victim of a phishing scam using the vulnerability of old versions.

For your question, it's possible by "Double Spending" using the same inputs as the transaction backed by a extremely higher tx fee for the particular transaction to be confirmed first. But most clients and wallets have this option disabled and/or only available via command.
However, this is only possible if you can broadcast the doublespend tx as soon as possible especially now that it's fairly fast to get 1confirmation.

As of now, all of the Tx in the OP are now confirmed and irreversible.

I am using electrum 3.3.4.

I downloaded it from https://download.electrum.org

The link is legit, however you must double-check the browser's history (if it was downloaded) of the actual URL of the site.

Because from the looks of it, the transaction isn't "double-spent" by local bitcoins (and they wouldn't do that for sure), the second transaction was created and broadcasted by your Electrum wallet or anyone who has the SEED/prv key (address: 16RHTgJrt8ry4XP7GuTyQnqPtPRPjYduws) right after receiving the bitcoins from localwallet.

Other possibility based from this:
You accidentally selected another wallet file (without password) which was already compromised or you created it before using a publicly displayed SEED or private key(s).
T/N: Electrum will always open the last wallet that you've used.

So whatever the exact reason is, it's quite possible your private key/seed was stolen by somebody else, therefore he has the access to your funds.  There is no way to reverse a transaction even if it's unconfirmed (by reversal = delete the transaction and send the funds back to the original sender), and looking at the history of that address it seems the transaction was confirmed afaik.

The transaction that sent out your bitcoin was made barely seconds after it was received, so most likely there was a script running (probably on your PC) that sent the bitcoin to the attacker's address almost immediately, and also overpaying in fees (88.7sats/byte while the average on that day was ~15 sats per byte).

Like the posters above have said, either your version of electrum is malware, or your computer has been compromised.
Run a complete antivirus scan to find out.

did you generate the address yourself or import it into your electrum?
because your fund used together with another utxo (2417 sats) from 1CACxmDPTSWJqyMNz1HBP3NZbTYLZcVJvF
so it looks like someone already know your private key and watching/waiting for incoming transaction

Yup, this is the common flag that suggests a script just lurking and waiting. 88 sats/byte does seem to be the lowest overestimate I've seen from this type of hack. Usually way into high hundreds just to ensure it gets confirmed in next block.

Something is compromised, device, if not the seed/private key itself. Sweep device. Generate new wallet.