Where did my Bitcoin go??

[cfrm]

Tonight I sent 1 BTC to a friends wallet, and sent 0.9 BTC back to the address of my wallet. That means, I have a Windows Phone app with Blockchain.info wallet, which have the address: 1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm  As soon as I sent 0.9 Bitcoin back to this address, 10 sec later it sent 0.8995 to 1J6zrabFk55AgPQsUzmu5UBbJefgY5CRW, which is an address I have no knowledge of. So now I have no idea where my 0.9 Bitcoin have gone to, instead of my own Bitcoin wallet. What do I do? The transactions can be seen here: https://blockchain.info/da/address/1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm

[Martijnvdc]

Looks like it was automatically forwarded...
How did your friend get that address? Just via his bitcoin-qt wallet?

[cfrm]

No, he scanned the QR-code from my wallet on my phone. The address was one I generated in my Blockchain wallet, same as the other addresses I've got in that wallet. Yea, it looks like it was automatically forwarded, but I have no idea who or how this forwarding process was set up. Nor have I any idea to whom the address it was forwarded to belongs.

[KieranJones1]

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.

[cfrm]

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.

Nope, that's not it. It's not my address the 0.9 btc was sent to, unfortunately.

[lucaspm98]

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

[escrow.ms]

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalk.org/index.php?action=profile;u=17928

[cfrm]

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalk.org/index.php?action=profile;u=17928

Thanks, I'll give it a shot.

[Martijnvdc]

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Since when? Did you send those transactions just recently?
This could be quite a serious issue, if you ask me...

[Abdussamad]

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.

[lucaspm98]

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.

My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know. I will definitely research that bug and contact them, thanks for your help.

[Abdussamad]

My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know.

As I said before when you visit the my wallet page and enter the wallet identifier you are served an encrypted copy of the wallet. Then you can take your sweet time brute forcing it offline using GPU farms. Once you successfully do that you have access to the private keys and can spend the coins sent to the corresponding addresses at will. So a) they brute forced your wallet when you had a weak password on it. Maybe they managed it when you had the 20 character password maybe earlier than that. b) If you reused addresses from when you had a weak password they could spend the coins sent to those addresses because they had the decrypted private keys. Adding a stronger password does not protect you from private keys that were stolen in the past.

Another possibility is that you have a key logger on your system i.e malware.