Did I just get pickpocketed?

[ViperGeek]

I heard great things about Electrum and decided to try installing the portable version (Windows) to give it a test drive.  I then sent an imported address (18YiwUnAvDJz9eUss3DZGPrH7L8vi9ciDx) 0.01 BTC and things seemed to go well ... that is, until an unrecognized address (1JvojZKzuABZT5iCm6hKJnV7Lm1VQ8iaDk) debited the exact same amount the instant I sent it:

http://imgur.com/pndP1lA

I thought this might be some artifact of the way Electrum works and so waited about an hour.  I still have a 0.00 BTC balance and the blockchain seems complete:

https://blockchain.info/address/18YiwUnAvDJz9eUss3DZGPrH7L8vi9ciDx

What the heck happened?  Did I just get robbed by 1JvojZKzuABZT5iCm6hKJnV7Lm1VQ8iaDk ... somehow?

Thanks for any insight you can provide!

[ViperGeek]

Another interesting data point.  When I look at the transaction ID for the "pickpocketed" transaction, I see:

https://blockchain.info/tx/e00709e118af2b1d6737ccaf10c8423d6a49b24b72472f2754d35efca7b0ab23

The page states: "Warning! this transaction is a double spend of 112743537. You should be extremely careful when trusting any transactions to/from this sender."

The imported address I used to send the BTC was deterministically generated on brainwallet.org using a not-so-strong passphrase (after all, this is just a test).  Is it possible that someone else in the vast Bitcoin universe used the exact same not-so-strong passphrase and just got an unexpected donation of 0.01 BTC?

I'm more concerned about the mystery than the $$$.  If I learn something today, the lesson will be worth the $6 USD.

Thanks (again).

- Dave

[Akka]

No, there is currently an attack going on on Bitcoin where TX-IDs are changed.

Your funds are Save.

Simply speaking, this confuses your client to think there was an additional transaction from your address (double spend). But only one gets actually confirmed.

In a few days this will be (hopefully) fixed. Bitcoin is still Beta, remember.


Again, your funds are save and you can use Bitcoin as usual. You might only get some transaction displayed as double spends. But no "stealing" actually happened, nor will happen.

Edit: Confused it a bit. This issue explaynes the doublespend. But you really should have send 0.0097 BTC to 1JvojZKzuABZT5iCm6hKJnV7Lm1VQ8iaDk, otherwise something different is going on here.

[drrussellshane]

Another interesting data point.  When I look at the transaction ID for the "pickpocketed" transaction, I see:

https://blockchain.info/tx/e00709e118af2b1d6737ccaf10c8423d6a49b24b72472f2754d35efca7b0ab23

The page states: "Warning! this transaction is a double spend of 112743537. You should be extremely careful when trusting any transactions to/from this sender."

The imported address I used to send the BTC was deterministically generated on brainwallet.org using a not-so-strong passphrase (after all, this is just a test).  Is it possible that someone else in the vast Bitcoin universe used the exact same not-so-strong passphrase and just got an unexpected donation of 0.01 BTC?

I'm more concerned about the mystery than the $$$.  If I learn something today, the lesson will be worth the $6 USD.

Thanks (again).

- Dave

If you deterministically generated a bitcoin address from a "not-so-strong passphrase", it is likely that your 0.01 was immediately swept to the other address.

You have to wake up pretty early in the morning to stay ahead of bitcoin thieves.

[ViperGeek]

If you deterministically generated a bitcoin address from a "not-so-strong passphrase", it is likely that your 0.01 was immediately swept to the other address.

You have to wake up pretty early in the morning to stay ahead of bitcoin thieves.

Thanks for the replies, Akka and Russell.

I was thinking about this more, and wouldn't a "robber" using the same passphrase end up with the exact same deterministically generated public Bitcoin address?  I just typed the same even weaker passphrase ("testing123") into http://brainwallet.org/#generator and got the same address every time (1AyFk2sxtjoG4nz35uNxcZJhLUWAymBr5B).  If I had a public key collision, then where did 1JvojZKzuABZT5iCm6hKJnV7Lm1VQ8iaDk come from?

- Dave

[ViperGeek]

I just tried flipping another 0.01 BTC to one of the main Receiving addresses generated when I installed Electrum.  As quickly as I hit send on my Android client, the History screen updated with my transaction, which so far is safe from Internet highway robbery.

Barring any other theories, it would seem that deterministic addresses generated from weak passphrases should be avoided at all cost (pun intended).

- Dave

[ThomasV]

The imported address I used to send the BTC was deterministically generated on brainwallet.org using a not-so-strong passphrase (after all, this is just a test).  Is it possible that someone else in the vast Bitcoin universe used the exact same not-so-strong passphrase and just got an unexpected donation of 0.01 BTC?

you found the answer to your question. yes, you have been robbed.

The page states: "Warning! this transaction is a double spend of 112743537. You should be extremely careful when trusting any transactions to/from this sender."

this is probably related to the current malleability attack on the bitcoin network (25% of transactions were affected today). it has nothing to do with your theft.

[ViperGeek]

The imported address I used to send the BTC was deterministically generated on brainwallet.org using a not-so-strong passphrase (after all, this is just a test).  Is it possible that someone else in the vast Bitcoin universe used the exact same not-so-strong passphrase and just got an unexpected donation of 0.01 BTC?

you found the answer to your question. yes, you have been robbed.

Confirmed.  A respected Bitcoin security researcher was running a POC brainwallet bot and nabbed my bitcents instantly.  He DM'ed me and returned the funds.  Seriously righteous thing to do.

- Dave

[cp1]

Everyone is able to generate private keys from passphrases.  So it's very easy to continuously run through a bunch of passphrases and check if they have a balance and then steal it.  That's why you should never use a brainwallet ever.  Anyone can try to crack your brainwallet just by guessing the passphrase.  Your electrum wallet is much safer because they have to actually get a hold of the wallet file on your computer and then crack the password.  Of course if you have malware that scans for wallet files and a keylogger that gets your password then you're screwed.  So use an offline wallet or at worst a clean computer that you don't use for anything else to store any bitcoins you actually want to keep.

[Abdussamad]

The imported address I used to send the BTC was deterministically generated on brainwallet.org using a not-so-strong passphrase (after all, this is just a test).  Is it possible that someone else in the vast Bitcoin universe used the exact same not-so-strong passphrase and just got an unexpected donation of 0.01 BTC?

you found the answer to your question. yes, you have been robbed.

Confirmed.  A respected Bitcoin security researcher was running a POC brainwallet bot and nabbed my bitcents instantly.  He DM'ed me and returned the funds.  Seriously righteous thing to do.

- Dave

Well, good news then! You are lucky. Harvesting brainwallets is big business now.