securus (OP)
Newbie
 Offline
Activity: 5
Merit: 0
|
 |
July 29, 2016, 10:07:36 AM |
|
I don’t know if the is the right list, but I hope someone can advise.
In the early hours of this morning I sent 1.01 BTC from my Xapo wallet to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key. My client had been running all day and the blockchain was synced and up-to-date.
The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for, something which I did not think was possible.
What the hell happened and where is my Bitcoin?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
 |
July 29, 2016, 10:29:40 AM |
|
Whether it's infected or was in the past, clearly somebody else got OPs private key and transferred out those BTC. What the hell happened and where is my Bitcoin?
It was stolen. Sorry. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
securus (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
July 29, 2016, 10:39:59 AM |
|
Thanks for your replies.
I am running Bitcoin-Qt on a mac that I have just recently installed so the possibility of Malware is small. The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.
|
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
|
July 29, 2016, 11:16:50 AM |
|
Thanks for your replies.
I am running Bitcoin-Qt on a mac that I have just recently installed so the possibility of Malware is small. The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.
The attacker has your private key. Even your wallet knows you've got money in the second they've came in. It's not that difficult to code something similar and when the "money in" notification comes, the money is sent out by a script. It doesn't have to be on your computer. The attacker has your private key and can do all this on his own computer. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
Shiroslullaby
|
|
July 29, 2016, 12:00:21 PM |
|
You said the Mac OS was recently installed.
Did you wipe your computer at some point? Have you ever had malware detected in the past?
Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?)
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3360
Merit: 4570
|
|
July 29, 2016, 12:32:03 PM |
|
- snip -
to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key.
- snip -
The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for
- snip -
What the hell happened and where is my Bitcoin?
You do not have exclusive control of the private key. Someone else has that private key as well. How did you get that address and private key? Did you generate the address with the Bitcoin Core wallet immediately before sending the transaction? Did you import the private key into Bitcoin Core? Was it generated with VanityGen? Was is generated with bitaddress.org? Was it a "brainwallet", generated from a passphrase? Did you get the private key from someone else? If you generated the address with the Bitcoin Core wallet, have you ever had that wallet.dat file installed on any other computer in the past? - snip -
The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.
It is. It is a good idea to wait until a transaction is confirmed before you spend the bitcoins that are received from the transactions (just in case the transaction never confirms), but it is not necessary to wait for confirmation. Unconfirmed bitcoins can be spent. |
|
|
|
|
securus (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
July 29, 2016, 12:32:39 PM |
|
The attacker has your private key. Even your wallet knows you've got money in the second they've came in.
It's not that difficult to code something similar and when the "money in" notification comes, the money is sent out by a script.
It doesn't have to be on your computer. The attacker has your private key and can do all this on his own computer.
I was given to understand that it was not possible to spend unconfirmed coins on your address, I still don't understand how they were able to send the coins the instant they arrived. I too am intrigued on how you would go about doing this. |
|
|
|
|
securus (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
July 29, 2016, 12:39:05 PM |
|
It is.
It is a good idea to wait until a transaction is confirmed before you spend the bitcoins that are received from the transactions (just in case the transaction never confirms), but it is not necessary to wait for confirmation. Unconfirmed bitcoins can be spent.
You must have replied the same time as me. I have indeed imported some keys into my wallet. I transferred my entire balance to my Coinbase account and deleted/recreated my wallet.dat file. An expensive lesson but it could have been lot worse. |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3360
Merit: 4570
|
|
July 29, 2016, 12:43:48 PM |
|
I have indeed imported some keys into my wallet.
Where did those keys come from? If it was a source that you thought was trustworthy, then it might be a good idea to warn others not to use that source. |
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
July 31, 2016, 10:19:48 AM |
|
You do not have exclusive control of the private key. Someone else has that private key as well. true It was stolen. Sorry. It was taken. Not stolen. I was given to understand that it was not possible to spend unconfirmed coins on your address, It is possible. I still don't understand how they were able to send the coins the instant they arrived. Your knowledge about bitcoin network has gaps. Live with it or teach yourself. |
|
|
|
|
|
PremiumCodeX
|
|
July 31, 2016, 01:56:27 PM |
|
OP, I am sorry for your loss, your BTC was taken. In fact, there are MAC malware, but whoever took your BTC did not need it if he had your private key. Since I really cannot see a way to recover your value, I advise you to use additional anti-malware software on your computer and make sure you have exclusive knowledge of your private key to prevent similar cases in the future. Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?)
I wondered the same some days ago and I was advised to check some BTC block explorer to discover the relations of a BTC address. After the update where you automatically get a new address after each transaction, you may do not want to monitor a BTC address but a person's BTC addresses, but as far as I know, it still is possible with block exploring. |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
July 31, 2016, 02:14:33 PM |
|
Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?) Start with this https://github.com/sebicas/bitcoin-snifferAnd ask me anything. |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3360
Merit: 4570
|
|
July 31, 2016, 08:07:14 PM |
|
It was taken. Not stolen.
If something is taken, and the taker doesn't have permission to take it, then it is stolen. |
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
July 31, 2016, 08:14:47 PM |
|
If something is taken, and the taker doesn't have permission to take it, then it is stolen.
OK, seems to me that OP stolen my private key and its address  Should I prove that 12iocUthp58E72ZksRmToDFPfM1WCPKv91 belongs to me? |
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
|
August 01, 2016, 02:28:27 PM |
|
If something is taken, and the taker doesn't have permission to take it, then it is stolen.
OK, seems to me that OP stolen my private key and its address Should I prove that 12iocUthp58E72ZksRmToDFPfM1WCPKv91 belongs to me? Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
August 01, 2016, 02:36:47 PM |
|
Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that. You are insulting me undeservedly. I did not touch money. At least you will not be able to prove it. I encourage you to look up words and terms not misleading readers. |
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3654
Merit: 6349
Looking for campaign manager? Contact icopress!
|
|
August 01, 2016, 02:55:38 PM |
|
Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that. You are insulting me undeservedly. I did not touch money. At least you will not be able to prove it. I encourage you to look up words and terms not misleading readers. I did not say anything I cannot prove. I did not say you did anything. I said that I am inclined to believe you did. And I pointed out your trust rating, which is red, nothing special to prove there. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
August 01, 2016, 03:14:26 PM
Last edit: August 01, 2016, 03:25:23 PM by amaclin |
|
I said that I am inclined to believe you did. Oups, sorry. You may also believe that I am a murderer of JFK. with your trust rating with so much RED I do not care about it. This is your problem to look at the rank, not mine. |
|
|
|
|
cr1776
Legendary
Offline
Activity: 4018
Merit: 1299
|
|
August 01, 2016, 03:34:47 PM |
|
I don’t know if the is the right list, but I hope someone can advise.
In the early hours of this morning I sent 1.01 BTC from my Xapo wallet to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key. My client had been running all day and the blockchain was synced and up-to-date.
The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for, something which I did not think was possible.
What the hell happened and where is my Bitcoin?
One question, you also had said previously that you had imported some keys. Was this one of them? And as DH asked above, where did those keys come from? |
|
|
|
|
|
