Have you ever seen such a hacking technique?

[coinvest727]

I sent 100 coins at 11 am through Bitcoin core a wallet, and exactly the same number of 100 coins were sent to another address at about 3 pm.
But I did not send 100 after 3 hours.
If I were hacked, I had more than 200 existing balances, but it only paid 100 withdrawals.
Of course, the wallet.dat file never leaked outside. I used Messenger on my computer, but I did not surf the web at all.
If wallet.dat is leaked, I would have withdrawn all the remaining balance, but it is not because I have withdrawn only 100 pieces.


Have you ever seen such a hacking technique?

[Kakmakr]

This is weird, if they had access to your private key or account passwords, why did they not move all the coins in that address? I would move those remaining coins out there, if I were you. They might just have tested the withdrawal to mimic a incidental double transfer and will withdraw the remaining balance soon.

Move the coins to be safe. ^smile^

[DannyHamilton]

I'm assuming you are misunderstanding something you are seeing.

Can you provide the transaction ID of either (or both) transactions? With that we might be able to explain to you what is happening and either put your mind at ease that it is a normal part of how bitcoin works, or let you know if you have something to be concerned about.

[s2]

From what I've understood you made a 100 coin tx, and 3 hours later those coins moved again?

I'd start with the easiest obvious options:

1) Did the person you forwarded the coins on simply forward the coins again?

2) If it was from your address to the same address you sent it to but has a different TXID this is probably just a maleability change.  I.e. someone has reprocessed your tx to give it a different transaction number.
There are bots that do this just to cause havok and highlighting why we need SegWit activating to solve this 'feature' of bitcoin.


If you're able to share the transaction ID(s) I'm sure people will be happy to take a look for you.

[ranochigo]

Are you saying that you sent the Bitcoins to an address and it was moved again after that? Are you sending to an online wallet service? If yes, then its perfectly normal.

2) If it was from your address to the same address you sent it to but has a different TXID this is probably just a maleability change.  I.e. someone has reprocessed your tx to give it a different transaction number.
There are bots that do this just to cause havok and highlighting why we need SegWit activating to solve this 'feature' of bitcoin.

Possible. But it's highly unlikely. The client should have rejected any other transaction that has a high s value.

[coinvest727]

I'm assuming you are misunderstanding something you are seeing.

Can you provide the transaction ID of either (or both) transactions? With that we might be able to explain to you what is happening and either put your mind at ease that it is a normal part of how bitcoin works, or let you know if you have something to be concerned about.

Transaction ID: b3eae4e1be3ea7ee092d0f1dbf41a66d7409405699a99767e0deb813d1335fca
Transaction ID: b3eae4e1be3ea7ee092d0f1dbf41a66d7409405699a99767e0deb813d1335fca

these are the normal transaction txid.

And this is the abnormal transaction txid.

Transaction ID: 115e0cf22712d8c5b3dae7450b616207a5709c045a5d4ddcfa155cdb5b6d37b9

[DannyHamilton]

Looking at the transactions provided, it appears that the OP is saying:

He controls addresses:

• 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e
• 1Fg7taQf2yAwZqzdbBBAXz1gQnLaaMjsSu

At 02:18:57 UTC on 2017-03-12 he sent 500 BTC that were previously received at those three addresses to 17dQuN1NmUkvzq49haVw5CNC1SSKZx3PUb with transaction b3eae4e1be3ea7ee092d0f1dbf41a66d7409405699a99767e0deb813d1335fca with 0.08165803 BTC of change being sent back into his wallet at 1AHBpVk1GzkkTWNZnbMmWZg55uCEmvVamu

Then three hours later, at 05:27:06 UTC on 2017-03-12 the change from that transaction plus enough additional bitcoins that were previously received at 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e to add up to ANOTHER 500 BTC were sent to 1CiRdpDsqsgxGz6Dv1kesaqsvkCp92cKWy with transaction 115e0cf22712d8c5b3dae7450b616207a5709c045a5d4ddcfa155cdb5b6d37b with 0.07192452 BTC of change being sent back into his wallet at 1NhAojGKKVLcBSdm5vbxxddQSqCT695FsA.

OP says he sent the first transaction, but not the second one.  But it that is true, then why did the thief only take 500 BTC and not the entire available balance (the wallet had an additional 983.95 BTC)? And why did the thief send any change back into the wallet?

It's difficult to imagine that the OP would send a 500 BTC transaction and not remember sending it, but it's equally difficult to imagine that a thief would only take one third of the bitcoins that they could take.

It is also odd that the OP couldn't remember that he sent 500 BTC (his original post claims that it was 100 BTC).  There's a lot of things in this story that just don't make sense.

[jackg]

Looking at the transactions provided, it appears that the OP is saying:

He controls addresses:

• 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e
• 1Fg7taQf2yAwZqzdbBBAXz1gQnLaaMjsSu

At 02:18:57 UTC on 2017-03-12 he sent 500 BTC that were previously received at those three addresses to 17dQuN1NmUkvzq49haVw5CNC1SSKZx3PUb with transaction b3eae4e1be3ea7ee092d0f1dbf41a66d7409405699a99767e0deb813d1335fca with 0.08165803 BTC of change being sent back into his wallet at 1AHBpVk1GzkkTWNZnbMmWZg55uCEmvVamu

Then three hours later, at 05:27:06 UTC on 2017-03-12 the change from that transaction plus enough additional bitcoins that were previously received at 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e to add up to ANOTHER 500 BTC were sent to 1CiRdpDsqsgxGz6Dv1kesaqsvkCp92cKWy with transaction 115e0cf22712d8c5b3dae7450b616207a5709c045a5d4ddcfa155cdb5b6d37b with 0.07192452 BTC of change being sent back into his wallet at 1NhAojGKKVLcBSdm5vbxxddQSqCT695FsA.

OP says he sent the first transaction, but not the second one.  But it that is true, then why did the thief only take 500 BTC and not the entire available balance (the wallet had an additional 983.95 BTC)? And why did the thief send any change back into the wallet?

Maybe they were hoping to hide the transaction in the wallet. Or maybe the OP accidently hit a few extra buttons on his keyboard and sent a second transaction himself.

It's difficult to imagine that the OP would send a 500 BTC transaction and not remember sending it, but it's equally difficult to imagine that a thief would only take one third of the bitcoins that they could take.

It is also odd that the OP couldn't remember that he sent 500 BTC (his original post claims that it was 100 BTC).  There's a lot of things in this story that just don't make sense.

Yes, it is definitely unlikely that OP wouldn't remember it was 500 btc and also not remember sending the second tansaction. Those two look like there's definitely some links.


Also, OP, it's not considered good practice to store 1500BTC in a bitcoin wallet that is connected to the internet due to the hacking vulnerabilities of such wallet (maybe try paper wallets or hardware wallets to store that amount)?

[coinvest727]

Looking at the transactions provided, it appears that the OP is saying:

He controls addresses:

• 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e
• 1Fg7taQf2yAwZqzdbBBAXz1gQnLaaMjsSu

At 02:18:57 UTC on 2017-03-12 he sent 500 BTC that were previously received at those three addresses to 17dQuN1NmUkvzq49haVw5CNC1SSKZx3PUb with transaction b3eae4e1be3ea7ee092d0f1dbf41a66d7409405699a99767e0deb813d1335fca with 0.08165803 BTC of change being sent back into his wallet at 1AHBpVk1GzkkTWNZnbMmWZg55uCEmvVamu

Then three hours later, at 05:27:06 UTC on 2017-03-12 the change from that transaction plus enough additional bitcoins that were previously received at 1HesuRU5FUfxouHUd2zWXf3MqeVLzT7D8e to add up to ANOTHER 500 BTC were sent to 1CiRdpDsqsgxGz6Dv1kesaqsvkCp92cKWy with transaction 115e0cf22712d8c5b3dae7450b616207a5709c045a5d4ddcfa155cdb5b6d37b with 0.07192452 BTC of change being sent back into his wallet at 1NhAojGKKVLcBSdm5vbxxddQSqCT695FsA.

OP says he sent the first transaction, but not the second one.  But it that is true, then why did the thief only take 500 BTC and not the entire available balance (the wallet had an additional 983.95 BTC)? And why did the thief send any change back into the wallet?

It's difficult to imagine that the OP would send a 500 BTC transaction and not remember sending it, but it's equally difficult to imagine that a thief would only take one third of the bitcoins that they could take.

It is also odd that the OP couldn't remember that he sent 500 BTC (his original post claims that it was 100 BTC).  There's a lot of things in this story that just don't make sense.

Yes, I made a mistake posted 500 BTC to 100 BTC. I truly thank you guys for replies abt this matter, Once again I don't know why the thief didn't take the whole available balance from my wallet. That's the main reason why I posted. Have you guys ever seen this type of hacking technique? Maybe it's not a hacking, but it seems unusual.