Bitcoin Forum
November 13, 2024, 06:46:55 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Where did my Bitcoin go??  (Read 1162 times)
cfrm (OP)
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
November 30, 2013, 04:50:53 AM
Last edit: November 30, 2013, 11:50:17 AM by cfrm
 #1

Tonight I sent 1 BTC to a friends wallet, and sent 0.9 BTC back to the address of my wallet. That means, I have a Windows Phone app with Blockchain.info wallet, which have the address: 1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm  As soon as I sent 0.9 Bitcoin back to this address, 10 sec later it sent 0.8995 to 1J6zrabFk55AgPQsUzmu5UBbJefgY5CRW, which is an address I have no knowledge of. So now I have no idea where my 0.9 Bitcoin have gone to, instead of my own Bitcoin wallet. What do I do? The transactions can be seen here: https://blockchain.info/da/address/1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
November 30, 2013, 08:05:34 AM
 #2

Looks like it was automatically forwarded...
How did your friend get that address? Just via his bitcoin-qt wallet?
cfrm (OP)
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
November 30, 2013, 09:40:50 AM
Last edit: November 30, 2013, 11:56:22 AM by cfrm
 #3

No, he scanned the QR-code from my wallet on my phone. The address was one I generated in my Blockchain wallet, same as the other addresses I've got in that wallet. Yea, it looks like it was automatically forwarded, but I have no idea who or how this forwarding process was set up. Nor have I any idea to whom the address it was forwarded to belongs.
KieranJones1
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
November 30, 2013, 02:09:51 PM
 #4

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.
cfrm (OP)
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
November 30, 2013, 02:30:36 PM
 #5

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.

Nope, that's not it. It's not my address the 0.9 btc was sent to, unfortunately.
lucaspm98
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
November 30, 2013, 02:45:33 PM
 #6

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
November 30, 2013, 02:51:05 PM
 #7

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalk.org/index.php?action=profile;u=17928

cfrm (OP)
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
November 30, 2013, 03:05:01 PM
 #8

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalk.org/index.php?action=profile;u=17928



Thanks, I'll give it a shot.
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
November 30, 2013, 03:14:20 PM
 #9

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.
Since when? Did you send those transactions just recently?
This could be quite a serious issue, if you ask me...
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
November 30, 2013, 03:24:06 PM
 #10

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.
lucaspm98
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
November 30, 2013, 07:40:40 PM
 #11

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.
My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know. I will definitely research that bug and contact them, thanks for your help.
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
December 01, 2013, 07:04:52 AM
 #12

My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know.

As I said before when you visit the my wallet page and enter the wallet identifier you are served an encrypted copy of the wallet. Then you can take your sweet time brute forcing it offline using GPU farms. Once you successfully do that you have access to the private keys and can spend the coins sent to the corresponding addresses at will. So a) they brute forced your wallet when you had a weak password on it. Maybe they managed it when you had the 20 character password maybe earlier than that. b) If you reused addresses from when you had a weak password they could spend the coins sent to those addresses because they had the decrypted private keys. Adding a stronger password does not protect you from private keys that were stolen in the past.

Another possibility is that you have a key logger on your system i.e malware.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!