People from Mycelium wallet stole 0.99 BTC

[AlexWh]

For several years I used Mycelium wallet to work with quite large BTC amounts, though I used the HD-account for small BTC amounts, and operated large amounts by adding SD-accounts from piper wallets.

December 10, 2017 I've installed Mycelium wallet to Xiaomi Redmi 4A with unrooted unmodifyed latest stock ROM, and made a backup of 12 words, installed a PIN code, then transfer ~1 BTC to the first address 13w2xGFYACssGMWhMsDueua6hwyMZ4CWBR of the new HD-account.

Once the child accidentally deleted Mycelium from the phone — but I was not worried much — I've got a 12-word backup!

February 18, 2018 I decided to restore Mycelium wallet, so enter 12 words and what was my surprise when I saw a new empty HD-account, with one private address key [12phYenkBswojQXFvkz8NQrmixYAP4pcWx]! I wrote about this to Mycelium support creating an issue #8931, they responded promptly the same day:
Alyona Gomozova
Hello! We have a suspicious you made a wrong backup. Could you send us your Public key, please to see clearly how can we help you next.
You can do it that way: go into Mycelium app > Accounts tab > long tap on your account > click 3 dots in the right upper corner > choose export > copy the Public key
Have a nice day!

I've sent the requested public key of the HD-account: [xpub6BoY4wywjSo22AWFBtZsQZEEx6AXXXeLbybKZwZUzJoAThegPECiCEuFcycnf9wsV1seZ1Z2gik hZ3MVCbMGoubRbB9iaRzSpk2EvBvQQNn] waiting for answer ...

February 22, 2018 I've asked support about any news on my issue — there is no reply!

February 25, 2018 came to visit a friend, he had an iPhone, I asked to give it to me for an hour for experiments. I downloaded Mycelium from AppleStore then recovered the account from the 12-word backup and what do I see? New empty HD-account anyway [xpub6CGzV2tBAWvWoV732vVndwQHmur5mbqhTFGASs8TEGBqZptpsCuJgTHPP4uCiVqCLGdyA4SEVdx q4zadvs6UyX2ZzayPYJ5dVgZLn5XQic]!
I've deleted Mycelium from iPhone and wrote to Mycelium support, with a reasonable question: how does it happen that one 12-word backup restores different empty HD-accounts, and how to reach the initial account to get access to my coins? There is no reply again.

March 08, 2018 I've decided to try to restore the HD-account from backup again, so the other day noticed that Mycelium was updated in Google Play ... The HD account was restored, but 0.99 BTC was lost! This is the transaction. It is noteworthy that the return was sent to the address [1HmoGNVsuSwA4bbAqXYFzJaUm796yjpi7k] — this is the next address of my HD-account! Why it happens so — may be to make an illusion the transaction was made by legal Mycelium user? I don't know.

The coins was sent to the address [33z13D1jDTKNwpHRAJKGKaWw64kdcZF8nV] — there is a zero balance now. It is noteworthy that at the same address later was sent other 0.07 BTC. The incoming coins are almost immediately sent to other p2s-addresses, seems like the client deposits of the exchange wex.nz — I also write to their support service about a froud activity (but they're did not reply anything).

CONCLUSION: I believe that some people from the Mycelium wallet team stole 0.99 BTC from my HD-account.
How can this happen technically? Example scenario:
1) When restoring an HD-account the application requests the Mycelium server for account transactions;
2) If there is a certain BTC amount on the account, the server can send a special response to the application;
3) The application receiving special response sends a private key of the HD-account to the server, then generates new empty HD-account to the user.
This scenario is inspired by the strange behavior of the program restoring the HD-account from the 12-word backup and the deathly silence of the support service suddenly stopped contacting me.

Sorry for Google Translate, my native language is Russian, original post is here.

[TryNinja]

OK. And why did that only happen to you? I haven't seen anyone else complaining about this. And it has been 2 months.

Is/was your phone rooted?

[Xynerise]

Just skimmed through your post, haven't had time to really looking into it.
1) the first xpub  (xpub6Bo..QNn) gives the following addresses:

Code:

$ ku xpub6BoY4wywjSo22AWFBtZsQZEEx6AXXXeLbybKZwZUzJoAThegPECiCEuFcycnf9wsV1seZ1Z2gikhZ3MVCbMGoubRbB9iaRzSpk2EvBvQQNn -s 0/0-20 -a                                        12phYenkBswojQXFvkz8NQrmixYAP4pcWx                             1Ng4ZEQS3xv2goZDMRJ8xyzGZjHwktTuUg                             1LWu1q4i1uJzStEJdSQTn955uRNWtuubzE                             12fJ7QrKfyL65UjLmw4HEDsHAaEYnq4uci                             1Jgq7Gcy12tjcLihJy8jexdXs9CwwbKkjY                             13YXCBQ18JZvpiCzFPViF8FFwYCRbGY5z5                             13zKjqnkSdBSYgPzvxnmBdRNNUYpniWJJd
1QLQrvVpG9M7HByQRXFeTtzrPaLjR81LtE
19ZcAZxEU6TinJ6wcbzZ8PVwhLSN3MMPaB
133zWmKHc3hvFtWyeBjKE2uTNC7WeWcZcQ
1NuEF8CumFok8Ma2TzorwPY32DFDseXDee
1BU8jKys1V6uGVfR89urU7AvpyxFS9JWhE
1GuBH672Tp8py199oL8yaMnxVmx9Jb9N5V
19wjxnpxQicJidRVZk9uMJgShgENHhiLPW
17xP3YWNYzBfRfbKfcTy5JCEn9QTJqsyJb
1B9SdchwE22zBeGfRSqs4kmUbpHWXMNVWb
1GLBV9hT4hsJsN5cMGd6JNHT61jfs5Q3aB
1D6FeYLs2C9aPfZPgyr4EX6UrPFhD7eE5T
16qSGChoT3e8zTe35ZCMPfhjdJBW2aiuRr
154KY9mcZvWnsMQyq1SWM3GndVNPpfG6x7
1CrFEGwJKAaDdW79Pa2Zhn6gsM7ESr3sWx

You can clearly see the address 12phYenkBswojQXFvkz8NQrmixYAP4pcWx Is present.
Didn't find 13w2xGFYACssGMWhMsDueua6hwyMZ4CWBR in the first 20 addresses, so the xpub may be for a different seed phrase or a different account (more on that later)

2.) The second xpub you posted, xpub6CGzV2tBAWvWoV732vVndwQHmur5mbqhTFGASs8TEGBqZptpsCuJgTHPP4uCiVqCLGdyA4SEVdx q4zadvs6UyX2ZzayPYJ5dVgZLn5XQic Is missing 1 character so I can't check to see if it generates any of the addresses used.

3.) The transaction which spent 0.99BTC to the wex.nz exchange occurred on the 25th of February, the same day you installed Mycelium on your friend's iPhone.

Mycelium is innocent of this problem.
Your address was most likely in a different "account", BIP44 allows for different accounts with the same master seed.
On the Account page, select "add  account" then "add HD Account"
You'll see a new account with a new set of addresses.

That's probably what happened, which explains why you got different addresses for the same seed.

Can you post the xpub of the wallet that shows the 0.99BTC transaction?

[HCP]

February 25, 2018 came to visit a friend, he had an iPhone, I asked to give it to me for an hour for experiments. I downloaded Mycelium from AppleStore then recovered the account from the 12-word backup...

March 08, 2018 I've decided to try to restore the HD-account from backup again, so the other day noticed that Mycelium was updated in Google Play ... The HD account was restored, but 0.99 BTC was lost! This is the transaction. EDIT: ==> Transaction is dated February 25, 2018!

It is VERY coincidental that your funds were transferred the very day (Feb 25th) that you attempted to restore on your friend's iPhone.

In all likelihood... either your "friend" decided to help himself to your 1 BTC... or their phone or the iOS Mycelium was compromised and the seed was keylogged/stolen... or the way you had stored the 12 word backup was not secure (ie. did you email/IM it to your friend so they could enter it? or did you have it stored online?) and it was compromised when you accessed it while trying to restore to your friends phone.

Note, as far as I'm aware... the iOS version of Mycelium hasn't been updated in over a year:

Version History
1.11 Jan 11, 2017
Added German localization

Also, I have a feeling the iOS version of Mycelium uses a different derivation path to the Android version as if you use the Mycelium "Gear" payment processor, the iOS "derivation path" is listed differently to the Android one. That would explain why the addresses displayed when restoring on iOS device (25th Feb) were different to when restoring on the Android device.

Not sure why your initial attempt at restore (18th Feb) resulted in different addresses tho... either you entered the seed wrong (not likely) or, as Xynerise has theorised, you might have been looking at different HD-accounts within Mycelium.

[bitbunnny]

I beleive there must be some other explanation, probably connected with some techical issues. Many circumstances that you have entered here are not clear enough.
It's hard to beleive that Mycelium would stole the funds from you, they are trustworthy and so far I have never heard any complaint on their account. I also use it for a long time and must say that I have no negative remarks whatsoever.

[AlexWh]

Is/was your phone rooted?

No, as I wrote above: "I've installed Mycelium wallet to Xiaomi Redmi 4A with unrooted unmodifyed latest stock ROM".

[AlexWh]

Can you post the xpub of the wallet that shows the 0.99BTC transaction?

Here is it: [ xpub6DPoDpNYTTsdYqdD6nT88hWp4mrabueyPceCL1u5VALS2RHH1q9jLSBEXX5cFoD41TRNy2Fj8PU tpvmYSggYCS1jvQ2kocYrrSrKhSQ9Nho ], sorry for a long delay.

[AlexWh]

It is VERY coincidental that your funds were transferred the very day (Feb 25th) that you attempted to restore on your friend's iPhone.

Yes, On Feb 25ep, I made several attempts to restore HD-wallet, that could speed up the decision to withdraw coins by intruders on the mycelium's server side, IMHO.

In all likelihood... either your "friend" decided to help himself to your 1 BTC... or their phone or the iOS Mycelium was compromised and the seed was keylogged/stolen... or the way you had stored the 12 word backup was not secure (ie. did you email/IM it to your friend so they could enter it? or did you have it stored online?) and it was compromised when you accessed it while trying to restore to your friends phone.

Compromised iOS? Frend's phone isn't jailbraked or something about...
A 12-word backup was written with a pen on paper, I did not send or store it on any electronic device.

[HCP]

Can you post the xpub of the wallet that shows the 0.99BTC transaction?

Here is it: [ xpub6DPoDpNYTTsdYqdD6nT88hWp4mrabueyPceCL1u5VALS2RHH1q9jLSBEXX5cFoD41TRNy2Fj8PU tpvmYSggYCS1jvQ2kocYrrSrKhSQ9Nho ], sorry for a long delay.

So that xpub is currently being generated by Mycelium and the 12 word seed that you have?

You've posted 3 xpub's... the one for your first attempted restored which showed different wallet... the one for the restore on iOS which showed another different wallet... and now this xpub which shows the transaction history of your 1 BTC deposit and 0.99 BTC transfer.

It is VERY coincidental that your funds were transferred the very day (Feb 25th) that you attempted to restore on your friend's iPhone.

Yes, On Feb 25ep, I made several attempts to restore HD-wallet, that could speed up the decision to withdraw coins by intruders on the mycelium's server side, IMHO.

I disagree... especially given the value of BTC back then! 1 BTC would have been worth taking straight away. No-one would have left it sitting there for almost 2 months if they could take it.

Also, seeds/private keys are not stored on Mycelium's servers. An intruder on their servers would only get your xpub at most (which the server requires to find all the transaction information relating to the accounts in your wallet).

Compromised iOS? Frend's phone isn't jailbraked or something about...
A 12-word backup was written with a pen on paper, I did not send or store it on any electronic device.

Are you 100% sure of EVERYTHING that your friend has done with their phone?

There are so many unknown's in all of this that it is VERY difficult for anyone to know for sure where the seed was compromised. My guess would be either the device was compromised, or the (very) old version of Mycelium on iOS had a flaw in it that leaked your seed.

Either that, or your friend took it after restoring your seed on a different device. I still think that the timing is very suspicious.

[bob123]

Yes, On Feb 25ep, I made several attempts to restore HD-wallet, that could speed up the decision to withdraw coins by intruders on the mycelium's server side, IMHO.

This doesn't make any sense at all.
The private keys are not stored on any server. They are fully stored on your mobile, protected (not encrypted) by a pin.

Compromised iOS? Frend's phone isn't jailbraked or something about...
A 12-word backup was written with a pen on paper, I did not send or store it on any electronic device.

Compromising an iOS device isn't that hard. All you need is a properly prepared URL and a not-that-smart user.
You don't need to jailbreak a mobile to have it compromised.


Since your funds got stolen the same day you have tried to restore the seed on your friends mobile, this leads to the conclusion that either your friend stole your bitcoin or his mobile was compromised (which forwarded the entered seed to the attacker).
Personally, i believe your 'friend' stole your coins.

Usually the most obvious explanation is the correct one.. And the mycelium staff definitely did not steal your coins.. simply because they can't.
It was someone with access to your / your friends mobile phone.