jbssm (OP)
Member
Offline
Activity: 71
Merit: 10
|
|
December 18, 2013, 02:53:35 PM |
|
Hi, this might seem a very simple question but I can't find a straight answer to it.
Imagine someone has access to an old backup of my wallet (QT client, Multibit, Electrum, etc...) and that this person has also the original password of that wallet.
That password has changed now, but can someone move my BTC with the old data?
|
Donations to the helping fund for victims of alien abduction and zombie contagion are welcome: 13U16ay4Tyvr9ZkQ3wqtReuZGaPE27wt4e
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
el_rlee
Legendary
Offline
Activity: 1600
Merit: 1014
|
|
December 18, 2013, 02:57:05 PM |
|
Hi, this might seem a very simple question but I can't find a straight answer to it.
Imagine someone has access to an old backup of my wallet (QT client, Multibit, Electrum, etc...) and that this person has also the original password of that wallet.
That password has changed now, but can someone move my BTC with the old data?
Yes. Changing your password on the new wallet doesn't change it on the backup. Secure your Bitcoins by moving them to a new address which only you control immediately in such a case.
|
|
|
|
Deafboy
|
|
December 18, 2013, 02:59:10 PM |
|
It's possible. If there are some unspent outputs on old keys included n that backup. To be 100% sure the old backup cannot be used to steal some (or all) of your money, just create the new one and send all the coins to it. But keep the old one in case someone send you bitcoins to one of the old addresses.
|
|
|
|
jbssm (OP)
Member
Offline
Activity: 71
Merit: 10
|
|
December 18, 2013, 03:12:21 PM |
|
Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.
Thank you. The old wallet was hacked actually and they took some coins :/ ... but I have a miner still sending coins there (I'm going to change it after a few blocks) and I was afraid they could also get my new stuff.
Thanks again.
|
Donations to the helping fund for victims of alien abduction and zombie contagion are welcome: 13U16ay4Tyvr9ZkQ3wqtReuZGaPE27wt4e
|
|
|
gamybtc
Member
Offline
Activity: 112
Merit: 10
|
|
December 18, 2013, 04:10:26 PM |
|
If you change password, there is no use. Still they have access to your wallet.
|
BTC : 1fDTCkVcJ7SaVnoFjA5U1xfHQVfv1BWCb
|
|
|
pvaladares
Member
Offline
Activity: 68
Merit: 10
"Imagination is more important than knowledge"
|
|
December 18, 2013, 11:45:54 PM |
|
It's possible. If there are some unspent outputs on old keys included n that backup. To be 100% sure the old backup cannot be used to steal some (or all) of your money, just create the new one and send all the coins to it. But keep the old one in case someone send you bitcoins to one of the old addresses.
There is no need to save the the old wallet or address. Just dump the private key on old wallet and import to the new one.
|
CryptoCurrency enthusiastic!
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
December 18, 2013, 11:48:25 PM |
|
Have you ever though of using a Paper Wallet or is it the same problem lol
|
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
December 19, 2013, 12:26:06 AM |
|
i might be wrong but they can spend all your coins on that wallet. im pretty sure im right as the password is only local and not on the blockchain. thats why people with encrypted wallets often get screwed when someone steals there old unencrypted backup. im 99.9% sure im right
|
|
|
|
BookLover
|
|
December 19, 2013, 01:27:07 AM |
|
Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.
This is wrong. They can get coins from any address the wallet had at the time of the backup including the address in your keypool. This includes coins sent to these addresses after the backup.
|
|
|
|
Light
|
|
December 19, 2013, 04:19:53 AM |
|
Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.
Thank you. The old wallet was hacked actually and they took some coins :/ ... but I have a miner still sending coins there (I'm going to change it after a few blocks) and I was afraid they could also get my new stuff.
Thanks again.
If someone has compromised your wallet it means they have control over your private keys of those addresses and thus any BTC in there currently and any BTC that goes there in the future as well. If I were you I'd redirect my miner away to another address asap as all you are doing is giving free BTC away.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
December 19, 2013, 07:48:56 AM |
|
(QT client, Multibit, Electrum, etc...)
These are different wallets with different mechanisms for generating addresses. With deterministic wallets like armory and electrum all past, present and FUTURE addresses are derived from a single seed. If an old backup is stolen they can grab all the coins including ones sent to existing and new addresses in the future. With QT it has 100 unused addresses by default in its pool and coins sent to any of those hundred as well as other used addresses can be stolen. Multibit also creates new addresses non-deterministically but I don't know it well enough to help you.
|
|
|
|
jbssm (OP)
Member
Offline
Activity: 71
Merit: 10
|
|
December 19, 2013, 12:50:05 PM |
|
Thank you all. I've now changed the addresses like you suggested.
So if I got it right, the lesson to take is, if anyone ever has access to a wallet backup, it's unsafe forever.
|
Donations to the helping fund for victims of alien abduction and zombie contagion are welcome: 13U16ay4Tyvr9ZkQ3wqtReuZGaPE27wt4e
|
|
|
|