Can anyone move my BTC using an old backup and old password of a wallet?

[jbssm]

Hi,
this might seem a very simple question but I can't find a straight answer to it.

Imagine someone has access to an old backup of my wallet (QT client, Multibit, Electrum, etc...) and that this person has also the original password of that wallet.

That password has changed now, but can someone move my BTC with the old data?

[el_rlee]

Hi,
this might seem a very simple question but I can't find a straight answer to it.

Imagine someone has access to an old backup of my wallet (QT client, Multibit, Electrum, etc...) and that this person has also the original password of that wallet.

That password has changed now, but can someone move my BTC with the old data?

Yes. Changing your password on the new wallet doesn't change it on the backup. Secure your Bitcoins by moving them to a new address which only you control immediately in such a case.

[Deafboy]

It's possible. If there are some unspent outputs on old keys included n that backup.
To be 100% sure the old backup cannot be used to steal some (or all) of your money, just create the new one and send all the coins to it. But keep the old one in case someone send you bitcoins to one of the old addresses.

[jbssm]

Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.

Thank you. The old wallet was hacked actually and they took some coins :/ ... but I have a miner still sending coins there (I'm going to change it after a few blocks) and I was afraid they could also get my new stuff.

Thanks again.

[gamybtc]

If you change password, there is no use. Still they have access to your wallet.

[pvaladares]

It's possible. If there are some unspent outputs on old keys included n that backup.
To be 100% sure the old backup cannot be used to steal some (or all) of your money, just create the new one and send all the coins to it. But keep the old one in case someone send you bitcoins to one of the old addresses.

There is no need to save the the old wallet or address.
Just dump the private key on old wallet and import to the new one.

[U1TRA_L0RD]

Have you ever though of using a Paper Wallet or is it the same problem lol

[vm1990]

i might be wrong but they can spend all your coins on that wallet. im pretty sure im right as the password is only local and not on the blockchain. thats why people with encrypted wallets often get screwed when someone steals there old unencrypted backup. im 99.9% sure im right

[BookLover]

Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.

This is wrong.  They can get coins from any address the wallet had at the time of the backup including the address in your keypool.  This includes coins sent to these addresses after the backup.

[Light]

Ah, I get it. So, they can spend my coins that where already in the wallet at the time of the backup / or before I changed the password (that part I didn't get straight), but they cannot spend the new coins that arrive there.

Thank you. The old wallet was hacked actually and they took some coins :/ ... but I have a miner still sending coins there (I'm going to change it after a few blocks) and I was afraid they could also get my new stuff.

Thanks again.

If someone has compromised your wallet it means they have control over your private keys of those addresses and thus any BTC in there currently and any BTC that goes there in the future as well. If I were you I'd redirect my miner away to another address asap as all you are doing is giving free BTC away.

[Abdussamad]

(QT client, Multibit, Electrum, etc...)

These are different wallets with different mechanisms for generating addresses. With deterministic wallets like armory and electrum all past, present and FUTURE addresses are derived from a single seed. If an old backup is stolen they can grab all the coins including ones sent to existing and new addresses in the future.

With QT it has 100 unused addresses by default in its pool and coins sent to any of those hundred as well as other used addresses can be stolen.

Multibit also creates new addresses non-deterministically but I don't know it well enough to help you.

[jbssm]

Thank you all.
I've now changed the addresses like you suggested.

So if I got it right, the lesson to take is, if anyone ever has access to a wallet backup, it's unsafe forever.