Bitcoin Forum
November 19, 2024, 09:37:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Lost BTC via a piggy back transaction  (Read 1800 times)
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 13, 2014, 10:03:06 PM
 #1

My everyday wallet seems to have lost part of a BTC via a transaction I made.  When I looked at the transaction details it had two send addresses- my intended address and amount and another address and amount unknown to me.  I use an encrypted qt client on windows (please don't tell me not to use Windows - I already know it's not ideal).  I'm guessing my password has not been compromised (I'll regenerate another offline anyway)  but it looks like the client has been modified to include a piggyback transaction once the password has been entered.  Has anyone seen anything like this before?
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
February 13, 2014, 10:20:45 PM
 #2

With 99.9% certainty:

The "other address" is the change-address, which is also in your wallet but hidden.

For more details, see: https://en.bitcoin.it/wiki/Change
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 13, 2014, 10:35:59 PM
 #3

Thanks for the reply.  If it is a change address then my balance would not be zero?  Also the other transaction was outgoing not incoming.
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
February 14, 2014, 07:02:15 AM
 #4

Thanks for the reply.  If it is a change address then my balance would not be zero?  Also the other transaction was outgoing not incoming.

Say, if you have a piece of 10btc, and want to send 5btc to Amy.
The tx you created would be:
(1) Input = that 10btc
(2) Output 1 = 5btc to Amy
(3) Output 2 = 5btc to your change address

No worries, you wallet would calculate your balance correctly.
Different wallets have different ways to show the change addresses.

For example, if you are using bitcoin-qt, you will not be able to "see" your change address in your receive tab.
Abdussamad
Legendary
*
Offline Offline

Activity: 3696
Merit: 1584



View Profile
February 14, 2014, 08:34:47 AM
 #5

Thanks for the reply.  If it is a change address then my balance would not be zero?  Also the other transaction was outgoing not incoming.

Post the transaction IDs so we can take a look.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 09:12:41 AM
 #6

Thanks.

Txid is 830bc90c870c86cbde64eb6506022c42223b4a699169254f457859525816efc3.

The 0.1 BTC send is mine.  The other send is not.  Does not look like change to me?
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
February 14, 2014, 09:17:30 AM
 #7

Thanks.

Txid is 830bc90c870c86cbde64eb6506022c42223b4a699169254f457859525816efc3.

The 0.1 BTC send is mine.  The other send is not.  Does not look like change to me?

That is exactly what a transaction with change would look like.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 09:32:51 AM
 #8

Fair enough. How do I find the transaction showing me the change coming back please?
Abdussamad
Legendary
*
Offline Offline

Activity: 3696
Merit: 1584



View Profile
February 14, 2014, 09:45:22 AM
 #9

Fair enough. How do I find the transaction showing me the change coming back please?

It is the same transaction as above. You can see one input and two outputs. The 0.1 output to 1Angel.. is the address you wanted to send the coins to and the other output 1frs.. is your change address.

What bitcoin client are you using? Bitcoin-qt? Electrum? These days there's a bug that's causing all sorts of confusion regarding wallet balances. You might be affected by that.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 12:14:39 PM
 #10

I'm using bitcoin-qt.  What I can say is that my wallet balance is now showing zero so no acknowledgement of the change returned.  I'm rescanning the wallet now.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 12:25:26 PM
 #11


It is the same transaction as above. You can see one input and two outputs. The 0.1 output to 1Angel.. is the address you wanted to send the coins to and the other output 1frs.. is your change address.


So if I'm following you correctly then in the transaction above then 1FrsRw1VrHNTB7yGn5meCD1i6sSZVLYQUj is a hidden change address in my wallet?
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
February 14, 2014, 12:55:25 PM
 #12


It is the same transaction as above. You can see one input and two outputs. The 0.1 output to 1Angel.. is the address you wanted to send the coins to and the other output 1frs.. is your change address.


So if I'm following you correctly then in the transaction above then 1FrsRw1VrHNTB7yGn5meCD1i6sSZVLYQUj is a hidden change address in my wallet?

Yes, that is the most logical explanation. Normally the balance Bitcoin-qt shows is accurate and includes the hidden change addresses, but the last few days have been a bit crazy with a new type of attack causing Bitcoin-qt to show wrong balance values.
TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
February 14, 2014, 01:16:37 PM
 #13

make a rescan, you should find it then.

or dump all your private keys and enter them into a wallet on blockchain.info

Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 01:26:43 PM
 #14

My qt wallet has been re-scanned - has not showed up.  On the transaction page I can see the transaction to the supposed change address - that should not happen right?

What I did was put this change address into blockchain.info https://blockchain.info/address/1FrsRw1VrHNTB7yGn5meCD1i6sSZVLYQUj.  Yes it looks like a standard send with a change address but what makes me suspicious is that you can see the 0.8999 that is supposedly sent the change address and then 11 minutes later another transaction to the same address that has nothing to do with me (certainly did not show in my wallet).

My theory is that bitcoin-qt is infected and sends the change to an address controlled by someone else.  That would explain the wrong balance values myself and others are seeing?
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 01:33:39 PM
 #15

or dump all your private keys and enter them into a wallet on blockchain.info
Thanks - I've never done this before.  Do you mean the dumpprivkeys command in qt?  I tried that with the wallet receive address and got "Private key for address xxxxxxxxxxxxxxxxxxxxxxxxxxxxx is not known (code -4)".  What address do I use?  Is the output a file?
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
February 14, 2014, 01:49:24 PM
 #16

or dump all your private keys and enter them into a wallet on blockchain.info
Thanks - I've never done this before.  Do you mean the dumpprivkeys command in qt?  I tried that with the wallet receive address and got "Private key for address xxxxxxxxxxxxxxxxxxxxxxxxxxxxx is not known (code -4)".  What address do I use?  Is the output a file?

You should use the suspected change-address: 1FrsRw...

If it successfully outputs the private key, then this address is indeed a change address in your wallet and the wallet simply isn't showing the balance correctly.

Regarding the second transaction to the 1FrsRw address, that's simple blockchain spam. People sending the minimum amount to random addresses, typically from an address they've labeled with their own website for promotion. Since all transactions are public, it's easy for spammer to gather a list of addresses. Nothing to be concerned about.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 02:40:51 PM
 #17

Unfortunately the private key for 1FrsRw... is not known.  Any other suggestions?
Abdussamad
Legendary
*
Offline Offline

Activity: 3696
Merit: 1584



View Profile
February 14, 2014, 05:31:13 PM
 #18

Unfortunately the private key for 1FrsRw... is not known.  Any other suggestions?

You have to unlock the wallet first using the command below:

walletpassphrase <your password> 600

600 is the number of seconds to unlock the wallet i.e. 10 minutes. then run the dumpprivkey on the change address and tell us you see the private key (needless to say don't post the private key here Smiley).

Another thing you can try is:

validateaddress 1Frs...

If the response to validateaddress contains ""ismine" : true" then the let us know.
Racer8 (OP)
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 14, 2014, 08:35:07 PM
 #19

Not looking good - ismine was false.  Dumprivkey obvoiusly did not work either
Abdussamad
Legendary
*
Offline Offline

Activity: 3696
Merit: 1584



View Profile
February 14, 2014, 08:58:53 PM
 #20

Not looking good - ismine was false.  Dumprivkey obvoiusly did not work either

What about

dumpprivkey 1BWxWrPxVcGvYLS4E6kdMEKDmNhPWxtNT6

after a wallet unlock?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!