Bitcoin Forum
November 16, 2024, 12:39:48 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Reversal of unconfirmed transaction. Possible?  (Read 287 times)
mwd01 (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 18, 2019, 01:07:33 AM
 #1

Hey all, I was hoping someone could help me out with an issue that occurred on localbitcoins.

So the transaction went like this:
At 02/17/19 16:58:05 I initiated a withdrawal of my bitcoins from my LocalBitCoins wallet.
At 02/17/19 16:58:18 the funds were received into my local wallet address - https://tradeblock.com/bitcoin/address/16RHTgJrt8ry4XP7GuTyQnqPtPRPjYduws. The localBitCoins website was still loading and looked like it was hanging.
At 02/17/19 16:58:33 I received "Bad Gateway; request timed out" from the localbitcoins server when my withdrawal was being processed.
At 02/17/19 16:58:34 I received another transaction, which I have no idea where it came from, into my local wallet. It completely reversed the entire transaction. Both transactions get confirmed and I am left with a zero balance. The resulting funds ended up at https://tradeblock.com/bitcoin/address/19B1NqnzKiMzVDLskDmJGTm5zAqK6ourwo where it is still sitting.

I would always have to enter a password to send Bitcoins out of my local wallet but this did not happen. Does any know how this could happen? I have heard that transactions can be reversed whilst they are pending confirmation. Is this true? I was using Electrum as my local wallet.

Thanks to anyone who can shed some light on this.
nc50lc
Legendary
*
Offline Offline

Activity: 2604
Merit: 6416


Self-proclaimed Genius


View Profile
February 18, 2019, 01:50:05 AM
Merited by OgNasty (1)
 #2

-snip-
At 02/17/19 16:58:34 I received another transaction, which I have no idea where it came from, into my local wallet. It completely reversed the entire transaction. Both transactions get confirmed and I am left with a zero balance. -snip-
What version of Electrum are you using and from where did you downloaded the update?
It seems like you've been a victim of a phishing scam using the vulnerability of old versions.

For your question, it's possible by "Double Spending" using the same inputs as the transaction backed by a extremely higher tx fee for the particular transaction to be confirmed first. But most clients and wallets have this option disabled and/or only available via command.
However, this is only possible if you can broadcast the doublespend tx as soon as possible especially now that it's fairly fast to get 1confirmation.

As of now, all of the Tx in the OP are now confirmed and irreversible.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mwd01 (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 18, 2019, 01:56:00 AM
 #3

I am using electrum 3.3.4.

I downloaded it from https://download.electrum.org
nc50lc
Legendary
*
Offline Offline

Activity: 2604
Merit: 6416


Self-proclaimed Genius


View Profile
February 18, 2019, 02:34:54 AM
 #4

I am using electrum 3.3.4.

I downloaded it from https://download.electrum.org
The link is legit, however you must double-check the browser's history (if it was downloaded) of the actual URL of the site.

Because from the looks of it, the transaction isn't "double-spent" by local bitcoins (and they wouldn't do that for sure), the second transaction was created and broadcasted by your Electrum wallet or anyone who has the SEED/prv key (address: 16RHTgJrt8ry4XP7GuTyQnqPtPRPjYduws) right after receiving the bitcoins from localwallet.

Other possibility based from this:
I would always have to enter a password to send Bitcoins out of my local wallet but this did not happen.
You accidentally selected another wallet file (without password) which was already compromised or you created it before using a publicly displayed SEED or private key(s).
T/N: Electrum will always open the last wallet that you've used.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
joniboini
Legendary
*
Offline Offline

Activity: 2380
Merit: 1807



View Profile WWW
February 18, 2019, 04:03:24 AM
Merited by Coin-1 (1), DdmrDdmr (1)
 #5

I would always have to enter a password to send Bitcoins out of my local wallet but this did not happen.
You accidentally selected another wallet file (without password) which was already compromised or you created it before using a publicly displayed SEED or private key(s).

So whatever the exact reason is, it's quite possible your private key/seed was stolen by somebody else, therefore he has the access to your funds.  There is no way to reverse a transaction even if it's unconfirmed (by reversal = delete the transaction and send the funds back to the original sender), and looking at the history of that address it seems the transaction was confirmed afaik.


▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
Xynerise
Sr. Member
****
Offline Offline

Activity: 322
Merit: 363

39twH4PSYgDSzU7sLnRoDfthR6gWYrrPoD


View Profile
February 21, 2019, 07:47:44 PM
Merited by DdmrDdmr (2)
 #6

The transaction that sent out your bitcoin was made barely seconds after it was received, so most likely there was a script running (probably on your PC) that sent the bitcoin to the attacker's address almost immediately, and also overpaying in fees (88.7sats/byte while the average on that day was ~15 sats per byte).

Like the posters above have said, either your version of electrum is malware, or your computer has been compromised.
Run a complete antivirus scan to find out.
Thirdspace
Hero Member
*****
Offline Offline

Activity: 1232
Merit: 738


Mixing reinvented for your privacy | chipmixer.com


View Profile
February 21, 2019, 08:42:57 PM
 #7

did you generate the address yourself or import it into your electrum?
because your fund used together with another utxo (2417 sats) from 1CACxmDPTSWJqyMNz1HBP3NZbTYLZcVJvF
so it looks like someone already know your private key and watching/waiting for incoming transaction

buwaytress
Legendary
*
Offline Offline

Activity: 2996
Merit: 3697


Join the world-leading crypto sportsbook NOW!


View Profile
February 22, 2019, 08:26:54 AM
 #8

The transaction that sent out your bitcoin was made barely seconds after it was received, so most likely there was a script running (probably on your PC) that sent the bitcoin to the attacker's address almost immediately, and also overpaying in fees (88.7sats/byte while the average on that day was ~15 sats per byte).

Like the posters above have said, either your version of electrum is malware, or your computer has been compromised.
Run a complete antivirus scan to find out.

Yup, this is the common flag that suggests a script just lurking and waiting. 88 sats/byte does seem to be the lowest overestimate I've seen from this type of hack. Usually way into high hundreds just to ensure it gets confirmed in next block.

Something is compromised, device, if not the seed/private key itself. Sweep device. Generate new wallet.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!