Stolen bitcoins from bitaddress.org generated address

[anarchoatheist]

I just got my Gridseed g-blade miner in yesterday and started mining pretty much immediately. I decided to mine on clevermining.com. I wanted to keep a record of my earnings for the new miner, so I thought I would generate a new address to have the bitcoin earnings sent to. I used bitaddress.org to create the address. I did not do this from an offline computer. I didnt feel the need to do this as after each daily payout, I would transfer the coin to another more secure wallet. So a couple hrs ago I got my first payout to the new address and immediately they were stolen and sent to another address. You can see here https://blockchain.info/address/1445yAxtqySV4weaYU51tZvCkkzF2E4qAs. Here are the exact steps that I took in creating the wallet:
1.went to the bitaddress.org website and created a wallet key pair. (computer wasnt offline)
2.I then printed out the wallet on my network printer (I know, also another unsecure point)
3. I then used my android Mycelium app to scan the private key and add it to my working wallet list in the app.

Where is the most likely point where the thief gained access to my private key?

[1714634142]

1714634142

[vipgelsi]

Maybe they have a key logger setup next time make a password with ease of access and use ur mouse as a keyboard.

[anarchoatheist]

Maybe they have a key logger setup next time make a password with ease of access and use ur mouse as a keyboard.

I also forgot to mention, the wallet was created on a computer running Ubuntu 13.10.

[anarchoatheist]

I also noticed, when I search my address in question on blockchain.info, it says this at the top of the page "Warning! this bitcoin address contains transactions which may be double spends. You should be extremely careful when trusting any transactions to or from this address." What does this mean?

[jbrnt]

I believe your phone could be the weak link. Android itself is relatively secure. If you have installed doggy apps on your android phone before, there is a high possibility that your phone is compromised.

You can test the vulnerability by creating 2 more addresses, one online and one offline. Then import both into your phone. Send small amounts to both addresses. If both got snagged, it's the phone. If the online address got snagged, it the computer.

[anarchoatheist]

I believe your phone could be the weak link. Android itself is relatively secure. If you have installed doggy apps on your android phone before, there is a high possibility that your phone is compromised.

You can test the vulnerability by creating 2 more addresses, one online and one offline. Then import both into your phone. Send small amounts to both addresses. If both got snagged, it's the phone. If the online address got snagged, it the computer.

I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk

[jbrnt]

I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk

0.0001 is not enough. Thief will get nothing after transaction fee. Send at least 0.005 to test.

I understand you might think you are basically throwing money away, but there is a need to know for certain, wouldn't you agree?  

[anarchoatheist]

I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk

0.0001 is not enough. Thief will get nothing after transaction fee. Send at least 0.005 to test.

I understand you might think you are basically throwing money away, but there is a need to know for certain, wouldn't you agree?  

Actually I sent 0.0001 to the first address and they did try to steal that also. https://blockchain.info/address/1445yAxtqySV4weaYU51tZvCkkzF2E4qAs

[Gator-hex]

If you do not EXCLUSIVELY own the private key you do not EXCLUSIVELY own the wallet!

Make your wallet and keys with the official client software only and set a wallet password!

Bitcoin: https://bitcoin.org/en/choose-your-wallet

Litecoin: https://litecoin.org/

You cannot trust third parties with your wealth, what you did is like asking a stranger in the street to hold your wallet for you!  

[anarchoatheist]

If you do not EXCLUSIVELY own the private key you do not EXCLUSIVELY own the wallet!

Make your wallet and keys with the official client software only and set a wallet password!

Bitcoin: https://bitcoin.org/en/choose-your-wallet

Litecoin: https://litecoin.org/

You cannot trust third parties with your wealth, what you did is like asking a stranger in the street to hold your wallet for you!  

So you dont trust Armory or Electrum bitcoin software?

[jeffg]

I dug into the bitaddress code myself and it's pretty secure. Maybe you have a suspicious chrome/firefox extension which interferes with the site?

[wemine]

I think it is a keyboard logger records your input too, you should definitely use a safer computer to store your bitcoins.

[Light]

Clearly it's either something on your phone/computer - I'd be more inclined to go with your phone. Android isn't exactly the safest system - are you rooted/jail broken? Have you installed any shady apps recently? I would say if you want to generate secure keys to have an offline computer running on a liveCD of your favourite linux distro and run Electrum/bitaddress.