Just found an unauthorized transaction on my MultiBit Ledger

[luckypyrate]

I logged into my MultiBit this morning and noticed a .3785 transaction from last night.  My MultiBit is encrypted and the dat file stored offline...how is it possible for someone to have gotten my monies?

[Q7]

Any chance one of your family members happen to know your password? Just wondering because if it get hacked, your account should be emptied by now.

[cryptworld]

you have downloaded something dangerous?
the password is safe enough?

[DannyHamilton]

Have you ever imported any private keys into your wallet at all?

Have you ever imported any vanity addresses into your wallet at all?

Are you sure you didn't send a transaction last night while very sleepy and perhaps forgotten about it?

Perhaps you have some malware running on your computer that captured the contents of your unencrypted wallet file the last time you used it?

[luckypyrate]

Thanks all for your replies.  I have been very careful about this particular wallet as it is my local wallet where I keep all my goods.  I just changed the password on the account.  I guess I am just confused because I thought the whole point of encrypting the wallet was for it to ask for the password before authorizing any transaction.  Is this not the case?  Could someone make a transaction on my address without needing to authenticate?

[DannyHamilton]

Thanks all for your replies.  I have been very careful about this particular wallet as it is my local wallet where I keep all my goods.  I just changed the password on the account.  I guess I am just confused because I thought the whole point of encrypting the wallet was for it to ask for the password before authorizing any transaction.  Is this not the case?  Could someone make a transaction on my address without needing to authenticate?

That depends.

The password is used to encrypt the private keys while they are not being used. If someone has access to your unencrypted private keys, then they don't need your password or your wallet.  They can simply spend your bitcoins by loading your private keys into their wallet.  If they already have access to your unencrypted private keys, then changing the password isn't going to help.  You'll need a brand new wallet with brand new addresses, and you'll need to send any remaining balance that you have to that new wallet.

This is why I asked if you ever loaded any private keys or vanity addresses, and why I suggested the possibility that malware may have captured information from the wallet the last time you used it.

[smoothrunnings]

I logged into my MultiBit this morning and noticed a .3785 transaction from last night.  My MultiBit is encrypted and the dat file stored offline...how is it possible for someone to have gotten my monies?

Use a more secure password. Use one from grc.com/password. Steve Gibson's algorithm never generates the same password twice, so even if someone got their hands on it would take them several life times to hack your wallet.

[luckypyrate]

thanks all for your replies.  I will try and be even more careful than I already am.  I was looking into cold storage...maybe I do need to go that route.  Could have been a lot worse, I guess. 

My biggest fear is that there is an exploit somewhere.  Would hate to be ground zero for that

[franky1]

look at the time of transaction.

was your computer switched on at that time last night, were you sing the computer at that time?

if you were not using it, EG were out at a bar having fun then check your internet history and file history to see if anyone else was using your computer. this would show if someone in your house done it or not.

if you were home, but not using the computer EG it was switched off, then someone remotely made the payment, look into files you downloaded within the last week. see which files were accessed that night orr which ones did not come from a reputable source as they may have included a trojan.

lastly, do you have anything like team viewer or "accessmypc" remote assistance software.

many reports of remote theft due to trojans have been from:
altcoin wallets where the altcoin is still on pre-release or offered users free coins upfront if they downloaded bfore release (it never releases as the download is simmply a trojan, nothing more"
"free bitcoin generators" advertised on the web
-any other bitcoin related program, as its more presumptuous to assume that your more likely to get a bitcoin trojan from a crypto related program rather than a torrent of microsoft office or call of duty.

[cryptotraders]

maybe your friends or family members.
or you need to updates your computer security.

[bigasic]

Do you only have one wallet? if you have multiple wallets, check that. Like others have said, check the time, etc. If you have downloaded some software you could be infected. I would probably move the coins to a safe place.

[luckypyrate]

thanks all for your help and feedback.  The money has been returned to my account, so either someone was exceptionally generous or recognized the mistake and refunded the transaction.  Either way thanks all for your feedback and I have certainly used this as a reality check to crackdown on my security.  I just implemented a WatchGuard Firewall Router which made me doubly scared because I have been  having trouble configuring it to allow for mining traffic.  Thanks again all!