BTC's withdrawal without permission in Armory. Problem security?

[JhonDoe]

Hi.
I'm am user of Armory. I have a off-line wallet.

Today I felt fear when I saw a operatión in my read-only wallet that I didn't do it.
First a out BTC operation and later a in operation both with the same value.
I tried to see the blockchain, but the "IN operation" told me invalid IP.

I show you capture of screen the operation and the blockachain of this operations.



Operation of out of BTC's:
https://blockchain.info/tx/9b2b79a568b6aa30702290c47cff04577da39626066214b351b1750c994aa452

Operation of IN of BTC's:
https://blockchain.info/ip-address/0.00316006

Later, I closed and opened again the program and it reloaded data and then the operation had disappeared.

I would like to know what happened really and if my wallet was in danger in any moment (or is in danger now).

Thanks
Doe.

[1714863181]

1714863181

[1714863181]

1714863181

[1714863181]

1714863181

[goatpig]

The transaction disappeared from your ledger? Usually a DB corruption. Either rebuild and rescan, or try the test release for the upcoming version

[JhonDoe]

Thanks goatpig. Yes, they disappeared. But the problem is, why did they appear in my ledger?
I never did this operations. Is my BTC's in my wallet in danger?

Regards.
Doe

[goatpig]

But the problem is, why did they appear in my ledger?
I never did this operations. Is my BTC's in my wallet in danger?

From the timestamp and ledger order it looks like you ultimately received these coins (deposited then withdrawn from an online service? or refunded a purchase maybe?).

If you are indeed using a watching-only wallet with an offline signer, then I do not expect your coins to be in danger. As I said, weird ledger behavior and particularly transactions disappearing is symptomatic of database corruption. However, transactions appearing out of nowhere usually isn't.

If you really can't remember how these coins got to move, maybe you'd like to open a ticket and provide us with more details as to how you came across this issue to begin with:

https://support.bitcoinarmory.com/home

You currently haven't provided enough information to conclude anything. However, we never had a case of stolen coins with offline wallets, and as you can see, those coins came back to you, so I don't think there is too much cause for worry.

If you would regardless prefer to stay on safe side, you can create a new wallet on your offline signer (or a different one if you are really paranoid) and move your coins to that in the mean time

[TimS]

Operation of out of BTC's:
https://blockchain.info/tx/9b2b79a568b6aa30702290c47cff04577da39626066214b351b1750c994aa452

This transaction was included in a block that was then orphaned. Armory people, does this explain the strange behavior, and maybe let you fix the issue for future versions?

[goatpig]

This transaction was included in a block that was then orphaned. Armory people, does this explain the strange behavior, and maybe let you fix the issue for future versions?

The reorg itself wouldn't add transactions out of nowhere. As long as the transaction in a out of the main chain, it won't be visible to the user anymore. This can account for transactions appearing then disappearing, although usually the miners on the winning chain would have integrated the same transactions anyways, so the reorg would go entirely unnoticed by the user, since his transaction ledger doesn't change in this case.

There is however the rare case where the original spend was not included in the good chain and that canceled the next transaction as well, so the reorg could explain why the transactions disappeared from the ledger, as they simply disappeared from the blockchain. It looks like these transactions don't pay a fee so it's entirely possible the miners on the good chain ignored the first one.

It doesn't account for transactions the user has no recollection of performing to begin with. Then again if the transaction is the result of moving the same amount of coins out of the wallet then back in within a couple blocks, it looks like a refund or something similar, so I'm not particularly worried.

[hhanh00]

I suspect it is just the way Armory or Bitcoin Core handles undoing transactions from orphan blocks (I coded something similar in my client).
First the transaction that sends you the coin is seen in the blockchain. It's added to your list of transactions and you see the first line. Later on, the block is orphaned and every transaction from it has to be undone. The app can do one of two things:
- It deletes the first line or
- It creates a second line that reverses the first one.

Both solutions have pros & cons, so it's legit to have either implementation. (I chose #1)
Since it's now in the blockchain, I think the scenario is

- you got credit
- it got reversed because it went to an orphaned block
- then the transaction was remined and you got credit again.

Or I could be completely wrong.