amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 12:36:37 AM |
|
I just lost over 2.5 bitcoins.
I used an Android wallet, which I do not want to name just yet, pending the developer's response to the situation.
With the wallet, I generated the new address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F then sent 2.57386667 btc from localbitcoins to that address, which is txid 47b689d108a33c05405332169d3a0eb96ded33ce711fcd498ead1ba5e2b72328. This is the only transaction that I initiated with this address.
Later, when planning to move the money to paper wallets, I discovered that this address had previous activity on it, and that most of the money was swept from that address after my transaction confirmed. There are several transactions afterwards which sweep the remaining money out of that address.
I suspect either that this problem is due to a collision from a poor PNR, or it was a malware attack.
Anyone with insight on tracing btc transactions want to comment?
|
|
|
|
MineForeman.com
Legendary
Offline
Activity: 896
Merit: 1000
|
|
March 08, 2015, 12:40:35 AM |
|
Is your phone rooted?
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 12:44:14 AM |
|
Is your phone rooted?
Nope. It is a Verizion prepaid Samsung SCH-I200PP currently running android 4.1.2.
|
|
|
|
ajareselde
Legendary
Offline
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
|
|
March 08, 2015, 12:48:35 AM |
|
I just lost over 2.5 bitcoins.
I used an Android wallet, which I do not want to name just yet, pending the developer's response to the situation.
With the wallet, I generated the new address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F then sent 2.57386667 btc from localbitcoins to that address, which is txid 47b689d108a33c05405332169d3a0eb96ded33ce711fcd498ead1ba5e2b72328. This is the only transaction that I initiated with this address.
Later, when planning to move the money to paper wallets, I discovered that this address had previous activity on it, and that most of the money was swept from that address after my transaction confirmed. There are several transactions afterwards which sweep the remaining money out of that address.
I suspect either that this problem is due to a collision from a poor PNR, or it was a malware attack.
Anyone with insight on tracing btc transactions want to comment?
where did u get the wallet from ? if downloaded from unreliable source, it could have been infected, and also the more probable version is that your android device was previously backdoored from some game/app etc. whatever you do, it wont bring you your bitcoins back, but you should explore your phone , or give it to someone who might shed some light so that something like this doesnt happen again. The only thing that intrigues me here is this : u generated new address and it previously had activity on it, before its creation ? that shouldnt be possible if theres not something wrong with app. cheers
|
|
|
|
RAXS
Newbie
Offline
Activity: 20
Merit: 0
|
|
March 08, 2015, 12:52:19 AM |
|
Generate a few addresses and check if they also have previous activity or have you already done that?
|
|
|
|
Monetizer
|
|
March 08, 2015, 12:54:31 AM |
|
Where did you use the internet when you got funds or the such? If it was in a public place there is a chance someone may have been sniffing it (I think that is correct terminology ahah) and seen your address and login info there.
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 01:07:25 AM |
|
where did u get the wallet from ? if downloaded from unreliable source, it could have been infected, and also the more probable version is that your android device was previously backdoored from some game/app etc.
Again, never rooted. The phone is rather limited in memory, so I'm not in the habit installing or trying out new apps. All the apps that I've knowingly installed come direct from the Google playstore, plus a couple of already-paid-for apps through the Amazon appstore. Other than installing the Amazon appstore's apk file, I have not installed anything on the phone that didn't come through those app stores. The only thing that intrigues me here is this : u generated new address and it previously had activity on it, before its creation ? that shouldnt be possible if theres not something wrong with app.
Yes, apparently that is what happened. It was "generated" within the wallet app a few minutes before sending money to it in the previously mentioned transaction.
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 01:09:00 AM |
|
Where did you use the internet when you got funds or the such? If it was in a public place there is a chance someone may have been sniffing it (I think that is correct terminology ahah) and seen your address and login info there.
Through the Verizon 3G data network.
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
March 08, 2015, 01:13:32 AM |
|
Well what kind of wallet was it already?
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 01:13:46 AM |
|
Generate a few addresses and check if they also have previous activity or have you already done that?
I generated 4 more addresses, and none of them had previous activity. DEVELOPERS: When your wallets generate new addresses, you should be putting in a trap that detects if a newly generated address has previous activity, and alert you to the problem which would indicate a weak PNR.
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 01:17:04 AM |
|
Well what kind of wallet was it already?
I'm extending the courtesy of not naming the wallet, which is popular, until I can determine if it is actually the developer's fault or if my phone has compromised.
|
|
|
|
BitcoinFr34k
|
|
March 08, 2015, 01:17:31 AM |
|
The only thing that intrigues me here is this : u generated new address and it previously had activity on it, before its creation ? that shouldnt be possible if theres not something wrong with app.
Yes, apparently that is what happened. It was "generated" within the wallet app a few minutes before sending money to it in the previously mentioned transaction. It was probably was using a flawed RNG when creating the address. A huge red flag should have been the fact that there was activity on an address when you created the address, the fact that funds were spent from the address 100% means that someone else controls the private keys For an amount that small I don't think blockchain analysis is going to help you at all. Your best bet would be to find them via the android market
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 01:24:52 AM |
|
The only thing that intrigues me here is this : u generated new address and it previously had activity on it, before its creation ? that shouldnt be possible if theres not something wrong with app.
Yes, apparently that is what happened. It was "generated" within the wallet app a few minutes before sending money to it in the previously mentioned transaction. It was probably was using a flawed RNG when creating the address. A huge red flag should have been the fact that there was activity on an address when you created the address, the fact that funds were spent from the address 100% means that someone else controls the private keys When I created the address, it showed no activity -- likely due to the wallet not be immediately updated with the current block chain information.
|
|
|
|
MilesJohan
|
|
March 08, 2015, 02:34:13 AM |
|
Actually you should mention the app so people don't happen to lose coins if its a wallet bug.
|
MileyJohanson
|
|
|
ebliever
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
March 08, 2015, 02:54:29 AM |
|
DEVELOPERS: When your wallets generate new addresses, you should be putting in a trap that detects if a newly generated address has previous activity, and alert you to the problem which would indicate a weak PNR.
Good point, and lesson learned for USERS as well: When trying out a new wallet, check the blockchain for previous activity on the initial addresses generated in the wallet. That's more than a huge red flag, that's a shout-your-screaming-head-off-to-alert-everyone kind of thing. If keys are being developed like they should, this should NEVER happen within the confines of this universe. There was news about a month ago about the possibility of hackers releasing wallets with the potential for pre-designated keys. They could then monitor the blockchain and sweep funds from them, even offline, cold wallets, etc., since they would already have the corresponding private keys. I wonder if this is possibly what happened with you. Was the wallet you used a recent release? From a new source?
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
March 08, 2015, 02:57:36 AM |
|
DEVELOPERS: When your wallets generate new addresses, you should be putting in a trap that detects if a newly generated address has previous activity, and alert you to the problem which would indicate a weak PNR.
Good point, and lesson learned for USERS as well: When trying out a new wallet, check the blockchain for previous activity on the initial addresses generated in the wallet. That's more than a huge red flag, that's a shout-your-screaming-head-off-to-alert-everyone kind of thing. If keys are being developed like they should, this should NEVER happen within the confines of this universe. There was news about a month ago about the possibility of hackers releasing wallets with the potential for pre-designated keys. They could then monitor the blockchain and sweep funds from them, even offline, cold wallets, etc., since they would already have the corresponding private keys. I wonder if this is possibly what happened with you. Was the wallet you used a recent release? From a new source? He prefers not to say...
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
Monetizer
|
|
March 08, 2015, 03:01:43 AM |
|
Actually you should mention the app so people don't happen to lose coins if its a wallet bug.
Exactly, if there is a problem it would be good to know now so we can stop other people losing there bitcoins. It is unfortunate you lost yours but we should try to stop others losing theirs aswell if possible.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 08, 2015, 03:09:12 AM |
|
Without providing the name of the wallet and source code it is impossible to say but you are doing the community a huge disservice by keeping the name of the wallet hidden.
There are two likely possibilities: a) your phone was compromised by malware b) the wallet developer is grossly incompetent
If it is a wallet error you won't be the last person affected and maybe the next victim loses 10x or 100x as much. The longer you wait the more victims and the greater the total losses. If the issue is unrelated to the wallet then an open review of the code will reveal that. Keeping the wallet and developer a secret doesn't help anyone. An ethical developer would probably compensate you for bringing it to light and an unethical one is going to tell you tough luck even if you keep their secret.
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 03:17:04 AM Last edit: March 08, 2015, 03:30:40 AM by amspir |
|
Actually you should mention the app so people don't happen to lose coins if its a wallet bug.
Exactly, if there is a problem it would be good to know now so we can stop other people losing there bitcoins. It is unfortunate you lost yours but we should try to stop others losing theirs aswell if possible. It would be irresponsible to blame the wallet app publicly if the fault lies in my phone being compromised. I am in contact with support, and would like to give them a chance to figure out the cause and make it right, if they are to blame. So far, they are assuming malware, since they claim they don't have reports of similar problems from other users. If they drop the ball, they will be named. If it is a wallet bug, it must be due to a rare condition and not widespread.
|
|
|
|
amspir (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
March 08, 2015, 03:27:43 AM |
|
Was the wallet you used a recent release? From a new source?
The wallet has been installed on my phone for about a year through Google Play. The version on my phone was up-to-date when I checked it after the theft.
|
|
|
|
|