Author

Topic: 1.14 BTC stolen from wallet? :-( (SOLVED - 2 copies of multi-bit unsync'd) (Read 1303 times)

legendary
Activity: 1708
Merit: 1036
Can't confirm until I get home, but I have more clues indicating that my 1.14 BTC is not stolen. As intimated in the 1st followup post, it looks like I have a mismatch in keys between my laptop and desktop copies of multi-bit.

SUGGESTION for wallet developers out there: A way to easily compare the keys loaded between two different copies of an offline wallet.


*****************************

Final Update: I'll leave this undeleted for the sake of others who find themselves in a similar circumstance in the future, but I was correct that the problem was due to a mismatch in keys loaded between my laptop and desktop wallets. Apparently when you generate addressess in one copy of multi-bit, it does not generate the same addresses in the other copy. So while I started with a common set of keys/addresses, I had three addresses on my desktop that were not on my laptop. I even had them labeled DO NOT USE on the desktop copy of multi-bit to prevent this sort of confusion, but of course that did not prevent the software from using those addresses automatically. I'm going to be exporting importing keys between the two copies now to sync them back up.

Happy bitcoining,
ebliever

All's well that end's well :-)
legendary
Activity: 1708
Merit: 1036
Hmmm, some further info (I'm badly short of sleep due to a feverish child at the moment)... the blockchain info lists the amount as broken into .3 BTC and ~1.14 BTC. Now I remember that at the time of this transaction, I was about to go to bed and remembered that I needed to order a wifi extender for my wife, but I didn't have any funds at Purse.io. So I had logged into multi-bit and sent .3 BTC to Purse (at 1:17 AM according to my Purse.io account).

So that explains .3 BTC of this. But where on earth did the other ~1.14 BTC go? I don't think I would have fat-fingered anything like that. I'm definitely missing the funds based on manual recording keeping I do. Wondering now what stupid thing I may have done, but I'm still at a loss. But at least it's a loss of only 1.14 BTC now :-p

(Seems to me the key is that the 1.44 BTC in the transaction matches the amount in the last inbound transaction I'd received in the wallet. But how that relates I don't know.)

(Update: Going to do a sanity check when I get home; 8-9 months ago I noticed a strange mismatch between my laptop and desktop copies of my multi-bit wallet. For some reason one of the wallets was missing a pair of very small inbound transactions from a mining pool (just $0.15-.25 or so). Eventually (days later) the discordance disappeared and they matched back up, but I never did figure out what was going on. Anyone have any idea what could explain that? I thought I have the same keys loaded on both, but now I'm wondering if they aren't 100% in sync. or something.)

Confused and groggy....
legendary
Activity: 1708
Merit: 1036
Pulled up my multi-bit wallet this morning and discovered an outbound transaction of 1.44 BTC at 1:34 AM (local time) on Feb. 14. Which was interesting because it matches the amount of 1.44 BTC I had transferred in from my Coinbase account on Feb. 6. I had ~0.75 BTC left in the wallet that was untouched. (Which I've now moved, obviously.)

The address the 1.44 BTC was sent to was  1Jfgv6ropgo1f2fE5UAym7Zt6wCb6QmTk9. It appears to have a lot of activity on the blockchain, though I'm not very skilled at interpreting any of it.

I'm sure I didn't make the 2/14 transaction, and equally sure my wallet/computer was not physically compromised. So that leaves some kind of malware attack that was able to access my multi-bit wallet. But why then was only the 1.44 BTC taken and not the full amount in the wallet?

Is there anything I can do to investigate this further? Who would I even contact to report the theft? Local police department? (Small rural town, I can imagine how useful that will be...)

With all the yelling recently about not using exchanges and relying on local wallets, I find it ironic that the first direct personal loss I've suffered was from a personal wallet. I'm not a security guru but thought I was following the reasonable protocols (albeit not the more extreme ones) to secure it and my system from intrusion. I guess I missed something somewhere. Would the details above, or anything else I can provide, give any clues as to how my wallet was compromised? I'll be running some extra A-V scans when I get home tonight obviously, as well as checking out my work laptop where I had a copy of the wallet.

Glad I didn't lose more, but frustrated at this loss. BTC can't go mainstream if the average Joe can't feel their funds are safe.
Jump to: