Author

Topic: Bitcoin redirected from my address as soon as it was sent to me (Read 1982 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
You might be a victim of sticky note bitcoin hacking technics your bitcoin address has been replaced with another address using sticky note hacking script. This might be the case of the situation however, cross check your transaction details first to be sure the mistake isn't from you.

Wrong. Read the post by lotusexpeditor above yours.
newbie
Activity: 4
Merit: 0
You might be a victim of sticky note bitcoin hacking technics your bitcoin address has been replaced with another address using sticky note hacking script. This might be the case of the situation however, cross check your transaction details first to be sure the mistake isn't from you.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
First I thought, why does someone (necro?) bump an almost eight year old thread, but actually your finding is a good contribution to the mystery of the origin of the compromised private key OP used in his wallet. A total mystery to me is why someone would import a publicly known private key into his wallet and very likely OP did just that. That's beyond sanity...

The security of a private key is based on its randomness. Something that is published and thus known and findable or derived from something known or findable is the opposite of secure. Human brainwallets were shown to be mostly a failure. Private key from known data are a failure, too.
newbie
Activity: 2
Merit: 10
I don’t know if the is the right list, but I hope someone can advise.

In the early hours of this morning I sent 1.01 BTC from my Xapo wallet to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key. My client had been running all day and the blockchain was synced and up-to-date.

The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for, something which I did not think was possible.

What the hell happened and where is my Bitcoin?



Hi from the future,

The private key (0004d30da67214fa65a41a6493576944c7ea86713b14db437446c7a8df8e13da) for the 12iocUthp58E72ZksRmToDFPfM1WCPKv91 (Compressed Legacy Address) was appeared in the bitaddress.org source code as a Test Address. I found your forum post while auditing this source code;

https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.unittests.js#L555

You probably generated this address in a improper way. Sorry for your loss :/

legendary
Activity: 1260
Merit: 1019
The question is (and was) where he got them
I am sure he is unable to remember this.
I'll try to google for the private key later, may be I'll find the answer.

and why he imported them?
Humans do strange things regulary.
Climb bins and drag into the house dirtiest and used things.
legendary
Activity: 4256
Merit: 1313
One question, you also had said previously that you had imported some keys. Was this one of them?
definetely he used compromised private key. no doubts

Obviously.

The question is (and was) where he got them and why he imported them?
legendary
Activity: 1260
Merit: 1019
One question, you also had said previously that you had imported some keys. Was this one of them?
definetely he used compromised private key. no doubts
legendary
Activity: 4256
Merit: 1313
I don’t know if the is the right list, but I hope someone can advise.

In the early hours of this morning I sent 1.01 BTC from my Xapo wallet to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key. My client had been running all day and the blockchain was synced and up-to-date.

The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for, something which I did not think was possible.

What the hell happened and where is my Bitcoin?


One question, you also had said previously that you had imported some keys. Was this one of them?

And as DH asked above, where did those keys come from?
legendary
Activity: 1260
Merit: 1019
I said that I am inclined to believe you did.
Oups, sorry. You may also believe that I am a murderer of JFK. Grin

Quote
with your trust rating with so much RED
I do not care about it. This is your problem to look at the rank, not mine.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that.
You are insulting me undeservedly. I did not touch money. At least you will not be able to prove it.
I encourage you to look up words and terms not misleading readers.

I did not say anything I cannot prove.
I did not say you did anything. I said that I am inclined to believe you did.
And I pointed out your trust rating, which is red, nothing special to prove there.
legendary
Activity: 1260
Merit: 1019
Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that.
You are insulting me undeservedly. I did not touch money. At least you will not be able to prove it.
I encourage you to look up words and terms not misleading readers.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
If something is taken, and the taker doesn't have permission to take it, then it is stolen.
OK, seems to me that OP stolen my private key and its address  Grin
Should I prove that 12iocUthp58E72ZksRmToDFPfM1WCPKv91 belongs to me?  Grin

Although you are Legendary rank, with your trust rating with so much RED, I am inclined to believe that you've got a newbie's private keys (and money), or you are trying to imply that.
legendary
Activity: 1260
Merit: 1019
If something is taken, and the taker doesn't have permission to take it, then it is stolen.
OK, seems to me that OP stolen my private key and its address  Grin
Should I prove that 12iocUthp58E72ZksRmToDFPfM1WCPKv91 belongs to me?  Grin
legendary
Activity: 3472
Merit: 4801
It was taken. Not stolen.

If something is taken, and the taker doesn't have permission to take it, then it is stolen.
legendary
Activity: 1260
Merit: 1019
Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?)
Start with this https://github.com/sebicas/bitcoin-sniffer
And ask me anything.
hero member
Activity: 1204
Merit: 531
Metaverse 👾 Cyberweapons
OP, I am sorry for your loss, your BTC was taken. In fact, there are MAC malware, but whoever took your BTC did not need it if he had your private key. Since I really cannot see a way to recover your value, I advise you to use additional anti-malware software on your computer and make sure you have exclusive knowledge of your private key to prevent similar cases in the future.

Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?)

I wondered the same some days ago and I was advised to check some BTC block explorer to discover the relations of a BTC address. After the update where you automatically get a new address after each transaction, you may do not want to monitor a BTC address but a person's BTC addresses, but as far as I know, it still is possible with block exploring.
legendary
Activity: 1260
Merit: 1019
You do not have exclusive control of the private key.  Someone else has that private key as well.
true

I was given to understand that it was not possible to spend unconfirmed coins on your address,
It is possible.

Quote
I still don't understand how they were able to send the coins the instant they arrived.
Your knowledge about bitcoin network has gaps. Live with it or teach yourself.
legendary
Activity: 3472
Merit: 4801
I have indeed imported some keys into my wallet.

Where did those keys come from?

If it was a source that you thought was trustworthy, then it might be a good idea to warn others not to use that source.
newbie
Activity: 5
Merit: 0
Quote
It is.

It is a good idea to wait until a transaction is confirmed before you spend the bitcoins that are received from the transactions (just in case the transaction never confirms), but it is not necessary to wait for confirmation.  Unconfirmed bitcoins can be spent.

You must have replied the same time as me.

I have indeed imported some keys into my wallet.

I transferred my entire balance to my Coinbase account and deleted/recreated my wallet.dat file. An expensive lesson but it could have been lot worse.
newbie
Activity: 5
Merit: 0
Quote
The attacker has your private key. Even your wallet knows you've got money in the second they've came in.
It's not that difficult to code something similar and when the "money in" notification comes, the money is sent out by a script.
It doesn't have to be on your computer. The attacker has your private key and can do all this on his own computer.

I was given to understand that it was not possible to spend unconfirmed coins on your address, I still don't understand how they were able to send the coins the instant they arrived.

I too am intrigued on how you would go about doing this.
 
legendary
Activity: 3472
Merit: 4801
- snip -
to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key.
- snip -
The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for
- snip -
What the hell happened and where is my Bitcoin?

You do not have exclusive control of the private key.  Someone else has that private key as well.

How did you get that address and private key?  Did you generate the address with the Bitcoin Core wallet immediately before sending the transaction? Did you import the private key into Bitcoin Core?  Was it generated with VanityGen?  Was is generated with bitaddress.org?  Was it a "brainwallet", generated from a passphrase?  Did you get the private key from someone else?

If you generated the address with the Bitcoin Core wallet, have you ever had that wallet.dat file installed on any other computer in the past?

- snip -
The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.

It is.

It is a good idea to wait until a transaction is confirmed before you spend the bitcoins that are received from the transactions (just in case the transaction never confirms), but it is not necessary to wait for confirmation.  Unconfirmed bitcoins can be spent.
sr. member
Activity: 434
Merit: 250
You said the Mac OS was recently installed.
Did you wipe your computer at some point? Have you ever had malware detected in the past?

Also if someone can post some technical details of how you would make a script to monitor a BTC address, that would be really interesting.
I'm going to do some research on the topic on my lunch break today.
(Is it similar to how miners get notified when they discover a block?)
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Thanks for your replies.

I am running Bitcoin-Qt on a mac that I have just recently installed so the possibility of Malware is small. The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.



The attacker has your private key. Even your wallet knows you've got money in the second they've came in.
It's not that difficult to code something similar and when the "money in" notification comes, the money is sent out by a script.
It doesn't have to be on your computer. The attacker has your private key and can do all this on his own computer.
newbie
Activity: 5
Merit: 0
Thanks for your replies.

I am running Bitcoin-Qt on a mac that I have just recently installed so the possibility of Malware is small. The coins were transferred out the exact same second as they arrived, and before the transaction was confirmed, I did not think that was possible.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
looks like the destination address is linked to some issues in the past.

https://bitcointalksearch.org/topic/m.12715624
https://bitcointalksearch.org/topic/m.13305218

not sure what happened to you but maybe your computer is infected by some kind of malware

Whether it's infected or was in the past, clearly somebody else got OPs private key and transferred out those BTC.

What the hell happened and where is my Bitcoin?

It was stolen. Sorry.
hero member
Activity: 686
Merit: 500
looks like the destination address is linked to some issues in the past.

https://bitcointalksearch.org/topic/m.12715624
https://bitcointalksearch.org/topic/m.13305218

not sure what happened to you but maybe your computer is infected by some kind of malware
newbie
Activity: 5
Merit: 0
I don’t know if the is the right list, but I hope someone can advise.

In the early hours of this morning I sent 1.01 BTC from my Xapo wallet to the address 12iocUthp58E72ZksRmToDFPfM1WCPKv91. This is an address in my Bitcoin Core wallet, running on my laptop, for which I control the private key. My client had been running all day and the blockchain was synced and up-to-date.

The instant that this amount was received into the above address (before the transaction was even confirmed) the entire amount was then sent to another address 1aa5cmqmvQq8YQTEqcTmW7dfBNuFwgdCD which I have never heard and do not have the private key for, something which I did not think was possible.

What the hell happened and where is my Bitcoin?
Jump to: