Author

Topic: Bitcoin Wallet Trojan? (Read 900 times)

newbie
Activity: 25
Merit: 0
March 27, 2013, 11:08:45 AM
#5
Hi Danny,

thank you, forgot to reply.

legendary
Activity: 3472
Merit: 4801
February 22, 2013, 11:33:25 AM
#4
With the way bitcoin works, you can't partially spend a previous output that you received.  It has to be completely spent.  So, if you receive 10 BTC all in a single transaction from someone/somewhere at an address, then that address now has a single 10 BTC output.

Later if you want to send 2 BTC to somebody, the program can use the previous 10 BTC output as an input into the transaction, and create a 2 BTC output to the address where you want to send it.  This leaves 8 BTC leftover in the transaction.  If you don't send those 8 BTC somewhere, then they become miner fees and end up in the coinbase transaction of the new block for the miner to keep.  If you don't want to give those 8 BTC away as fees to the miner, then you need to include a second output in your transaction sending the 8 BTC back to your own wallet.  As an analogy, think of pulling a $10 bill out of your pocket to pay for something that costs $2, you get $8 back in "change".

The way Bitcoin-Qt does this is to create a new bitcoin address that it doesn't tell you about and keep track of that address and the associated private key in your wallet.dat.  Since this isn't an address that you requested in the "Receive Coins" tab of the user interface, it doesn't show up in that list.  Bitcoin-Qt knows about the address since it is in the wallet.dat file, so it includes it in the balance that it shows you.  Bitcoin-Qt uses a new change address for every transaction.  So if you create 10 different transactions, each sending bitcoins somewhere, then your wallet will have used 10 different change addresses (although some of them may be empty if Bitcoin-Qt used the bitcoins associated with some of those address as inputs into other transactions).
legendary
Activity: 2271
Merit: 1363
February 22, 2013, 09:39:58 AM
#3
Warning this is a very suspicious website!

No , it isnt.

The nyud.net belongs to http://www.coralcdn.org/ and it is just a cache.
newbie
Activity: 37
Merit: 0
February 22, 2013, 09:35:33 AM
#2
Warning this is a very suspicious website!
newbie
Activity: 25
Merit: 0
February 22, 2013, 09:33:44 AM
#1
Hi,

this address is strange, the last two transactions go to multiple addresses, why?

http://blockchain.info.nyud.net/en/address/12yt6cH8j2Hng5EeG8Y98WCxwypM5w8wkD

How do you interpret the last two transactions? I only sent to a single address each time.

Might it be a Bitcoin Wallet Trojan?
Jump to: