Author

Topic: Blockchain showing extra transaction sent that I did not authorize. Help! (Read 217 times)

HCP
legendary
Activity: 2086
Merit: 4361
Absolutely brilliant. The rescan worked and the transaction showed up. I was initially confused by the fact that the missing transaction was essentially the same as the transaction sent to the change address.
Excellent... glad you managed to get it showing up properly! Always concerning when unexpected things happen Wink


The fact that neither the sending or receiving addresses in the Bitcoin Core interface didn't show the new change address was also confusing and a little scary (I thought for a while that my wallet had randomly sent funds to someone else's address!!), but everything seems to be there and working as it should now.
Yes, Bitcoin Core likes to keep "change" addresses hidden from view... they're almost completely internal to the application and not easy to see. They won't show in the "Sending Addresses" nor "Receiving Addresses".

The only place I've seen them within the application is if you enable coin control and then click the "Inputs" button on the send tab... Also, if you use the getaddressinfo command, the "ischange" value will be true.

And of course if you use the dumpwallet command (not recommended as it risks exposing private keys etc), you can identify them based on the "hdkeypath" (should be m/0'/1'/...) and once "used", will change from reserve=1 to change=1)
newbie
Activity: 4
Merit: 6

Quote
Yes, you can use rescanblockchain command on the console (windows -> Console)... or you can shutdown Bitcoin Core then restart it with the -rescan parameter. That will force Bitcoin Core to rescan all the blocks on disk looking for transactions relating to your wallet.

If rescan fails to find the "missing" transaction, then you can try using -reindex and that will force Bitcoin Core to reindex all the blocks (so anything that is corrupted/missing will be redownloaded and rescanned etc).


NOTE: If your node is "pruned", rescan and/or reindex will force a redownload of everything!!

Absolutely brilliant. The rescan worked and the transaction showed up. I was initially confused by the fact that the missing transaction was essentially the same as the transaction sent to the change address. The fact that neither the sending or receiving addresses in the Bitcoin Core interface didn't show the new change address was also confusing and a little scary (I thought for a while that my wallet had randomly sent funds to someone else's address!!), but everything seems to be there and working as it should now.

Thanks for everyone's help!
HCP
legendary
Activity: 2086
Merit: 4361
The 3.5BTC, 0.4BTC transactions (that are showing) AND the 0.091BTC transaction that is not showing are on the SAME address - that's the part I can't figure out now. Blockchain explorer says it's there on the same address with the other transactions, but the wallet doesn't show it. And it was sent at a time that makes perfect sense as to why it might be missing from the wallet (i.e. sent 30 minutes before when it appears the backup wallet.dat that I'm using was created back in 2014), but I have no idea where to start as to how to retrieve it.

Is there a way for the wallet to manually search for a specific transaction to get the wallet to pick it up? It would royally suck to have to re-download the entire blockchain again! Am I correct in thinking that the several hundred GB of blockchain that I have downloaded is perhaps just a % of all transactions and that the 0.091BTC transaction is not part of that % and that's why it's missing from the wallet?
Yes, you can use rescanblockchain command on the console (windows -> Console)... or you can shutdown Bitcoin Core then restart it with the -rescan parameter. That will force Bitcoin Core to rescan all the blocks on disk looking for transactions relating to your wallet.

If rescan fails to find the "missing" transaction, then you can try using -reindex and that will force Bitcoin Core to reindex all the blocks (so anything that is corrupted/missing will be redownloaded and rescanned etc).


NOTE: If your node is "pruned", rescan and/or reindex will force a redownload of everything!!
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
At the risk of compromising your privacy: any chance you can PM me the addresses? I can't really make sense of what you're saying so I'm hoping this will help.
newbie
Activity: 4
Merit: 6

Quote
It's on a different address, right?

The 3.5BTC, 0.4BTC transactions (that are showing) AND the 0.091BTC transaction that is not showing are on the SAME address - that's the part I can't figure out now. Blockchain explorer says it's there on the same address with the other transactions, but the wallet doesn't show it. And it was sent at a time that makes perfect sense as to why it might be missing from the wallet (i.e. sent 30 minutes before when it appears the backup wallet.dat that I'm using was created back in 2014), but I have no idea where to start as to how to retrieve it.

Is there a way for the wallet to manually search for a specific transaction to get the wallet to pick it up? It would royally suck to have to re-download the entire blockchain again! Am I correct in thinking that the several hundred GB of blockchain that I have downloaded is perhaps just a % of all transactions and that the 0.091BTC transaction is not part of that % and that's why it's missing from the wallet?

Quote
Any address will (slightly) compromise your privacy. Be careful what you enter in console though.
Got it!

Quote
If you're holding 4 BTC in a hot wallet, you should probably improve on that! It's now worth a small fortune or at least a very nice car. Cold storage is the way to go (but don't do this unless you're absolutely certain you know what you're doing).
And after you've moved your Bitcoins out of your current wallet, don't forget you hold (at current value) about $2500 worth of Forkcoins. But don't bother touching them before moving your Bitcoins to a new wallet (you don't want to risk them).

Will do! Back to memory sticks after I've figured this out! And will try and figure out how to access the forkcoins. That's great news. Thanks so much for your help.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
So I guess the new question then is: how do you recover a transaction that was sent in March of 2014 to an address on a wallet that holds the rest of the transactions to that address if the blockchain isn't syncing it up with the wallet even with Bitcoin Core fully downloaded/synced?
It still sounds (a bit) like a synchronization problem.

Quote
showing as sent / unspent to the same address as the 3.5 and 0.4BTC
It's on a different address, right?

Quote
Also, is anything (other than a private key/encryption phrase of course) not safe to show as a screenshot?
Any address will (slightly) compromise your privacy. Be careful what you enter in console though.



If you're holding 4 BTC in a hot wallet, you should probably improve on that! It's now worth a small fortune or at least a very nice car. Cold storage is the way to go (but don't do this unless you're absolutely certain you know what you're doing).
And after you've moved your Bitcoins out of your current wallet, don't forget you hold (at current value) about $2500 worth of Forkcoins. But don't bother touching them before moving your Bitcoins to a new wallet (you don't want to risk them).
newbie
Activity: 4
Merit: 6
OK, that's SUPER helpful. Listunspent showed the following:

1. The original 3.5 and 0.4 BTC on the original "1" address.
2. It also showed 0.09BTC on the new "b" address!!
So it sounds like that is just a new change address and the funds from that transaction are still on the wallet. Good news I guess!

But it sounds like the 0.09BTC* that was sent 30 minutes before the wallet.dat backup back in 2014 that I'm now using is still missing though. That transaction is still on the blockchain and showing as sent / unspent to the same address as the 3.5 and 0.4BTC, it just isn't showing up on my wallet! Any ideas as to what to do about that?

So I guess the new question then is: how do you recover a transaction that was sent in March of 2014 to an address on a wallet that holds the rest of the transactions to that address if the blockchain isn't syncing it up with the wallet even with Bitcoin Core fully downloaded/synced?

*it's actually 0.091BTC but I rounded earlier which now knowing that the change address with the 0.09BTC that was sent 2 weeks ago IS actually on the wallet explains why the blockchain is 0.001 off what the wallet now says so that question is answered.

Also, is anything (other than a private key/encryption phrase of course) not safe to show as a screenshot?

Thanks again for all the help!



member
Activity: 79
Merit: 28
Please post a link of the transaction so I get a better picture of how the transaction was structured and what exactly happened.

I think I know what happend. Your wallet created an transaction with an output of 0.1 bitcoins. 0.01 went as you told to coinbase, and change of 0.09 went back to you. With a new type of address which starts with "bc1". Thats an Segwit (Bech32) address (https://en.bitcoin.it/wiki/Bech32, https://en.wikipedia.org/wiki/SegWit). Which is the usual address generated in newer bitcoin core versions. The strange part is that usually the change gets back to the original input address (from which you sended). But the change output from the transaction to coinbase of 0.09 should be in your wallet and can be spend normally for further transactions.

Run this command on your bitcoin core node (in case your running linux):

./bitcoin-cli listunspent

Or on bitcoin qt in console:

listunspent

And look if you can see the segwit bech32 ("bc1") address

{
    "txid": "c55919c258a54b379be11db77d55adf4ce97af2cd7bd33d38921472f79fbdcff",
    "vout": 0,
    "address": "bc1qa0zulvqv6ggtd7aeu96lsajd0k6xc9pg7ryw02",
    ....
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
4. There were transactions of 0.1BTC, 3.5BTC and .4BTC received by the wallet in 2014 a couple of weeks before the wallet.dat appears to have been created.
~snip~
9. HOWEVER, the blockchain shows that an addition 0.09 was sent to a random address (that looks like a new address - it starts with a "b" whereas all the older ones start with a "1"). The wallet balance and the blockchain balance are now very similar (just 0.001 off) but still not exactly the same.

The 0.09 BTC (minus fees) should be the change from the 0.1 input and 0.01 output (sent to coinbase).
The change should be sent to another address from inside your wallet. Just I don't know why the change address is bc1* instead of legacy 1*...
Maybe somebody can clear that up. Until then you better don't send more transactions (and backup THIS wallet dat, after the transaction)
newbie
Activity: 4
Merit: 6
I will try and explain my situation as clearly as possible, but let me know if you need any follow up info. Any help would be greatly appreciated!

1. Bitcoin OG here, got Gox'd and Cryptsy'd and (mostly) took a break from crypto for a few years. I still have an old wallet from early 2014 with a few BTC on it. The wallet.dat is a backup of the original wallet I probably don't have anymore.

2. I have the latest version of Bitcoin Core (0.20.1), upgraded from a 2017 version (0.15.1 or something like that) recently.

3. As of a couple of weeks ago, the wallet showed a balance of 4BTC. Blockchain shows a balance of 4.09BTC (!)

4. There were transactions of 0.1BTC, 3.5BTC and .4BTC received by the wallet in 2014 a couple of weeks before the wallet.dat appears to have been created.

5. According to blockchain.com, there was an additional transaction of 0.09BTC that appears to have been sent to the same address on the wallet about 30 minutes before the wallet.dat backup was created. I'm guessing this was me emptying an account before putting the wallet in cold storage onto a memory stick. This transaction did NOT show up in the wallet even though it appeared to have fully synced before I used the wallet again with Bitcoin Core a couple of weeks ago.

I probably made a mistake here by doing this but... 
7. I sent a small transaction of 0.01BTC to Coinbase just to see if it was working a week ago. 

8. The 0.01BTC was received by Coinbase (great!), and showed on the wallet that 0.01BTC was sent.

9. HOWEVER, the blockchain shows that an addition 0.09 was sent to a random address (that looks like a new address - it starts with a "b" whereas all the older ones start with a "1"). The wallet balance and the blockchain balance are now very similar (just 0.001 off) but still not exactly the same.

10. I looked in the logs in Bitcoin Core and indeed there is a line that says "CTxOut(nValue=0.09000000" above the other line for where the 0.01BTC was sent (minus the fee) i.e. "CTxOut(nValue=0.00997324". BUT I ONLY TOLD THE WALLET TO SENT 0.01BTC (minus the fee), and the wallet only shows 0.01BTC being sent. Very bizarre!

11. Blockchain now shows that from the first 0.1BTC transaction made, all of it is spend (I've only sent 0.01BTC, but according to the blockchain, the other 0.09BTC was also "spent" from that original 0.1BTC transaction).

12. The 0.09BTC in the new address that I did not send does not appear to have been "spent". Do I have access to that somehow???

QUESTIONS:

What's going on?!!! Where did the 0.09BTC go, and can I get it back?

Why didn't the 0.09BTC transaction sync up when I finished downloading the blockchain? (Before I finished downloading the blockchain I hypothesized that it just wasn't fully confirmed before the backup wallet I'm now using was created which would explain why it wasn't on the wallet originally)

Is there anything fishy going on? I would have had the old 0.15 version of Bitcoin core running for a bit before realizing I needed to upgrade to 0.20.1. Could this have caused an issue?

Can I still use this wallet? I'm nervous that if I make another transaction it will send coins to a random address again!!

Thanks in advance for any insight!
Jump to: