Pages:
Author

Topic: funds immediately leaving electron wallet after receiving from TestNet faucet (Read 301 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
[...]
Theoretically speaking too, I think that if you don't run a full node, it is bound to have some troubles sooner or later. As far as I know, Bitcoin nodes have a banlist of "misbehaving nodes", which are nodes that relay invalid transactions and/or spam the mempool. An attacker could try to have your bot blacklisted by blacklisting his own node, which can happen by just feeding the mempool with invalid or valid but already made transactions. If your bot doesn't verify transactions, it's going to broadcast them repeatedly.
legendary
Activity: 3472
Merit: 10611
I'm theorycrafting here but I don't see any reason to actually run a full node (or pruned node) because the goal is to monitor the mempool not to verify blocks or transactions or even keep the mempool, relay stuff, etc.
Worse case scenario is that you receive an invalid transaction and when spending that the nodes reject your tx.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Weird, but not that surprising. In past, there are shady ICO/airdrop which give people worthless token in exchange for Bitcoin testnet.
What's weird? Worthless token can be exchanged equally with another worthless token.  Wink

That's good point, but i expect you could run such bot that with pruned node to lower operational cost. ZeroMQ also could be used to notify new transaction on mempool to your own script/application, which eliminate the need of wallet.dat which contain lots of address.
Exactly. You don't need to handle the entire chain, only enforce the consensus rules on mempool transactions, which requires to have verified the entire chain.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
[...]
But it largely depends on this known list. Does it include all locking scripts whose unlocking scripts are known? Does it contain all addresses whose private keys are revealed, such as known brain wallets? Does it contain bitcoin-key-words, such as all block hashes, transaction IDs etc.? Does it contain predictable private keys such as k=1, k=2, k=3 etc.? From those, how large is the predictable private key range? It could be [1, 2^32]. Increase the exponent by 1, and you've approximately doubled the work. Then, you have a full node that must run 24/7.

A good bot should have some good infrastructure.
legendary
Activity: 3472
Merit: 10611
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.
I wonder how much it costs to run something like that 24/7. Maybe it could be run on some sort of free VPS service considering that running such a "bot" shouldn't take up that much resources. All it takes is a list of keys, a tx signing library and a remote SPV server (like Electrum nodes) to subscribe to and listen for incoming transactions to "steal". There is no need for blockchain or blockheaders, wallet history, etc. either.
legendary
Activity: 2380
Merit: 5213
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.
Right. With stealing testnet coins, the hacker actually warns about using a fake version of electrum. No hacker would do that.


Did you try out some brainwallet, or used a locking script which has a publicly known unlocking script? There are some bots that search for known private keys in the mempool and withdraw any sent coins immediately.
OP already said that he/she generated the private keys through a brainwallet and used so simple words. See this post.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
If you did not verify the Electrum binary's authenticity, then you probably have a fake copy and that is probably why you are losing coins instantly. I always check that all the GPG signatures match before using a new version of Electrum.
Which is pretty weird, because thieves aren't known for stealing testnet bitcoins.

I'm afraid you've just generated your private key improperly. Did you try out some brainwallet, or used a locking script which has a publicly known unlocking script? There are some bots that search for known private keys in the mempool and withdraw any sent coins immediately.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Am I missing something with this procedure?

You have to check the authenticity of the Electrum download using GPG. There is a guide for doing that at https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594

If you did not verify the Electrum binary's authenticity, then you probably have a fake copy and that is probably why you are losing coins instantly. I always check that all the GPG signatures match before using a new version of Electrum.
newbie
Activity: 17
Merit: 4
Merit?
What do you mean?

No, I have over 30 years of experience developing software, it just I just started with blockchain, and the only way I know to learn it's just by doing.
this is why I'm doing the wallet from scratch (almost, I'm using the NBitcoin library, but I'm planning to replace it as soon as I have a stable wallet)

legendary
Activity: 3374
Merit: 3095
BTC price road to $80k
Why would you generate your wallet from brain wallet this is already discuss here it is not safe to generate from brain wallet.
If you want to generate a safe wallet then let the Electrum generate a wallet for you.
Let see if you can still experience that issue after you generate wallet from Electrum and receive testnet coins from faucet.


It shows that I'm a newbie :-)
Thanks

If you think that you are not a newbie what is the purpose of creating this thread? Is that for merit?
legendary
Activity: 3472
Merit: 10611
It shows that I'm a newbie :-)
Thanks
If you know this then maybe it is not such a good idea to create your own wallet, even if you are using an existing library because you will end up with serious security flaws that you may not even notice.
Hope you are just experimenting.
newbie
Activity: 17
Merit: 4
It shows that I'm a newbie :-)
Thanks
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
I think I've figured out the problem and it's not what you think :-)
let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".
That's because you didn't mentioned it in the first place.
If so, anyone would figure that it's the problem since it's the very issue why brainwallet was discontinued.
Even if it's a complex set of phrase (actual phrase, not random words) or small set of random words, the outcome would be the same.

For reference, there's list of cracked brainwallets: https://bitcointalksearch.org/topic/collection-of-18509-found-and-used-brainwallets-4768828
newbie
Activity: 17
Merit: 4
I think I've figured out the problem and it's not what you think :-)
let me give you a little bit of background:
In order to crate a this particular wallet I was using "Brain wallets" (which is basically a sha-256 of a text), but I was using simple words like "black" and "white".
I think this simple "words" are part of a databases of "simple" KEYS, which could be easily generated from any source of "public common passwords".

What I think happened is that somebody is "scanning" the "memory pool" of the block chain for any money going to those addresses and immediately run a Vin on those, and they are using the TestNetwork to "test it" :-)

In order to test this "theory" this time I've created a trully random KEY and copy and pasted into the Electron wallet (via WIF) and nothin happened.

I appreciate the comments,

For those that asked for the link to the source code I didn't poste them because it's currently connecting to a "Bitcoin Explorer" that i'm developing (in conjunction with the wallet) an is in my internal network.
As soon as it's stable enough I plan to put it public

Thanks again for all the support.
Grate community !!
legendary
Activity: 3472
Merit: 10611
I've created another public KEY, this time I didn't even look at the prive key.
i've created on the wallet that I'm developing using NBitcoin library.
I'm compiling everything from source code
The public address is "mwT5PqSoLCeojDhghhBdXFCMMwGYxb34Ge"
Did you check the private key to see if it is actually created randomly (convert to hex, it makes it easier to see)?
Maybe the code you wrote has some flaw in it when it calls the RNG and creates a non-random key which some bot is already watching to steal its funds right away.

P.S. you don't need to reinstall everything, you could just download a Linux distro like Ubuntu, burn it on a DVD or create a live USB disk and run that OS live (without installation). Then you could use VS code to compile your code for Linux inside that live OS and run it again to see if the same problem occurs.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Here is what you need to do to know the source of the problem:
Create a new wallet with Electrum not with the wallet you are developing. Send it some test coins then see if those coins will be moved.
This simple test will help you figure out whether the issue is with your device/Electrum or with the wallet you are developing.
legendary
Activity: 3374
Merit: 3095
BTC price road to $80k

1- I'll reinstall a fresh copy of iOS on an old mac laptop that I happened to have
2- download from Microsoft .NET dev kit.
How old your macbook is? If its old with old IOS version 10.12 below electrum will not work properly.

Why would you install Microsoft .net it seems that you are following other guides related to windows 7?

Check this "How to install Electrum in Mac OS x"

Do you have other device with Windows OS?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
3 - post the source code of my wallet on GitHub

I don't know what you mean by this, can you elaborate?

4 - download on the "fresh" computer the code from GitHub

Are you doing this through the terminal, or are you downloading using a web browser?  Either way, can you share the link where the download is coming from?

5 - compile, run and create a new "one address wallet"
6 - request some test coins.
7 - examine result.

Since you mentioned "Electron," can you confirm if that was a typo?  The reason I ask, Electron Cash is the Electrum fork designed to be used with Bitcoin Cash (BCH,) not Bitcoin (BTC.)  I'm wondering if you're confused about the two.  Bitcoin Cash is not bitcoin, but the scammer behind that fork intentionally tries to cause confusion between the two coins.
newbie
Activity: 17
Merit: 4
First of all I really appreciate all the feedback and responses.
This is what I'll try next in order to rule out any posible compromised software/hardware.

1- I'll reinstall a fresh copy of iOS on an old mac laptop that I happened to have
2- download from Microsoft .NET dev kit.
3 - post the source code of my wallet on GitHub
4 - download on the "fresh" computer the code from GitHub
5 - compile, run and create a new "one address wallet"
6 - request some test coins.
7 - examine result.

Am I missing something with this procedure?
Could this be compromise in any way?

This will take me some time but I'll post my results as soon as I have them

Thanks
legendary
Activity: 2380
Merit: 5213
On the bright side we can rule out "a compromised" Electrum (which by the way I did downloaded from the official site + verified the signature)
If your wallet isn't compromised and you are sure that you have downloaded electrum from the official website, maybe it's your device which is compromised.
Can you try creating a new wallet on a different device and check whether the same thing happens or not?
Pages:
Jump to: