HELP! Mystery transaction/lost funds??

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: ddink7 on April 23, 2014, 02:14:57 PM

Quote from: DannyHamilton on April 23, 2014, 01:52:13 PM

This appears to be the result of using a faulty wallet program. What operating system are you accessing blockchain.info from? Are you using a web browser or an installed app?

When generating the necessary digital signatures to broadcast the transaction, the wallet re-used a value that is supposed to be unique for each signature. This allows a hacker to calculate the private key from the two signatures. This is one of the reasons that it is a good idea to always use a new address for every transaction. If the change had been sent to a new address (like the way Bitcoin Core handles change), then this attack wouldn't be possible.

Your 1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M address is listed here:

Quote from: johoe on April 23, 2014, 08:21:01 AM

Hello,

there has been a lot of reused R values in the signatures on the blockchain, recently. This exposed many private keys. After googleing the addresses, I think it is related to Counterparty (XCP). Here is a list of the exposed addresses in alphabetic order. Most keys were exposed very recently, i.e., in the last week.

If you own one of the following addresses, you should transfer the money to a fresh address (before someone else does it for you). Also figure out, which client has the bug that revealed the private key by reusing R values. Then notify the author of that tool.

- snip -
1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M
- snip -

THANK YOU SO MUCH!!!

I did indeed use Counterwallet with this address. It never even occurred to me that that could be the problem. I'm now applying for reimbursement.

And you should very well receive it.

ddink7

legendary

Activity: 1120

Merit: 1000

Quote from: DannyHamilton on April 23, 2014, 01:52:13 PM

This appears to be the result of using a faulty wallet program. What operating system are you accessing blockchain.info from? Are you using a web browser or an installed app?

When generating the necessary digital signatures to broadcast the transaction, the wallet re-used a value that is supposed to be unique for each signature. This allows a hacker to calculate the private key from the two signatures. This is one of the reasons that it is a good idea to always use a new address for every transaction. If the change had been sent to a new address (like the way Bitcoin Core handles change), then this attack wouldn't be possible.

Your 1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M address is listed here:

Quote from: johoe on April 23, 2014, 08:21:01 AM

Hello,

there has been a lot of reused R values in the signatures on the blockchain, recently. This exposed many private keys. After googleing the addresses, I think it is related to Counterparty (XCP). Here is a list of the exposed addresses in alphabetic order. Most keys were exposed very recently, i.e., in the last week.

If you own one of the following addresses, you should transfer the money to a fresh address (before someone else does it for you). Also figure out, which client has the bug that revealed the private key by reusing R values. Then notify the author of that tool.

- snip -
1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M
- snip -

THANK YOU SO MUCH!!!

I did indeed use Counterwallet with this address. It never even occurred to me that that could be the problem. I'm now applying for reimbursement.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

This appears to be the result of using a faulty wallet program. What operating system are you accessing blockchain.info from? Are you using a web browser or an installed app?

When generating the necessary digital signatures to broadcast the transaction, the wallet re-used a value that is supposed to be unique for each signature. This allows a hacker to calculate the private key from the two signatures. This is one of the reasons that it is a good idea to always use a new address for every transaction. If the change had been sent to a new address (like the way Bitcoin Core handles change), then this attack wouldn't be possible.

Your 1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M address is listed here:

Quote from: johoe on April 23, 2014, 08:21:01 AM

Hello,

there has been a lot of reused R values in the signatures on the blockchain, recently. This exposed many private keys. After googleing the addresses, I think it is related to Counterparty (XCP). Here is a list of the exposed addresses in alphabetic order. Most keys were exposed very recently, i.e., in the last week.

If you own one of the following addresses, you should transfer the money to a fresh address (before someone else does it for you). Also figure out, which client has the bug that revealed the private key by reusing R values. Then notify the author of that tool.

- snip -
1PNa9dZ3P3fVhx1uMCqJ4sEYmyhxnQNy3M
- snip -

ddink7

legendary

Activity: 1120

Merit: 1000

Quote from: Zebra on April 23, 2014, 11:35:55 AM

Quote from: ddink7 on April 23, 2014, 11:20:39 AM

Did somebody steal my private key for the "3M" address somehow, or is this just a weird "change" situation that is easily resolved. If somebody stole my coins, I wouldn't expect them to all sit at the "Taf" address...I would think they'd have been moved all around the block chain. Further, I don't really understand how somebody would steal/intercept my private key for the "3M" address. I use blockchain.info's wallet with a long ass password, a secondary password, AND two factor authentication. I don't have the private key stored anywhere on my computer, etc.

What happened???

Looks like someone has access to your account, and steal all your bitcoin.
Do you use the same password on other sites? Have you visited some suspicious links or download some suspicious files?

I use blockchain.info with two unique passwords and 2FA. Even if somebody somehow managed to get both passwords, the 2FA would thwart them. That's what's so confusing to me!

Zebra

hero member

Activity: 612

Merit: 500

Quote from: ddink7 on April 23, 2014, 11:20:39 AM

Did somebody steal my private key for the "3M" address somehow, or is this just a weird "change" situation that is easily resolved. If somebody stole my coins, I wouldn't expect them to all sit at the "Taf" address...I would think they'd have been moved all around the block chain. Further, I don't really understand how somebody would steal/intercept my private key for the "3M" address. I use blockchain.info's wallet with a long ass password, a secondary password, AND two factor authentication. I don't have the private key stored anywhere on my computer, etc.

What happened???

Looks like someone has access to your account, and steal all your bitcoin.
Do you use the same password on other sites? Have you visited some suspicious links or download some suspicious files?

ddink7

legendary

Activity: 1120

Merit: 1000

I appear to be missing just over 12.5 bitcoins.

The first is my actual send to MaidSafe. All appears well--the change address is "3M." Then, four hours later there's another transaction that sweeps the entire balance into "GTaf" which is an address that I don't control. The money is still sitting in "GTaf."

Then there's a very small transaction to "9qb" which also makes no sense.

Did somebody steal my private key for the "3M" address somehow, or is this just a weird "change" situation that is easily resolved. If somebody stole my coins, I wouldn't expect them to all sit at the "Taf" address...I would think they'd have been moved all around the block chain. Further, I don't really understand how somebody would steal/intercept my private key for the "3M" address. I use blockchain.info's wallet with a long ass password, a secondary password, AND two factor authentication. I don't have the private key stored anywhere on my computer, etc.

What happened???

Topic: HELP! Mystery transaction/lost funds?? (Read 1997 times)