Author

Topic: mycellium bug / exploit (Read 2007 times)

newbie
Activity: 6
Merit: 0
December 20, 2013, 02:12:33 PM
#1
DISREGARD USER ERROR Mod please delete

Edit: Figured this out. Friend clicked on the wrong address in his wallet and had me send funds to a compromised address http://www.reddit.com/r/Bitcoin/comments/1t07uw/i_made_my_own_laser_etched_wooden_cold_storage/ce30bp1

Yesterday I sent 0.0993 BTC to my friends phone and the funds never showed up. I am using an LG G2 with android 4.2.2 and the most recent mycellium and he has a nexus 5 with android 4.4 with the most up to date mycellium. My address is 15eoLGGEwnVyqUxY8yQrNKf6c8zM7Hqanh and his is  1KaPzW1GPpYMzYBVTbHQ2zaUNfaMhPfZiU.

According to blockchain.info the funds left his wallet a couple minutes before they even arrived. I am assuming that as soon as he generated the QR code a withdraw was placed for the exact amount. I can only assume that his private key was compromised. He had just generated that key minutes before we did that transaction.

I know those funds are gone I just want people to be aware that there could be a serious bug somewhere. The BTC ended up in this address 1Gbp4mLHPepB3FFmBphhNcyLNaYLFyHcxj which at one point had swept correct horse battery staple. This is very weird. Any insight into what just happened would be appreciated.

Edit: The address 1KaPzW1GPpYMzYBVTbHQ2zaUNfaMhPfZiU was not generated from a brain wallet. It was randomly generated inside of mycelium, and neither phone is rooted.

Edit: I cross posted this to reddit here is the link. http://www.reddit.com/r/Bitcoin/comments/1tcg43/mycelium_bug_exploit/

Edit: Figured this out. Friend clicked on the wrong address in his wallet and had me send funds to a compromised address http://www.reddit.com/r/Bitcoin/comments/1t07uw/i_made_my_own_laser_etched_wooden_cold_storage/ce30bp1
Jump to: