Author

Topic: Stolen bitcoins from bitaddress.org generated address (Read 2225 times)

hero member
Activity: 742
Merit: 502
Circa 2010
Clearly it's either something on your phone/computer - I'd be more inclined to go with your phone. Android isn't exactly the safest system - are you rooted/jail broken? Have you installed any shady apps recently? I would say if you want to generate secure keys to have an offline computer running on a liveCD of your favourite linux distro and run Electrum/bitaddress.
newbie
Activity: 56
Merit: 0
I think it is a keyboard logger records your input too, you should definitely use a safer computer to store your bitcoins.
newbie
Activity: 30
Merit: 0
I dug into the bitaddress code myself and it's pretty secure. Maybe you have a suspicious chrome/firefox extension which interferes with the site?
member
Activity: 70
Merit: 10
If you do not EXCLUSIVELY own the private key you do not EXCLUSIVELY own the wallet!

Make your wallet and keys with the official client software only and set a wallet password!

Bitcoin: https://bitcoin.org/en/choose-your-wallet

Litecoin: https://litecoin.org/

You cannot trust third parties with your wealth, what you did is like asking a stranger in the street to hold your wallet for you!  Roll Eyes


So you dont trust Armory or Electrum bitcoin software?
hero member
Activity: 490
Merit: 500
If you do not EXCLUSIVELY own the private key you do not EXCLUSIVELY own the wallet!

Make your wallet and keys with the official client software only and set a wallet password!

Bitcoin: https://bitcoin.org/en/choose-your-wallet

Litecoin: https://litecoin.org/

You cannot trust third parties with your wealth, what you did is like asking a stranger in the street to hold your wallet for you!  Roll Eyes
member
Activity: 70
Merit: 10
I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk

0.0001 is not enough. Thief will get nothing after transaction fee. Send at least 0.005 to test.

I understand you might think you are basically throwing money away, but there is a need to know for certain, wouldn't you agree?  Embarrassed
Actually I sent 0.0001 to the first address and they did try to steal that also. https://blockchain.info/address/1445yAxtqySV4weaYU51tZvCkkzF2E4qAs
hero member
Activity: 672
Merit: 500
I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk

0.0001 is not enough. Thief will get nothing after transaction fee. Send at least 0.005 to test.

I understand you might think you are basically throwing money away, but there is a need to know for certain, wouldn't you agree?  Embarrassed
member
Activity: 70
Merit: 10
I believe your phone could be the weak link. Android itself is relatively secure. If you have installed doggy apps on your android phone before, there is a high possibility that your phone is compromised.

You can test the vulnerability by creating 2 more addresses, one online and one offline. Then import both into your phone. Send small amounts to both addresses. If both got snagged, it's the phone. If the online address got snagged, it the computer.

I just did a test. There was another address that I had created and printed at the same time that I created and printed the address in question. I sent a small amount of btc to it and nothing was stolen. I then scanned it with my mycelium app and still the btc is still there. you can see here. https://blockchain.info/address/1Kf3zFGuPAdFCAa3euGn2bgKPMnJ5itMgk
hero member
Activity: 672
Merit: 500
I believe your phone could be the weak link. Android itself is relatively secure. If you have installed doggy apps on your android phone before, there is a high possibility that your phone is compromised.

You can test the vulnerability by creating 2 more addresses, one online and one offline. Then import both into your phone. Send small amounts to both addresses. If both got snagged, it's the phone. If the online address got snagged, it the computer.
member
Activity: 70
Merit: 10
I also noticed, when I search my address in question on blockchain.info, it says this at the top of the page "Warning! this bitcoin address contains transactions which may be double spends. You should be extremely careful when trusting any transactions to or from this address." What does this mean?
member
Activity: 70
Merit: 10
Maybe they have a key logger setup next time make a password with ease of access and use ur mouse as a keyboard.


I also forgot to mention, the wallet was created on a computer running Ubuntu 13.10.
legendary
Activity: 1736
Merit: 1001
Maybe they have a key logger setup next time make a password with ease of access and use ur mouse as a keyboard.
member
Activity: 70
Merit: 10
I just got my Gridseed g-blade miner in yesterday and started mining pretty much immediately. I decided to mine on clevermining.com. I wanted to keep a record of my earnings for the new miner, so I thought I would generate a new address to have the bitcoin earnings sent to. I used bitaddress.org to create the address. I did not do this from an offline computer. I didnt feel the need to do this as after each daily payout, I would transfer the coin to another more secure wallet. So a couple hrs ago I got my first payout to the new address and immediately they were stolen and sent to another address. You can see here https://blockchain.info/address/1445yAxtqySV4weaYU51tZvCkkzF2E4qAs. Here are the exact steps that I took in creating the wallet:
1.went to the bitaddress.org website and created a wallet key pair. (computer wasnt offline)
2.I then printed out the wallet on my network printer (I know, also another unsecure point)
3. I then used my android Mycelium app to scan the private key and add it to my working wallet list in the app.

Where is the most likely point where the thief gained access to my private key?
Jump to: