Stuck Transactions since Feb 18, 2023 and all solutions failed

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Bitcoin_Arena on November 06, 2023, 08:25:36 PM

Quote from: Cricktor on November 06, 2023, 08:10:38 PM

@Bitcoin_Arena
Where on https://www.arkhamintelligence.com/ is this tool you used and is it usable for free to some minor extend?

It's a tracer, You will see it at the top of your dashboard once you sign up. Just like a block explorer, the tool is free if you know what to do. But OP can create a bounty in the platform and other people will do the tracing for him in exchange for an incentive (paid in ARKM tokens)

Alternatively, he can try other contacting other blockchain analysis services like Chainlysis at a price.

it's a good idea i'll told him about bounty on the scammer

Bitcoin_Arena

copper member

Activity: 2016

Merit: 1783

฿itcoin for all, All for ฿itcoin.

Quote from: Cricktor on November 06, 2023, 08:10:38 PM

@Bitcoin_Arena
Where on https://www.arkhamintelligence.com/ is this tool you used and is it usable for free to some minor extend?

It's a tracer, You will see it at the top of your dashboard once you sign up. Just like a block explorer, the tool is free if you know what to do. But OP can create a bounty in the platform and other people will do the tracing for him in exchange for an incentive (paid in ARKM tokens)

Alternatively, he can try other contacting other blockchain analysis services like Chainlysis at a price.

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Cricktor on November 06, 2023, 08:10:38 PM

Quote from: kitobaysoz on November 06, 2023, 07:40:26 PM

yes 500,000 dollars in total

Don't say ~~you~~ your client accepted a bunch of unconfirmed transactions worth $500k without some basic Bitcoin transaction knowledge (and RBF in particular which basically allows arbitrary redirection of coins to other destination address(es) for RBF enabled unconfirmed transactions).
Of course does a replacement transaction invalidate its predecessor transaction which the blockchain.com explorer only half-heartedly indicates (I guess the malicious actor used the blockchain.com explorer on purpose).

The likely perpetrator could've pretended to "send ~~you~~ your client" a sum of coins worth $500k with much much less of that amount because he reused a lower amount of coins again and again and again. It seems ~~you~~ someone took the bait.

@Bitcoin_Arena
Where on https://www.arkhamintelligence.com/ is this tool you used and is it usable for free to some minor extend?

my client is too old i think he is above 70 years old and the threat actor was telling him all that months that the problem is from his account (my client account)

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: kitobaysoz on November 06, 2023, 07:40:26 PM

yes 500,000 dollars in total

Don't say ~~you~~ your client accepted a bunch of unconfirmed transactions worth $500k without some basic Bitcoin transaction knowledge (and RBF in particular which basically allows arbitrary redirection of coins to other destination address(es) for RBF enabled unconfirmed transactions).
Of course does a replacement transaction invalidate its predecessor transaction which the blockchain.com explorer only half-heartedly indicates (I guess the malicious actor used the blockchain.com explorer on purpose).

The likely perpetrator could've pretended to "send ~~you~~ your client" a sum of coins worth $500k with much much less of that amount because he reused a lower amount of coins again and again and again. It seems ~~you~~ someone took the bait.

@Bitcoin_Arena
Where on https://www.arkhamintelligence.com/ is this tool you used and is it usable for free to some minor extend?

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Bitcoin_Arena on November 06, 2023, 07:51:52 PM

Quote from: kitobaysoz on November 06, 2023, 07:18:02 PM

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

If your client can afford to use one of those crypto tracing services, then I suggest he uses them to trace the last known address of that scammer
I just did a quick look through using Arkham and after along trail, I ended up with two address, One depositing to a remitano address and the other to a Binance address.

This is a screenshot of part of the trail

Please hire an expert.

https://talkimg.com/images/2023/11/06/tjAXo.png

any recommendations for hiring an expert like contact or website

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Bitcoin_Arena on November 06, 2023, 07:51:52 PM

Quote from: kitobaysoz on November 06, 2023, 07:18:02 PM

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

If your client can afford to use one of those crypto tracing services, then I suggest he uses them to trace the last known address of that scammer
I just did a quick look through using Arkham and after along trail, I ended up with two address, One depositing to a remitano address and the other to a Binance address.

This is a screenshot of part of the trail

Please hire an expert.

https://talkimg.com/images/2023/11/06/tjAXo.png

what should i search for at Arkham to get the same results you got

Bitcoin_Arena

copper member

Activity: 2016

Merit: 1783

฿itcoin for all, All for ฿itcoin.

Quote from: kitobaysoz on November 06, 2023, 07:18:02 PM

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

If your client can afford to use one of those crypto tracing services, then I suggest he uses them to trace the last known address of that scammer
I just did a quick look through using Arkham and after along trail, I ended up with two address, One depositing to a remitano address and the other to a Binance address.

This is a screenshot of part of the trail

Please hire an expert.

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Cricktor on November 06, 2023, 07:35:09 PM

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

There is a chain of addresses/transaction after that address in a short time frame. It appears as though the person was trying to hide the transaction trail.

Such a chain of transactions in a short time frame which move coins from just 1 input to 1 output is barely hiding anything. For such a 1 input to 1 output transaction without using any change address there's quite some likelyhood that both input and output belong to the same individual. Such a simple coin movement chain just wastes coins in fees and only hides something for bitcoin noobs.

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

How did you end up in this situation, was the “client” trying to pay you for some goods or services?

That sparked my interest, too, as I came to the same conclusion as hosseinimr93 in his post

Quote from: hosseinimr93 on November 06, 2023, 06:22:16 PM

...

I immediately saw that the Tx 54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70 had RBF enabled and a very low transaction fee to keep the transaction as long as possible unconfirmed. This screamed for a later replacement transaction by the scammer that denied the coins for the OP. It's likely that the malicious individual did this trick multiple times, maybe even with the OP as when you follow the chain of transactions this actor topped up coins and likely did the RBF trick multiple times (I didn't analyse it 'til the end, gave up after some lengthy chain of transactions over multiple days).

the client didn't share with me that much details about what he was paying for or what was happening exactly

holy shitttt

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: hosseinimr93 on November 06, 2023, 07:24:28 PM

Quote from: ?? on ??

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

You are right.
The scammer replaced the transaction that had been made to you with a new one and the address which received the fund in the replacement transaction is probably owned by the scammer.

Quote from: kitobaysoz on November 06, 2023, 07:09:23 PM

so how i can find the address that the scammer add to get the coins?

As stated by Bitcoin_Arena, the fund was moved between many other addresses to make tracing the fund difficult.

Quote from: kitobaysoz on November 06, 2023, 07:18:02 PM

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

500,000 dollars?

yes 500,000 dollars in total

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

There is a chain of addresses/transaction after that address in a short time frame. It appears as though the person was trying to hide the transaction trail.

Such a chain of transactions in a short time frame which move coins from just 1 input to 1 output is barely hiding anything. For such a 1 input to 1 output transaction without using any change address there's quite some likelyhood that both input and output belong to the same individual. Such a simple coin movement chain just wastes coins in fees and only hides something for bitcoin noobs.

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

How did you end up in this situation, was the “client” trying to pay you for some goods or services?

That sparked my interest, too, as I came to the same conclusion as hosseinimr93 in his post

Quote from: hosseinimr93 on November 06, 2023, 06:22:16 PM

...

I immediately saw that the Tx 54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70 had RBF enabled and a very low transaction fee to keep the transaction as long as possible unconfirmed. This screamed for a later replacement transaction by the scammer that denied the coins for the OP. It's likely that the malicious individual did this trick multiple times, maybe even with the OP as when you follow the chain of transactions this actor topped up coins and likely did the RBF trick multiple times (I didn't analyse it 'til the end, gave up after some lengthy chain of transactions over multiple days).

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: ?? on ??

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

You are right.
The scammer replaced the transaction that had been made to you with a new one and the address which received the fund in the replacement transaction is probably owned by the scammer.

Quote from: kitobaysoz on November 06, 2023, 07:09:23 PM

so how i can find the address that the scammer add to get the coins?

As stated by Bitcoin_Arena, the fund was moved between many other addresses to make tracing the fund difficult.

Quote from: kitobaysoz on November 06, 2023, 07:18:02 PM

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

500,000 dollars?

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

Quote from: ?? on ??

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

There is a chain of addresses/transaction after that address in a short time frame. It appears as though the person was trying to hide the transaction trail.

How did you end up in this situation, was the “client” trying to pay you for some goods or services?

there is alot of transactions worth in total about 500k has the same condition so we need to get the final address that the scammer used

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Bitcoin_Arena on November 06, 2023, 06:57:49 PM

Quote from: ?? on ??

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

There is a chain of addresses/transaction after that address in a short time frame. It appears as though the person was trying to hide the transaction trail.

How did you end up in this situation, was the “client” trying to pay you for some goods or services?

no i am cybersecurity engineer and i was conducting a pen test for my client so he asked if i can help him in investigating this case so it's just a favor for my client, so how i can find the address that the scammer add to get the coins?

Bitcoin_Arena

copper member

Activity: 2016

Merit: 1783

฿itcoin for all, All for ฿itcoin.

Quote from: ?? on ??

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

There is a chain of addresses/transaction after that address in a short time frame. It appears as though the person was trying to hide the transaction trail.

How did you end up in this situation, was the “client” trying to pay you for some goods or services?

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: hosseinimr93 on November 06, 2023, 06:22:16 PM

The pending transaction will be never confirmed and the balance displayed by your wallet is wrong.

Here is the transaction displayed in you wallet.
54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
17G4XNws9K3iZ632TK7nBvxi1MsXzmSb6x 0.04036433 BTC bc1q4acc4qc20cgy4qsaapqpf263h4k3fgkgtgy4qy 0.00425273 BTC

One of the receiving addresses must be owned by you.

The same coins were used in the following transaction.
7b3f4a78671299347caac578fdc1bb4b137defc825268e16d334c6325142b4ec

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s 0.04459940 BTC

Since this transaction has been confirmed, the first one will be never confirmed.

yeah that address is mine 17G4XNws9K3iZ632TK7nBvxi1MsXzmSb6x

Quote from: hosseinimr93 on November 06, 2023, 06:22:16 PM

The pending transaction will be never confirmed and the balance displayed by your wallet is wrong.

Here is the transaction displayed in you wallet.
54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
17G4XNws9K3iZ632TK7nBvxi1MsXzmSb6x 0.04036433 BTC bc1q4acc4qc20cgy4qsaapqpf263h4k3fgkgtgy4qy 0.00425273 BTC

One of the receiving addresses must be owned by you.

The same coins were used in the following transaction.
7b3f4a78671299347caac578fdc1bb4b137defc825268e16d334c6325142b4ec

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s 0.04459940 BTC

Since this transaction has been confirmed, the first one will be never confirmed.

so this is the address of the scammer address bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s right?

hosseinimr93

legendary

Activity: 2380

Merit: 5213

The pending transaction will be never confirmed and the balance displayed by your wallet is wrong.

Here is the transaction displayed in you wallet.
54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
17G4XNws9K3iZ632TK7nBvxi1MsXzmSb6x 0.04036433 BTC bc1q4acc4qc20cgy4qsaapqpf263h4k3fgkgtgy4qy 0.00425273 BTC

One of the receiving addresses must be owned by you.

The same coins were used in the following transaction.
7b3f4a78671299347caac578fdc1bb4b137defc825268e16d334c6325142b4ec

From:
bc1ql865tdg9tjhrd5ec4tqs5jv4caaah06gujtpe9 0.02434293 BTC bc1ql3r6y0anjyzz4zfvxwy8zfxfhj9jdz9hxz0um3 0.02027627 BTC

To:
bc1qergs08g635azsy6fnfggnpqs2hpme6k8vkzv0s 0.04459940 BTC

Since this transaction has been confirmed, the first one will be never confirmed.

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: hosseinimr93 on November 06, 2023, 05:40:49 PM

You got scammed.
The transaction you received was replaced by this transaction: 7b3f4a78671299347caac578fdc1bb4b137defc825268e16d334c6325142b4ec

Take note that there is no guarantee that an unconfirmed transaction will be finally confirmed and unless you completely trust the sender, you should never accept an unconfirmed transaction.

how you were able to know this could you kindly tell me how because i have total pending transactions worth of 500k so i need to confirm that all those transactions has been manipulated

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: kitobaysoz on November 06, 2023, 05:37:44 PM

probably it's fake, how to check the mempools?

I meant blockchain explorer. Mempool is for checking the fee rate to be used in a transaction. Although, there is a site that is both a mempool site and has a blockchain explorer, https://mempool.space/, while experienced people may prefer to use https://jochen-hoenicke.de/queue/#BTC,24h,weight which gives more information about the fee rate, but just a mempool.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

You got scammed.
The transaction you received was replaced by this transaction: 7b3f4a78671299347caac578fdc1bb4b137defc825268e16d334c6325142b4ec

Take note that there is no guarantee that an unconfirmed transaction will be finally confirmed and unless you completely trust the sender, you should never accept an unconfirmed transaction.

kitobaysoz

newbie

Activity: 14

Merit: 0

Quote from: Charles-Tim on November 06, 2023, 05:32:33 PM

Quote from: kitobaysoz on November 06, 2023, 05:24:43 PM

here is the link for one of the transactions when i click on see transactions on block explorer https://explorer.bitcoin.com/btc/tx/54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70 but when i enter the link i get 404

I saw this: https://www.blockchain.com/explorer/transactions/btc/54559adfc79b04fa16864d3c7ba789aa771fce59d4763e5d7cabcf6f95138c70

If a transaction becomes invalid, it means it has been dropped from the mempool. I have checked other mempools but nothing seen again. Not a successful transaction and you can not get the coins.

probably it's fake, how to check the mempools?

Topic: Stuck Transactions since Feb 18, 2023 and all solutions failed (Read 187 times)