Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Unathorised transaction - not confirmed (Read 98 times)

nc50lc
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Unathorised transaction - not confirmed
January 21, 2024, 03:24:37 AM
#7
Quote from: newcoinc on January 20, 2024, 12:42:19 PM
I have the feeling that someone has someone managed to get hold of my wallet file from AppData.

I noticed that it had disappeared a few weeks ago, and I restored it.
This looks like planned.
The most probably reason why the hacker deleted your wallet file is because he was aiming for you to restore it back so that he can get your seed phrase where the 2 keys are stored during that restore process.
And even if he didn't managed to get it that time or if you imported the seed while offline, he can still get it from the wallet file and password since you've disabled 2FA.

Quote from: newcoinc on January 20, 2024, 01:00:17 PM
Hi Im doing this now, do I use wallet.adb.remove_transaction("bdf3d2cd0a45d69d2b91f3a0d99c266641c80ff180e8fe35f060e2a5ad1559e3") in console?

An error says: NameError: name 'et' is not defined
Not useful since the hacker followed the instructions faster, but: it means that you've pasted the command with a breakspace (enter) in front of it.
For some reason when that happens, the first four characters will not be read, leaving you with "et.adb.remove_transaction()" instead and Electrum doesn't have any command for "et".

You can reproduce it by using this command (copy including the empty character above it):
Code:

wallet.adb.remove_transaction()
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: Unathorised transaction - not confirmed
January 20, 2024, 01:11:17 PM
#6
Quote from: newcoinc on January 20, 2024, 01:09:38 PM
Attacker increased the fee :/
What are the odds of the attacker increasing the fee (and changing the receiving address) right when you posted this here (after 8 hours)? Too bad, it's over now Sad
newcoinc
newbie
Activity: 3
Merit: 0
Re: Unathorised transaction - not confirmed
January 20, 2024, 01:09:38 PM
#5
Attacker increased the fee :/
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: Unathorised transaction - not confirmed
January 20, 2024, 01:04:02 PM
#4
Quote from: newcoinc on January 20, 2024, 01:00:17 PM
Hi Im doing this now, do I use wallet.adb.remove_transaction("bdf3d2cd0a45d69d2b91f3a0d99c266641c80ff180e8fe35f060e2a5ad1559e3") in console?
This is a NEW transaction, bdf3d2cd0a45d69d2b91f3a0d99c266641c80ff180e8fe35f060e2a5ad1559e3 replaces the one you posted earlier: 22041d7fab94303d502873b0bab160a29856dcae46b4053cd66f68321643cb50.
If you created this new transaction, you should be done. I just hope your new receiving address did not get compromised like your old addresses.

It's confirmed. Did you do it or did the attacker increase the fee?
newcoinc
newbie
Activity: 3
Merit: 0
Re: Unathorised transaction - not confirmed
January 20, 2024, 01:00:17 PM
#3
Quote from: LoyceV on January 20, 2024, 12:49:05 PM
See this post on how to do RBF on a non-RBF transaction, but you need to act FAST!
Your transaction is 8 hours old, and still unconfirmed. It pays 30 sat/vbyte, which could get confirmed in a few hours. Or the receiver can do CPFP and it will confirm quickly.
You'll also need to broadcast the new replacement transaction to a node that supports Full RBF. There's no guarantee this will work, but it's worth a try. Your money is currently all gone, so don't be cheep on fees. I'd go with 64 sat/vbyte.

Which wallet did you use?

Hi Im doing this now, do I use wallet.adb.remove_transaction("bdf3d2cd0a45d69d2b91f3a0d99c266641c80ff180e8fe35f060e2a5ad1559e3") in console?

An error says: NameError: name 'et' is not defined

LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: Unathorised transaction - not confirmed
January 20, 2024, 12:49:05 PM
#2
See this post on how to do RBF on a non-RBF transaction, but you need to act FAST!
Your transaction is 8 hours old, and still unconfirmed. It pays 30 sat/vbyte, which could get confirmed in a few hours. Or the receiver can do CPFP and it will confirm quickly.
You'll also need to broadcast the new replacement transaction to a node that supports Full RBF. There's no guarantee this will work, but it's worth a try. Your money is currently all gone, so don't be cheep on fees. I'd go with 64 sat/vbyte.

Try this option:
Quote from: hosseinimr93 on November 21, 2023, 07:10:26 PM
For making the replacement transaction, you can also use electrum.

- Create a new wallet using your private key.
- Let your wallet get synced and then disconnect your computer from the internet.
- Go to "console" tab and use this command to remove the transaction you want to be replaced from your wallet: wallet.adb.remove_transaction("TXID")
- Close electrum and open it again.
- Make the replacement transaction and export the raw transaction.
newcoinc
newbie
Activity: 3
Merit: 0
Re: Unathorised transaction - not confirmed
January 20, 2024, 12:42:19 PM
#1
Hi

I have the feeling that someone has someone managed to get hold of my wallet file from AppData.

I noticed that it had disappeared a few weeks ago, and I restored it. My wallet originally had MFA enabled, but last night I disabled this as the fees were high. This morning my wallet was emptied: https://live.blockcypher.com/btc/tx/22041d7fab94303d502873b0bab160a29856dcae46b4053cd66f68321643cb50/

RBF has been turned off on it, is there anything I can do to reverse it?
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: