Author

Topic: Unknown transactions made from wallet (Read 443 times)

HCP
legendary
Activity: 2086
Merit: 4361
June 14, 2017, 07:50:42 AM
#2
I answered in the other thread that you started: https://bitcointalksearch.org/topic/m.19554614

tldr; Nothing malicious... it is "Change Addresses". When you got your private keys you only generated private keys for "receive" addresses... you need to generate the private keys for your "change" addresses and import those to your other wallet! Wink
newbie
Activity: 3
Merit: 1
June 14, 2017, 06:00:42 AM
#1
Hi,
I’m new to crypt-currencies and experiencing some struggle understanding a cause of funds loss from my Multibit HD wallet. I’ll try to explain:

A week ago I made 2 transactions to ShapeShift which is a coin conversion service. following that service’s instructions I've made the 2 transactions from my wallet to a provided address of ShapeShift and received the converted funds to a different ether wallet I provided, as expected, an hour later.
Few days later I tried entering my Multibit HD wallet again (haven't done so since that transaction to ShapeShift) but it kept rejecting the password which I’m 100% sure was the right one saying "The password did not unlock the wallet". restore attempt also strangely kept failing and rejecting the new passwords each time.
I googled around to find that such issue had been following Multibit for a while now:

see this thread -
https://github.com/keepkey/multibit-hd/issues/753

going through the advices and solution on the link above, I used the secret seeds from my - now - Inaccessible Multibit HD wallet, converted it to private keys, imported them keys to a different wallet only to find out it’s empty of the funds I had.
I was also able to retrieve the transactions history and the transactions made to ShapeShift:
https://blockchain.info/tx/e6cfaf4858af0d105973382588d31700dc11a97efde576c2b6d11a1311c07d84
https://blockchain.info/tx/94ae29d606571789199c5b36321ed4c5729a8ba1062fa79a377c0cd2dea2efa6

I found something strange –
Both transaction listed 2 recipients (I wasn’t even aware it’s possible to send money to multiple addresses at once):
one recipient address was the provided ShapeShift’s address and the amount transferred is as intended. BUT! the second address was unknown to me and much larger amount of bitcoins was transferred.
What I also noticed was that these transaction, using Multibit HD, were made from addresses which have been previously used to receive payments to my wallet. Meaning that no new addresses were generated especially for this transaction, I thought that should be good practice.
Now I don’t really pay attention to that part of procedure in transactions as I recall reading that one of Multibit HD features is that it generates new address for each transaction constantly. Maybe I’m mistaken.

An Important point is that the transactions with the 2 recipients summed a total amount of bitcoins which was totally equal to the amount I received previously using the same address. So for example if I received 3 bitcoins to my address and later used that same address to send 1 bitcoin to ShapeShift, an exploit was to drain and the send the 2 other bitcoins left to another address simaltounasley.

From what I describe, could have my wallet / address been breached?
Is there a way for a malicious act to exploit any of the mentioned above?

Please anyone shed some light or guide me to a solution / education.

Thanks!
Jump to: