Pages:
Author

Topic: Word of caution using Bitcoin-qt client and managing your own private keys - page 2. (Read 2822 times)

sr. member
Activity: 336
Merit: 250
It is a good practice to backup your wallet.dat for every 100 new addresses added to it Grin https://en.bitcoin.it/wiki/Securing_your_wallet#Securing_the_Bitcoin-QT_or_bitcoind_wallet
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I believe Bitcoin-qt should be reduced to being a Bitcoin "knowledge daemon" that can be run on a server, and get out of the business of being a wallet and a GUI client.  I consider it egregious that a "wallet" is a feature of the Bitcoin "daemon" in the first place.

Let somebody else handle this job the right way, with deterministic wallets, so development on this can be focused.
donator
Activity: 1218
Merit: 1079
Gerald Davis
It is called a change address.  You can't spend part of an output.  So if you have an output worth 10 BTC and want to send 6 BTC the transaction has 6 BTC sent to your destination and another 4 BTC sent back to a change address.  Why a new address?  To preserve anonymity.  If the change address was always an existing address it would be trivial to track transactions.

Still your right if you don't know what you are doing..... don't frak around with private keys and make frequent backups.  Honestly the point of a cold wallet is to keep it as an offline backup, not to import it, and play around periodically.  You gain nothing and run the risk of doing something silly.
hero member
Activity: 784
Merit: 1000
Annuit cœptis humanae libertas
"Change" addresses?

Good to know your BTC are fine, rich person! Wink
hero member
Activity: 520
Merit: 500
I nearly had a heart attack because I thought I had lost nearly 200 BTC tonight, so I can't fall asleep and instead decided to write up what was nearly a horrible loss of 200 BTC, forever. I figure the newbie forum is a good place to post this, as it might help someone avoid an accident of their own.

After using bitcoin for several month, sending and receiving transactions, even buying a few goods on line (woot for bitcoinstore.com!), I decided I wanted to learn about cold storage to truly store my bitcoin. My plan of attack was to be as simple as possible, generate a private key using bitaddress, or another tool, running on a machine off the internet, then print out the private key for safekeeping, and the public key so I could send money to that address. When I wanted access to that money, I would use the importprivkey function to manually type in the private key in bitcoin-qt, and I'd have access to my sweet sweet coinage. Sounds easy enough, right?

So, to experiment and get the feel of things, I generated a random private key and imported it into bitcoin-qt. Sure enough, it figured out what the correct public key was, so I must have typed it in correctly. It didn't show up in my "Send Bitcoins' button as a receiving address, which was weird. So I send 0.01 BTC to this new address, and to my relief, it processes it like a transaction to myself. My wallet balance doesn't change, so Bitcoin-qt must be working right

This is when I start to get cocky. Even though I backed up my wallet a few weeks ago, I decide to use the dumpprivkey command in bitcoin-qt to see what the private key is for my main wallet address that I use for receiving coins (this is what shows up on the "send coins" screen). I copy down that address, and decide to test it out. Could I actually restore my bitcoin balance from scratch using that private key? I was feeling so hax0r. I didn't even need the wallet.dat file if I just had that private key, stenciled in stone or something. First though, I needed to start out bitcoin-qt from scratch. I had done this before, it works by removing the wallet.dat file from the bitcoin directory. When the program starts back up again, it creates a new wallet.dat file, but won't know the previous keys.

Since I'd backed up the wallet file a few weeks ago, I didn't see any harm in just deleting the wallet.dat file at the command line instead of moving the file like a normal person.

That was a terrible idea. I just didn't know it yet.

I open up bitcoin-qt, import my old private key, and it finds the public key, I'm momentarily happy. But something it wrong. It says my overall balance is only 0.1 BTC. Huh? I quickly figure out that when I sent the last transaction, bitcoin-qt sent the remaining 199 btc to another address. One that I didn't have the private key for. I checked blockchain, and this address had never been used before. I've noticed before that sometimes when sending coins from bitcoin-qt, it will send odd amounts to other addresses that it presumably has the private keys for. I occasionally "clean up" by sending everything to my main address. I came to the conclusion that bitcoin-qt had just created another address within the wallet.dat file, and I had deleted that file like a fool, and my old backup of wallet.dat wouldn't have the private key for that address.

I scrambled for an hour trying to recover a file deleted in a Linux terminal, which is nearly impossible. I got more and more desperate, even went to Dwolla to start sending money to Mtgox for new coins. Even though I had convinced myself that all was lost, I finally uploaded my backup of wallet.dat, even though I was sure I wouldn't have access to that particular address.

Thankfully I was wrong. My balance showed back up again because my previous backup of wallet.dat had that private key. Apparently bitcoin-qt generates a whole bunch of addresses that aren't visible on the main screen. So even if you receive every single coin at the same address, if you send any amount out, it could transfer the remaining coins to some other address to chill for a while. This isn't very well documented anywhere obvious to me, and I'm not sure why it needs to do all that. It makes understanding bitcoin just a little bit harder to grasp, imo. Does it ever generate more addresses after the initial wallet build? I have no idea. But I do think that if the BTC is stored in any public key other than the initial one that is set up, that should show up in the wallet GUI.

I guess my lesson is to always check blockchain so that you know exactly which address your coins are stored in. Oh, and backup wallet.dat. Perhaps even regularly!
Pages:
Jump to: