I just got hacked and lost 3000 Iota. Can anyone help make sense of this?


I just got hacked and lost 3000 Iota. Can anyone help make sense of...
Author
Message
adenluis
a
Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)
Group: Forum Members
Posts: 2, Visits: 0
On the 18/02/2018 I tried to send my Iota to the Binance exchange from my light wallet that I had recently upgraded from Github to the 2.5.7 version.

The Binance Iota address was:     BYTFJXWIEM9QYPOYWLDLDJJPTREQGOKSKGOETPMQVWCUEWXJNAAQBGAOT9LIQCLOTDXHZF9QFK9UATSXDBYVSYLDS9

I tried to “promote/re-attach” but still nothing was happening, I waited 3 days with 0/1confirmations on Binanace. Than I went back to my light wallet and notice I still had my 3.0+Gi there. I assumed the transaction must have bounced back to my light wallet.

On the 21/02/2018 I sent my Iota “again” from my light wallet to my second Binance account to see if that would work.

This is my second Binance Iota address: CG9PCOJNRIDODHJ9YBBONBPUMMGOUKSAGAPMYRAZ9DBHGFMQDBLHGKTYK9HWGGWKQTDPG9NMCUFKYMGMDQGVYSJZGW

This time I thought I would try my best to push this transaction through, I tried to reach out to people in the community running full nodes to see if they could help, I tried to “promote/re-attach” straight away.

Than I came across this site: http://www.reattach.online/

It asked me to paste either my Hash/Address in to “promote/re-attach”.

Everyone 1 minute it would try to re-attach to the tangle.

Before I knew it I had over 69 transactions recorded in my Iota wallet, but the out going address was different.

Instead of my Iota going to my second Binance address, it went to this address.

T9AWPYLQRY9QPNCKVNHOEOOYZVMHOWMWWFDZBGPGNTJSVUFPRSSRNKKELXULFRHTRMDUMUYDJVCPMPOLZUFJEVLFSW

In the end I reached out to the developer of this site http://www.reattach.online/ where he concluded this.

Your case is the following:
1. You sent iotas from a synced node.
2. You entered in an unsynced node and sent iota again. Unsynced node didn't know about your past transaction, then the wallet didn't advice you about the problem, and let you make another transaction.

I still don’t understand how a simple mistake like this is not protected by the wallet/network if this is the case. Can anyone help me understand this better? And have I definitely lost my Iota trying to make a transaction from the light wallet to Bianance?

Any help would be super appreciated !

Winston
Winston
Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)
Group: Administrators
Posts: 3.6K, Visits: 6.7K
adenluis - 22 Feb 2018
On the 18/02/2018 I tried to send my Iota to the Binance exchange from my light wallet that I had recently upgraded from Github to the 2.5.7 version.

The Binance Iota address was:     BYTFJXWIEM9QYPOYWLDLDJJPTREQGOKSKGOETPMQVWCUEWXJNAAQBGAOT9LIQCLOTDXHZF9QFK9UATSXDBYVSYLDS9

I tried to “promote/re-attach” but still nothing was happening, I waited 3 days with 0/1confirmations on Binanace. Than I went back to my light wallet and notice I still had my 3.0+Gi there. I assumed the transaction must have bounced back to my light wallet.

On the 21/02/2018 I sent my Iota “again” from my light wallet to my second Binance account to see if that would work.

This is my second Binance Iota address: CG9PCOJNRIDODHJ9YBBONBPUMMGOUKSAGAPMYRAZ9DBHGFMQDBLHGKTYK9HWGGWKQTDPG9NMCUFKYMGMDQGVYSJZGW

This time I thought I would try my best to push this transaction through, I tried to reach out to people in the community running full nodes to see if they could help, I tried to “promote/re-attach” straight away.

Than I came across this site: http://www.reattach.online/

It asked me to paste either my Hash/Address in to “promote/re-attach”.

Everyone 1 minute it would try to re-attach to the tangle.

Before I knew it I had over 69 transactions recorded in my Iota wallet, but the out going address was different.

Instead of my Iota going to my second Binance address, it went to this address.

T9AWPYLQRY9QPNCKVNHOEOOYZVMHOWMWWFDZBGPGNTJSVUFPRSSRNKKELXULFRHTRMDUMUYDJVCPMPOLZUFJEVLFSW

In the end I reached out to the developer of this site http://www.reattach.online/ where he concluded this.

Your case is the following:
1. You sent iotas from a synced node.
2. You entered in an unsynced node and sent iota again. Unsynced node didn't know about your past transaction, then the wallet didn't advice you about the problem, and let you make another transaction.

I still don’t understand how a simple mistake like this is not protected by the wallet/network if this is the case. Can anyone help me understand this better? And have I definitely lost my Iota trying to make a transaction from the light wallet to Bianance?

Any help would be super appreciated !

@adenluis 
Thanks for the post, and welcome to the forum.

The light wallet doesn't let an outgoing transaction to be sent while the previous outgoing transaction is still pending, so I'm not sure. Maybe someone else can chime in. Looks like this might be an issue with that reattach service. 


adenluis
a
Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)
Group: Forum Members
Posts: 2, Visits: 0
@Winston
Thanks for the reply!

Yeah I don't really understand what happen, at first I thought someone must have got access to my private key, but I still have some Iota in my wallet.

This seems like a serious bug in the system. All I was trying to do was send Iota from 1 address to the other and I lost 3000 Iota in the process .

Should I try reach out to the Iota Dev team and report this?
Winston
Winston
Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)Forum Admin (33K reputation)
Group: Administrators
Posts: 3.6K, Visits: 6.7K
adenluis - 22 Feb 2018
@Winston
Thanks for the reply!

Yeah I don't really understand what happen, at first I thought someone must have got access to my private key, but I still have some Iota in my wallet.

This seems like a serious bug in the system. All I was trying to do was send Iota from 1 address to the other and I lost 3000 Iota in the process .

Should I try reach out to the Iota Dev team and report this?

@adenluis 
I'm not sure it's a core dev team issue, but you might consider filing something on the wallet's github if you indeed think that the address reuse prevention mechanism failed. You can also hang around the discord and ask knowledgeable people to take a look at it for you.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search