Hello IOTA Forum

Pending Transaction for more than 4 month

https://forum.helloiota.com/Topic19059.aspx

By Koraz - 15 Apr 2019

Hi,
ich have send 8840 Giota from my light wallet to the trinity wallet on the 16.12.2018. I tried more than ones the advices to reattach the transaction and promote it but i cant promote it because of the following  Error: Transaction is inconsistent. Reason: tails are not consistent (would lead to inconsistent ledger state or below max depth). I need your help what can i do that the transaction is confirmed?
The tx Hash is: 
MZQQNKHESKFNOSMQECET9VSXLJLWEQCADJYCTLTCBMND9LTTYEROLH9VOBJAEYGGUGKGXZOXBANJ99999

Sorry for my bad english and thanks for helping.
By CryptoHamster - 15 Apr 2019

Hi @Koraz,
welcome to Hello IOTA!

The reason why your transaction can never be confirmed is that one of the two input-addresses is (almost) empty: https://thetangle.org/address/CURBZIJN9GQQQAVVZSSFLNWRFOCLFDTUONREXPICXO9RJJG99AWBVNSHSOJXYQO9FYASKB9VVBXWMKTMB

This address also shows that you have been reusing the private key of this specific address three (!) times.
The first time you sent from it was January 27th 2018.
After that you received funds to it again and sent the second time on November 11th.
The third reuse was your attempt to send to Trinity on December 16th.

IOTA uses Winternitz one-time signature (W-OTS) scheme. The name already says it: the signatures are to be used one time only.
The reason for this is that this algorithm exposes 50% of the private key of an address each time you send from the same address. In your case, you exposed 50% of the private key of this specific address three times. Depending on which parts were revealed each time, it could have been your whole private key or at least such a big part of it that it would have been easy enough to brute force the rest. 

Now, about one hour after your attempt to send to Trinity, another transaction was made and confirmed: 
https://thetangle.org/bundle/JBDFCBX9WUKB9DBHNBTRCSODFREYWASZYIXAUUJIRKTCICDGVFYPTYHFEFQMVZKQOEKFGSOLPPNGRXWCC
Your funds have then been split up and are sitting in the two addresses on the right side ever since: https://thetangle.org/bundle/9GXJKKXYANFCHS9JHUHADZ9RQAVDFJDVEDBPNWVFOCFFRXQGBIQADXOLNEATWGGKVTVXFTHQFDAFNOFYY

I’m sorry to say this but if I had to make a guess, I’d say your funds have been stolen because of the constant reuse of your address. 
By Koraz - 17 Apr 2019

Hi Alexa,
thanks for the fast respond. That´s a very bad information for me. Are you 100% sure that the coins are stolen? Or can be there an opportunity that there is an other problem why the transaction can´t be confirmed. Can your explain me what happens with the other 5 Giotas? Is there the same Problem? And what can i do now to sent other iota´s from my wallet to another wallet, the programm tells me that the further transaction must be confirmed before i can make a new one.

Thanks for your help.
Koraz
By CryptoHamster - 17 Apr 2019

Koraz - 17 Apr 2019
Hi Alexa,
thanks for the fast respond. That´s a very bad information for me. Are you 100% sure that the coins are stolen? Or can be there an opportunity that there is an other problem why the transaction can´t be confirmed. Can your explain me what happens with the other 5 Giotas? Is there the same Problem? And what can i do now to sent other iota´s from my wallet to another wallet, the programm tells me that the further transaction must be confirmed before i can make a new one.

Thanks for your help.
Koraz
Hi @Koraz

I can’t be sure that your coins have been stolen, that’s why I called it a „guess“. Wink
I can only tell you what I see and that's a heavily reused address with at least one (more of that later) suspicious transaction. 
Your coins have definitely left your CURBZI-address on December 16th and have then been split up into two parts.
If you didn’t do this, then someone else did it.

The missing funds on your input address(es) make the transaction unable to ever confirm, there's no doubt about it. 
I didn’t have the time to take a closer look at your other address last time, but this one looks equally messy and has also been reused multiple times.
For your unconfirmed transaction to confirm a balance of 5 Gi would be required on this address: 
https://thetangle.org/address/JS9NDEAROSEPHMMBDHQAUTRRQNAMXJSMIKXNQDAWLHPFQXELUIIRDWFHOCJFSLDBNUIAIFSDTRXBZHZHW
But the balance is only 1.78 Gi and that’s because 3.22 Gi were sent away on December 17th: 
https://thetangle.org/bundle/FZDIFIDLLSJCUELLHOLN9GFJBHJEGOKJUI9VEX9XB9JJQLLBNRUZTDHSHKVBDBJSFGBCXVFS9XOICSLVW

You can see that 1.22 Gi went to this address: 
https://thetangle.org/address/DBORZHKSJOJOFJOE9ZNHTDXWVQAWOULJBSDYBDQFHBYBU99RQAYJUKHMXBNMOMNGXODJUSGTK9ZUASVKW
… which is another (!) reused address. But at least it looks like it’s one of your own and since it so far only has one outgoing transaction these 1.22 Gi are still there.

The other to 2 Gi went to (surprise) CURBZI….
They have arrived one day after the (potential theft) transaction and were sent away only five minutes later.
I'm not going to guess this time, but again: if you didn’t do this, then someone else did it.

I'm honestly surprised that those 1.78 GI are still on JS9NDE...after three exposures of 50% of the private key. Seems like you got lucky with overlapping parts. However, the funds on this address are at a very high risk of getting stolen whenever you make a new transaction and expose yet another part.

The error you’re getting now is a protection measure to prevent exactly this situation.
You now have funds on at least three used addresses and the wallet won’t let you send another transaction because that's very, very dangerous.
It’s a mystery to me how you even managed to reuse your addresses in such a way. The wallet should have thrown this error to protect you when you first attempted to send a second time from the same address. No idea why that didn’t happen.
Which wallet software were you using for your transactions?

This article explains how to fix your problem and hopefully save what’s left of your balance:
For Trinity: https://medium.com/@hbmy289/warning-funds-on-spent-addresses-how-to-unblock-your-funds-3a8d763f0a51
For the Lightwallet: https://medium.com/coinmonks/private-key-reuse-detected-what-it-means-and-how-to-unblock-your-funds-383eeb8ca036

Please read and understand the article, but don’t try to do anything yourself now.
Don’t give your seed to anyone and get real-time assistance on Discord’s #help-channel. Here’s an invite link: https://discord.gg/hgbDnBd.

For the coins that are gone, nobody will be able to bring them back. I'm sorry.
The best you can do is to understand why this happened and learn from it.