search

bitpay / wallet

Bitpay Wallet (formerly Copay) is a secure Bitcoin and other crypto currencies wallet platform for both desktop and mobile devices.
http://bitpay.com/wallet
MIT License
3.8k stars 1.74k forks source link

Big Exploit - 323 btcs sent to unknown address. #10364

Closed huguet2004 closed 4 years ago

huguet2004 commented 4 years ago

I've experience what it seems a huge exploit in my copay wallet, with 336.2008 btcs beeing moved out. This is a new phone use only for btc, never in public wifi, never downloaded anything other than essencial apple apps, etc.

All of the sudden after 3 withdraws from otc dealers were confirmed my wallet sent 293.998 btcs to the address(below), i thought was a normal wallet re-sync(as it happens almost weekly in copay where u dont see your funds) and sent the previous balance to myself at: bd8b85b5fbec189c491b950e10d31c20678aeeac7e3b14fd9bbbb8e82afd0f0b After receiving my balance, my wallet again sent it to the address.

Tried already restoring in other wallets and in others deviaton path, no success, looks like a hacking/exploit situation.

Help!!

Device: Recently(3 weeks ago) bought iphone 11 pro. IOS 13.1.2 App version: 7.1.6 Wallet ID: 369c3b24-8190-4a6d-8588-5105892f3096 Wallet funds went to: 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw Xpub: xpub6D9TkHyd2Zn5PgTSprttDdtn3oMEtTmasxLoy45SEEVzouWfzzDWwgGdThnhV9TGEBGGcdkMG7nz9t3JswoyKwn3Me9qVYCJTFP7LEuG2uP

micahriggan commented 4 years ago

Hello, I'll check our database and see if there's anything strange regarding your wallet. Perhaps 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is a change address of your wallet, and it just wasn't imported

Edit: I checked your xpub and it doesn't seem to have 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw in the first 2000 addresses. So we can likely rule out the change address problem.

huguet2004 commented 4 years ago

Hello, I'll check our database and see if there's anything strange regarding your wallet. Perhaps 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is a change address of your wallet, and it just wasn't imported

Hi Mica, tks for the response. As you can see from my xpub 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is not listed as mine :/

matiu commented 4 years ago

Hello,

Could you please contact us at matias@bitpay.com so we can investigate the issue further.

thanks.

huguet2004 commented 4 years ago

Omg you are giving me hope.

Please elaborate

Sent from my iPhone

On 23 Nov 2019, at 19:59, micahriggan notifications@github.com wrote:



Hello, I think you may be okay, from looking at our database I think I see an issue that could be affecting your wallet.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/bitpay/copay/issues/10364?email_source=notifications&email_token=AN3FYFITQ4BQOEEES5FL4QDQVF4PRA5CNFSM4JQZAOBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEE73ONA#issuecomment-557823796, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN3FYFNCPWY36CJI72QY7WDQVF4PRANCNFSM4JQZAOBA.

huguet2004 commented 4 years ago

Emailed you guys