unauthorised confirmed transaction

[imolev]

Good day, during the night all my funds were sent to another address without my authorisation and the transaction was somehow confirmed on the network (after i withdrew these funds from Bitfinex). Anyone can help?

Link with this transaction details - https://iotasear.ch/address/NCJRXZDYRYV9YHQBTPYGPYSSDOEP9WLLCLGE9OPJV9SZUYJHACADDOMQCMYYITCYUFYNJIOPTIDM9PMBX HASH - AUUNHFAFVXDXEQA9RV9NTOJC9KRUXIIDMTFPAKLRUTJQNPNEMLOVOOYGQIDLEBRAQFQ9CTIRPKTIZ9999

[imolev]

created (entered) during my first login to the light wallet

[imolev]

nope, didn't use, just entered letters and numbers randomly.

[imolev]

here: https://github.com/iotaledger/wallet/releases

[imolev]

this one: IOTA.Wallet.Setup.2.5.4.exe

[imolev]

Here are screens of the wallet (attached). Bitfinex addresses used for both withdrawals are crossed out. I was sleeping when the money were stolen from me.

[imolev]

two more screens:

[imolev]

Is there a chance to return the funds?

-- С уважением / Sincerely yours,

Иван / Ivan

Cell: +7 903 6288282 E-mail: ivan.molev@gmail.com, mgimo.finished@gmail.com

This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person. Thank you.

On 30 Nov 2017, at 14:05, wonkytonky notifications@github.com wrote:

the only thing i can think of is : weak randomizing in seed, keylogger.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[AlexanderPoschenrieder]

Hey it happens the same to me. Someone is steeling iotas. I create an issue right here too, because in my case the wallet gave me an already used address and after one reuse the can get cracked

[AlexanderPoschenrieder]

This is happening a lot and no one gives a fuck. Just seqrch for 9999STOLEN9IOTAS999FUCK9YOU on google

[ThomasPepperz]

You’re talking about a vanity address and 1.12 giga IOTA. Bradley a heist. If someone wanted to Slander IOTA, this would not have cost them much at all and in fact while holding the IOTA they probably earned money. Clearly a hitjob hitpiece by a rival coin. Maybe the IOTA dev team ought to consider restricting vanity addresses if practical.

On Sat, Dec 2, 2017 at 3:33 PM AlexanderPoschenrieder < notifications@github.com> wrote:

This is happening a lot and no one gives a fuck. Just seqrch for 9999STOLEN9IOTAS999FUCK9YOU on google

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iotaledger/wallet/issues/564#issuecomment-348725062, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac-6wxKKU0wztwgAL2BXn_tQWecA-1Efks5s8dBAgaJpZM4QwEYg .

[AlexanderPoschenrieder]

Not an address. The 9999STOLEN9IOTAS999FUCK9YOU its the tag used in the transactions. In my case there was a confirmed transaction that stole my IOTAS minutes after was transfered, and a few unconfirmed transactions with that tag. I assume that the thief use this transactions with that message just to mock or as a message. Here you can see: https://iotasear.ch/address/ULNHCFCBUOE9JRUFU9YKBUCQWCCPYZULB9QWWEZSXKMY9QNGWIBGHPZHPMHLDBYOM9YZBUEOTZEJNFTVDD9TRHDAKZ

[ThomasPepperz]

You never answer wonkytonky’s can you share the seed with us that you “created (entered) randomly? No reason not to.

1.) If you truthfully created the seed as described and were indeed hacked, then no, you will not be compensated or reimbursed for neglience and a clear violation of security precautions. If this is the case, the issue ought to be closed and the solution is to practice good security hygiene.

Or 2.), you were not hacked and your story is part of an elaborate hitpiece by a rival coin attempting to use the recent curl function Snafu to smear a competitor via guerilla and dis-information tactics. Most hacker-thieves do not bother with taunts and are about the money. I find it odd too that if a hacker did care enough to taunt IOTA that they would also want to take credit for the deed any advertising their moniker or username.

Did you write down your randomly typed in seed and can you share it with the community or not so we can assist you in recovering down the funds? Otherwise, I’m assuming this is a hit piece against the reputation of IOTA and am requesting to close the issue.

[ThomasPepperz]

Alexander, and how did you generate your seed, how did you store it, and did you repeatedly use an address to receive funds to?

[ThomasPepperz]

In any case, if there are stolen fundsX it is not attributable to a bug or GUI problem but rather improper security practices or a hacking vulnerability such as a keylogger or social engineering attack that compromised your seed and not somehow a security problem involving IOTA.

I suggest generating future seeds via the -cat ... command on your terminal instead of randomly typing in charvars or using a third-party generator.

[AlexanderPoschenrieder]

But the wallet gave me an already used address, dont you think that is a GUI problem?

[AlexanderPoschenrieder]

I easily could find out if the problem is the seed just attaching adresses til the wallet starts giving me new ones. Then transfer a little amount. If the problem is the Seed i will see my funds stolen, if the problem is the reuse of addresses my funds will not be stolen.

[ThomasPepperz]

We talking about a bug that is patched with the next release or are we talking about a hack due to seed or GUI vulnerability because if you follow protocol and security recommendations and you were still hacked, then it’s social engineering or a weakened seed from reuse of addresss and not poor coding on behalf of the IOTA dev team.

Again, the used seed is a minor issue that does not directly impair wallet GUI functionality. In regard to the hack, this issue is closed. In regard to the GUI/generate used seed glitch, please view one of the other threads and see if recommendations to those similar problems assist you. Otherwise, volunteer support community becomes overburdened with duplicitous requests for common issues.

On Sat, Dec 2, 2017 at 4:55 PM AlexanderPoschenrieder < notifications@github.com> wrote:

But the wallet gave me an already used address, dont you think that is a GUI problem?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iotaledger/wallet/issues/564#issuecomment-348729271, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac-6w5-jQFUx7ByDRW8HUUUj8NuVnOLcks5s8eNygaJpZM4QwEYg .

[ThomasPepperz]

What is your problem: were you hacked or is your wallet producing a “used address”?

I think you’re just bouncing from issue read to issue thread complaining. If you were hacked that’s on you. If it’s the wallet issue then hang tight and it will be resolved it’s next release or find one of the 300 issues that are open and use the advice to the best of your ability and seek assistance on there.

I am no longer responding to this thread and am moving on to help others. I will submit a pull request to close this issue when I have time. Again, please make use of a currently-existing issue for non-unique problems.

On Sat, Dec 2, 2017 at 5:24 PM AlexanderPoschenrieder < notifications@github.com> wrote:

What do you mean by "a bug that is patched with the next release"? are you talking about the wallet giving already used addresses? addresses that can't be reused because any reuse rises exponentialy the posibility of crack them? If that's the case it's too late because they already cracked mine. I'm really dissapointed about the community. No one cares about the stolen iotas and keeps saying that the problem is the people or the seed generation. No, the problem is not the seed, i'm not an idiot that generates the seed in a web page and this is the first crypto i got stolen.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/iotaledger/wallet/issues/564#issuecomment-348730651, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac-6w2o62wQyPd-cGdi5qeyO3HB8kUVrks5s8eo7gaJpZM4QwEYg .