Categories
Bitcoin

Send to multiple addresses transactions hacking

The strange thing is that when I look up information on the transaction on blockchain.info I see that additional BTC are send to a third address.

The following content was written by galiteon on April 06, 2018, 02:22:07 PM in the thread Send to multiple addresses transactions hacking. All content is owned by the author of the bitcointalk.org post. (original)


Hi,
Recently using Bitcoin Core I send BTC to two addresses simultaneously. Transactions look something like below after submit. There are two entries, one with Output index: 2 and one with Output index: 0

For both entries the transaction ID is the same. The strange thing is that when I look up information on the transaction on blockchain.info I see that additional BTC are send to a third address. I don’t know that address.

The balance of my Bitcoin Core client is also different from what I can see on blockchain.info. The difference is the amount send to the third address. I expect that I will not be able to use my blockchain data anymore because it has my original transaction which is different from the transaction that got added to the public blockchain.

My conclusion now is that the transaction I submitted was changed by someone after I submitted it to the Bitcoin network. This baffles me. Around 20% of the total value of the transaction was skimmed / stolen from me.

How is this possible? How can they change my transaction?

Is it possible to prevent hacks like these? Is the Bitcoin Core client hacked? Is it safe to use?

What about the Output index: 2 and one with Output index: 0 ? Could it be that there was also a Output index: 1? For the third address?



Status: 0/unconfirmed, in memory pool, broadcast through 7 nodes
Date: ****
To: Wallet #1 *****************
Debit: -********* BTC
To: Wallet #2 **************
Debit: -******** BTC
Transaction fee: -0.00002341 BTC
Net amount: -********** BTC
Transaction ID: ***************************
Transaction total size: 468 bytes
Output index: 2

Status: 0/unconfirmed, in memory pool, broadcast through 7 nodes
Date: *************
To: Wallet #1 *********
Debit: -***** BTC
To: Walllet #2 **********
Debit: -************ BTC
Transaction fee: -0.00002341 BTC
Net amount: -****** BTC
Transaction ID: ********************************
Transaction total size: 468 bytes
Output index: 0

The following content was written by bitperson on April 06, 2018, 02:24:43 PM in the thread Send to multiple addresses transactions hacking. All content is owned by the author of the bitcointalk.org post. (original)


Are you familiar with the concept of change? Please see https://en.bitcoin.it/wiki/Change.

The following content was written by ranochigo on April 06, 2018, 02:26:21 PM in the thread Send to multiple addresses transactions hacking. All content is owned by the author of the bitcointalk.org post. (original)


Recently using Bitcoin Core I send BTC to two addresses simultaneously. Transactions look something like below after submit. There are two entries, one with Output index: 2 and one with Output index: 0
That’s normal.
The balance of my Bitcoin Core client is also different from what I can see on blockchain.info. The difference is the amount send to the third address. I expect that I will not be able to use my blockchain data anymore because it has my original transaction which is different from the transaction that got added to the public blockchain.

My conclusion now is that the transaction I submitted was changed by someone after I submitted it to the Bitcoin network. This baffles me. Around 20% of the total value of the transaction was skimmed / stolen from me.


How is this possible? How can they change my transaction?

Is it possible to prevent hacks like these? Is the Bitcoin Core client hacked? Is it safe to use?
It is not a hack and it is generally the common behavior over the major wallets. When you spend an unspent output in your address, you’re spending the output completely. This means that any value that is in that output has to be spent or else it is recognised as a mining fee. As such, the wallet automatically creates an output in the transaction to spend the remaining funds not used as mining fee into a change address[1]. The change address is hidden in Bitcoin Core by default but you can choose not to use it, at the expense of privacy.
What about the Output index: 2 and one with Output index: 0 ? Could it be that there was also a Output index: 1? For the third address?
That’s correct.

[1] https://en.bitcoin.it/wiki/Change

The following content was written by BitMaxz on April 06, 2018, 05:22:18 PM in the thread Send to multiple addresses transactions hacking. All content is owned by the author of the bitcointalk.org post. (original)


There’s no problem with your transaction the other bitcoin was sent to your change addresses like the above said and it’s for security purposes.

Anyway, in bitcoin core, you couldn’t easily disable this feature, but you can change the change address to any address you want.

If you want to change your change address where you want to receive just follow the simple guide below.

In bitcoin core open settings>option then click wallet tab> check the “Enable coin control features” and then click ok.
Every time you send bitcoin you can see a box for coin control feature then just check the box and put your change address you want.
If you still want to disable change address I suggest that you switch to electrum wallet because you can easily disable the change address by going to settings and uncheck the change address.

The following content was written by bob123 on April 07, 2018, 06:56:25 AM in the thread Send to multiple addresses transactions hacking. All content is owned by the author of the bitcointalk.org post. (original)


.. like the above said and it’s for security purposes.

To make this more clear:

While the risk when using the same address multiple times is slightly higher (due to the revealed public key), this can be neglected.
The real advantage when using change addresses is the privacy factor you gain.
It makes it harder to trace your payments and increases your level of anonymity.

By Ali Sherief

Editor-in-chief and serial coder & blogger.