0

I opened my wallet after almost a year and all of a sudden I see 2 transactions saying I sent coins to someone. The address it says I sent to is 1PAZw2aNgurapsxUVm8ctZDD76v7JiwQkC however I never sent this. So, if someone is stealing my coins how do they do it while my wallet is closed (and incidentally it is also encrypted)?

I have done several deep scans...my guess is that I had tried out a mining pool and that software was the culplrit...needless to say I deleted it and did multiple deep scans. But if my keys are compromised is there any way to change them?

Nate thanks for the reply...is there a way to change my private keys are get new ones?

confused
  • 1
  • 2
  • Did you perform a deep scan on your computer for trojans, keyloggers, etc? –  Dec 11 '14 at 17:59

2 Answers2

2

If someone gets access to your private keys, they can create a transaction that spends your coins. This transaction can be created and sent from any computer in the world. There's no need for your computer to be involved, and it's irrelevant whether your wallet software is open or not.

It's possible that some person or malicious software had access to your computer at some point during the last year (or before) and copied the file which contains your private keys. If it was encrypted, they would need to decrypt it, but if your passphrase is simple enough, that may not be very difficult. Their software may also have been running earlier and recorded your passphrase at some point when you typed it, or extracted the private keys from the computer's memory while the wallet software was running. For whatever reason, they may have waited some time before spending them.

If there were other copies of your private keys somewhere else (such as in a backup, or on an old computer or phone that you gave away or had stolen), then that is another place they could have got them. In that case your computer needn't have ever been involved.

But you should probably assume at this point that your computer is compromised. The safest course of action is to back up all your data files (but not the operating system or application programs), wipe the system and reinstall it.

Nate Eldredge
  • 23,040
  • 3
  • 40
  • 80
1

If you want to get a new set of addresses, then I would try:

  1. Make sure all untrusted software is uninstalled (mining software or otherwise).
  2. Send all your coins to a different (trusted) wallet for temporary storage.
  3. Close Bitcoin-QT.
  4. Delete your wallet.dat file.
  5. Reopen Bitcoin-QT (it will make a new wallet.dat file for you).
  6. Get a new address from Bitcoin-QT and send all your coins keys back to that address.
morsecoder
  • 14,168
  • 2
  • 42
  • 94
  • It's not good idea to make a new wallet on once infected system - try to do the same with USB-Linux distribution or create a brain wallet with different system (or online creators) and send whole amount to it. Then install new OS and use your bitcoins again safely. – Sebastian Xawery Wiśniowiecki Dec 12 '14 at 14:29