15

I made a transaction from Android wallet to Exchange A of 10Gi. The transaction is in pending. I tried a few times to reattach, but the transaction is still in pending.

I made a second transaction from the Android wallet to Exchange B of 10Gi. Because of the Android wallet, there was no error of key-reuse (double spending). The transaction is in pending. I tried a few times to reattach as well, but the transaction is also still in pending.

A few days later someone stole 2Gi from my account. These 2Gi were originally from another transaction I received, that summed with 8Gi I had before in the wallet. Now, these 2Gi are gone. I still have 8Gi in the wallet .

I also learned to not use the Android wallet. So now I'm using the light wallet on a PC.

If I try to send my 8Gi to another address, the light wallet gives me the key-reuse error. Now I have to reattach the pending transaction that I have. The only pending transactions that I can reattach are the two mentioned before, 10Gi to Exchange A, 10Gi to Exchange B. Obviously I don't have anymore 10Gi in my account anymore so the transaction can't go through.

What can I do now? I am stuck because:

  • I can't use the light wallet as it gives me key-reuse (double spending) error
  • I can't use the Android wallet because it will expose my seed even more
Helmar
  • 1,293
  • 1
  • 15
  • 28
overkill22
  • 590
  • 3
  • 11
  • This is an unfortunate situation. The only way to get those 8Gi is to do another address reuse. But at the same time this will increase the chance of a theft even more. – cmpn Dec 04 '17 at 17:30
  • 1
    If you had another 2Gi (and one of the receive addresses for your exchange is still valid) you could send it to the address that originally had the 2Gi and then try to reattach your original transaction (running the risk that someone steals it from you again before your reattach confirms). But probably the risk is lower to reuse the address that currently holds the 8Gi (running the risk that someone steals it as well) by sending it to a new address you control. – mihi Dec 04 '17 at 22:12
  • @mihi You mean "But probably the risk is lower THAT to reuse the address that currently holds the 8Gi" ? – overkill22 Dec 05 '17 at 06:27
  • I wanted to say that probably the risk of performing yet another reuse and possibly losing 8Gi is lower than the risk of possibly losing 10Gi. – mihi Dec 05 '17 at 22:19
  • @mihi so you mean that I better do another address-reuse than deposit the missing 2Gi to my wallet and try to confirm the operation of 10Gi? – overkill22 Dec 06 '17 at 03:09
  • I wanted to say that both approaches have a risk, and you have to decide which risk you'd rather take... – mihi Dec 06 '17 at 19:27
  • 1
    @Alessio The use case that arises from your question deserves attention. Nevertheless it is necessary to know how it was that "A few days later someone stole 2Gi from my account". – blockmined Jan 15 '18 at 15:59
  • @RobertoGiorgetti it was because I did the key-reuse with the Android wallet. However, even the IOTA devs don't know exactly how it happened. – overkill22 Jan 15 '18 at 23:39
  • @Alessio Only to be sure to have understood well: on an address ADDR1 you received two payments: one of 2GI and another of 8GI. Then you issued two transactions of 10GI from the same address ADDR1 and both remained pending. Then, due to the fact that you issued two transactions from the same address (ADDR1), someone stole you 2GI.(I wonder why not the whole amount of 10GI...). Is this the scenario that brought you to the impasse? – blockmined Jan 16 '18 at 12:56
  • @RobertoGiorgetti I tried to move 10Gi from my address to another.In the explorer you can see that in the IN table (where the money come from) there where 2 different addresses, ADDR1 for 2Gi and ADDR2 for 8Gi, both trying to go OUT to one address ADDR3 for the total amount of 10Gi. While the operation in pending the funds are locked (because you can't do double spending). However, somehow the thief managed to get the ADDR1 and steal the money from ADDR1 to his address ADDR4. At this point I still have an OUTgoing operation in pending for an amount of 10Gi, but on my wallet there are only 8Gi – overkill22 Jan 17 '18 at 01:20

3 Answers3

1

Though you have to take the risk of getting your 8Gi funds stolen for exposing more of your private key, the alternative way to create a new transaction without the "key reuse" error is to use the CLI wallet.

Somehow the default MWM is wrong so make sure you set it as 14 when you use it.

Helmar
  • 1,293
  • 1
  • 15
  • 28
tawago
  • 197
  • 1
  • 2
  • How would using that wallet help? That is completely unclear based on your answer. – Helmar Jan 09 '18 at 12:47
  • I can't use the light wallet as it gives me key-reuse (double spending) error In ordert to avoid this, he needs to use another wallet.

    I can't use the Android wallet because it will expose my seed even more the Android wallet does not let reuse key anymore thus the CLI wallet. Since the question seems to understand the key reuse issue, the only way to make the 8Gi funds secure is to take the risk of exposing more part of private key and make another transfer to an unused address as fast as possible. General speaking, using the CLI wallet is not recommended but it's a must in this case

     – tawago Jan 17 '18 at 06:27
  • The answer he needs is how to get out of the situation. I don't understand why you are doubting the CLI wallet won't help this case. @Helmar – tawago Jan 17 '18 at 06:33
  • 1
    Actually I don't doubt that it would. I'm saying your answer doesn't explain why* it would.* Any good Stack Exchange answer is expected to stand on it's own and explain why the offered solution is a valid one. Cf this – Helmar Jan 17 '18 at 11:24
-2

You need figure out which address your remaining 8g are in. Are the 2g and 8g in the same address before? If so, why you only lost 2g, not 10g? Are you sure your 2g is lost? You need to check if your wallet is synced or not. Maybe the 2g did not show up because your wallet is not synced.

Don’t reuse address. If your 8g or 10g still in your wallet, you can just make another transaction to a new address, you will cancel the previous two transactions to the exchanges.

The single most important first step to send transaction is to check if the server you get connected is synced. The servers are not always synced. To check the synced status, you can compare the two milestone numbers (in the nodeinfo under Tools) in your wallet to the most recent milestone number in the #botbox of the Slack. If all the three numbers are same, your wallet or your server is synced. If they are not same you need either wait for them to be same or change a server.

After you have done the above first step correctly, you can make the transaction. I would say 80% of times your transactions will get confirmed in 30 minutes.

If your trasanction does not get confirmed in 30 minutes, you can do the Promoting (previously called Reattaching). You will see it if clicking the bundle next to the transaction in the History in your wallet. You can do the Promoting once every 30 minutes. But make sure you do the first step to make sure your wallet is synced first every time. You also can use reattach.online to promote or reattach your transaction.

If you do the above steps correctly 99% of your transaction should get confirmed within one Promoting and most will be confirmed without Promoting.

Also don’t send a second transaction before your first transaction gets confirmed. If you do so, one of the transactions will never get confirmed no matter how many promotings or reattachings you do.

Tobo
  • 32
  • 2
-2

The reuse of an address means you reuse an address after you make an outgoing transaction from that address. You can send coins into an address multiple times as long as you never send out coins from that address. Once you make an outgoing transaction from an address you should never use it (for instance to receive coins) again.

Tobo
  • 32
  • 2