February 2nd 2015
Recently a user raised Issue #661 on GitHub where unfortunately they lost a total of 1.43033675 bitcoin. This blog article provides details of the forensics we performed to find out what happened and our recommendations for action to try to prevent this happening again.
The wallet was created in April 2014 in MultiBit Classic. On first creation a MultiBit Classic wallet contains a single private key/address. Any transactions created use this single address as change. When additional private keys are created or imported the second address in the wallet is always used for change. This rule was introduced after a user imported a paper wallet and, not understanding the nature of Bitcoin change outputs, subsequently manually deleted their MultiBit Classic installation to "leave no trace".
Examining the wallet structure closely it has a total of 580 private keys. Almost all of these have private keys that are random numbers - this is normal. However the second private key in the wallet corresponds to the private key (hex) of
0000000000000000000000000000000000000000000000000000000000000000. The third private key corresponds to the private key (hex) of
0000000000000000000000000000000000000000000000000000000000000001. These are obviously not random numbers.
In the MultiBit log we record when the user shows the "Tools | Import private key" screen but we do not record the actual private keys imported for privacy reasons. In our opinion by far the most likely way these specific private key values were inserted into the wallet is that the user was experimenting with the private key import capability in MultiBit Classic.
This was in April 2014. Unfortunately having a change address with a private key of 0 makes any bitcoin controlled by that address unspendable. This is due to a quirk in the Bitcoin protocol. The address for the private key is arithmetically correct but no acceptable signature can be created to transfer the bitcoin (see this BitcoinTalk comment). From April 2014 to Jan 2015 the user used this wallet to receive bitcoin and then almost immediately spend the total amount (less the miner's fee) out. For these transactions there was no change output and everything worked correctly.
From 15 Jan 2015 to 26 Jan 2015 the user made 8 transactions where change outputs were created and it is these outputs that are unspendable. They total 1.43033675 bitcoin in value.
Bitcoin is an experimental protocol so it is important to improve things wherever possible to make the system more robust and safer to use. We recommend the following actions are taken:
0000000000000000000000000000000000000000000000000000000000000000cannot be added to the wallet should a user attempt to import this value.
At MultiBit we work hard to provide users with a safe, secure and open source Bitcoin wallet. We hate it when users run into problems like this and we believe that these recommendations will improve the overall resilience of Bitcoin wallets for everyone.
Here are some related articles: