Back to Blog Entries

Wallet forensics for Issue #661

February 2nd 2015

Recently a user raised Issue #661 on GitHub where unfortunately they lost a total of 1.43033675 bitcoin. This blog article provides details of the forensics we performed to find out what happened and our recommendations for action to try to prevent this happening again.

What happened

The wallet was created in April 2014 in MultiBit Classic. On first creation a MultiBit Classic wallet contains a single private key/address. Any transactions created use this single address as change. When additional private keys are created or imported the second address in the wallet is always used for change. This rule was introduced after a user imported a paper wallet and, not understanding the nature of Bitcoin change outputs, subsequently manually deleted their MultiBit Classic installation to "leave no trace".

Examining the wallet structure closely it has a total of 580 private keys. Almost all of these have private keys that are random numbers - this is normal. However the second private key in the wallet corresponds to the private key (hex) of 0000000000000000000000000000000000000000000000000000000000000000. The third private key corresponds to the private key (hex) of 0000000000000000000000000000000000000000000000000000000000000001. These are obviously not random numbers.

In the MultiBit log we record when the user shows the "Tools | Import private key" screen but we do not record the actual private keys imported for privacy reasons. In our opinion by far the most likely way these specific private key values were inserted into the wallet is that the user was experimenting with the private key import capability in MultiBit Classic.

This was in April 2014. Unfortunately having a change address with a private key of 0 makes any bitcoin controlled by that address unspendable. This is due to a quirk in the Bitcoin protocol. The address for the private key is arithmetically correct but no acceptable signature can be created to transfer the bitcoin (see this BitcoinTalk comment). From April 2014 to Jan 2015 the user used this wallet to receive bitcoin and then almost immediately spend the total amount (less the miner's fee) out. For these transactions there was no change output and everything worked correctly.

From 15 Jan 2015 to 26 Jan 2015 the user made 8 transactions where change outputs were created and it is these outputs that are unspendable. They total 1.43033675 bitcoin in value.

Recommendations for improvements

Bitcoin is an experimental protocol so it is important to improve things wherever possible to make the system more robust and safer to use. We recommend the following actions are taken:

  1. The transfer of private keys from wallet to wallet is a powerful technique but it is a like a very sharp knife. We recommend that users do not transfer private keys from wallet to wallet unless absolutely necessary - such as the recovery of backup private key export files created in MultiBit Classic. We will update the MultiBit Classic documentation in line with this recommendation.
  2. The MultiBit Classic private key import routine should be improved so that a private key of exactly 0000000000000000000000000000000000000000000000000000000000000000 cannot be added to the wallet should a user attempt to import this value.
  3. The "Tools | Check private key" utility will be enhanced to highlight that any bitcoin controlled by this private key is not spendable.
  4. In the medium term, users should be encouraged to move away from wallets that rely on purely random private keys and start using wallets that use deterministically generated private keys. Hierarchical deterministic (HD) wallets have a set of "wallet words" that can be used to regenerate all the private keys for a wallet. Various HD wallets are currently being developed and rolled out and we recommend users begin researching their upgrade plans.

At MultiBit we work hard to provide users with a safe, secure and open source Bitcoin wallet. We hate it when users run into problems like this and we believe that these recommendations will improve the overall resilience of Bitcoin wallets for everyone.

Related articles

Here are some related articles: