Tuesday 25 August 2015

Coins stolen from mycelium wallet. How do you think it might have happened?


Posting this with the hope of understanding what might have gone wrong and if others have had similar problems.Situation: 1.399 coins deposited in Mycelium wallet were moved about 7 hours later. Transactions here. Transfer wasn't logged by Mycelium, so I have to assume my keys were compromised.Background: Running recent install of Cyanogenmod 12.1 freshly installed a few weeks ago. Mycelium wallet was backed up using titanium and backup stored locally on SD card. Restore wasn't successful, so restored from seed. Seed stored in keepass with other seeds not compromised. Mycelium wallet secured with decent pin number. Small amount of bitcoin previously in wallet not touched.Possible compromise methods:Phone (or previous ROM) hacked and keys stolen: Would have thought pin number would protect against simple theft of keyring from either mycelium install or backup made, but this seems a likely possibility. Have typed the pin at least once on this install of AndroidSeed compromised: Unlikely as this would have exposed many other seeds with far greater balances that are currently not stolenWeak key generation on Mycelium: Possible.. has happened with other android walletsWallet scraper baked into Cyanogenmod: Conspiracy theory area here, but I guess possible???? - Something else I haven't considered?Why was I storing so many Satoshis in a mobile wallet? - Moving away from Bitfinex during day when mobile wallet was only thing available with plan to move to other wallet ASAP. Wasn't AS enough and considered it secure enough for temporary storage :( via /r/Bitcoin http://bit.ly/1V7nVJz

No comments :

Post a Comment