[URGENT] Need help cancelling a transaction from a hacker [0.03 BTC bounty]

Maxwell

Member
A hacker breached my server and stole all the funds: https://www.blockchain.com/btc/tx/1a62267aa812b8d289148192ff15cb2d6a1fccf40ce0e31278125191ff9d181b

A very low fee was used.

Just got back server access and am trying to cancel the transaction. Tried zapwallettxes and deleting the mempool, didn't work.

If anyone has a solution that would be excellent.

39U2gKxvdL25WZgRwxg1Y1a5k3cv1U3uad is the address I would like the funds sent to.

I am hoping someone from here can build a transaction for me to sign from the wallet and rebroadcast at a $5 fee since I don't know how to. Or, any other help or suggestion.

I will pay 0.03 BTC from the recovered amount to whoever can help out.
 

Diego

Member
A hacker breached my server and stole all the funds: https://www.blockchain.com/btc/tx/1a62267aa812b8d289148192ff15cb2d6a1fccf40ce0e31278125191ff9d181b

A very low fee was used.

Just got back server access and am trying to cancel the transaction. Tried zapwallettxes and deleting the mempool, didn't work.

If anyone has a solution that would be excellent.

39U2gKxvdL25WZgRwxg1Y1a5k3cv1U3uad is the address I would like the funds sent to.

I am hoping someone from here can build a transaction for me to sign from the wallet and rebroadcast at a $5 fee since I don't know how to. Or, any other help or suggestion.

I will pay 0.03 BTC from the recovered amount to whoever can help out.
So sorry to see this. It's an attack Electrum users were facing. I think your client was Electrum?

I have no idea if there is a possibility but good thing is that the fees are too low (precisely 0.547 sat/B). This will give you some time to buy. I hope someone can give you some resources to save you
 

Juan

Member
A hacker breached my server and stole all the funds: https://www.blockchain.com/btc/tx/1a62267aa812b8d289148192ff15cb2d6a1fccf40ce0e31278125191ff9d181b

A very low fee was used.

Just got back server access and am trying to cancel the transaction. Tried zapwallettxes and deleting the mempool, didn't work.

If anyone has a solution that would be excellent.

39U2gKxvdL25WZgRwxg1Y1a5k3cv1U3uad is the address I would like the funds sent to.

I am hoping someone from here can build a transaction for me to sign from the wallet and rebroadcast at a $5 fee since I don't know how to. Or, any other help or suggestion.

I will pay 0.03 BTC from the recovered amount to whoever can help out.
So sorry to see this. It's an attack Electrum users were facing. I think your client was Electrum?

I have no idea if there is a possibility but good thing is that the fees are too low (precisely 0.547 sat/B). This will give you some time to buy. I hope someone can give you some resources to save you
My client was Bitcoin Core. Luckily it seems like a novice since he used an ultra-low fee. Hoping someone can help me compile a new transaction which I can sign from the node and rebroadcast. Zapping the wallet, abandoning tx, or a double spend from the wallet isn't working.
 

Kaiden

Member
Your chance is almost 0, but if you're desperate there are 2 options :
1. Make transaction with same input, but with different output (Bitcoin address which owned you and not hacked). Then personally make a request to pools/miners to include your transaction.
2. Similar with 1st step, but broadcast the transaction instead (which most likely will be rejected by other nodes).
 

Ashton

Member
Your chance is almost 0, but if you're desperate there are 2 options :
1. Make transaction with same input, but with different output (Bitcoin address which owned you and not hacked). Then personally make a request to pools/miners to include your transaction.
2. Similar with 1st step, but broadcast the transaction instead (which most likely will be rejected by other nodes).
I don't know how to do that I'm hoping someone can do that from me by the txid, I will give them 0.03 if it works
 

Jesus

Member
Then personally make a request to pools/miners to include your transaction.
How do someone will know who is a miner and how do someone contact them? I think OP needs a very quick movement. Do you know anyone in person?
 

Cole

Member

Jair

Member
Then personally make a request to pools/miners to include your transaction.
How do someone will know who is a miner and how do someone contact them? I think OP needs a very quick movement. Do you know anyone in person?
Unfortunately no, otherwise i'd already give such information to OP. Few pools have social media (such as https://twitter.com/btccom_official), but i doubt they'd make respond quickly.
From my Bitcoin Core window I have successfully cancelled the tx and sent it to the new one, BUT it is not showing on the blockchain. My address I want it sent to is empty.

NEW transaction I created that is showing as sent out in Core: 1d85a3028958a8c7838dc9823c8d2ded7ee0b792b8f447af1209f29d4a4107e9 (showing as invalid on explorers)

Please someone help
At least on my node, transaction made by the thief isn't available on my mempool node while your transaction is available on my mempool.
On other blockexplorer such as https://live.blockcypher.com, both of the transactions are available.
 

Kingston

Member

Ivan

Member
From my Bitcoin Core window I have successfully cancelled the tx and sent it to the new one, BUT it is not showing on the blockchain. My address I want it sent to is empty.

NEW transaction I created that is showing as sent out in Core: 1d85a3028958a8c7838dc9823c8d2ded7ee0b792b8f447af1209f29d4a4107e9 (showing as invalid on explorers)

Please someone help.
I think you made it!
http://prntscr.com/oxt9u7


I do not see the old tx in the block explorer anymore but I see the new one and it's going to your desired address which is this: 39U2gKxvdL25WZgRwxg1Y1a5k3cv1U3uad

You are good now :)
 

Ahmir

Member
The old transaction still exists in some nodes. For example:

https://blockchair.com/bitcoin/tran...48192ff15cb2d6a1fccf40ce0e31278125191ff9d181b
https://explorer.viabtc.com/btc/tx/1a62267aa812b8d289148192ff15cb2d6a1fccf40ce0e31278125191ff9d181b
https://live.blockcypher.com/btc/tx...8192ff15cb2d6a1fccf40ce0e31278125191ff9d181b/

Just because the new transaction has currently been accepted by some nodes, doesn't mean it will definitely confirm first. The miners who find the next few blocks might only be seeing the old transaction and not the new one. The mempool being a little fuller right now will work in your favor, as even if they are only seeing the old transaction, they are unlikely to pick it for their block due to its low fees. Having said all that, you aren't 100% safe until you have some confirmations on the new transaction.

Edit: Looks like the new transaction has one confirmation and the old one has disappeared from all the sites above.
 
Top