Thursday, February 13, 2014

Bitcoin QT weirdness

The "Bitcoin-QT" wallet software (the standard written by the core developers) does weird stuff underneath. Instead of directly paying from your account to recipients, it first mixes some payments with intermediate addresses that it creates inside the wallet.

It looked to me like the software was doing something malicious, secretly siphoning off extra money with each transaction it makes. Instead, it's siphoning off that money into separate accounts within your wallet.

I noticed this looking at my last transactions. It appears that Bitcoin-QT secretly siphoned off $220 worth of Bitcoin from transactions I made last month. Here is what the wallet software claims:

Here is the matching screenshot from for bitcoins sent from my address 15fsz.... Notice how for each transaction there is an addition amount of money paid to these secret accounts.

Another thing to notice is that sees only 5 transactions, not the 7 reported by the Bitcoin-QT software on my desktop. This requires some investigation. The following are the 7 transactions reported by Bitcoin-QT, and a link to the transaction ID on the site:
  • 2014-01-23 - 0.10001000 - 6fcf3a... (Logo #2)
  • 2014-01-23 - 0.10001000 - a6e45... (Logo #1)
  • 2014-01-11 - 0.05187626 - 8f121... (Flowers)
  • 2013-06-04 - 0.83311000 - d2fb9... (Manning)
  • 2013-05-30 - 0.01050000 - 938da... (DemoDemons)
  • 2013-05-30 - 0.00550000 - 2ace7... (DemoDemons)
  • 2013-01-21 - 0.30832200 - 1be45... (don't remember)
Going back to my first debit transaction in Jan 2013, the transaction 1be45... didn't send any coins to the desired targets. Instead, it first sent the coins to two intermediate addresses, one of which is 1Ebum.... It also sent more than I requested, almost 1 full bitcoin instead of a third of a bitcoin. Later, in June 2013, when I sent the money for Manning's stenographer, instead of transfering money from my public Bitcoin address 15fsz..., it used the hidden 1Ebum... address instead.

This proves that indeed Bitcoin-QT is siphoning off money into secret accounts when you do transactions, but these are accounts in your "wallet", which it may then use later to make payments.

So why does the Bitcoin-QT wallet mix addresses this way? Maybe they think it's good for anonymization? It isn't -- it's quite easy to see the chain of payments in the blockchain.

For whatever reason they are doing this, it's a bad idea. It means I'm tied to their software. In theory, your "wallet" is just your "private key", which could be ported anywhere. This nonsense makes your wallet a complex entity, tying you to this one software. In order to extract your money from this wallet and put it into another wallet, you can't simply transfer the private keys, but instead have to put a transaction in the blockchain to a new address.

Update: Apparently, this is a "change" address, and is a feature in the Bitcoin protocol rather than Bitcoin-QT.

The protocol doesn't maintain a running balance for your address. Instead, each transaction forms it's own chain. When you spend coins, it has to chain the outgoing transaction based on previous incoming transactions. Moreover, if those incoming transactions add up to more than the outgoing transaction (which is almost always the case), it's going to have left over "change". It's got to stuff that change into another transaction somewhere. Hence, it create an internal address to send that money to.

I guess this is one of the many details I've ignored about the Bitcoin protocol. I really ought to implement my own client and play with it more.


Unknown said...

If you want to consolidate, you can always spend all your coins to one address.

Unknown said...

I hope you don't make your living in as a security expert. You just made yourself a joke.

It is very good that people are curious and check or audit Bitcoin and what is going on under the hood.
But this type of posting suggesting malicious intend embedded in some bitcoin software is actually negligence and making just FUD.
The bitcoin protocol takes in account the ownership of bitcoins by tracking transactions. And transactions are considered unspent or spent (that meaning totally spent).
This optimization have great advantages since by protocol, only standing unspent transactions have to be check in order to validate new transactions.
So if you receive 2 BTC in one inbound transaction, and you want to send 0.5 BTC to someone, you'll have to spend the inbound transaction and send back to yourself the remaining 1.5 BTC to what is called a change address. This is done automatically by the software.
Bitcoin-qt will use a new change address every time it needs to send a change back to you for privacy issues.
This change address has its own private key and it is stored in the wallet file (wallet.dat).
Actually, Bitcoin-qt precreates 100 private keys, 99 of which are reserve and will be used if you want a new address or if a new change address is needed. If it runs out of these reserve addresses, it will create more (and you should backup your wallet again, old backups won't have the new addresses).
What is a little annoying about Bitcoin-qt is that these change addresses are not shown (I guess in order to simplify the interface and the reports).
So once a person start to discover this 'strange' behavior it can get spooky. It is common for people first to ask in a forum where they would get good answers, but posting it in a blog is king of embarrassing once you realize you didn't do your due diligence first.