-
Notifications
You must be signed in to change notification settings - Fork 777
Postmortem 2
2019-05-28 00:00 UTC
For at least 3 users BW derived incorrect addresses that are now unspendable
Affects version:
4.0.3 and lower
Root cause:
At least several users used old (and never before used) paper wallets to import wallet in BlueWallet. Because wallets had no prior transactions (otherwise BW would have imported them as legacy), BW tried to import WIF as p2sh SegWit single-address wallets, which is incorrect as per segwit spec (https://bitcoincore.org/en/segwit_wallet_dev/, uncompressed pubkeys are not allowed). This led to deriving incorrect address for that WIF. Any funds sent to this address are basically stuck there forever.
Why did it happen?
A combination of: a) unclear segwit specification. It was too easy to shoot yourself in the foot b) quite old empty paperwallets c) users being reckless importing funds and not verifying that address on paperwallet matches address derived in BW d) users not verifying that funds are actually spendable
How to prevent this from happening?
Fix was applied and rolled out (8e9015e2)
PS. This was not only BW-specific flaw. See https://www.reddit.com/r/Electrum/comments/bec22p/potential_loss_of_funds_if_import_uncompressed/