Bitsky comments:
We should keep alert to any risk revealed about Bitcoin even not confirmed. As from the response from Multibit Dev Jim, this bug probably exist.
Some findings after I read through the sourcecode of Multibit:
1 it uses Bitcoinj core
2 bitcoinj has a key rotation mechanism(Wallet.java) , if incomes under keys older than certain days(default is 13days), it will automatically create a new key, and move all the Bitcoins to the new key when the user starts a transaction.
3 There's function called"clearPrivateKey"(ECKey.java),but it's only used for encryption of wallet, and I don't see bug related to this function. So, the activity done by Multibit of moving all the Bitcoins to a new address matches with the source codes, but till now I havnt found the reason why the private key is deleted.
Case1:
I will try to be as detailed as possible with this post, I was told coming here would be a good way to warn Multibut users of a bug that I discovered, that caused me to not be able to access my bitcoin. I am somewhat new, so please bear with me, and ask any questions if I am not clear enough.
I was keeping my small amount of bitcoin on blockchain.info, and decided to move it to a more secure offline storage method. I chose Multibit, since I would not have to download the entire blockchain.
I installed multibit, and was able to send my bitcoins to my Multibit wallet, no problem. I then created a lot of addressses, as I wanted to have a bunch already in my wallet, since I am starting to sell various Starbucks items online on SealsWithClubs and on bitcointalk, and figured I would have unique addresses all set up. I ended up with about 550 addresses in my multibit wallet. Still no problems.
Here is my where my issue occurred. I made this transaction:https://blockchain.info/tx/a26245890834c2d628dfb7555b9ce8019d2b008e0a1fd616fc411ba9b58adb91
sending 0.024 btc to my sealswithclubs account. The transaction went through fine, and as far as I can tell, multibit sent my entire balance in that transaction, with the rest coming back to me in a change address. The change address is: https://blockchain.info/address/1AdHAc4kYrMzwijP75b4qp4xqP3ZRuFqL1
MY bitcoins now sit in that address.....but I cannot access them. I can even see them in my multibit wallet when I start it up. But when I try to complete a send, multibit will not broadcast anything to any peers. Yes, I have tried all the troubleshooting, nothing works.
So, I decide I will just export all my private keys from Multibit (since the address my bitcoins are in is listed among all my other btc receive addresses in Multibit). I export the keys, and import them into blockchain.info......nothing shows up. I then go through them, one by one, importing them one at a time, and guess what? I have the private keys for every single address in my receive list, EXCEPT the address multibit generated as my change address.
My coins to this day still sit in that btc address. They have not been stolen, I was not hacked, etc. Multibit never saved the change addresses private key, it just added the address to my multibit receive address list.
I have had many people look at this, and no one can get it fixed so far. I even offered 50% of what I am missing to recover it, since it is all I have. Still, no one can get it figured out.
I messaged the Dev (Jim) of Multibit, he sent me a generic response that did not even address the issue. So I ask you guys, any ideas? I have spent a week on this, trying to figure it out, and am beyond frusterated. And the DEV refuses to respond to me, either on GitHub or on bitcointalk.
Please, someone try to help me. I am a good person, and feel like the dev should look into this asap. If it happened to me, it could happen to you.
TLDR:
Sent btc to multibit Sent btc in a successful transaction Change address was created in multibit, but multibit did not save the private key in my wallet or ,key I can see my btc, but cannot spend or move it. Multibit dev refuses to address the issue
I really hope someone can help me. I can provide any info that may help.
UPDATE:
None of these solutions worked. Thank you all for trying. Feel free to watch my .4985 bitcoin sit in the address forever, never to be able to be used again. They are stuck here:https://blockchain.info/address/1AdHAc4kYrMzwijP75b4qp4xqP3ZRuFqL1 If the Dev Jim or anyone actually wants to help, we could use it and would appreciate it. MY blockchain address that I can actually access is: 1sea1GxLeqJDvpe41Ad5iBjs2zQkJK4zy
Case2:
I played around with multibit when I was setting up some bitcoin puzzle hunting stuff about 5 months ago.
I sent myself 0.5BTC to get started (from bitcoinqt to multibit), and created a puzzle, to which I sent 0.1BTC off to. Multibit then sent the other 0.4BTC to a change wallet. All fine. That puzzle was solved, and I made another one. I tried sending another 0.1BTC to that puzzle from the 0.4BTC left, but multibit would refuse to send.
I went through what you did - going through the backups, exporting private keys and trying to import them into blockchain, bitcoinqt, electrum, armory, etc. NOTHING WORKED.
I started to look at the actual files that stored the addresses supposedly owned... and all the addresses were there EXCEPT the one the change went to.
All trying to search for help online did for me was to make me realize this was a problem many users were having - i.e. it's a bug in the program. Or who know... maybe a "random donation" feature.
case3:
Hi, please help. I had 0.533 coins in my wallet and sent 0.10 over to Cryptsy Monday night. I have opened Multibit last night to see that my remaining balance has been sent to an unknown wallet. It seems Multiibit has created this change wallet but I have no idea how to get my change out of there and back into my own wallet? I can see the transactions on block chain and it says they are unspent but how do I retrieve them? There has been no new wallet created in my multibit folder and I'm desperate to get them back. Please help if you can. I have no idea where Multibit would have saved the private key for this wallet, I have searched through all my Multibit folders and cannot find anything? Thanks in advance