MultiBit User's Loss Highlights Need for New Bitcoin Wallets

The developer of popular bitcoin wallet MultiBit is battling a wave of criticism this week after a user suggested that a bug in the software rendered his bitcoins inaccessible.

Reddit user 'wetseals', who asked us not to reveal his real name, said that he transferred 0.5225 bitcoins into his Multibit wallet from his Blockchain wallet, hoping for a more secure form of offline storage.

Wetseals planned to use the wallet to help sell multiple Starbucks gift cards to chatroom users of the online power site SealsWithClubs, and set up 550 separate bitcoin addresses for that purpose, he said. He then tested the wallet by sending 0.024 bitcoins to his Seals With Clubs account.

The wallet sent the output from the initial address to the Seals With Clubs bitcoin address, and then - as is normal with bitcoin - sent the 'change' back. That went to one of the 550 addresses in his wallet.

But when wetseals went to send bitcoins from that address, they did not send. And when he tried to export the private keys from the wallet, he said all but the change address private key exported.

Wetseals gave his wallet files to a contact on Seals With Club who works as a senior software analyst (he asked CoinDesk not to reveal his identity and job, but proved his identity).

Said the analyst, identified as 'Dave23':

"I exported the private keys and then imported them to a new wallet, and that address was missing."

MultiBit's response

Wetseals accused MultiBit's main developer Jim Burton of responding generically to the request, and not addressing the issue.

Later, Burton commented on Reddit:

"In the life of MultiBit (i.e from 2011) there's probably a handful of cases like these. If there is damage to the private key bytes (for whatever reason) and there is no other copy available/backed up then you've lost access to the bitcoins."

MultiBit uses code from the BitcoinJ project, headed by bitcoin developer Mike Hearn (there is no suggestion that there is a bug in BitcoinJ). Hearn asked wetseals to send him the files for review, but told CoinDesk that he hadn't seen them yet.

He was skeptical that it was a bug, arguing that until he had seen the files directly, he could think of several possibilities, including incorrect manual editing.

However, another user, btcfun, posted on reddit about a similar issue using MultiBit.

"I went through what you did - going through the backups, exporting private keys and trying to import them into blockchain, bitcoinqt, electrum, armory, etc. NOTHING WORKED."

Need for change

Whether it was user error or a bug, the incident highlights the need for more development in bitcoin wallets, particularly in the area of hierarchical deterministic (HD) wallets. These wallets have an advantage in that they derive all of the keys for their addresses from a single piece of human-readable data small enough to be written down.

[post-quote]

One reason that MultiBit isn't providing personal support at present is because the team is working on such a wallet, which will likely hit beta in around a month, Burton said:

"Mike Hearn is coding up HD support in BitcoinJ and we will integrate that into our GUI. There is lots of discussion at the moment between devs to harmonise everybody's HD implementation so that they can all work together."

Hearn pointed to wider issues in bitcoin wallet development.

"Until now wallets have all been written by volunteers who put huge time and effort in for free. This is one reason bitcoin has low transaction costs, but it isn't sustainable."

Hearn argues that the support resources of the volunteers will be overwhelmed when the wallets become more popular.

"One of the most critical transitions the community will have to make this year is to a world where most of us are paying for our wallets in some way."

MultiBit is "donationware", and has collected just over 49 bitcoins in donations since launch. It has experienced 1.5 million downloads since going live.

All of this still leaves Wetseals out of pocket. The loss of the coins - which amounted to around $220 - was a blow, he told CoinDesk:

"Losing the .4985 bitcoins would not have been a large hit to the majority of people, and honestly, probably not even myself, up until recently. My fiancee went on maternity leave, and at the same time, we had car issues.

He added: "I do work full time, but I do not make a large sum of money, and with the new addition to our family back on 20th March, money is very tight."

Empty wallet image via Shutterstock