Reddit user 'wetseals', who asked us not to reveal his real name, said that he transferred 0.5225 bitcoins into his Multibit wallet from his Blockchain wallet, hoping for a more secure form of offline storage.
Wetseals planned to use the wallet to help sell multiple Starbucks gift cards to chatroom users of the online power site SealsWithClubs, and set up 550 separate bitcoin addresses for that purpose, he said. He then tested the wallet by sending 0.024 bitcoins to his Seals With Clubs account.
The wallet sent the output from the initial address to the Seals With Clubs bitcoin address, and then - as is normal with bitcoin - sent the 'change' back. That went to one of the 550 addresses in his wallet.
But when wetseals went to send bitcoins from that address, they did not send. And when he tried to export the private keys from the wallet, he said all but the change address private key exported.
Wetseals gave his wallet files to a contact on Seals With Club who works as a senior software analyst (he asked CoinDesk not to reveal his identity and job, but proved his identity).
Said the analyst, identified as 'Dave23':
Wetseals accused MultiBit's main developer Jim Burton of responding generically to the request, and not addressing the issue.
Later, Burton commented on Reddit:
MultiBit uses code from the BitcoinJ project, headed by bitcoin developer Mike Hearn (there is no suggestion that there is a bug in BitcoinJ). Hearn asked wetseals to send him the files for review, but told CoinDesk that he hadn't seen them yet.
He was skeptical that it was a bug, arguing that until he had seen the files directly, he could think of several possibilities, including incorrect manual editing.
Need for change
Whether it was user error or a bug, the incident highlights the need for more development in bitcoin wallets, particularly in the area of hierarchical deterministic (HD) wallets. These wallets have an advantage in that they derive all of the keys for their addresses from a single piece of human-readable data small enough to be written down.
One reason that MultiBit isn't providing personal support at present is because the team is working on such a wallet, which will likely hit beta in around a month, Burton said:
"Mike Hearn is coding up HD support in BitcoinJ and we will integrate that into our GUI. There is lots of discussion at the moment between devs to harmonise everybody's HD implementation so that they can all work together."
Hearn pointed to wider issues in bitcoin wallet development.
"Until now wallets have all been written by volunteers who put huge time and effort in for free. This is one reason bitcoin has low transaction costs, but it isn't sustainable."
Hearn argues that the support resources of the volunteers will be overwhelmed when the wallets become more popular.
All of this still leaves Wetseals out of pocket. The loss of the coins - which amounted to around $220 - was a blow, he told CoinDesk:
He added: "I do work full time, but I do not make a large sum of money, and with the new addition to our family back on 20th March, money is very tight."
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.