Wallet gave me a used address when i clicked on receive

[AlexanderPoschenrieder]

Hi there.

About 10 days ago i made a withdraw from Bitfinex to my wallet. The wallet was installed just after the transaction was made. I put my seed and clicked on receive button.
Made the transaction with the generated address.
Half an hour after that, mi Iotas got stolen. There you can see how the first transaction OUT got confirmed and how the WALLET GAVE ME AN ALREADY USED ADDRESS. Also, you can see that theres a few invalid transactions as a message with the tag 9999STOLEN9IOTAS999FUCK9YOU.

https://iotasear.ch/address/ULNHCFCBUOE9JRUFU9YKBUCQWCCPYZULB9QWWEZSXKMY9QNGWIBGHPZHPMHLDBYOM9YZBUEOTZEJNFTVDD9TRHDAKZ

You already said a lot of times that KEY REUSE is a big deal, and if the wallet is giving people Reused keys, well, a lot of people will get robbed.

[AlexanderPoschenrieder]

Again. I tried again and my wallet gave me a used address.
https://iotasear.ch/address/UHHTTJFMVEUAGBLLNOLVCPGB9JDSREMVNZOKPBEATG9NMYQJ9PVYRLSWLVJYCHLAPYEMBRJLAYFRKSHACA9PLTWQOD

[chrisdukakis]

Please attach all the addresses you have previously used. This has to be done after each snapshot.

[AlexanderPoschenrieder]

It would not be better if the wallet do this automaticaly? If i delete my wallet and reinstalled, how would i know what addresses i already used?

[chrisdukakis]

You need to remember exact number of addresses you use, or the last address of those.

[georgpukk]

Yeah... got rid of my IOTAs in exactly the same way.
Those goddamn snapshots and the misleading "Generate New Address" button.

https://iotasear.ch/address/AXVSMGCCTDXOOOQUGLPSHCSTKZCHAHRCTKIYQRDOZXWQLZAIF9FJCIBOGHF9RANIPMFIURQBAFPVNZLJYFB9SYKRZ9

Unless you can prove 100% that they are stolen, the IOTA Foundation won't seize and return the funds (although technically they are able to).

[AlexanderPoschenrieder]

It's pretty impossible to proove that. But in slack theres another guy like me that got robbed the same way and if you followed both transactions you can see that is the same guy.

[AlexanderPoschenrieder]

Yeah it should. But in that case you still have the problem when you install the wallet in a new device. At least the wallet should verify in the tangle if the address was already used, because with only one reuse is enough to get your funds stolen

[totedati]

I wonder if all this YOTA things is for us ... humans ... Bitcoin addresses is already long strings hard to remember and now!? We need to remember all past YOTA tangles used!? IOT machines properly programmed maybe can do that but humans ... not quite!

[ghost]

The same has now happend to me... the last 2 transactions were not initiated by me. I wanted to move my funds to another wallet a week ago but I couldn't because as soon as I tried to transfer any amount (even after creating new receive addresses), I got an ERROR: PRIVATE KEY REUSE DETECTED! I have to wait for all previous transactions to complete.

So once you get in this mess there is no way out!? Even though im locked out by the wallet to reuse the address, the hacker has managed to reuse the address for himself. Now my IOTAs are gone!

It's a joke that this is even possible! The wallet developers should be held accountable. This is a really big deal that needs to be addressed. It's a massive security risk and it's shocking that this software even has a stable release. It absolutely unstable!

My reused address (last two transactions are from):
https://iotasear.ch/address/EBZUEHHAXHE9TEHACXJIAELCNSP9YJAKTHIPFSNHH9SOILEA9VOOZMZFRENDSRMQDWCUXXGFFFAXKJ9X9MIAFZCNAW
https://thetangle.org/address/EBZUEHHAXHE9TEHACXJIAELCNSP9YJAKTHIPFSNHH9SOILEA9VOOZMZFRENDSRMQDWCUXXGFFFAXKJ9X9

Hackers address (seems he has collected a nice sum of approx. 30,000 USD. Im not the only target!):
https://iotasear.ch/address/KRDTGTERZCIXCCAE9ERSLFD9UWIYSKKXALVUTDVAOGZLNOOTKVHRWWTNRPFPTWSQMRCYR9HGMCSATQUPY
https://thetangle.org/address/KRDTGTERZCIXCCAE9ERSLFD9UWIYSKKXALVUTDVAOGZLNOOTKVHRWWTNRPFPTWSQMRCYR9HGMCSATQUPY