In another article (Private Key Reuse Detected — What it means and how to unblock your funds) I explained why your funds might get blocked in your iota wallet due to the key reuse warning. The referenced article also describes how to move your funds using the iota command line wallet (cli wallet), but this always creates a certain risk of your funds getting stolen because you actually have to reuse the private key of the affected address.
In this new article, I like to discuss another option to move your iotas without any additional risk. It does not require you to sign any transaction again, thus it is not publishing any additional part of the private key of the address. No risk involved at all!
How does it work?
If you have funds on a used address, it means that there is at least one outgoing transaction already. The iota protocol allows replaying the same transaction without having to sign again. By simply reattaching the original outgoing transaction the iotas are moved away from the used address to the target address(es) of the previous transaction. No key reuse is necessary and the funds are never at risk.
Sounds too good to be true?
Well, it is good and true, but unfortunately, this option is only applicable under certain circumstances and will not help everybody. It is also a bit more complicated to execute, so you should only try this when you feel comfortable with using tangle explorers and have a basic knowledge of how iota transactions work. If your address was only used once before and the amount of funds blocked is not substantial you might just use the command line wallet to move your funds as described in the article mentioned above. In any way, if you feel unsure or have any open questions you can always ask for assistance in the #help channel on iota’s Discord server. It should be clear that I cannot take any responsibility for your funds.
Why does it not work for everyone?
Of course, everyone can do this, as the underlying protocol allows it, but in some cases, it is not recommended. It is important to understand that you cannot change the original transaction, you can just repeat it. That means that the blocked iotas will be transferred to the original target address of the previous outgoing transaction. If you do not have any control over this address (because it is not yours) then you would just send your funds away. Also, it is quite likely that this target address itself was also already used for sending, so you would just end up with blocked funds on another used address again.
What do you have to do to make this work?
- Identify the affected address with blocked funds
- Identify the target address(es)
- You need access to the address(es)
- Target address(es) must not have outgoing transactions themselves
- Make sure you have at least the amount of iotas on the address as the original transaction was sending
1. Identify the affected address with blocked funds
First, you need to find the address that is actually blocking you. If you use the Trinity wallet this is a fairly simple task as there is a nice overview showing your addresses and their balances. You can find this list by clicking on Settings → Account Management → View addresses (Use the Account menu when on Trinity desktop). Scroll through your list and find a used address with funds on it. Used addresses are highlighted in red with crossed-out characters.
In the screenshot above you can see that the address 9GIYJ… is used but still has 100 i on it. These kinds of funds are blocked now by the wallet for your own protection as moving them by sending a new transaction would require a key reuse. Copy the affected address to a text file so you have it handy.
If you are not using Trinity but the official GUI wallet, things are a bit more tricky. This wallet does not show the balances in the list of addresses, which makes it harder to identify the culprit. To find the affected address you will have to check each address in a tangle explorer manually. Open the History section and click on the Addresses button.
Start from the top (newest address) and copy it to the clipboard by clicking it. Now enter it into a tangle explorer as for example theTangle.org.
If your wallet is connected to a synced node you should see all used addresses as crossed-out text. Check all used addresses first until you find one that still has a balance on it.
2. Identify the target address(es)
With the affected address identified, we can have a look at the original outgoing transaction. After entering the affected address in the tangle explorer click on the outgoing transaction (negative value in a red box ) and then on its bundle hash to display the full bundle. For illustration purposes, we will use the transaction from the screenshot (9OEMJ…) with its bundle (PXFXH…).
A typical bundle will show one input on the left side (-40 i) and one or two non-zero value outputs on the right side. If this is not the case for your bundle read the corresponding paragraph in the Special cases section first (Case 1: complex bundle).
The target address in the upper right corner is the address the iotas (5 i) were sent to, the second value transaction (35 i) is the remainder that went to another new address of the seed, because the orgiinal address had 40 i on it.
3. You need access to the address(es)
Now you need to remember to whom you sent the iotas at that time in your case. Was it an address you control? Maybe from another seed of yours, a deposit address of an exchange or an address of a friend that you trust?
If you have control over it in any way you can continue with the process, if not then reattaching this bundle will not be a solution for you, as you would lose these funds .
4. Target address(es) must not have outgoing transactions themselves
Click on the target addresses to see if these are still unused. Addresses are displayed in black and have an arrow in front of them. There should not be any outgoing transaction on any of the target addresses. If you see outgoing transactions it is not impossible to use this whole process, but it becomes much more complicated. Read Case 2: Target addresses are used already in the Special cases section to see if it is still an option for you.
5. Make sure you have at least the amount of iotas on the address as the original transaction was sending
Now back to the originally affected address. If you repeat the old outgoing transaction you will not be able to change the amount of this transaction. That means if you see an outgoing transaction of 1 Mi, reattaching the bundle will reduce the balance on this address by 1 Mi again. If your balance is higher than this you can just repeat the reattaching until no balance is left.
If the balance is smaller than the value of the outgoing transaction you can deliberately send iotas again to this address to make it match the outgoing amount. As Trinity and the official GUI wallet will not let you send to a used address you will have to use the iota cli wallet. See Case 3: Not enough funds on input address in the Special cases section for how to get there.
In the case shown above there is an outgoing transaction over 40 i while there are still 100 i on the affected address. We could reattach the old bundle two times, each time sending 40 i to the same target addresses again. Reattaching again after that would not work anymore as there would only be 20 i left on the address. However, sending another 20 i to it would enable confirming a third reattachment and the address would be finally empty.
Reattach the old bundle
Finally, if you’ve made it this far and made sure you meet all the prerequisites, you can proceed to reattach the bundle. This will not be possible from the wallet as the feature is not available for confirmed bundles. Instead you can use one of the following web sites to reattach the old bundle:
To reattach the bundle you will need to enter a hash. While some of the web sites will work with the bundle hash as well they usually specifically require the tail transaction hash. That is the transaction hash with the index 0 in the bundle. When using theTangle.org it should be the transaction in the upper right corner.
After clicking on the blue transaction hash (not the black address) you can copy the hash by simply clicking on the copy icon next to it.
Make sure the transaction’s index in the bundle is 0. If it is not you can use the blue arrows to navigate through the bundle until you find the correct transaction.
Use the copied hash to reattach the bundle on one of the sites listed above (tangleTools.org shown here).
Once the bundle is reattached you can increase its chances to get confirmed by promoting it using the same web site. Promoting only makes sense on a fresh bundle, so you should not use same hash from before, but rather find the the tail transaction hash of the new copy of the bundle. If you look at the original bundle on the tangle explorer you will now see a second copy. Check the dates to make sure you found the newest one. Navigate to its tail transaction hash and use that for promoting.
Once the transaction is confirmed you will see that balance on the affected address is reduced by the amount of the outgoing transaction again. If there is still sufficient balance left you can repeat the reattachment process as many times as you have to.
Now your affected address is empty and the funds are moved to the target addresses. The wallet is now free to use again.
Case 1: Complex bundle
As mentioned above a simple standard bundle consists of a single input transaction and one or two output transactions. We will leave out the 0 value transaction that is required for the signature here.
But of course a bundle can look differently. If it was necessary for the original transaction to collect inputs from multiple addresses to match the amount you wanted to send you will see multiple input transactions in the bundle. You can still use the reattach approach in this case, but the reattached bundle will only confirm if all the input addresses have enough balance, matching the amount that was used as an input.
You can use the cli wallet in this case to fill up all input addresses with the proper amounts. See Case 3 for details.
Case 2: Target addresses are used already
It is not unlikely that the target addresses have been used for sending iotas in the meantime already. If you were to follow the reattachment process as described you would just send your funds to other used addresses and block them again. Even though it is not recommended to go forward in this case, it is still possible. If high amounts are at stake and you feel comfortable enough with digging in a bit deeper you can actually follow your iotas on the tangle explorer until they land on an unused address. If you control all the target addresses you can actually just go through the same process over and over again, until the funds end up on these addresses. Please be advised that this is not a solution for beginners, better ask for help in the iota Discord first before trying to go ahead.
Case 3: Not enough funds on input address
In most cases you will end up with an amount of iotas on the affected address that is smaller than the amount of the outgoing transaction. In this case it is possible to send iotas to it to exactly match the amount needed for another final reattachment to go through. Unfortunately this is not as simple as it might sound.
One complication is that the standard wallets (official GUI wallet and Trinity) have a built-in check that will prevent you from sending to a used address. Because of that you will have to use the iota command line wallet for this transfer as it does not prevent you from sending to such an address.
The second issue is that you cannot use your current seed for sending. If you did this you might actually send the iotas from the blocked address, which would put them at risk. As your reason for following this rather complicated approach was to avoid this, you must use a different seed for this.
Make sure to have enough balance on a second seed and use that to send the missing amount of iotas to the affected address. A short tutorial on how to install and use the cli wallet can be found here in another article.
If you have any questions or comments or just enjoyed reading this article come visit and ping me on the iota Discord server.