Standalone Light Wallet, simply lovely but hackers can go into 'stealth mode'

Someone reported XCH stolen, wallet was emptied (zero balance) but no outbound transactions shown.
Topic “Missing Chia from the wallet”.
Bad enough to get your wallet emptied, but even more confusing if the theft seems not to have happened.

Most likely that persons 24 word mnemonics were compromised somehow and the thief did the following.
Tried this myself…

Send 100 mojo’s to a new, otherwise empty wallet.
Then on another system installed the light wallet (beta) and entered the mnemonics. Found the 100 mojo’s as expected and then transferred 10 of those to my cold wallet.
This worked out in two transactions, 10 mojo’s to the cold wallet and 90 mojo’s change back to a fresh address on the light wallet (with the same mnemonics, remember).
After which:

A) In the default client the outbound transactions are not visible, but the wallet contents show zero!
B) In the light client, the transactions are visible, the wallet (same wallet!) contents show 90 mojo’s.
C) The blockchain explorer xchscan shows transactions as if made from the original wallet address!!!




Chia version 1.3 will incorporate the light wallet, so this confusion should end then.

Take care of your mnemonics!!!