Nope, I can only see one deposit made on the deposit address i.e. the funds I sent. Also, only one sweeping transaction was made i.e. with the chips equivalent to my deposit less fees. I can't see the other deposit/withdrawal you are talking about.

---

I am not sure my VPN service would do that. Moreover, I made sure that I was accessing the encrypted website by manually checking the SSL certificate at two different occasions. It was indeed valid. By the way, I noticed one thing - the browser cookie was changing whenever I was refreshing the session page. I am talking about this one:



It has to remain same unless I close my browser session, isn't it? It maybe changing due to the use of VPN. Can this be the reason someone else got hold of my session? Does this cookie has any direct relation with session token? Is it possible that my session token got mingled with another user on site and both of us were shown same session?

The case still needs answers. @Chipmixer, do you want me to send e-mail with more extensive information like the txid I sent, etc? I need to get to the end of what actually happened because I regularly use Chipmixer and this is my common setup (VPN+browser+clearnet). It never happened before and I don't want this to happen again.