Title: Transaction not desired with all my bitcion Post by: JFOUD on October 27, 2018, 03:47:12 PM Hi
I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc. Anyone know if it's related to the upgrade of electrum or the bitcoins were juste stolen? Is that anything I can do to recover my bitcoin? Title: Re: Transaction not desired with all my bitcion Post by: BrewMaster on October 27, 2018, 03:57:11 PM when did the transaction occur? all the transactions that are mined in a block, have a timestamp. if you see the details of them in your wallet or on a block explorer you can see that time.
if this happened in the past when you created the wallet that means your seed was compromised then. possibly because either you downloaded a fake Electrum or you had some malware on your computer that stole it (did you verify the signature back then?) if the transaction happened the day you recovered your wallet with Seed then it means this new wallet was possibly fake or you have a malware now. (did you verify the signature of the downloaded wallet now?) - if it is stolen then no there is nothing you can do about it. Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on October 27, 2018, 04:24:26 PM The transaction happened the day I recover the wallet, yesterday.
How can I verify the signature of the wallet ? Title: Re: Transaction not desired with all my bitcion Post by: BrewMaster on October 27, 2018, 04:34:14 PM The transaction happened the day I recover the wallet, yesterday. How can I verify the signature of the wallet ? you will need to also download the signature file which is found alongside the wallet installation file you downloaded. it is a .asc file. for instance this is the link to this signature for "windows installer" file: https://download.electrum.org/3.2.3/electrum-3.2.3-setup.exe.asc then you also need the public key of the signer (Thomas V.) who is the developer of Electrum. the key hash is found on https://electrum.org and it is 0x2BD5824B7F9470E6 now depending on what kind of OS you have you need a program that can verify this signature. for linux it is most probably already installed. only use: gpg --verify {signature.asc} {file.tar.gz or file.exe} and it should read "good signature" in the result. for windows use gpg4win https://www.gpg4win.org/ and read this article: https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/ Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on October 27, 2018, 05:06:23 PM Ok but if the transaction is done it is too late anyway no?
Title: Re: Transaction not desired with all my bitcion Post by: BrewMaster on October 27, 2018, 05:10:16 PM Ok but if the transaction is done it is too late anyway no? yes, unfortunately if the transaction is confirmed* then there is no way to reverse it. * a confirmed transaction will show up with a green check mark beside it and in its details it will show "status: {a number larger than 6} confirmations" Title: Re: Transaction not desired with all my bitcion Post by: Lucius on October 28, 2018, 02:08:28 PM Hi I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc. Anyone know if it's related to the upgrade of electrum or the bitcoins were juste stolen? Is that anything I can do to recover my bitcoin? Unfortunately you made a mistake in downloading fake Electrum or you have some malware/RAT/keylogger on your PC. This is not first time we see that people lose coins in this way, backup of seed/private keys is most important - but it is also important to use it only on clean device. This is just a warning to all those who have backup of seed/private keys in some safe places, be extremely careful when you download any crypto wallet and double check your OS with good AV/Antimalware. If you find out which way you are hacked it would be good to write here, especially in the case of a fake Electrum site. Title: Re: Transaction not desired with all my bitcion Post by: HCP on October 29, 2018, 12:53:05 AM I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Can I ask where you downloaded this "last version of electrum" from? ???It would be useful for others to know if there is (another) fake Electrum website operating so we can try contacting domain hosts/google etc to try and get it taken down and/or removed from Google listings. Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 07, 2018, 01:12:21 PM I downloaded from the real website (electrum.org). I still not understand how the problem happened.
Title: Re: Transaction not desired with all my bitcion Post by: Lucius on November 07, 2018, 02:41:08 PM I downloaded from the real website (electrum.org). I still not understand how the problem happened. Can you confirm that this is the site from where you download Electrum ? https://electrum.org/#home If you are not a victim of the fake wallet, then you lost BTC in a way that something on your PC is stolen your seed words. It could be any kind of malware or keylogger which is monitor all your actions and collect data. Did you maybe try to scan your device with AV or antimalware and see do you have anything suspicious on the device? Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 07, 2018, 02:49:28 PM Yes I confirm it was from https://electrum.org/#home
I scanned the PC with Avast (free version) and Malwarebyte and nothing was found... Title: Re: Transaction not desired with all my bitcion Post by: bob123 on November 07, 2018, 05:31:54 PM Did you verify the signature ?
Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one. Verifying the signature is the only way to make sure you are using the correct version. If you are too lazy to verify the signature, at least check the hash of the file. To check the hash, please do the following (assuming you are on windows):
Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same. If this is the case, your client was non-malicious and we have to look further how your coins got stolen. Title: Re: Transaction not desired with all my bitcion Post by: Thirdspace on November 07, 2018, 11:58:20 PM I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc. is it mnemonic seed or just a private key? how did you generate your seed? and a bitcoin address or txid may help us figure out what happened Title: Re: Transaction not desired with all my bitcion Post by: Lucius on November 08, 2018, 11:02:42 AM I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc. is it mnemonic seed or just a private key? how did you generate your seed? this sound like a case of "paid by bitcoin address' private key" and a bitcoin address or txid may help us figure out what happened JFOUD clearly states that it is a seed written on a piece of paper - I doubt that OP is write his private key on paper. It is also very likely that seed is generated by Electrum wallet, just because he/she is try to use same wallet to access his coins. Also you miss fact that coins are gone after he import seed in Electrum, that means that something has happened after that step - fake wallet, keylogger, malware or anything like that... Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 09, 2018, 12:18:28 PM Did you verify the signature ? Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one. Verifying the signature is the only way to make sure you are using the correct version. If you are too lazy to verify the signature, at least check the hash of the file. To check the hash, please do the following (assuming you are on windows):
Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same. If this is the case, your client was non-malicious and we have to look further how your coins got stolen. Here the output I have : a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f I have to precise that I downloaded the "standalone executable" version of Electrum . Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 09, 2018, 12:30:37 PM I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc. is it mnemonic seed or just a private key? how did you generate your seed? this sound like a case of "paid by bitcoin address' private key" and a bitcoin address or txid may help us figure out what happened JFOUD clearly states that it is a seed written on a piece of paper - I doubt that OP is write his private key on paper. It is also very likely that seed is generated by Electrum wallet, just because he/she is try to use same wallet to access his coins. Also you miss fact that coins are gone after he import seed in Electrum, that means that something has happened after that step - fake wallet, keylogger, malware or anything like that... It is a mnemonic seed of 12 words generated by Electrum when I first created the wallet long time ago (something like 5 years ago). What to you mean by " a case of "paid by bitcoin address' private key" " Here is the transaction ID : 1622b47a2371fcabebe5735c6d68fb3e5491a2d2073a51fc9cf2b7ad60965dfd Title: Re: Transaction not desired with all my bitcion Post by: Thirdspace on November 09, 2018, 07:49:41 PM Here is the transaction ID : 1622b47a2371fcabebe5735c6d68fb3e5491a2d2073a51fc9cf2b7ad60965dfd please ignore my previous post, I assumed wrong I'm sorry for your loss, it's quite a good amount of bitcoin :'( and the thief also cleaned out your BCH as well :-[ 3 days afterward https://bch.btc.com/cf9aa60c3118744089fbe6bad181f4f36c390d84d0c525f03d83f2ea23a1681a Title: Re: Transaction not desired with all my bitcion Post by: Abdussamad on November 10, 2018, 05:24:45 AM Did you verify the signature ? Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one. Verifying the signature is the only way to make sure you are using the correct version. If you are too lazy to verify the signature, at least check the hash of the file. To check the hash, please do the following (assuming you are on windows):
Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same. If this is the case, your client was non-malicious and we have to look further how your coins got stolen. Here the output I have : a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f I have to precise that I downloaded the "standalone executable" version of Electrum . This is not the correct sha256sum: http://termbin.com/c7bh That last line contains the correct checksum. I suggest you check your browser history to verify the exact url you downloaded electrum from. In the past we've seen users insisting that they downloaded from the official site but when we ask them to check their browser history it turns out that they got it from some fake site. Title: Re: Transaction not desired with all my bitcion Post by: bob123 on November 10, 2018, 03:10:51 PM Here the output I have : a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f I have to precise that I downloaded the "standalone executable" version of Electrum . Did you use version 3.2.3 ? These are the correct hashes: Code: MAC: Unfortunately you have downloaded a non-original electrum (probably malicious one). :-\ I guess you either have downloaded it from a fake site (more probable) or have been victim of a MITM attack (less probable). Can you do as Abdussamad said and check from which site you have downloaded it (e.g. through browser history) ? Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 12, 2018, 12:08:07 PM It seems that you are right. I found this adress in my history https://electrun.net/ . But my browser block the site because it is not secure. Is it possible that the site was accessible 15 days ago and not know?
Title: Re: Transaction not desired with all my bitcion Post by: bob123 on November 12, 2018, 12:35:37 PM The 'not secure' message does not appear because it is a scam site, but because their SSL certificate isn't up-to-date.
It is very well imaginable that they had a valid SSL certificate 14 days ago. However, today the site is redirecting to a porn site. I am going to report this site to google, and it would be very helpful if you also would do the same (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en)). I am sorry for your loss. Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 12, 2018, 01:54:37 PM Ok I will report the site.
Thank you for you help Is anyone heard about someone else who have been scammed by the same fake site? Title: Re: Transaction not desired with all my bitcion Post by: bob123 on November 12, 2018, 01:58:03 PM I am not aware of anyone being scammed by this specific site.. But this could simply be due to the fact that these sites don't survive longer than a few weeks.
Usually those scammer have multiple domains which they set up. And once one of them gets taken down (e.g. trough multiple google/ISP reports) they simply use the next one. It is nothing unusual that only a few people get scammed per domain and its also not unusual that those sites are down after a few days/weeks. Title: Re: Transaction not desired with all my bitcion Post by: Lucius on November 12, 2018, 02:06:38 PM It seems that you are right. I found this adress in my history https://electrun.net/ . But my browser block the site because it is not secure. Is it possible that the site was accessible 15 days ago and not know? The mystery is finally solved, too bad you did not check better before using that fake site- it is have wrong name electrun and even wrong domain, so you pay for ignorance and I guess because you did not you have any security software to block that site or download from that site. Site is not available for me : "The owner of electrun.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website." Is anyone heard about someone else who have been scammed by the same fake site? Many users become victims of fake wallets, especially in time when Google is allow crypto advertising with AdWords, so fake site appeared at the top of the search results. Title: Re: Transaction not desired with all my bitcion Post by: JFOUD on November 12, 2018, 02:11:02 PM Ok thanks for the precisions.
Do you know if sometime those scammers are caught? Title: Re: Transaction not desired with all my bitcion Post by: Abdussamad on November 12, 2018, 02:16:32 PM Ok thanks for the precisions. Do you know if sometime those scammers are caught? Don't hold out hope for this. Next time bookmark the correct electrum website and always visit it via that bookmark. Also use an adblocker. These scam sites don't show up in the search results proper. Instead they show up in google ads above the search results. If you had an adblocker you would have never even seen this site. Oh and you can't use any bitcoin or cryptocurrency wallet on the same PC where you installed this fake version until and unless you reformat your hard drive and reinstall windows. That's because the malware version you installed may have left behind additional nasty software that will compromise any future wallets you create. |