Bitcoin Forum

Dear community,
Help me establish the problem with this transaction that is undergoing confirmation both the ingoing and outgoing.
I have received BTC in my electrum wallet  :) and at the same time a mysterious transaction which I didn't authorize appeared as a sent  :(.

the incoming BTC transaction ID is bdd8f53650c2f788ed6d681872b5ad12f196b5151fbe6556db09684b9ea0cc84
the outgoing BTC transaction ID is f2654ff89e87fd59e83581491ebed155b316c81b6e9ad66ed14f68c7b3aab0ca

These two transactions have the same confirmation times: 2019-04-04 12:03:37

Dear community, help me understand what has happened in this scenario

If you didn't initiate the (outgoing) transaction, chances are extremely high that your computer is somehow infected with malware.

Please answer the following questions:

• What OS are you using ?
• What AV software are you using ?
• What version of electrum are you using ?
• Where did you download electrum from ?
• Did you verify the signature of the electrum executable ?
• Did you create your wallet (seed) yourself ?
• Did you share your seed / wallet file with someone else ?
• How do you have your seed stored (written down on paper / on a text file digitally) ?
• Does anyone else have access to your written-down seed or computer ?

My assumption would that you have downloaded a scam / fake electrum (high probability) or your seed is compromised (high probability).
Another option would be that your computer is infected with malware (medium probability).


But since the outgoing transaction has been sent 5 mins later, i assume that your seed is compromised.
Simply because if it was a fake wallet, the transaction should have been created instantly (IMO). But a script which checks all compromised seeds might take a few minutes to check the same seed again. Therefore the 5 minutes gap.
I am not sure about this, but that would be my assumption.

We need more information to help you properly. Therefore make sure to answer all questions from above as precisely as you can.

Am using Windows 07
Avira antivirus
Electrum 4.0.0
From electrum.org
I believe I verified the signature
I worked with the default seed
I shared once with a relative
I have saved it on my computer
No one else has the seed

Bad sign you installed a fake Electrum wallet there is no Electrum 4.0.0 the real developer of electrum is not yet releasing 4.0 version of electrum.

The current latest version is Electrum-3.3.4 you can found it in the link you provided above electrum.org but I am sure you didn't download it to the correct URL because I tried to download again from electrum.org.

Avira antivirus is not good  AV for crypto I recommend you to switch to Kaspersky Total security that can detect any crypto related virus and malware.

Note also that he's claiming to have downloaded it from electrum.org. This is why its hard to take users at their word when they claim to have gotten it from the official site. Even when we ask them to confirm the URL from their browser's history they sometimes take the easy way out and just regurgitate what they think is the URL rather than checking.

Check your browsing history for the exact address. Surely it wasn't the official Electrum site since there is no 4.0 version. Any site claiming to have it offers a fake or infected wallet.
Maybe you verified it, maybe not but you didn't verify the signature of ThomasV because like I said before, there is no Electrum 4.0 version.

After you find the correct address where you downloaded the wallet from you can always add that address to your Windows Host File to prevent your computer from being able to open that site in the future. Read through the following if your are interested.
https://helpdeskgeek.com/how-to/block-websites-using-hosts-file/


 

You might consider switching to windows 10.

Windows 7 is outdated and - by far - less secure than windows 10.





As others already mentioned, there is no electrum 4.x.
It seems like you have downloaded a fake wallet.

Unfortunately there is no way for you to get your coins back.
But do NOT send any coins to any address whose private key is stored on your computer.

To be safe, backup your important files, format your hard drive and reinstall windows (preferably windows 10).
This is the only way to be almost completely sure your computer will be clean (Exceptions exist: Rootkits for example, even tho i don't believe those wallet scammers even know what this is, let alone how to create one).




You 'believe' ?
If you didn't download ThomasV's public key and verified it with the signature file, you didn't.
And if you did, you would remember.




There is no 'default seed'.
Each seed is individually created. This might be another hint that you have a malicious (non-original) electrum version installed.




Never share your seed with anyone. Everyone with access to your seed has access to your coins.
Also.. never store the seed on your computer. It creates a lot of risks and ways to steal your coins. Only save it offline (preferably on a non-digital device) or inside of a hardware wallet.

Especially for not that techy user, a hardware wallet is the best option to securely store coins.

- I don't get it yet.

- The op said that he downloaded Electrum wallet from Electrum.org not Electrum.com then how could he downloaded the fake one!!??

- Thanks in advance.

He thinks he downloaded it from the original website. But he must have made a typo somewhere. This happens a lot and the user always takes some time to notice what was his mistake.

OP, check your browser history page. See which website you really visited.

It does not matter from where OP is download his fake version, because it is quite clear that there is no official version of Electrum 4.0.0. He can say that little green aliens send him a link, but the fact is that he made a mistake and he pay high price for that.


There are no problems with Windows 7, full support from the side of Microsoft is until January of next year. Your statement that it is outdated and less secure is not accurate, particularly in the context of false wallets. In this case using of Windows 10 would have an identical effect as using Windows 7.

OP shared their seed and saved it digitally on their computer... :o :o :o OP has broken pretty much all the major rules around safeguarding their wallet and/or seed. :-\

On top of that, they downloaded a fake wallet and obviously didn't check the digital signatures properly (or at all) as the fake wallet installer would have failed the signature verification.

It matters not what their OS was/is unless they completely change the way they handle the security of their wallet! ::)

There are a lot of possibilities. To just name a few:

• OP mistyped and did not really download it from electrum.org (e.g. eelctrum.org)
  
  
• OP has been a victim of a MitM-attack (e.g. he didn't verify the server certificate)
  
  
• Some malicious person poisoned his DNS cache and redirected "electrum.org" to a malicious website.

There are a lot more, but those are the most often seen ones (which are relatively easy to accomplish too).
Thats one reason to ALWAYS verify the signature before installing a wallet. This is the only way to be sure to have exactly the software which ThomasV has signed.

Hey OP, there are electrum sites that look similar to the official electrum site. Would you be able to check your download history to trace where you got it from?

Example of similar looking sites: https://bitcointalk.org/index.php?topic=5126880.0