Bitcoin Forum

I was trying to pay a Bitpay.com invoice and opened the invoice in Electrum-BTC desktop wallet. I don't know how, but somehow that transaction got sent to and invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
The transaction should be returned if the address is not even a valid bitcoin address (it has non-supported characters right?) but it appears that the transaction is already confirmed ???
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45
Please help me out there

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

why do you think this address is "invalid" or have "non-supported characters"?


you can not be sure unless you have actually verified the digital signature of the installer you downloaded and installed with this PGP public key (https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc). and unfortunately it seems like you didn't and were a victim of a phishing attack:
similar case with same address: https://github.com/spesmilo/electrum/issues/5072

Check your browsing history if it's actually electrum.org (http://electrum.org) or https://github.com/spesmilo/electrum/.
That's to know the reason why you've been hacked, but with this:

You won't be able to reverse the transaction.

For the validity of the address, read this: https://en.bitcoin.it/wiki/Address (https://en.bitcoin.it/wiki/Address)
(the 1st paragraph is enough).

The website I downloaded update from was official https://prnt.sc/p2ys86
Also, this address doesn't show up on Block Explorer when I search "Invalid input" message appears, that's why I assumed it is invalid.

Addresses started with bc1 are segwit address, They are of bech32 type.

Thus they are valid address

Here it is on blockchain explorer

https://blockchair.com/bitcoin/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
and Tx here
https://blockchair.com/bitcoin/transaction/1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45

It can not be reversed.

Electrum does create bech32 address. You should investigate more or provide more details what you were trying to do !

Thanks


PS: Just checked your screenshot , Thats a scam phishing site electrumproject .  org!!

I was trying to pay a Bitpay invoice. I opened the invoice in Electrum app and tried to pay it. I contacted the Bitpay support with this address but they say it doesn't belong to them.

PS: Just checked your screenshot , Thats a scam phishing site electrumproject .  org!!


Software you downloaded is malware cum phishing tool

Not it is not! What makes you think that is the official site? I think I replied in your thread on another board but now my suspicion has been confirmed. You downloaded a fake 4.0 version of Electrum.

The newest OFFICIAL release is 3.3.8, there is no 4.0 release and the only official site is https://electrum.org/#download and not the one you downloaded from.

They're right it's not from them, as what others mentioned you were tricked in to downloading the wrong version of electrum.

If you're asked to update always check the site first. What version were you using before you downloaded the fake one?

Thanks for info. How should I proceed to properly get rid of this infected software? Uninstalling it and reinstalling from electrum.org should suffice?

Should suffice? Maybe. Definitely will suffice? No.

I don't think anyone has fully analyzed the version 4 malware to find out exactly what it is doing. It is clear that it modifies transactions to send your coins to the hacker's address, but it could be doing a bunch of other things including accessing your seed and sending that to the hackers or even installing clipboard or keylogging malware on your device.

At the very least you should be backing up your wallet files, uninstalling all versions of Electrum, searching your drives for any traces of Electrum and wiping those, running extensive antivirus and antimalware scams, downloading and verifying the latest version from https://electrum.org/#download, setting up a new wallet, and transferring all your funds to the new wallet. This doesn't guarantee your safety by any means, though. Using Electrum in conjunction with a hardware wallet would add a lot more security to this set up.

To be completely sure that you aren't still infected, you will need to reformat your computer.

Feeling really sad for your loses. There is lot of incidents happened like this before where most of the time user got scammed due to visiting electrum phishing web link. It is to notify you that in every electrum phishing attack hackers take the advantage by pushing visitors to their fake websites. In most of these cases new electrum users put their foot on this kinda trap because of having little knowledge about this kinda attacks. Its important to check your browsers address bar to be confirmed about real website address before make any kind of transaction. I think you give less priority to check before browsing. For now try to clean your computer before making any new transaction.

You could get rid off these kinda attacks in future by using your browser's bookmark option. Try to bookmark all official website address to keep you safer from another phishing attack in future.

This is so unfortunate.

Is there somewhere we can blacklist Bitcoin addresses?

Is there a directory for this sort of thing?

Who is we? Where should they be blacklisted? It wouldn't work anyways. What prevents them from creating a new wallet instantly, change their address and keep stealing people?

You can add bitcoin adresses to all sorts of directories, but they're really just useless (See Ninja's reply.).

You have https://www.scambitcoin.com & https://bitcoinwhoswho.com/scams that i know of.

These directories would only become somewhat interesting if Electrum somehow adds a plugin with a blacklist of these addresses, but considering the amount of false positives & the way malware would be able to simply maneuver around such a block & the fact that scammers can generate endless new addresses just makes it utterly useless to do. Not to mention that it's really a step in the wrong direction, towards centralization et al.

TLDR; be your own bank.

This is good practice, but it isn't sufficient. There exist fake websites using punycode to disguise themselves as the real thing, sometimes indistinguishably. If you are using Firefox (which you should be if you care about your privacy), then open a new tab, type about:config, search for network.IDN_show_punycode, and toggle it to true. This will protect you from punycode attacks.

Even then, this isn't enough. The official electrum.org site could still be hacked and start hosting malware. As it says on the Electrum site, you should verify the file you have downloaded before installing it. There's an easy to follow guide to doing this here: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/.

Sure, I understand that.

I meant after the hack is done, how do we track where the stolen coins go? Is there a standard way to know "this address has funds that were stolen on mm/yyyy?

Another bunch of necessary information which will absolutely help electrum users to be careful enough before installing the file. If electrum official site go under hacker control then its quite expected that at first they will plant their malware on file download section. Everyone who will download file after this kinda hacking attempt will get malware infected file on their devices. Electrum related scam incidents isn't a new thing now. So its undoubtedly better to build the habit of verifying file before installing.

Just knowing where the particular UTXO was spent or if the address was publicly posted as "his", nothing else.

I would be a game of cat and mouse.
For the hacker, he can just send the coins to a mixer (https://en.bitcoin.it/wiki/Mixing_service) or ConJoin to reduce the chance of being traced.
For the authorities (not Bitcoin developers), they use specialized software and tools to check if addresses belong to the same wallet or other techniques like Dust attack (https://medium.com/financex/bitcoin-dusting-attack-and-its-dangers-ae423ab6e267) to accomplish it.

If you ask me, the hacker has the advantage on this game, but that depends on his wit.

It wouldn't change anything even if you do. Bitcoin transactions are irreversible so there is no way of getting it back and as previous users mentioned the hackers will find ways to keep stay safe by either mixing the coins or exchanging them for a privacy coin like Monero.
Depending where you are from law enforcement can't or won't do much about stolen Bitcoins unless the amount is significant.

Who is able to steal your bitcoin from your own device then how are you wondering that you will be able to trace hackers/scammer. If hackers are not smarter than us then defenetly they will not able to steal our bitcoin from our own devices. Problem is they will use mixing services in order to cut off transaction history. Perhaps you might able to trace which mixing they are used but we can't do anything against them. Because we will be notice after mixed. So if we can't prevent hackers/scammers before sent bitcoin then we can't do anything after done scam since bitcoin is natively irreversible.