Bitcoin Forum

I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.

Bitcoin Mainnet transaction 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2

From my wallet
0.01229382 BTC to  3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

https://explorer.bitquery.io/bitcoin/address/3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID

Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s  (that was also reported here on this forum)


https://www.bitcoinwhoswho.com/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s - Scam Alert: This address has been reported as fraudulent (78 times) 


Thank you :)

You may just browse incoming transactions on 3EJE...
https://www.blockchain.com/btc/address/3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm
https://explorer.bitquery.io/bitcoin/address/3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm/inflow

but why not check outgoing transaction on your address? Than obviously you will have your TX ID

The address in question has received some withdrawals from binance. Click here (https://www.blockchain.com/btc/tx/a5791bc7f43bae912751b71b0f5cbe691b121098f55a88e4c8eac8309ba09a31) to see one of them.
I don't know how this can help you. Unfortunately, your fund has gone. Bitcoin transactions are irreversible.


This is binance hot wallet address and has over 1 million transactions. Note that it's not true to say any address that has connection with this address belongs to a scammer.

Were you looking for the TXID of the transaction that spent 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2?
If so, here it is: 4c31735ea4d497459b6e2dea4e59195c39c10f11ae999e92cf36887b5670914d (https://www.blockchain.com/btc/tx/4c31735ea4d497459b6e2dea4e59195c39c10f11ae999e92cf36887b5670914d)
Bitcoins was sent to 13DCkgkHea1kgihtEY8uuveUtdn67nv2pM and 3G3Tq629nZ5HkybHQ1Uoofb3rLgzSBJLir (change)
It is the change, because it was used as input together with 3EHvCce1Ke6fypBpjJatqiFXUY8Wj8USbr which was also used with 3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm.

I can't see any strong correlation since both aren't used as inputs in a single transaction.
And it belongs to Binance.

Most likely that those are from compromised Binance accounts, hacked by the same hacker(s).

How does this happen though? That's what I want to know.

Only the OP can answer this question... This being said, the most common attack vectors are:

• The seed phrase: if a hacker gets his/her hands on this seed phrase, your btc is gone... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
• The wallet file itself: if a hacker gets his/her hands on the wallet file, your btc is gone if it isn't properly encrypted (and even if it IS properly encrypted, it can be only a matter of time before your funds are gone)... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
• The victim's computer: if a hacker gains access to your system, the odds of your funds dissapearing increase dramatically
• A vulnerability in the wallet software... IDK if there are vulnerability's in OP's version... but it has happened for other wallets in the past

The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.

It's easy to think that they got access only minutes before the tx occurred, but if really looked to be a stagnant wallet a thief could have waited for while to see if more BTC was coming in before they took it all.

-Dave

the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? ??? you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. :(

Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined. I'm not sure if Exodus wallet encryption was or is as bad as other wallets (like Jaxx etc) that have done stupid things like use a 4 digit PIN for encryption or store the phrase in plaintext etc.

However, it is also impossible to know for sure what the user has or hasn't done either. It's possible they used the same recovery phrase in another (compromised) wallet/website... it's possible they stored their seed in an email or on a cloud drive or as a screenshot... it's possible their computer was compromised etc.

That's an unfortunate thing but people can decide for themself if the risk is worth the benefit. On the other hand, the scammer address is receiving this type of transactions into it regularly which indicates an ongoing scamming process, not just a one-off thing.

So you put your 12 word seed phrase into Mycelium? ??? :o :o

If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. :-\

Especially if that device is a phone. Most andoid apps you don't know what you are really running.

Mycelium can be used as a watch-only wallet for just the addresses.

In an ideal world people would use that feature but in a non-ideal world they just use their seed phrase.  ;D But if you really thought you could trust something then there should be no problem doing that.

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

the reason for that is apps that are obtained from the play store for the most part are not audited and are not open source so you don't know really what's running on your phone. you just trust the wallet's reputation. whether thats good enough for someone depends on how much money they have at risk. and what it would mean to lose it. :)

Therefore, we should always strive for proven solutions, but again with an exceptional dose of caution and verification of downloaded files before we start using them. No matter if millions of people may say that Electrum is a legal crypto wallet, that doesn't mean that there aren't countless fake copies just waiting for the next sucker who has no idea what awaits him.

When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad.

It's not only the wallet itself, but any software you install increases the risk of compromising your wallet. That's why I prefer to install as few apps as possible on my phone.
On my PC I use a VM whenever I install anything new. I keep a freshly installed VM for this, and clone it each time before I use it. I typically name it something like: "wallet X, delete when done".

This is what makes a simple transaction take an hour sometimes :D Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe.

I’ll always choose the “slow but safe” option, rather than “fast but risky,” because it’s something that definitely worked all these years since I’ve been interested in Bitcoin. When I look at all this from a distance, it paid off to apply the advice of those who were experienced members of the forum 6-7 years ago.

I think we can all agree that cryptocurrencies are an area that requires everyone to be extremely careful in everything they do, otherwise what happened to the OP will happen to everyone sooner or later.

You wouldn't unless you know how to inspect the code and look for backdoors and things in the codebase that shouldn't be there. That's why it's recommended to use open-source wallets. But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code. But at least it's possible to do so, and you are trusting that others have done it properly. If a wallet has been around as long as Electrum has, you can be sure that it has been thoroughly checked by numerous security experts. 

It's not just the checking and the verification of the legitimacy of the code. You shouldn't forget; since it's open-source, the other applications' developers can read its code and update their apps in a way that they interact with the open-source one.

You have to ensure that your machine is clean. If it has caught anything weird, it's recommended to not move/sign anything. Even if you've downloaded from the correct website and verified the developer's signature.

I know you probably don't read this thread anymore, but do you think you could have accidentally installed some sort of malware that stole your wallet?