someone stole my bitcoin from an encrypted electrum wallet

[niokobo]

someone just emptied my wallet on electrum with 16,2 btc

the wallet file is encrypted how is this possible

here is the theft

here were my bitcoin
162Q35GC13aFaF6XVRpibVddpjSCbsFkaF
 and now they are here

179kCMPuv8uo9DAzaNUwf3A6FNnpNAsEQU

can anyone help me

[markj113]

someone just emptied my wallet on electrum with 16,2 btc

the wallet file is encrypted how is this possible

here is the theft

here were my bitcoin
162Q35GC13aFaF6XVRpibVddpjSCbsFkaF
 and now they are here

179kCMPuv8uo9DAzaNUwf3A6FNnpNAsEQU

can anyone help me

Sorry for your loss but as a full member here you should know by now that when its gone its gone.

I would check your pc thoroughly for some malware/keylogger.

If it was me it would be fresh install time to be sure

[sengazumi]

Sorry for your loss but as a full member here you should know by now that when its gone its gone.

I would check your pc thoroughly for some malware/keylogger.

If it was me it would be fresh install time to be sure

i did that

how is it possible that they steal my coins when its encrypted and without the private keys

well i know when its gone its gone but i thought it was a flaw or something on the side of electrum

[markj113]

Sorry for your loss but as a full member here you should know by now that when its gone its gone.

I would check your pc thoroughly for some malware/keylogger.

If it was me it would be fresh install time to be sure

i did that

how is it possible that they steal my coins when its encrypted and without the private keys

well i know when its gone its gone but i thought it was a flaw or something on the side of electrum

Alt account much & both red flagged?

 

[sengazumi]

what are you saying

[markj113]

what are you saying

I am saying you originally posted with the username "niokobo" now your are posting with the username "sengazumi" ?

[thesmallgod]

this is really painful. I have seen so many thread concerning how coin were being stolen and it is good to learn for me how to avoid this. I will like to see many senior member comment on this subject because i use electrum wallet too. however have you considered maybe you are being setup probably someone close to you who have access to your device or maybe you kept your private key and seed to your wallet in unsecure places like mails and some other file sharing site.

[sengazumi]

this is really painful. I have seen so many thread concerning how coin were being stolen and it is good to learn for me how to avoid this. I will like to see many senior member comment on this subject because i use electrum wallet too. however have you considered maybe you are being setup probably someone close to you who have access to your device or maybe you kept your private key and seed to your wallet in unsecure places like mails and some other file sharing site.

yes i have 2 different accounts

well i thought my opsec was pretty good and i kept moving my coins from address to address just to make sure noone can get my keys
but i guess i was wrong

i still hope someone can tell me that this is a flaw in electrum wallet and my coins havent been stolen

[markj113]

Could be by continually moving your coins you created more opportunity for a hacker/keylogger to compromise you.

I now use a nano ledger S for peace of mind.  I think when you get to a reasonable amount of bitcoin your nuts if you dont use a hardware wallet.

[sengazumi]

Could be by continually moving your coins you created more opportunity for a hacker/keylogger to compromise you.

im using ubuntu, how can they install a keylogger without my  password?

[LoyceV]

well i thought my opsec was pretty good and i kept moving my coins from address to address just to make sure noone can get my keys

How exactly did you do that? Did you move your coins within your own wallet to a different address within the same wallet?
There was a transaction to your address 9 blocks before the theft. You've been reusing the same address for many transactions. If your private keys got compromised, that's a long-term risk.

i still hope someone can tell me that this is a flaw in electrum wallet and my coins havent been stolen

It's not a flaw in Electrum. That's a lot of money to lose It's also a lot of money to keep in a hot wallet

im using ubuntu, how can they install a keylogger without my  password?

It's impossible to tell exactly what caused it, there are many different possibilities.

Since there were 9 blocks between your transaction and the theft, is it possible someone gained physical access to your computer?
The 9 blocks between you typing in your password and the theft suggest a manual theft, specialized malware works much faster.

[sengazumi]

no i dont think anyone has access to my laptop

and it seems only my electrum wallet is compromissed, i had 501 BTC on a different wallet and nothing happened, none of my email accounts facebook, or any other crypto platform seems to be affected.

The last 3 months i travelled 3 times to asia and holand finland austria and some other countries and unforutatly i used public wifi alot without vpn

the weird thing is my electrum wallet was encrypted, so i dont know how the gained access to that cause i dont write down passwords anywhere

[sengazumi]

I will pay a nice reward for anyone that helps me track down this piece of shit

[Lucius]

no i dont think anyone has access to my laptop

and it seems only my electrum wallet is compromissed, i had 501 BTC on a different wallet and nothing happened, none of my email accounts facebook, or any other crypto platform seems to be affected.

The last 3 months i travelled 3 times to asia and holand finland austria and some other countries and unforutatly i used public wifi alot without vpn

the weird thing is my electrum wallet was encrypted, so i dont know how the gained access to that cause i dont write down passwords anywhere

Almost there is no day to get at least one user of Electrum wallet who was hacked and lost their BTC.It seems to me that there is something specially targeted and attacking users of Electrum on all operating systems and no matter what type of protection they use.

You probably picked up something when using that public wi-fi,but it is strange that only Electrum is affected.It seems that the only correct and safe way to store BTC is hardware wallet/paper wallet/cold storage.

The conclusion is clear,regardless of the steps that we can take to secure our desktop hot wallets they simply are not safe anymore.

[DannyHamilton]

yes i have 2 different accounts

well i thought my opsec was pretty good

Clearly not, if you can't even keep track of which account you are posting from.

Additionally, it appears you re-used the 162Q35GC13aFaF6XVRpibVddpjSCbsFkaF address multiple times (at least 61 times?!)
It is recommended to use each address only once.

and i kept moving my coins from address to address just to make sure noone can get my keys

That won't help at all.  There is nothing about a new key that makes it any more difficult to "get" than an old key.  You probably have malware on your computer that accessed your private keys when you decrypted your wallet to move your coins from address to address.

i still hope someone can tell me that this is a flaw in electrum wallet and my coins havent been stolen

I'm not aware of any such flaw.  Electrum doesn't just send bitcoin transactions when it isn't asked to.  Either you sent a transaction, or someone else gained access to your keys and they sent a transaction.

According to your earlier post, you were using bitcoin-cli, NOT Electrum.  So, if you are now using Electrum AND you are still using the same address, then it sounds like you were moving private keys around.  That is horrible OpSec.  You shouldn't be exposing private keys to multiple pieces of software and extracting them into human readable forms.

If you didn't send that transaction, then there isn't going to be anything you can do to get the bitcoins back.

im using ubuntu, how can they install a keylogger without my  password?

They probably tricked you into installing it for them.

the weird thing is my electrum wallet was encrypted, so i dont know how the gained access to that cause i dont write down passwords anywhere

There are several possibilities.

The thief could have accessed your wallet when you decrypted it to "send bitcoins from address to address".
The thief could have gained access to your Electrum Seed words.
The thief could have gained access to your password when you typed it.
The thief could have gained access to the private key that you exported from Bitcoin Core.
You could have sent the transactions yourself, and then forgotten that you did so.
The thief could have figured out what your password is.
You could have used a weak "brain wallet" instead of letting well written software create the private keys for you.
You could have used poorly written software (which used an insufficient RNG) to generate your private keys for you.

[sengazumi]

thanks everyone for the answers

i think electrum users are targeted with this attack from pornhub

I have seen a video from john mcafee talking about the dangers of porn sites and were he warned explicitly users of pornsites and even said in this video that 1 day users of porn sites will wake up and have their wallets emptied

Here is the video
https://www.youtube.com/watch?v=GuWvIeQpd4A

[CryptoMonitorBot]

You can easily diagnose from where comes the leak :

- Was your computer on when the coins have been sent ?
- Do you have an anti-virus software or firewall ? Was it up to date ?
- Did you have the same password on your wallet and on any internet website/service ?
- Did you enter your password anywhere ?

If I'm right, now your money is here:
https://blockchain.info/address/1K44FRM82amtFBNY6kcJaMb5uUMKDtpoKN
12.47 BTC

And 3.64 BTC was spent here:
https://blockchain.info/address/1EfgpbHDJYvm4VC21WomUTEpLNTrjyV5Cz

Among with 50 BTC going here:
https://blockchain.info/address/1NJghHFxp6GjecKgMtam3mVnued7qFRxQ1
Can we check wether this address is on Bittrex or any other exchange ?

I don't know if that's relevant.. but my Bittrex BTC address also starts with "1N"
coincidence ?

Best regards

[sengazumi]

You can easily diagnose from where comes the leak :

- Was your computer on when the coins have been sent ?
- Do you have an anti-virus software or firewall ? Was it up to date ?
- Did you have the same password on your wallet and on any internet website/service ?
- Did you enter your password anywhere ?

If I'm right, now your money is here:
https://blockchain.info/address/1K44FRM82amtFBNY6kcJaMb5uUMKDtpoKN
12.47 BTC

And 3.64 BTC was spent here:
https://blockchain.info/address/1EfgpbHDJYvm4VC21WomUTEpLNTrjyV5Cz

Among with 50 BTC going here:
https://blockchain.info/address/1NJghHFxp6GjecKgMtam3mVnued7qFRxQ1
Can we check wether this address is on Bittrex or any other exchange ?

I don't know if that's relevant.. but my Bittrex BTC address also starts with "1N"
coincidence ?


thanks i see the coins

answers to your questions:
1) no i was offlin when coins were sent
2)no i have no antivirus or firewall- im using ubuntu 16.04
3)no password was only used for electrum wallet
4)no
Best regards

[Lucius]

thanks everyone for the answers

i think electrum users are targeted with this attack from pornhub

I have seen a video from john mcafee talking about the dangers of porn sites and were he warned explicitly users of pornsites and even said in this video that 1 day users of porn sites will wake up and have their wallets emptied

Here is the video
https://www.youtube.com/watch?v=GuWvIeQpd4A

John McAfee is right about some things regarding security,there is too many infected devices and most of users do not take care too much about their online security.This is one of the reason why there is so many hacks of BTC wallets on desktop PC and probably on mobile devices where security is on more lower level.

He just gives an example of porn sites as a potential source of infection,but you can get virus/malware on almost any site you visit.I agree that hardware wallets should be the best option to keep coins safe,so far they proved impossible to hack.

[adaseb]

Clearly not, if you can't even keep track of which account you are posting from.

Additionally, it appears you re-used the 162Q35GC13aFaF6XVRpibVddpjSCbsFkaF address multiple times (at least 61 times?!)
It is recommended to use each address only once.

Just wondering why its bad to reuse addresses. Besides exposing your public key and privacy, it seems still safe.

Many exchanges re-use addresses thousands of times without issue.