moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 12:26:31 AM Last edit: December 29, 2017, 08:47:29 PM by moraesalves |
|
Hi guys, please, someone help me. I download from Electrum Wallet from https://electrum.org/#download and instaled it. The computer was secure (but conected to internet) i have other wallets there and they are ok. I never share or expose my private key or the seed, dont even had time to do that. I make two transactions (deposits) 0511126c3516c753dcb1207b653b65a5d445064fc5466523a6bc392a84a7bf44 and 7e68f27d8b9ae703506dd09eb34b19ca34d316c5d321ba8f903b73eec0fc20f9 But some minutes later there was a third transaction (withdraw) 3e874387a5ed0a9a93c5cbbf446694d20839e91d64b25a1f06c6b95247dfdcb2 This one take all my money... I never do this one and nobody touches my computer, i was alone and the wallet was created just few minutes before. I guess the money is at 1L86op15jpwkowVNYgPLyfTSypnp7NXpfq but im not shure. Am i missing something? Or someone really stolen my btc? Can someone please help me, i'm sure that the computer is ok and secure other way the rest of the wallets would be stolen too. Thank you all
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 12:54:23 AM |
|
No, it is not my wallet but following the money with blockexplorer.com it seems to me that the btc are there.
Anyone here can help me?
Im lost...
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
December 29, 2017, 06:43:24 AM |
|
Sorry to be the bearer of bad news, but if you did not set up and send this transaction: https://blockchain.info/tx/3e874387a5ed0a9a93c5cbbf446694d20839e91d64b25a1f06c6b95247dfdcb2 and the address 1L86op15jpwkowVNYgPLyfTSypnp7NXpfq is not in your wallet... and Electrum is showing a "0" balance, then your 2.99 BTC are gone and your chances are getting them back are basically zero Given the transaction was sent with 973+ sats/byte fee, and fees were only around 600 at the time, it looks like someone stealing your coins and wanting the fastest confirmation possible.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
December 29, 2017, 11:39:21 AM |
|
If the wallet is download from official site then we can conclude that problem is not in fake wallet.What is most likely that you have some keylogger/malware on your PC which is wait to steal something from you,and your Electrum seed is became a valuable target.
From where you send those 2 transactions,desktop wallet or online/exchange?Since other wallets on your PC are intact maybe hacker is just targeting BTC and not altcoins you have in other wallets.
However if you 100% sure you have original Electrum and this is happen,you have something bad on your PC.Make a backup of everything you need and format disk-make a clean install of OS.Use proven antivirus+firewall and Malwarebytes Premium,never click on suspicious links or download unverified things.People who use cryptocurrency have become valuable and easy targets these days-hardware wallets,or cold storage(paper wallets) are the only way to prevent this sort of thing.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
December 29, 2017, 11:50:30 AM |
|
However if you 100% sure you have original Electrum and this is happen,you have something bad on your PC.Make a backup of everything you need and format disk-make a clean install of OS.Use proven antivirus+firewall and Malwarebytes Premium,never click on suspicious links or download unverified things.People who use cryptocurrency have become valuable and easy targets these days-hardware wallets,or cold storage(paper wallets) are the only way to prevent this sort of thing.
This is a good advice for basic computer security, and every who is dealing with cryptocurrencies should do it, but this is not enough to insure oneself against getting robbed. This is why people who are dealing with large sums are using cold storage to make sure that their private keys are never exposed to anything that is connected to the network. The easiest way to get cold storage is to order a hardware wallet, but alternative it can be built by using and old PC/laptop that is disconnected from the network and a flash drive with some trusted OS like Linux. This setup can be used to create offline wallet and sign transactions when there's a need to spend from this wallet, which are then transferred to online machine to get broadcast.
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 12:42:44 PM |
|
Thank you very much guys. Unfortunately i guess it is lost forever. Sorry to be the bearer of bad news, but if you did not set up and send this transaction: https://blockchain.info/tx/3e874387a5ed0a9a93c5cbbf446694d20839e91d64b25a1f06c6b95247dfdcb2 and the address 1L86op15jpwkowVNYgPLyfTSypnp7NXpfq is not in your wallet... and Electrum is showing a "0" balance, then your 2.99 BTC are gone and your chances are getting them back are basically zero Given the transaction was sent with 973+ sats/byte fee, and fees were only around 600 at the time, it looks like someone stealing your coins and wanting the fastest confirmation possible. I didn't know about the fee... now is clearly to me that someone (should be burning in hell) stole my btc. If the wallet is download from official site then we can conclude that problem is not in fake wallet.What is most likely that you have some keylogger/malware on your PC which is wait to steal something from you,and your Electrum seed is became a valuable target.
From where you send those 2 transactions,desktop wallet or online/exchange?Since other wallets on your PC are intact maybe hacker is just targeting BTC and not altcoins you have in other wallets.
However if you 100% sure you have original Electrum and this is happen,you have something bad on your PC.Make a backup of everything you need and format disk-make a clean install of OS.Use proven antivirus+firewall and Malwarebytes Premium,never click on suspicious links or download unverified things.People who use cryptocurrency have become valuable and easy targets these days-hardware wallets,or cold storage(paper wallets) are the only way to prevent this sort of thing.
That is what i am worry about, i downloaded from the right site and have anti virus and anti malware instaled on and never use to anything beside manage crypto. The btc lost was sent from a exodus wallet in the very same note and this wallet was not corrupted. I have no idea what happened, the computer seens clear. Anyway, for as crazy as it seens, the most secure place that i can find to send my coins now was Bittrex until my trezor wallet arrives, besides, now i have to day trade to recover the stolem btc. (sorry for my english, it is as poor as my crypto knowledge)
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
December 29, 2017, 02:08:22 PM |
|
Did you check the signature of the file you've downloaded? Or at least the Hash? If you still want to find out what happened you could check the signature of the file. This would give the awnser to the question if you were a target in a Man-in-the-Middle atack (and only your electrum wallet was modified) or if your PC seems to be compromised. You can find a small guide for checking signatures here: https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/how-to-verify-your-downloaded-files-are-authentic/For the current windows installer this is the sig: -----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDml7cQAIFCtI3w+2/FPWzKImdJCRky jlOsHWYNTlODAvj1SPCP/jZkrf9dpGjqXrAIQ7q4feOnCKvlKrJCZeHe+9sHkyqD TDDOIOORFxCFdnk4TgPe+g3kVT2/9nsIwq4n35JZVC7QQD0q9k1Epv015fQhDdoQ fcZoq9YqSQ8zDnhd6egRYe33Tip4JWFhaHYQw/FZp3W1+/L7WBqf+z5HxdzKOpJ/ 93vnhh2m2xHltqL8hZ3KXaGXAPoubffu6+BIvlKbbDX9WULIrcbHgQABYhTZ7qWj Gu+n+lXh4omZcltSxEk6zp1jU7+7pwu9GET0epN80OAY3AfoUors4oiYYM7ab4mk rxvPODm68z4nZE4OWDptV71yI/T5OfDT+lB3KYgtdpco7NL11Vj8PdKQJBK6ItBx qGDr5yAfS9tm9cEKUqQSpnN+GMTYNs8b3ChLGKi2XpVSSnjzX8Z1rvYJyxhkPKvF qSjkZLLERbKwPYsxFGECLSET6G9MBXUL0v/R9zd22WVqtyT9uPVuzIqLH7Wh5H7k 7a48+6UmGbzmwPcvaqRe4QJOAHWJv9dQ3//6KI+PV4mBBfdAqzGccJ5Fsqh2+T1s lvlh58wHzwD2LGyaGWhA5G+6LYudbixadoOKsey8l5trgcIOcQkwe+ES1QBWtIaL 9ctR8vlq48L+/GbkX4dT =PtAe -----END PGP SIGNATURE-----
to be found here: https://download.electrum.org/3.0.3/electrum-3.0.3-setup.exe.ascAll files are signed by ThomasV. ( https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6) I have no idea what happened, the computer seens clear.
Generally, after such an incident, you should regard your computer as compromised. Back up the most important files and wipe your drive completely. It would be safer to start from a fresh installed OS.
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 04:37:20 PM |
|
Did you check the signature of the file you've downloaded? Or at least the Hash? If you still want to find out what happened you could check the signature of the file. This would give the awnser to the question if you were a target in a Man-in-the-Middle atack (and only your electrum wallet was modified) or if your PC seems to be compromised. You can find a small guide for checking signatures here: https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/how-to-verify-your-downloaded-files-are-authentic/For the current windows installer this is the sig: -----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJaL3HRAAoJECvVgkt/lHDml7cQAIFCtI3w+2/FPWzKImdJCRky jlOsHWYNTlODAvj1SPCP/jZkrf9dpGjqXrAIQ7q4feOnCKvlKrJCZeHe+9sHkyqD TDDOIOORFxCFdnk4TgPe+g3kVT2/9nsIwq4n35JZVC7QQD0q9k1Epv015fQhDdoQ fcZoq9YqSQ8zDnhd6egRYe33Tip4JWFhaHYQw/FZp3W1+/L7WBqf+z5HxdzKOpJ/ 93vnhh2m2xHltqL8hZ3KXaGXAPoubffu6+BIvlKbbDX9WULIrcbHgQABYhTZ7qWj Gu+n+lXh4omZcltSxEk6zp1jU7+7pwu9GET0epN80OAY3AfoUors4oiYYM7ab4mk rxvPODm68z4nZE4OWDptV71yI/T5OfDT+lB3KYgtdpco7NL11Vj8PdKQJBK6ItBx qGDr5yAfS9tm9cEKUqQSpnN+GMTYNs8b3ChLGKi2XpVSSnjzX8Z1rvYJyxhkPKvF qSjkZLLERbKwPYsxFGECLSET6G9MBXUL0v/R9zd22WVqtyT9uPVuzIqLH7Wh5H7k 7a48+6UmGbzmwPcvaqRe4QJOAHWJv9dQ3//6KI+PV4mBBfdAqzGccJ5Fsqh2+T1s lvlh58wHzwD2LGyaGWhA5G+6LYudbixadoOKsey8l5trgcIOcQkwe+ES1QBWtIaL 9ctR8vlq48L+/GbkX4dT =PtAe -----END PGP SIGNATURE-----
to be found here: .ascAll files are signed by ThomasV. ( https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6) I have no idea what happened, the computer seens clear.
Generally, after such an incident, you should regard your computer as compromised. Back up the most important files and wipe your drive completely. It would be safer to start from a fresh installed OS. Ohhhhh F*** Is it possible? First of all i downloaded from https://electrumsource.org/#download (cant remember if was the stand alone executable or windows instaler, i tried both), version 3.0.0. Is that the wrong site? I dond know how to use Kleopatra yet but the asc file on my electrum directory shows: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCgAGBQJZjYhyAAoJECvVgkt/lHDmf5MP/2Qai6OUKCbG/146dRa7E6em ZU4TqrRQofgW6Ya7hO9XG3T+5ji/5HF66/SJ+G3qNVcaJnLGL3KomN42sv52WANx 1/qeOfZckwrzC/k1AmIzR43/eaGUcC9Fr+orjz2eQlpE4qfQiijvGS6T6ZMQtJFC axKCv0pA1VvnEMlQf+PScde/BF8wgGY43xa3pm0jrHXJu0Tbtl3JvuDrh9sI1Zan fhjV7OldtOijNmvj0mAGbvuSjZKN3Pf3VKHD1acGQ92Owj19j/MB9lgesbrygvvk 7fX+9Lw9yl9BK9JD0xTnhrNTRZvVLp4fKskAF6KfhkJjm+bm+m+p/WTp1IfrywXY CYx/GD6ZbSqrwnq7sEUhVaaLQC33G97Lwu1Jmsm8fu5iy+QcE7kCa+Pu9C8kv1e4 zwVK/kiyHQSY8m506GgrJhtfODmeTloryUNterKoFaRjuN9bRPxotr85QdhVy4Ci PoWW8+tHttmHsLfF9CtcmYkzSSYyB+HsTSvhkgs/Rl4zJ2526Xw4i10scfD0dhar ikk8OONbYFWO0LJSgakqcezhYgGqMiyw7jXMS+II1QSvCHDgpCpnLekoYclH/lo/ Kdzq/OwUdm3peh39hggy5LwciC3OXG9EslhNlP6HqK9rg1AAsGGAoIr+jpbmRBqD 577hMthTTwWAlU9B0nke =YtfS -----END PGP SIGNATURE----- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Oh my God!!!! https://electrumsource.org is fake isnt it?? We must take this site down, they are stollen money from assholes like me and spoiling the reputation of the wallet!!
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3024
Merit: 7443
Top Crypto Casino
|
|
December 29, 2017, 05:06:44 PM |
|
Ohhhhh F*** Is it possible? First of all i downloaded from https://electrumsource.org/#download (cant remember if was the stand alone executable or windows instaler, i tried both), version 3.0.0. Is that the wrong site? I dond know how to use Kleopatra yet but the asc file on my electrum directory shows: -snip- https://electrumsource.org is fake isnt it?? We must take this site down, they are stollen money from assholes like me and spoiling the reputation of the wallet!! Yeah... This website and the binaries are fake. The only real website you should use to download Electrum is: https://electrum.org/This means that you coins are gone and there is really no way to recover them. And that's not the first time I see people falling for this scam. I'm sorry
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
December 29, 2017, 05:20:09 PM |
|
In your first post you post link to official site of Electrum and now you say that you download it from this fake site, so it is fake wallet who steal your BTC and nothing else.But it is good that you admitted your mistake so we know what it is all about,unfortunately you pay high price just because you did not check is this site is real or fake.
There are lot of such sites,and no matter how many of them are closed new ones appear constantly.Stealing of cryptocurrency has become a very lucrative business...
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 05:39:22 PM |
|
In your first post you post link to official site of Electrum and now you say that you download it from this fake site, so it is fake wallet who steal your BTC and nothing else.But it is good that you admitted your mistake so we know what it is all about,unfortunately you pay high price just because you did not check is this site is real or fake.
There are lot of such sites,and no matter how many of them are closed new ones appear constantly.Stealing of cryptocurrency has become a very lucrative business...
Yes, you are right in the first post i access the site from this computer but now that i am trying to check signature i access the site again from the computer with the wallet and notice the diferent address and version of the wallet. Thank you all for the help and support. It was a expensive mistake for me.
|
|
|
|
audaciousbeing
|
|
December 29, 2017, 06:16:47 PM |
|
In your first post you post link to official site of Electrum and now you say that you download it from this fake site, so it is fake wallet who steal your BTC and nothing else.But it is good that you admitted your mistake so we know what it is all about,unfortunately you pay high price just because you did not check is this site is real or fake.
There are lot of such sites,and no matter how many of them are closed new ones appear constantly.Stealing of cryptocurrency has become a very lucrative business...
Yes, you are right in the first post i access the site from this computer but now that i am trying to check signature i access the site again from the computer with the wallet and notice the diferent address and version of the wallet. Thank you all for the help and support. It was a expensive mistake for me. This is more than an expensive mistake its a grievous one at that to lose over $30000 just like that, the scammers would be happy someone fell for their unscrupulous action. After reading the entire thread, the take home from there is that we should be more careful from the source we download from as the slightest error in spelling, or arrangement of the letters could be a smoking gun which should be investigated and be sure before going ahead. I want to suggest that you change the title of the thread to indicate its from a fake Electrum website because I must admit, after reading your first message I was a bit scared of whether Electrum has been comprised. Doing this will make people more careful in downloading softwares.
|
|
|
|
flatfly
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
December 29, 2017, 07:25:50 PM |
|
Sorry for your loss.
How did you actually come across that fake download site? I can't find it using Google, no matter what keywords I try.
Finding out where you got that URL from (forum post? IRC? email?) might lead to the attacker.
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 29, 2017, 08:42:36 PM |
|
In your first post you post link to official site of Electrum and now you say that you download it from this fake site, so it is fake wallet who steal your BTC and nothing else.But it is good that you admitted your mistake so we know what it is all about,unfortunately you pay high price just because you did not check is this site is real or fake.
There are lot of such sites,and no matter how many of them are closed new ones appear constantly.Stealing of cryptocurrency has become a very lucrative business...
Yes, you are right in the first post i access the site from this computer but now that i am trying to check signature i access the site again from the computer with the wallet and notice the diferent address and version of the wallet. Thank you all for the help and support. It was a expensive mistake for me. This is more than an expensive mistake its a grievous one at that to lose over $30000 just like that, the scammers would be happy someone fell for their unscrupulous action. After reading the entire thread, the take home from there is that we should be more careful from the source we download from as the slightest error in spelling, or arrangement of the letters could be a smoking gun which should be investigated and be sure before going ahead. I want to suggest that you change the title of the thread to indicate its from a fake Electrum website because I must admit, after reading your first message I was a bit scared of whether Electrum has been comprised. Doing this will make people more careful in downloading softwares. Yes that mistake destroy my hollyday, my humor and my guts (literaly). I would change the title of the topic as you sugested. Sorry for your loss.
How did you actually come across that fake download site? I can't find it using Google, no matter what keywords I try.
Finding out where you got that URL from (forum post? IRC? email?) might lead to the attacker.
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search....
|
|
|
|
TryNinja
Legendary
Offline
Activity: 3024
Merit: 7443
Top Crypto Casino
|
|
December 29, 2017, 09:13:03 PM |
|
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search.... That's probably an ad. It is common for scammers to pay Google so their fake website can be shown above the real website. The same happened with BitMixer and now is happening with ChipMixer. Everybody can help by reporting the website to google with this form: https://safebrowsing.google.com/safebrowsing/report_phish/
|
|
|
|
flatfly
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
December 29, 2017, 09:31:12 PM Last edit: December 30, 2017, 09:19:55 AM by flatfly |
|
Sorry for your loss.
How did you actually come across that fake download site? I can't find it using Google, no matter what keywords I try.
Finding out where you got that URL from (forum post? IRC? email?) might lead to the attacker.
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search.... This seems to be a well-executed and advanced scam campaign, and is still ongoing. I've just identified more domains, most probably run by the same attackers: www . electrumproject . org www . electrumonline . org www . electrumsource . org www . openelectrum . org www . electrumsoft . org I would suggest to file a police report with your local cybercrime dept (if any), and/or CERT Brazil ( www.cert.br) .
|
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
December 30, 2017, 02:02:02 PM |
|
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search.... That's probably an ad. It is common for scammers to pay Google so their fake website can be shown above the real website. The same happened with BitMixer and now is happening with ChipMixer. Everybody can help by reporting the website to google with this form: https://safebrowsing.google.com/safebrowsing/report_phish/I just use google search for "Electrum" and get one of the fake sites at the top of the page,it is paid advertising and it is big problem for crypto community.Since Electrum is one of the most popular wallets we can only imagine how many people are deceived and lost their money. I will definitely report each of these fake pages and I hope Google will do something about that quickly.I do not know it is possible but they should not allow any advertising with "electrum" in the name of the site.
|
|
|
|
moraesalves (OP)
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 31, 2017, 01:28:27 PM |
|
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search.... That's probably an ad. It is common for scammers to pay Google so their fake website can be shown above the real website. The same happened with BitMixer and now is happening with ChipMixer. Everybody can help by reporting the website to google with this form: https://safebrowsing.google.com/safebrowsing/report_phish/I just use google search for "Electrum" and get one of the fake sites at the top of the page,it is paid advertising and it is big problem for crypto community.Since Electrum is one of the most popular wallets we can only imagine how many people are deceived and lost their money. I will definitely report each of these fake pages and I hope Google will do something about that quickly.I do not know it is possible but they should not allow any advertising with "electrum" in the name of the site. I agree, that is for sure a big scam campaing the almost 3 btc stollen from me is at the same adress yet meaning the thiefs dont even noticed or used that. This people are making big money with this sites. In the moment the electrumsource.org don appear on google search but still on air, instead the first seite on this search is www.electrumsoft.org/. Already alerted google and now im making the properly report to local police. Thank you guys
|
|
|
|
Spendulus
Legendary
Offline
Activity: 2926
Merit: 1386
|
|
January 02, 2018, 03:14:37 AM |
|
I foud the fake site just typing "electrum wallet" on google (i am using www.google.com.br) or just "electrum". To me the fake appears o top, above the correct site. Is the first site on this search.... That's probably an ad. It is common for scammers to pay Google so their fake website can be shown above the real website. The same happened with BitMixer and now is happening with ChipMixer. Everybody can help by reporting the website to google with this form: https://safebrowsing.google.com/safebrowsing/report_phish/The "don't care" and somewhat enabling attitude of Google is rather alarming. I just use google search for "Electrum" and get one of the fake sites at the top of the page,it is paid advertising and it is big problem for crypto community.Since Electrum is one of the most popular wallets we can only imagine how many people are deceived and lost their money. I will definitely report each of these fake pages and I hope Google will do something about that quickly.I do not know it is possible but they should not allow any advertising with "electrum" in the name of the site. I agree, that is for sure a big scam campaing the almost 3 btc stollen from me is at the same adress yet meaning the thiefs dont even noticed or used that. This people are making big money with this sites. In the moment the electrumsource.org don appear on google search but still on air, instead the first seite on this search is www.electrumsoft.org/. Already alerted google and now im making the properly report to local police. Thank you guys
|
|
|
|
|