First of all, if this is the wrong section for this, sorry, let me know where I should post it.
Now, there's a friend of mine that used version 1.9.8 and didn't check his wallet in a pretty long time. He had a grand total of 39 BTC in it for some time. A couple of days ago he opened his wallet only to find
a transaction from December that sent the cash to an unknown address. From the looks of it, the person that took the money waited for one confirmation and then sent them through some mixing process. Which means any chances of recovery are basically zero.
The question is - how could this have happened? He had the wallet secured with an unique password. The first thing I thought was a vulnerability in Teamviewer that did the rounds some time ago, but he never had TV installed. Then I thought some sort of trojan/virus/whatever, but he claims to have had antivirus/firewall software installed and active at all times. As far as I can see, there are only 2 possibilities left: he either has a rootkit on his computer or somebody that had physical access to his computer did the deed. The second option is more unlikely, since he is careful about who he lets on the computer and what they do. However, maybe there was some sort of vulnerability in that version of Electrum that I don't know about.
Any ideas?
[edit] - he says the wallet was online all the time and that his computer is on most of the time.