Bitcoin Forum
June 24, 2024, 02:22:36 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hacked Wallet  (Read 527 times)
SteadyHand (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
August 10, 2017, 09:54:45 PM
 #1

I am pretty sure my wallet got hacked.

I followed the Newbies guide to Cold Storage posted on this forum:  https://bitcointalk.org/index.php?topic=1689727.

Basically, uploaded ubuntu.exe on a USB stick and loaded that each time I needed to send btc. After getting my seed, I created a watch only wallet on my Windows. I would have to install Electrum each time on my ubuntu, but did not mind, since i thought the security was worth it.

Anyways, I sent two small amounts to my Kraken account to test. Each time more btc was sent than I had entered.

After confirmation, I pulled up the history details and noticed different addresses along with the Kraken address, far in excess of what I had sent.

https://blockchain.info/tx/018a9537b59be490396e797ae9554e4b180efd8224eed2fc46607030e4835c38

Should I delete my wallet? How do I secure my wallet in the future?
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
August 10, 2017, 10:00:14 PM
 #2

I am pretty sure my wallet got hacked.

I followed the Newbies guide to Cold Storage posted on this forum:  https://bitcointalk.org/index.php?topic=1689727.

Basically, uploaded ubuntu.exe on a USB stick and loaded that each time I needed to send btc. After getting my seed, I created a watch only wallet on my Windows. I would have to install Electrum each time on my ubuntu, but did not mind, since i thought the security was worth it.

Anyways, I sent two small amounts to my Kraken account to test. After confirmation, I pulled up the history details and noticed different addresses along with the Kraken address, far in excess of what I had sent.

I still have some btc in my wallet.

Should I delete my wallet? How do I secure my wallet in the future?
Can you post those address where funds were transferred by hacker* (Assuming your wallet is hacked)
Also please post which wallet version you are using on ubuntu and windows and did you ever left your usb plugged in your windows system and is wallet.dat or your seed is stored on that usb?
SteadyHand (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
August 10, 2017, 10:28:22 PM
 #3

3NgMs5CrT31VrkQVjw5ervkstpuUWQegyg
3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD        
3DZsTkbz4ZAcS8fB7o5PqrenfqdVBbt71E        


My Windows watch only wallet is ver 2.8.3. I have left my USB in my laptop while there was 0 btc in my wallet overnight. But not for any extended amount of time during these "hacks". My wallet.dat is stored on a separate SD card. Seed is stored at my office locked drawer and home(no one at home is that tech savvy enough to do this).

Ubuntu version of Electrum I install is 2.9.3. https://electrum.org/#download

Could the difference in version numbers lead to this?
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
August 10, 2017, 10:56:46 PM
 #4

3NgMs5CrT31VrkQVjw5ervkstpuUWQegyg
3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD        
3DZsTkbz4ZAcS8fB7o5PqrenfqdVBbt71E        


My Windows watch only wallet is ver 2.8.3. I have left my USB in my laptop while there was 0 btc in my wallet overnight. But not for any extended amount of time during these "hacks". My wallet.dat is stored on a separate SD card. Seed is stored at my office locked drawer and home(no one at home is that tech savvy enough to do this).

Ubuntu version of Electrum I install is 2.9.3. https://electrum.org/#download

Could the difference in version numbers lead to this?

32WWKGyZkbMT5YWVKmo6ZihnT3GqVQ99Wx   0.            1   478633
3Er24nHvMAVQRSoCRHej8SPMZYR34figiL   0.            1   478633
3HEq972udxMcKwwaiKN9ffB5ivbPmmwMCk   0.            1   478633
3M1yjjeFQ9gdjr1Yq7v9mu39YGVp7Bh2uD   0.            1   478633
3MUMnfBZpJeQDx8ZBFCxtJUce9Wj2emTbq   0.            1   478633

Does any of these address looks familiar to you? Because this address 3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD   is linked with all the address given above.

and is this your address?
https://blockchain.info/address/3ARF2FPQqvCccoFyzHxQyK3QCZ3DMCPNa7
BitMaxz
Legendary
*
Offline Offline

Activity: 3290
Merit: 3030


BTC price road to $80k


View Profile WWW
August 10, 2017, 11:00:43 PM
 #5

3NgMs5CrT31VrkQVjw5ervkstpuUWQegyg
3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD        
3DZsTkbz4ZAcS8fB7o5PqrenfqdVBbt71E        


My Windows watch only wallet is ver 2.8.3. I have left my USB in my laptop while there was 0 btc in my wallet overnight. But not for any extended amount of time during these "hacks". My wallet.dat is stored on a separate SD card. Seed is stored at my office locked drawer and home(no one at home is that tech savvy enough to do this).

Ubuntu version of Electrum I install is 2.9.3. https://electrum.org/#download

Could the difference in version numbers lead to this?
Are you using a multisig in electrum wallet? this is the same as what happen to me before but i am not using ubuntu i was use the tool like quick search that i was downloaded  from glarysoft and found that i have a 2 wallet.dat with different location.. and rename the one wallet and imported in the default folder and open it in electrum wallet and it works..
Try to find your wallet.dat instead  or if you have a private keys backup about your wallet you can import it but looks like you are using the multi sig i tried multi sig before but you can only get the other private keys and you can get only the other bitcoin address not the address you are using starting from 3xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So better i think just look for the wallet.dat and import it to the electrum wallet  folder so that you can open it in electrum and wait for sync. .

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
SteadyHand (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
August 10, 2017, 11:16:18 PM
 #6

None of the addresses look familiar.

Just as a background filler each time I plug in my USB I chose "Try Ubuntu without installing" option Then I update, upgrade Ubuntu, install python and then Electrum, enter my seed etc.

I never have used my wallet.dat from my SD card since creating my Seed.

Yes, I am using a MultiSig wallet. I will try that
BitMaxz
Legendary
*
Offline Offline

Activity: 3290
Merit: 3030


BTC price road to $80k


View Profile WWW
August 10, 2017, 11:28:56 PM
 #7

None of the addresses look familiar.

Just as a background filler each time I plug in my USB I chose "Try Ubuntu without installing" option Then I update, upgrade Ubuntu, install python and then Electrum, enter my seed etc.

I never have used my wallet.dat from my SD card since creating my Seed.

Yes, I am using a MultiSig wallet. I will try that
If you are just using the seeds and never change your seeds any of the character your bitcoin should be there.
Or better to check the history of your transaction if there is a transaction was sent from other addresses that you don't access..
Better to check it carefully..

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
SteadyHand (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
August 10, 2017, 11:41:26 PM
 #8

Forgot to add, escrow.ms, that this is my address:

https://blockchain.info/address/3ARF2FPQqvCccoFyzHxQyK3QCZ3DMCPNa7

and 3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD  is an address I used for Quadrigax exchange. Yet I have only transferred a small amount to them.



Unless I am missing something, History>right click> details on the transaction gives me the info.


Abdussamad
Legendary
*
Offline Offline

Activity: 3640
Merit: 1571



View Profile
August 11, 2017, 05:23:55 AM
 #9

you should pay attention to the wallet balance not the balance of individual addresses. the wallet balance is displayed in the bottom left of the electrum window.

what you are seeing here is change being sent to change addresses in your wallet. you can confirm that these addresses belong to your wallet by looking at the transaction details. Change addresses are highlighted in yellow while other addresses belonging to your wallet are in green.

More about change:

https://en.bitcoin.it/Change
https://en.bitcoin.it/wiki/Coin_analogy

escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
August 11, 2017, 08:29:47 AM
Last edit: August 11, 2017, 02:35:45 PM by escrow.ms
 #10

Forgot to add, escrow.ms, that this is my address:

https://blockchain.info/address/3ARF2FPQqvCccoFyzHxQyK3QCZ3DMCPNa7

and 3AAmK2ybNLoAtiK8sQXkW3TLE7ZACAMTRD  is an address I used for Quadrigax exchange. Yet I have only transferred a small amount to them.

Unless I am missing something, History>right click> details on the transaction gives me the info.


Well I don't think your bitcoin wallet was hacked, I think you were watching your balance on windows wallet and it might not be showing your balance properly. Your coins are sent to change address (for example this one 3DZsTkbz4ZAcS8fB7o5PqrenfqdVBbt71E) and I would like to mention that you still have your BCH(Bitcoin cash balance on your main address)

I would advice you to login to your ubuntu wallet again and check your balance.
kolloh
Legendary
*
Offline Offline

Activity: 1736
Merit: 1023


View Profile
August 11, 2017, 02:02:00 PM
 #11

you should pay attention to the wallet balance not the balance of individual addresses. the wallet balance is displayed in the bottom left of the electrum window.

what you are seeing here is change being sent to change addresses in your wallet. you can confirm that these addresses belong to your wallet by looking at the transaction details. Change addresses are highlighted in yellow while other addresses belonging to your wallet are in green.

More about change:

https://en.bitcoin.it/Change
https://en.bitcoin.it/wiki/Coin_analogy



Yep, this! Nothing about this looks suspicious to me. Looks simply like change addresses.

Those addresses should be listed under the Address window along with their respective balance. You can also confirm that those addresses belong to you via the console using the ismine("ADDRESS") command.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!