Victim of now-known exploitation in versions 3.0.4 and under

[Mattyhouse]

Original Reddit Post:
So on the 6th of January I spent around half my wallet online time stamped at 18:53. After returning to my wallet yesterday on the 8th there was a transaction made from my wallet on the 7th time stamped 00:56 that I never sent. I use Electrum Wallet version 2.7.12 and note all my transactions hence I know this is not me. How can I have lost bitcoin? Has my computer been accessed remotely? Can you even hack a bitcoin wallet? I can confess I am a newbie when it comes to this, so don't even know where to start to try and get my money back, if I can, and how to prevent whatever has happened from happening again.

Update:

Been told to search on here for more answers, and learnt about this exploit that exists in anything below version 3.0.4 of Electrum. Where do I go from here? Obviously I am now updating my wallet, however how can I retrieve my stolen bitcoin?

[achow101]

so don't even know where to start to try and get my money back, if I can,

You can't. Bitcoin transactions are final once confirmed.

and how to prevent whatever has happened from happening again.

Update your software.

How do you know that you were a victim of that vulnerability? Was your wallet encrypted? If so, you were not a victim of that vulnerability. Did you have your web browser open to random, unknown, and possibly malicious sites? If not, then you were not a victim of that vulnerability. Just because there was a vulnerability does not mean that you were automatically a victim of it. It is also possible you just have malware on your computer and that is stealing your money, in which case you will need to remove said malware.

[ma7555]

In order for the last exploit to work, you must have your electrum wallet running unprotected with any password of 2FA/MultiSig and access a website or run a malicious software that would try use the exploit.

May I ask where did you download your original electrum wallet from? you can find this in your downloads tab in the explorer you used to download.

if it is anything other than electrum.org then you know the reason...

[Spendulus]

so don't even know where to start to try and get my money back, if I can,

You can't. Bitcoin transactions are final once confirmed.

and how to prevent whatever has happened from happening again.

Update your software.

How do you know that you were a victim of that vulnerability? Was your wallet encrypted? If so, you were not a victim of that vulnerability. Did you have your web browser open to random, unknown, and possibly malicious sites? If not, then you were not a victim of that vulnerability. Just because there was a vulnerability does not mean that you were automatically a victim of it. It is also possible you just have malware on your computer and that is stealing your money, in which case you will need to remove said malware.

Suppose a person had the software 2.7.12 installed. Is there any method to go back and verify it? I assume the answer is NO because the signature and verification routines always refer to the downloaded installation DMG, not the installed product in the applications direction.

I'm asking this question as a Mac user, but the question as posed is vital to both PC and Mac.

[ThomasV]

Original Reddit Post:
So on the 6th of January I spent around half my wallet online time stamped at 18:53. After returning to my wallet yesterday on the 8th there was a transaction made from my wallet on the 7th time stamped 00:56 that I never sent. I use Electrum Wallet version 2.7.12 and note all my transactions hence I know this is not me. How can I have lost bitcoin? Has my computer been accessed remotely? Can you even hack a bitcoin wallet? I can confess I am a newbie when it comes to this, so don't even know where to start to try and get my money back, if I can, and how to prevent whatever has happened from happening again.

Update:

Been told to search on here for more answers, and learnt about this exploit that exists in anything below version 3.0.4 of Electrum. Where do I go from here? Obviously I am now updating my wallet, however how can I retrieve my stolen bitcoin?

I had email interaction with the author of that report (user dimme78 in this forum).
There is no reason to believe that this user was a victim of the recently discovered vulnerability.
It seems more likely that he downloaded software from a fake Electrum website.

[HCP]

Suppose a person had the software 2.7.12 installed. Is there any method to go back and verify it? I assume the answer is NO because the signature and verification routines always refer to the downloaded installation DMG, not the installed product in the applications direction.

Verify what exactly? That the downloaded file was legit? If so, and you still have the downloaded file... then yes, you can still verify it now.

Have a look through: http://download.electrum.org/

You can see all the old versions of Electrum AND their matching signature files (.asc files) for ALL the OSes/installer types.

For instance, 2.7.12 is here: http://download.electrum.org/2.7.12/  and you can see the .dmg and .dmg.asc files. Assuming you still have the .dmg that you originally downloaded, you should be able to verify that it is legit by using the .dmg.asc file and GPG.