Bitcoin Forum
August 19, 2018, 08:13:21 PM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Bitcoin stolen from Electrum wallet  (Read 199 times)
adamtyelor1
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 07, 2018, 03:52:29 PM
 #1

This morning I created an Electrum wallet (3.1.0) and transfered 1BTC. 1 hour later 2 withdraws were made, and now my wallet is empty. I lost the 1 BTC I had there.

I had 2 FA activated how is that even possible.

Please help me.
1534709601
Hero Member
*
Offline Offline

Posts: 1534709601

View Profile Personal Message (Offline)

Ignore
1534709601
Reply with quote  #2

1534709601
Report to moderator
1534709601
Hero Member
*
Offline Offline

Posts: 1534709601

View Profile Personal Message (Offline)

Ignore
1534709601
Reply with quote  #2

1534709601
Report to moderator
1534709601
Hero Member
*
Offline Offline

Posts: 1534709601

View Profile Personal Message (Offline)

Ignore
1534709601
Reply with quote  #2

1534709601
Report to moderator
"In a nutshell, the network works like a distributed timestamp server, stamping the first transaction to spend a coin. It takes advantage of the nature of information being easy to spread but hard to stifle." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534709601
Hero Member
*
Offline Offline

Posts: 1534709601

View Profile Personal Message (Offline)

Ignore
1534709601
Reply with quote  #2

1534709601
Report to moderator
1534709601
Hero Member
*
Offline Offline

Posts: 1534709601

View Profile Personal Message (Offline)

Ignore
1534709601
Reply with quote  #2

1534709601
Report to moderator
adamtyelor1
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 07, 2018, 03:58:37 PM
 #2

The 2 transaction TX were:

6f99b1fe0040443d8dcf2bb1793a26148989f386769c0296645a3171fc32ee4f
48a8c22d0ba6ae103d2e2da068b814e701f73af38c7aa556ab12e0cf27d23e17

The IP from which they connected to the wallet must be known to Electrum! Also how come it didn't ask the hacker 2FA to withdraw?

Please help.
Near28
Jr. Member
*
Offline Offline

Activity: 41
Merit: 9


View Profile
March 07, 2018, 04:00:10 PM
 #3

Check your Download-History, did you load Electrum from the original electrum.org website?
buwaytress
Hero Member
*****
Offline Offline

Activity: 714
Merit: 655


I bit, therefore I am


View Profile
March 07, 2018, 04:38:52 PM
 #4

So your Electrum wallet address is which? Can you show the transaction you made to your wallet? The tx ids you've shared seem to be the one transferring it out. If the first tx is yours, then the 2nd only transferred out 0.015+ BTC. How about a more detailed description? Are you sure your wallet's fully synced(green button, bottom right) and your balance (bottom left) is 0?

Like you said, if 2fa was enabled, doesn't seem likely. Also, if this was your first transaction with Electrum 2FA, it should have spent the fee to TrustedCoin.

bob123
Hero Member
*****
Offline Offline

Activity: 658
Merit: 530



View Profile WWW
March 07, 2018, 04:43:54 PM
 #5

This morning I created an Electrum wallet (3.1.0) and transfered 1BTC. 1 hour later 2 withdraws were made, and now my wallet is empty. I lost the 1 BTC I had there.

I had 2 FA activated how is that even possible.
Also how come it didn't ask the hacker 2FA to withdraw?

If you really had 2FA 'activated' the most likely 2 things which happened (in my opinion) are those:
1) You have downloaded a malicious version of electrum and therefore didn't have any real 2FA activated.
2) You are completely compromised. Someone has access to a) your PC and b) has either cloned your mobile or cloned your GA code(s).

You should definetely scan your system for any malware. And to be on the safe side you should setup a fresh OS install.

Additionally, the next time you are going to store BTC: Make sure to store relatively high amounts (like 1 BTC is currently) safe offline (hardware or paper wallet).

adamtyelor1
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 07, 2018, 05:43:25 PM
 #6

I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.
stevegee58
Legendary
*
Offline Offline

Activity: 918
Merit: 1003



View Profile
March 07, 2018, 05:53:52 PM
 #7

I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.

It doesn't cost you anything to inform Binance and see where it takes you.

Regarding malware, I'm gonna guess you're a Windows user.  Stop that and switch all your crypto activities to Linux.

You are in a maze of twisty little passages, all alike.
BitMaxz
Legendary
*
Offline Offline

Activity: 1162
Merit: 1032

Bitmain miners is getting worst.


View Profile
March 07, 2018, 05:55:29 PM
 #8

There are many phishing sites these days, and mostly they are abusing the free service from google or bing ads.

they are promoting a fake electrum because its mostly use by many bitcoin users and they can target and choose only new users with adwords or bing ads. I have basic seo knowledge and I know how to setup the adwords and bing ads I use them for a long time when promoting a whitehat niche so I know those scammers doing..

I already posted a sample of a fake website here in the forum you can check my post here

https://bitcointalk.org/index.php?topic=2958844.msg30441754#msg30441754

I heard someone downloaded a fake electrum, but in LTC version past few days ago and maybe this is the website where you download the electrum.
Code:
http://electrumltc.org/


If the site is different better to share with us the correct website so that we can report it immediately to google or bing ads. to remove this fake website.

adamtyelor1
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 07, 2018, 07:36:28 PM
 #9

Thanks for the answers. I downloaded the software from this page:

https://electrum.org/#download

It is the official version I would say. But they used the REMCOS malware to keylog everything and stole my money like this.
stevegee58
Legendary
*
Offline Offline

Activity: 918
Merit: 1003



View Profile
March 07, 2018, 07:42:15 PM
 #10

You're assuming remcos was packaged with Electrum.  It's more likely that you were already infected.

You are in a maze of twisty little passages, all alike.
NeuroticFish
Legendary
*
Offline Offline

Activity: 1582
Merit: 1048


The real one is http://bitcoin.ORG


View Profile WWW
March 07, 2018, 07:45:12 PM
 #11

Thanks for the answers. I downloaded the software from this page:

https://electrum.org/#download

It is the official version I would say. But they used the REMCOS malware to keylog everything and stole my money like this.

I guess that they didn't just keylog everything, they also copied some of your files (at least the wallet file).
Since they logged all, they have your password too, so they could access your private keys, even if you had the 2FA.

All in all, your money was not stolen from Electrum. It was stolen .. from you.
Very sad story Sad

You should have really check your computer for viruses before trying to keep one Bitcoin on it...

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
adamtyelor1
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
March 07, 2018, 08:14:25 PM
 #12

I didn't say the Electrum wallet was infected, but yea my computer was infected by this malware at some point, and they used it to hack my Electrum wallet and withdrew the funds.
HCP
Hero Member
*****
Offline Offline

Activity: 700
Merit: 903

<insert witty quote here>


View Profile
March 08, 2018, 03:29:41 AM
 #13

I suspect they didn't "hack" your wallet, or your 2FA... they will have keylogged the seed when you had to enter it during wallet setup.

By using the seed they will have been able to restore the 2FA wallet in "disabled" mode, with two private keys in the wallet file, allowing them to create and sign transactions while bypassing TrustedCoin's 2FA system.

An unfortunate, and costly, lesson about the dangers of malware and cryptocurrency Undecided


I traced the stolen bitcoins to Binance, unsure what I can do from here.
Pretty much nothing. I doubt Binance will care and to be honest, aside from "your word", there is no way to prove they were actually "stolen". Yes, they were transferred... but there is no way to prove that this was an unauthorised transfer, as the thief "proved" ownership by signing the transaction with the private keys...

Cryptocurrency can be a harsh mistress.  Undecided

pushups44
Sr. Member
****
Offline Offline

Activity: 504
Merit: 252



View Profile
March 08, 2018, 05:37:21 AM
 #14

Wow. Very good advice on this thread. Some of the interesting ones: use Linux, a hardware wallet when possible, and make sure you always, always check for malware before doing transactions.


              ▄███▄
           ▄████▀████▄
        ▄████▀     ▀████▄
     ▄████▀    ███    ▀████▄
  ▄    ▀      ▄███▄      ▀████▄
████▀      ▄█████████▄      ▀████
███     ▄▄  █▀ ███ ▀████▄     ███
███    ███▀    ███    ▀███    ███
███    ███     ███     ▀██    ███
███    ███     ███      ▐█    ███
███    ███     ███      ▐█    ███
███    ███     ███     ▄██    ███
███    ███▄    ███    ▄███    ███
███     ▀▀  █▄ ███ ▄████▀     ███
████▄      ▀█████████▀      ▄████
  ▀    ▄      ▀███▀      ▄████▀
     ▀████▄    ███    ▄████▀
        ▀████▄     ▄████▀
           ▀████▄████▀
              ▀███▀




███  ██▄         ███  ██████████████  ██████████████  ███████████████  ███  ██▄         ███
███  ████▄       ███  ███             ███             ███         ███  ███  ████▄       ███
███  ██████▄     ███  ███             ███             ███         ███  ███  ██████▄     ███
███  ███ ▀███▄   ███  ███▄▄▄▄▄▄▄▄▄▄▄  ███             ███         ███  ███  ███ ▀███▄   ███
███  ███   ▀███▄ ███  ▀▀▀▀▀▀▀▀▀▀▀███  ███             ███         ███  ███  ███   ▀███▄ ███
███  ███     ▀██████             ███  ███             ███         ███  ███  ███     ▀██████
███  ███       ▀████             ███  ███             ███         ███  ███  ███       ▀████
███  ███         ▀██  ██████████████  ██████████████  ███████████████  ███  ███         ▀██

FOR KNOX
 
JOIN US JOIN US JOIN US JOIN US
JOIN US
JOIN US JOIN US JOIN US JOIN US
  
IN BECOMING THE FIRST    ●●●●●●●●●●●●●●●
BLOCKCHAIN BASED INSURANCE COMPANY
>>
 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
 

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀
in
 

   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ▄█████████████████████████▄
 ███████████████████████████
▐███████████████████████████▌
▐███████████  ▀█████████████▌
▐███████████     ▀██████████▌
▐███████████     ▄██████████▌
▐███████████  ▄█████████████▌
▐███████████████████████████▌
 ███████████████████████████
 ▀█████████████████████████▀
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
stevegee58
Legendary
*
Offline Offline

Activity: 918
Merit: 1003



View Profile
March 08, 2018, 12:02:22 PM
 #15

Here's something else to consider.  I'm a Linux user but you still have to be careful since there *are* Linux exploits.  The only reason Windows seems more vulnerable to hacking is that it's low-hanging fruit to hackers i.e. there are way more Windows users than any other OS.

For the truly paranoid, one could use  something like Qubes that spins up a fresh VM every time you do something.  If a VM instance is infected it doesn't matter because the VM template is always secure in the future.

It sounds like OP's computer was infected with remcos beforehand by a bad actor.  Someone with physical access may have installed it or it may have been delivered by a tainted download.  Either way, OP has multiple opportunities to tighten up his security.

You are in a maze of twisty little passages, all alike.
d0nsly
Member
**
Offline Offline

Activity: 122
Merit: 10

0x5a81313668fe9591D226860bbA79AFc04919Eb73


View Profile WWW
March 08, 2018, 12:57:28 PM
 #16

You were infected either via RAT or someone snickly installed the virus without your knowledge..
best you could do is by re-installing the OS and tightening your securities, do not downloaded anything else unless it really important to you..

Sorry for you loss

eternalgloom
Legendary
*
Offline Offline

Activity: 1316
Merit: 1061


Crypto-Games.net: Multiple coins, multiple games


View Profile WWW
March 08, 2018, 01:07:17 PM
 #17

I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.

It doesn't cost you anything to inform Binance and see where it takes you.

Regarding malware, I'm gonna guess you're a Windows user.  Stop that and switch all your crypto activities to Linux.

While I really love Linux, advice like this doesn't accomplish anything, makes you sound really elitist.
You can safely use a hardware wallet and be a Windows user. Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

Usually wallets get hacked because the user installed malware that he downloaded himself, direct attacks are very unlikely, especially if you don't have a big amount of coins.
If you have a big amount of crypto assets, invest in a hardware wallet.

Another important thing to note is that an unconfigured Linux desktop might be a bit safer than Windows by default, but it's not completely safe either.
An uninformed Linux user can do much more damage to his own system than an uninformed Windows user


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
bitmover
Full Member
***
Offline Offline

Activity: 210
Merit: 378



View Profile
March 08, 2018, 01:40:10 PM
 #18

If you use windows, you need to take a few precautions:

-Use Firefox latest version
-Download uBlock Extension + Decentraleyes Extension
-Download Malware bytes, updated it daily
-Use windows 10, updated it daily/weekly
-Before downloading anything try it here http://virustotal.com/
-Use windows defender updated.

These are very basically steps. If you had follows them, you wouldn't be infect... ublock will block most of those phishing sites and malware bytes will take care of the rest.

Inform Binance and show them all information you have (screenshots, keylogger, eletrum..)

Personally, i don't trust windows wallets. I prefer to use webwallets like blockchain.info or mobile wallets like coinomi or samourai. Even if you computer if infected, you probably woudn't be robbed....

Hardwallet are much better and should be used if you have more than 1 in my opinion.

stevegee58
Legendary
*
Offline Offline

Activity: 918
Merit: 1003



View Profile
March 08, 2018, 02:07:02 PM
 #19

While I really love Linux, advice like this doesn't accomplish anything, makes you sound really elitist.
You can safely use a hardware wallet and be a Windows user. Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

I'm completely unconcerned with how I sound.  I'm only concerned with evidence-based strategies that work.

Usually wallets get hacked because the user installed malware that he downloaded himself, direct attacks are very unlikely, especially if you don't have a big amount of coins.
If you have a big amount of crypto assets, invest in a hardware wallet.

Absolutely.  I don't have any hard statistics I can quote but it seems likely that 99% of malware is inadvertently installed by the users themeselves.

Regarding hardware wallets: for me the jury's still out.  I don't like being dependent on a hardware device in case something goes wrong with it.
Electrum is an open source program that I can run directly from source code without installation.  That's very empowering.

Another important thing to note is that an unconfigured Linux desktop might be a bit safer than Windows by default, but it's not completely safe either.
An uninformed Linux user can do much more damage to his own system than an uninformed Windows user

Yup.  Like any power tool you can do useful work with it or also cut your own hand off.  Taking responsibility for your own actions and safety isn't quick and easy; you have to do actual work.

You are in a maze of twisty little passages, all alike.
bob123
Hero Member
*****
Offline Offline

Activity: 658
Merit: 530



View Profile WWW
March 08, 2018, 02:44:28 PM
 #20

Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

I wouldn't say 99%.. but it definetely can be somehow safe.
But there are still exploits which simply arent fixed yet and are a perfect entry point for malware targeting crypto user.
There are things which you can't protect yourself from with a desktop wallet.

Additionally the 'basic security precautions' are probably not achievable/doable for 90%+ of the daily windows user.



Regarding hardware wallets: for me the jury's still out.  I don't like being dependent on a hardware device in case something goes wrong with it.
Electrum is an open source program that I can run directly from source code without installation.  That's very empowering.

You can enjoy the electrum GUI and still have the security of a hardware wallet.
When creating a wallet in electrum you have the choice to add a HW wallet (which will hold the private keys / do the TX signing).

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!