Bitcoin Forum
October 23, 2019, 11:30:50 AM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Transaction not desired with all my bitcion  (Read 327 times)
JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
October 27, 2018, 03:47:12 PM
 #1

Hi

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc.

Anyone know if it's related to the upgrade of electrum or the bitcoins were juste stolen? Is that anything I can do to recover my bitcoin?

 
1571830250
Hero Member
*
Offline Offline

Posts: 1571830250

View Profile Personal Message (Offline)

Ignore
1571830250
Reply with quote  #2

1571830250
Report to moderator
1571830250
Hero Member
*
Offline Offline

Posts: 1571830250

View Profile Personal Message (Offline)

Ignore
1571830250
Reply with quote  #2

1571830250
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571830250
Hero Member
*
Offline Offline

Posts: 1571830250

View Profile Personal Message (Offline)

Ignore
1571830250
Reply with quote  #2

1571830250
Report to moderator
1571830250
Hero Member
*
Offline Offline

Posts: 1571830250

View Profile Personal Message (Offline)

Ignore
1571830250
Reply with quote  #2

1571830250
Report to moderator
BrewMaster
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 820


There is trouble abrewing


View Profile
October 27, 2018, 03:57:11 PM
 #2

when did the transaction occur? all the transactions that are mined in a block, have a timestamp. if you see the details of them in your wallet or on a block explorer you can see that time.

if this happened in the past when you created the wallet that means your seed was compromised then. possibly because either you downloaded a fake Electrum or you had some malware on your computer that stole it (did you verify the signature back then?)

if the transaction happened the  day you recovered your wallet with Seed then it means this new wallet was possibly fake or you have a malware now. (did you verify the signature of the downloaded wallet now?)

- if it is stolen then no there is nothing you can do about it.

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
October 27, 2018, 04:24:26 PM
 #3

The transaction happened the day I recover the wallet, yesterday.

How can I verify the signature of the wallet ?
BrewMaster
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 820


There is trouble abrewing


View Profile
October 27, 2018, 04:34:14 PM
Merited by Lucius (1)
 #4

The transaction happened the day I recover the wallet, yesterday.

How can I verify the signature of the wallet ?

you will need to also download the signature file which is found alongside the wallet installation file you downloaded. it is a .asc file. for instance this is the link to this signature for "windows installer" file:
https://download.electrum.org/3.2.3/electrum-3.2.3-setup.exe.asc

then you also need the public key of the signer (Thomas V.) who is the developer of Electrum. the key hash is found on https://electrum.org and it is 0x2BD5824B7F9470E6

now depending on what kind of OS you have you need a program that can verify this signature. for linux it is most probably already installed. only use:
gpg --verify {signature.asc} {file.tar.gz or file.exe}
and it should read "good signature" in the result.

for windows use gpg4win https://www.gpg4win.org/ and read this article: https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
October 27, 2018, 05:06:23 PM
 #5

Ok but if the transaction is done it is too late anyway no?
BrewMaster
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 820


There is trouble abrewing


View Profile
October 27, 2018, 05:10:16 PM
 #6

Ok but if the transaction is done it is too late anyway no?

yes, unfortunately if the transaction is confirmed* then there is no way to reverse it.

* a confirmed transaction will show up with a green check mark beside it and in its details it will show "status: {a number larger than 6} confirmations"

Lucius
Legendary
*
Offline Offline

Activity: 1582
Merit: 1357


Fortis Fortuna Adiuvat


View Profile WWW
October 28, 2018, 02:08:28 PM
 #7

Hi

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc.

Anyone know if it's related to the upgrade of electrum or the bitcoins were juste stolen? Is that anything I can do to recover my bitcoin?

 

Unfortunately you made a mistake in downloading fake Electrum or you have some malware/RAT/keylogger on your PC. This is not first time we see that people lose coins in this way, backup of seed/private keys is most important - but it is also important to use it only on clean device.

This is just a warning to all those who have backup of seed/private keys in some safe places, be extremely careful when you download any crypto wallet and double check your OS with good AV/Antimalware.

If you find out which way you are hacked it would be good to write here, especially in the case of a fake Electrum site.

HCP
Legendary
*
Offline Offline

Activity: 1120
Merit: 1839

<insert witty quote here>


View Profile
October 29, 2018, 12:53:05 AM
 #8

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday.
Can I ask where you downloaded this "last version of electrum" from? Huh

It would be useful for others to know if there is (another) fake Electrum website operating so we can try contacting domain hosts/google etc to try and get it taken down and/or removed from Google listings.

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 07, 2018, 01:12:21 PM
 #9

I downloaded from the real website (electrum.org). I still not understand how the problem happened.
Lucius
Legendary
*
Offline Offline

Activity: 1582
Merit: 1357


Fortis Fortuna Adiuvat


View Profile WWW
November 07, 2018, 02:41:08 PM
 #10

I downloaded from the real website (electrum.org). I still not understand how the problem happened.

Can you confirm that this is the site from where you download Electrum ? https://electrum.org/#home

If you are not a victim of the fake wallet, then you lost BTC in a way that something on your PC is stolen your seed words. It could be any kind of malware or keylogger which is monitor all your actions and collect data. Did you maybe try to scan your device with AV or antimalware and see do you have anything suspicious on the device?

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 07, 2018, 02:49:28 PM
 #11

Yes I confirm it was from https://electrum.org/#home

I scanned the PC with Avast (free version) and Malwarebyte and nothing was found...
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
November 07, 2018, 05:31:54 PM
 #12

Did you verify the signature ?

Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one.
Verifying the signature is the only way to make sure you are using the correct version.

If you are too lazy to verify the signature, at least check the hash of the file.

To check the hash, please do the following (assuming you are on windows):
  • Open the command promt (WIN-key + R  -> then enter 'cmd')
  • Enter: certUtil -hashfile C:/path/to/your/electrum/file.exe sha256

Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same.
If this is the case, your client was non-malicious and we have to look further how your coins got stolen.


Thirdspace
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 719


Mixing reinvented for your privacy | chipmixer.com


View Profile
November 07, 2018, 11:58:20 PM
Last edit: November 09, 2018, 07:54:58 PM by Thirdspace
 #13

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc.
is it mnemonic seed or just a private key? how did you generate your seed?
this sound like a case of "paid by bitcoin address' private key"
and a bitcoin address or txid may help us figure out what happened

Lucius
Legendary
*
Offline Offline

Activity: 1582
Merit: 1357


Fortis Fortuna Adiuvat


View Profile WWW
November 08, 2018, 11:02:42 AM
 #14

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc.
is it mnemonic seed or just a private key? how did you generate your seed?
this sound like a case of "paid by bitcoin address' private key"
and a bitcoin address or txid may help us figure out what happened


JFOUD clearly states that it is a seed written on a piece of paper - I doubt that OP is write his private key on paper. It is also very likely that seed is generated by Electrum wallet, just because he/she is try to use same wallet to access his coins.

Also you miss fact that coins are gone after he import seed in Electrum, that means that something has happened after that step - fake wallet, keylogger, malware or anything like that...

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 09, 2018, 12:18:28 PM
 #15

Did you verify the signature ?

Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one.
Verifying the signature is the only way to make sure you are using the correct version.

If you are too lazy to verify the signature, at least check the hash of the file.

To check the hash, please do the following (assuming you are on windows):
  • Open the command promt (WIN-key + R  -> then enter 'cmd')
  • Enter: certUtil -hashfile C:/path/to/your/electrum/file.exe sha256

Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same.
If this is the case, your client was non-malicious and we have to look further how your coins got stolen.



Here the output I have :
a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f

I have to precise that I downloaded the "standalone executable" version of Electrum .

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 09, 2018, 12:30:37 PM
 #16

I installed last version of electrum on my computer and enter my seed to recover my wallet yesterday. Before that, my wallet wasn't on any device, I juste had my seed written on a piece of paper. Today, I opened the wallet and I saw that a transaction was made with all my bitcoin and the balance is now 0 btc.
is it mnemonic seed or just a private key? how did you generate your seed?
this sound like a case of "paid by bitcoin address' private key"
and a bitcoin address or txid may help us figure out what happened


JFOUD clearly states that it is a seed written on a piece of paper - I doubt that OP is write his private key on paper. It is also very likely that seed is generated by Electrum wallet, just because he/she is try to use same wallet to access his coins.

Also you miss fact that coins are gone after he import seed in Electrum, that means that something has happened after that step - fake wallet, keylogger, malware or anything like that...

It is a mnemonic seed of 12 words generated by Electrum when I first created the wallet long time ago (something like 5 years ago).
What to you mean by " a case of "paid by bitcoin address' private key" "
Here is the transaction ID  : 1622b47a2371fcabebe5735c6d68fb3e5491a2d2073a51fc9cf2b7ad60965dfd
Thirdspace
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 719


Mixing reinvented for your privacy | chipmixer.com


View Profile
November 09, 2018, 07:49:41 PM
 #17

Here is the transaction ID  : 1622b47a2371fcabebe5735c6d68fb3e5491a2d2073a51fc9cf2b7ad60965dfd
please ignore my previous post, I assumed wrong
I'm sorry for your loss, it's quite a good amount of bitcoin Cry
and the thief also cleaned out your BCH as well Embarrassed 3 days afterward
https://bch.btc.com/cf9aa60c3118744089fbe6bad181f4f36c390d84d0c525f03d83f2ea23a1681a

Abdussamad
Legendary
*
Offline Offline

Activity: 2268
Merit: 1201



View Profile WWW
November 10, 2018, 05:24:45 AM
 #18

Did you verify the signature ?

Even if you download it from the official source, a Man-in-the-middle attack could replace the original client with a malicious one.
Verifying the signature is the only way to make sure you are using the correct version.

If you are too lazy to verify the signature, at least check the hash of the file.

To check the hash, please do the following (assuming you are on windows):
  • Open the command promt (WIN-key + R  -> then enter 'cmd')
  • Enter: certUtil -hashfile C:/path/to/your/electrum/file.exe sha256

Then please post the output here and tell us which version of electrum you are using. I am then going to download the correct file and verify that the hash is the same.
If this is the case, your client was non-malicious and we have to look further how your coins got stolen.



Here the output I have :
a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f

I have to precise that I downloaded the "standalone executable" version of Electrum .



This is not the correct sha256sum:

http://termbin.com/c7bh

That last line contains the correct checksum. I suggest you check your browser history to verify the exact url you downloaded electrum from. In the past we've seen users insisting that they downloaded from the official site but when we ask them to check their browser history it turns out that they got it from some fake site.

bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
November 10, 2018, 03:10:51 PM
 #19

Here the output I have :
a0 ac b5 93 de 3b 9b a3 c5 30 79 34 c7 95 41 ed 69 50 1a e2 7b 0e 10 70 6a 63 87 34 46 8d 20 9f

I have to precise that I downloaded the "standalone executable" version of Electrum .

Did you use version 3.2.3 ?

These are the correct hashes:

Code:
MAC:
$ sha256sum electrum-3.2.3.dmg
6f95797f73e0822fc37afd445981874ae61f231165f16440e521a4bcf4396758  electrum-3.2.3.dmg

Standalone Windows:
$ sha256sum electrum-3.2.3.exe
86db45fd961cd432c8bf6825a69fe3f48142cce8ef2f9626beee4a8c143ff242  electrum-3.2.3.exe

Portable Windows:
$ sha256sum electrum-3.2.3-portable.exe
281997bf8e578e1f88289ba6d4132b8ce3e78912aaa372b49d8745701980e7dd  electrum-3.2.3-portable.exe


Unfortunately you have downloaded a non-original electrum (probably malicious one).  Undecided

I guess you either have downloaded it from a fake site (more probable) or have been victim of a MITM attack (less probable).
Can you do as Abdussamad said and check from which site you have downloaded it (e.g. through browser history) ?

JFOUD
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
November 12, 2018, 12:08:07 PM
 #20

It seems that you are right. I found this adress in my history  https://electrun.net/ . But my browser block the site because it is not secure. Is it possible that the site was accessible 15 days ago and not know?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!