What the heck happened to my Electrum wallet?

[JTO]

I had about 50mbc ($200) on my wallet, had not used if for several months, and when I checked it a couple of days ago I noticed that someone had stolen all my funds on 2018-12-20 at 21:27EET (19:27UT).
I have not been spreading my keys around. There is some talk in the Internet about an attack against Electrum but according to the news it should have starter only slightly AFTER my funds were withdrawn. Also, it seems to have worked by a malicious software update, and I do not remember having installed one. Does anyone have any idea what could have happened? Is it possible to extract any useful information at all from the cryptographic data that Electrum shows concerning the transaction? For instance, if I had fallen victim to the scam that has been written about, would there be any way to find out that that was the case?

[1715324821]

1715324821

[1715324821]

1715324821

[mocacinno]

Let's start from the beginning:

• Which version of electrum were you using?
• Was your wallet encrypted (did you use a password?)
• From where did you download your electrum wallet?
• Which OS are you using
• Does your OS have a firewall and virusscanner?
• Do you install unknown software on your OS?
• Are you willing to share the transaction id?
• Are you 100% sure you didn't empty out the wallet yourself, are you sure your spouse/parents/flatmates/children didn't do it (are you sure nobody had access to the seed phrase.)
• Where did you store the seed phrase?

There was a vulnerability in older electrum versions, and there was a warning about fake electrum versions floating around on the internet... It could also be a virusinfection you got when installing unknown software OR it might have been somebody with access to your seed or your wallet...

That being said: transactions are irreversible, especially after they've been included in a block and a couple other blocks are found afterwards... Bitcoin is also pseudo-anonymous. It's possible to follow the unspent outputs, but if the thief knows what he's doing, it'll be very hard (if not virtually impossible) to link the thefth to an IRL person.

[JTO]

> Let's start from the beginning:
> Which version of electrum were you using?
I used it on two computers the later one is 3.2.2, not 100% sure of the earlier one but either the same version or very slightly older.

> Was your wallet encrypted (did you use a password?)
Yes, a weak one that I use in many other places also :-)

> From where did you download your electrum wallet?
electrum.org I believe, though it's been a long time.

> Which OS are you using
W10 on both machines

> Does your OS have a firewall and virusscanner?
AVG antivirus on both machines, plus they are behind a NAT.

> Do you install unknown software on your OS?
Sometime, but I at least check them with an antivirus.

> Are you willing to share the transaction id?
Electrum says:
Transaction id = 2e9499320568eb64dc695928b3cf4b409c97a61e5dc6a9574dae4c8e703c0a8e
Inputs (3) =
212e7feead894dea807032be3d534fccea2305ffcf5e616874f3572c6cd84319:1    18bFg7hr1RD5CGd1Xjx61QKF3C3Db5KD6h
740990fc36730480bb17fc877bd5784da4d84d5adea4053c3ddba5be077086b2:0    18ycmB63hbXJT4XvmGBMCeHkuDMNSSXoQH
ec10ad08d16581ed78ec9f6a33066ccb6bdc5564d233c7a49f977cb56ebc7f12:0    1FvotYR8JZQY7huz6diA3T4RtpmwcUyh4K
Outputs (1) =
1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV          51.70565

> Are you 100% sure you didn't empty out the wallet yourself
Yes, have not even opened the wallet in a couple of months.

> are you sure your spouse/parents/flatmates/children didn't do it
Yes, nobody even knows about it.

> Where did you store the seed phrase?
I sent it to myself as email, in a message which does not contain any reference to Electrum.

[mindrust]

> Where did you store the seed phrase?
I sent it to myself as email, in a message which does not contain any reference to Electrum.

LOL.

Did you send your seed to your email? Here is your mistake.

You are lucky you only lost 200 bucks. All the crypto experts advise you to keep your coin in cold wallets. Not only you were keeping them on an online device, you also sent them to your email.

Your email address is also probably compromised btw.

[mocacinno]

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst
Seems like the biggest vulnerability  was fixed in electrum 3.0.4, i don't think later versions have vulnerability's that can be exploited in order to steal funds...

If you are sure that the version is > 3.0.4 on both wallets AND you're sure your network wasn't breached, your W10 was up to date and your virusscanner was also up-to-date and nobody had physical access to your wallet or seed, mindrust is probably right: the odds are big your email is compromised.

It seems like the thief doesn't mix unspent outputs that fund different addresses when he's spending them:

https://www.walletexplorer.com/address/1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV

It seems he pulled off 3 other heist, and he emptied out his wallet by funding 2 addresses:
https://www.walletexplorer.com/wallet/f09174452800a131
https://www.walletexplorer.com/wallet/9cf87764f8042160

The only thing you can do now is monitor the wallets and see if at one point he funds known addresses. If, for example, he funds an address that belongs to an exchange wallet, you can always contact the exchange and explain your situation... However, odds are pretty big he uses a mixer or exchanges those funds to untraceable crypto currencies using unlicenced exchanges... In this case, there's not much you can do.
Even if he doesn't mix his coins, and deposits them to an exchange/casino/online wallet/..., odds are pretty big the owner of the site he's depositing to will do nothing to help you out.

Please, never use the compromised wallet again, reset your email password, check and double check your OS (a reinstallation might be needed if you're not 100% sure your OS is clean).
Download a clean copy of electrum from the official source and create a new, clean wallet, encrypt it with a strong password, WRITE the seedphrase on a piece of paper and store it in a secure spot before you fund your wallet with any crypto ever again...

If you care about your crypto, i might even suggest switching to a hardware wallet. None of my ledger or trezor devices failed me (so far).

[Lucius]

In this case, a great possibility is that someone has succeeded to hack OP e-mail and get the seed. But there is also option that user is download some malware or RAT virus, and he admitted he was using very weak password for Electrum and even not unique one. Fact that wallet is not open for months, and BTC is stolen relatively recently exclude the possibility of fake wallet.

If you care about your crypto, i might even suggest switching to a hardware wallet. None of my ledger or trezor devices failed me (so far).

Best advice that can be given to someone when it comes to cryptocurrency, hardware wallets are not a big investment and for now they provide great security. Although in this particular case even hardware wallet would not help if seed is stored in hacked e-mail or non-encrypted file on infected device.

[JTO]

> Where did you store the seed phrase?
I sent it to myself as email, in a message which does not contain any reference to Electrum.

LOL.

Did you send your seed to your email? Here is your mistake.

You are lucky you only lost 200 bucks. All the crypto experts advise you to keep your coin in cold wallets. Not only you were keeping them on an online device, you also sent them to your email.

Your email address is also probably compromised btw.

I think a reasonable analogy here is that most of us do not feel uncomfortable walking on town with a couple of hundred in their pockets, but ones attitude would be different if large sums were at stake. I am not exactly happy that I lost 170 euros, but shit happens :-)

One thing that I find improbable about your email hacking theory is that  there are thousands and thousands of emails in my inbox, and the email in question does not say anything about Electrum. The attacker would not only have to guess that the information in that email, among thousands, is something important, he would also have to guess that it is an Electrum passphrase. Which seems a bit odd to me.

Another thing I find odd is the temporal proximity to the attacks against Electrum wallets that have been written about in the Internet, and which are alleged to have taken place very near the date that I lost my funds. On the other hand I do not remember having executed any malicious update, which was reportedly required in order to get infected. Then again, I might have, because I sometimes forget things.

I would guess the truth will remain undisclosed forever. However I may have learned something, because I have never lost any money to hackers before. Furthermore I am, ironically, a programmer for 18 years myself, so I ought not to be easy to fool. I might at least develop some scheme that would allow me to use a different password in every service that I use, which is currently not the case.

Anyhow, thank you all for your informative answers.

[JTO]

If you care about your crypto, i might even suggest switching to a hardware wallet. None of my ledger or trezor devices failed me (so far).

Hi, I have a couple of relative newbie questions, since you obviously know your stuff, if you don't mind spending your time answering. These are questions that would become relevant to me if I ever chose to invest significant sums in Bitcoin.
- If I purchase bitcoin using Electrum, Electrum itself provides me with the address where the funds get transferred. How does this work with a h/w wallet?
- If I use a h/w wallet, is it possible to backup it up for instance on a flash drive, or paper even? The idea of having large sums on a device that could break down is unnerving.
- If a h/w wallet breaks, is it possible to restore it, as you can do with Electrum, simply by entering the passphrase?
- Which is a cheap but good h/w wallet? How much do they cost?
- To transfer funds to and from a h/w wallet, you plug it into a usb of a PC, right?
- Can a h/w wallet contain malicious code, that would for instance cause the keys to end up with some hacker when you plug it into a PC?

[mocacinno]

No problem, i'm always happy to help out a new user when he/she is asking legit questions that can't be answered by a simple search

- If I purchase bitcoin using Electrum, Electrum itself provides me with the address where the funds get transferred. How does this work with a h/w wallet?

Sounds strange to me, i guess you're mixing up something here, cause afaik electrum doesn't come with an integrated exchange... So i don't think you're able to buy BTC directly from within the electrum interface... Are you sure you're not just clicking on electrum's receive-tab, then copy the address and enter it at whatever exchange you're purchasing BTC at?
If that's the case, not much will change... A hardware wallet usually comes with wallet software included, some are even compatible with electrum... So you can keep using electrum as your wallet, the only difference is that the xprv, derived keys or seed never touch your computer... All the signing goes on in the hardware device. Electrum (or the HWW manufacturer's propriatary wallet software) just monitors the blockchain for transactions funding one of the addresses derived from the xpub coming from the xprv stored on your hardware wallet. If it finds unspent outputs funding one of your addresses, it calculates your balance and it let's you create an unsigned transaction. Once the unsigned transaction is created, it's sent to the hardware wallet. The hardware wallet will usually show info about the unsigned transaction it received on it's screen and ask you to confirm you want to sign the transaction ON the hardware wallet. Once the transaction is signed, it's sent back to the wallet software which broadcasts the signed transaction.

- If I use a h/w wallet, is it possible to backup it up for instance on a flash drive, or paper even? The idea of having large sums on a device that could break down is unnerving.

Yes, just like electrum, most hardware wallet are backupped by a seed phrase... Just make sure you never store this seed phrase on an online medium

- If a h/w wallet breaks, is it possible to restore it, as you can do with Electrum, simply by entering the passphrase?

Same answer as above . Most hardware wallets are bip39 compatible, so you can usually restore your hardware wallet on any bip39 compatible software wallet... This basically means you can import the hardware wallet's seed phrase into electrum in case your hardware wallet breaks and you need to access your funds right away or you don't want to buy a new one (you just need to know the correct derivation path). However, if you do this, you lose all the additional security your hardware wallet provided.

- Which is a cheap but good h/w wallet? How much do they cost?

I own a ledger HW.1 (no longer in production), a ledger nano S, a trezor model T and a trezor one.I never had any complains about any of the ledger or trezor products so far... IIRC, the HW1 cost less than $20, i think the most expensive one was around ~$100, which isn't a lot of you're serious about crypto

- To transfer funds to and from a h/w wallet, you plug it into a usb of a PC, right?

That's correct, at least if you're talking about any of the hardware wallets i own. There are wallets out there that have an alternative mode of communication.

- Can a h/w wallet contain malicious code, that would for instance cause the keys to end up with some hacker when you plug it into a PC?

Theoretically, yes... I know trezor's code is completely open source tough, and both ledger and trezor are public companies with real people working in them... If you buy some second hand device from ebay, chances are it's tampered with, and either somebody is trying to let you use a pre-initialised device (never use a pre-initialised device, the person who pre-initialised it has the seed and can restore your wallet on his own device afterwards) or there have been rumours of second hand devices that have been tampered with... But if you buy straight from an established manufacturer, you're 99,99% safe

[JTO]

Thanks for your answers!

Are you sure you're not just clicking on electrum's receive-tab, then copy the address and enter it at whatever exchange you're purchasing BTC at?

That is exactly what I meant. Does it mean that with a HWW I shall be able to copy/paste it from the accompanying software, so that I do not have to type it manually? Does the address change every time?

When the transactions complete, will information about that get transferred to the HWW, so that I can for instance use a display on the HWW to check my balance (do they even have a display?), or is that done with the accompanying PC software? Is the software different for every wallet? If so, how do you know the software itself is secure?

there have been rumours of second hand devices that have been tampered with... But if you buy straight from an established manufacturer, you're 99,99% safe

I would guess buying a HWW from Aliexpress is not a good idea, then? :-)

Do you think that running Electrum Inside a virtual machine such as Virtualbox or Wmware would be as safe (or even safer) as a HWW? That would sound like a hassle-free solution if Electrum in itself is considered safe. A virtual machine could be kept clean of any unnecessary and potentially malicious software, and it would only run when being used.

[mocacinno]

That is exactly what I meant. Does it mean that with a HWW I shall be able to copy/paste it from the accompanying software, so that I do not have to type it manually? Does the address change every time?

Indeed, you'll be able to copy/paste the address from the wallet software, you do not have to type it in manually, and normally a new receiving address gets derived each time the previously generated address was funded.

When the transactions complete, will information about that get transferred to the HWW, so that I can for instance use a display on the HWW to check my balance (do they even have a display?), or is that done with the accompanying PC software? Is the software different for every wallet? If so, how do you know the software itself is secure?

No, normally the hardware wallet does not receive any information about balances (at least not for the wallets i own). There would be no reason for this either, and it would decrease the security if this information was also sent to the hardware wallet and stored in it's memory. Most hardware wallets do have a display, but usually it's used to let you enter your pin number, or show information about a transaction you're about to sign, or allow firmware updates,.... all that kind of stuff. A hardware wallet isn't a real "wallet", it's basically a lockbox that stores your xprv, derives private keys and uses them to sign things (transactions, messages) on the hardware wallet itself.
It is indeed the desktop wallet that keeps track of all unspent outputs funding your wallet... The desktop wallet does allmost all the work, everything except signing.

So simplified, the hardware wallet workflow of most hardware wallets would go a bit like this:
Desktop wallet => receives xpub and derives addresses
Desktop wallet => monitors blockchain for unspent outputs funding derived addresses
Desktop wallet => creates a new transaction spending unspent outputs and funding an address of your choice
Desktop wallet => sending unsigned transaction to hardware wallet over usb
Hardware wallet => validating unsigned transaction, deriving the correct private key(s) for signing
Hardware wallet => showing info about validated transaction and asking user for confirmation
Hardware wallet => signing unsigned transaction
Hardware wallet => sending signed transaction back to Desktop wallet over usb
Desktop wallet => broadcasting transaction and keeping all meta-data about transaction
Desktop wallet => updating balance as soon as transaction gets confirmed

As you can see, in this simplified explanation, the only thing that gets sent to the hardware wallet is the unsigned transaction, and the only thing sent from the hardware wallet it the signed transaction. No key ever leaves the device.

I would guess buying a HWW from Aliexpress is not a good idea, then? :-)

i wouldn't recommand it

Do you think that running Electrum Inside a virtual machine such as Virtualbox or Wmware would be as safe (or even safer) as a HWW? That would sound like a hassle-free solution if Electrum in itself is considered safe.

No, in my opinion it wouldn't be safer... Virtual box images are still images stored on your local disk, input is still captured, clipboard content is shared,... Altough i feel we're comparing apples to oranges here, i can only say that the isolation level of a virtual machine is lower than the isolation level of a hardware wallet. A decent hardware wallet will be unable to send the xprv or derived private keys, while i can still think of ways to steal an encrypted wallet from within a virtual machine.

[JTO]

Mocacinno, Thanks for your answers, they were very informative. If I begin to invest bigger sums in the future, I will be able to avoid the worst pitfalls.

[JTO]

Mocacinno,

What do you think about an idea that one might install some lightweight Linux distro on a flash drive (or easily swappable laptop hard drive), then install Electrum there, write the Electrum key phrase to paper, and protect the wallet with a strong password? Then one could use it on ones everyday Windows PC, the Windows OS could not affect the security of the wallet in any way because you'd be booting the Linux, and it would only be online for the short period of time you need to make your transactions, plus it would be behind a NAT all the time. And you would of course never use the OS for any other purpose. Would such a scheme be relatively secure in your opinion?

Jaakko

[mocacinno]

Mocacinno,

What do you think about an idea that one might install some lightweight Linux distro on a flash drive (or easily swappable laptop hard drive), then install Electrum there, write the Electrum key phrase to paper, and protect the wallet with a strong password? Then one could use it on ones everyday Windows PC, the Windows OS could not affect the security of the wallet in any way because you'd be booting the Linux, and it would only be online for the short period of time you need to make your transactions, plus it would be behind a NAT all the time. And you would of course never use the OS for any other purpose. Would such a scheme be relatively secure in your opinion?

Jaakko

It would be more secure than a default desktop wallet setup... If you have these resources and knowledge, i'd actually advice you to follow the procedure you described above with ONE tweak:

Disable the network on the linux distro...

If you use electrum as a watch only wallet, create an unsigned transaction, save it, then boot to the linux distro without network, use electrum to sign the unsigned transaction, rebooted to an online OS and use electrum to broadcast the signed transaction...
This way you'd have a pseudo cold wallet setup, witch is about the most secure setup you can have

[JTO]

Thanks Mocacinno, I'll look into this if the need for a new wallet actualizes.

[bob123]

> Where did you store the seed phrase?
I sent it to myself as email, in a message which does not contain any reference to Electrum.

Please never never ever do send sensitive information via email unencrypted.

Your email account doesn't have to be compromised for your sensitive information inside of email to be compromised.

EVERY mailserver on the route between you and the recipient can read the email in plaintext.
There is not a single mechanisms which protects emails from being read between sender and recipient. This is one (of a lot) reasons why email is a broken protocol.


NEVER store sensitive information (e.g. a seed) online. Whether email, cloud, etc.. All of these online storage solutions are a bad idea.
Do ONLY store seeds (or private keys) offline. Preferably not digitally.

[JTO]

Mocacinno,

I've visited those Walletexplorer links on your previous comment occasionally to see if there's any activity there, and now it turns out that the hacker has finally moved some funds from one of the wallets on 9th of this month. I was wondering if you could make any sense of these transactions since I am not technically adequately adept myself.

https://www.walletexplorer.com/wallet/9cf87764f8042160

JTO

Mocacinno,

What do you think about an idea that one might install some lightweight Linux distro on a flash drive (or easily swappable laptop hard drive), then install Electrum there, write the Electrum key phrase to paper, and protect the wallet with a strong password? Then one could use it on ones everyday Windows PC, the Windows OS could not affect the security of the wallet in any way because you'd be booting the Linux, and it would only be online for the short period of time you need to make your transactions, plus it would be behind a NAT all the time. And you would of course never use the OS for any other purpose. Would such a scheme be relatively secure in your opinion?

Jaakko

It would be more secure than a default desktop wallet setup... If you have these resources and knowledge, i'd actually advice you to follow the procedure you described above with ONE tweak:

Disable the network on the linux distro...

If you use electrum as a watch only wallet, create an unsigned transaction, save it, then boot to the linux distro without network, use electrum to sign the unsigned transaction, rebooted to an online OS and use electrum to broadcast the signed transaction...
This way you'd have a pseudo cold wallet setup, witch is about the most secure setup you can have

[mocacinno]

Hi JTO...

The thief robbed you using transaction
2e9499320568eb64dc695928b3cf4b409c97a61e5dc6a9574dae4c8e703c0a8e

From this transaction, we can deduct following address are part of YOUR wallet:
18bFg7hr1RD5CGd1Xjx61QKF3C3Db5KD6h
18ycmB63hbXJT4XvmGBMCeHkuDMNSSXoQH
1FvotYR8JZQY7huz6diA3T4RtpmwcUyh4K

We can also deduct following address belongs to the thief:
1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV

By tracking 1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV, we can see that the thief used his stolen funds to fund addresses
14Vc3rodXBCAMR8NXYJDzSv6X9FKVXxQ4e
16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j

using transaction 8e90f919752de1d35cb4ef83a2582ab3cc9de443c9aaf8fee20a2da6dad72654

The first stolen unspent output is not moving and is still funding 14Vc3rodXBCAMR8NXYJDzSv6X9FKVXxQ4e
The second address (16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j) belongs to a wallet controlling
1AG9AeU6qW7Vzf61W369eS4if36mVJr8Ph
15txy8sNsXKAh9AxB3u43ULAzJChi1YqTn
13LeePnHr4FHwF9CcH8TcyW3tSC2vJKPJ5
1JDuTYYeijnQDeiwiZw6VeHGtDU1aYKjCS
1GjgiVuZvkpxcG5MajPTqFV422hs9cXFnB
16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j
1PGpArCFdWBqpt5tBA5AaEBnKLA4ZsQion
1H8Z4dF9SpPmpwVq2GW6sniByQvDu628tg
1FBKjhvzFcmWzLDsuTWtp6Fm16Yi3CoRt
1QKmQne8UQNV2CnYpMS6YfD5EHqGi4rXt5
17rT7wXr4VD7q4BWoKqbqM1F4tRbjW2SCo
12UmS7bNbCK1Tf3feFw5CQWniK6WxzNbDQ
15w8r6NkLuVg78uuWsBEYxEwvxVrmqnHVB

Since unspent outputs funding all these addresses were spent together in transaction f80a17289695a02f1478f193afe73722305bc225d9d12fd3c1269c94b29d191a

This transaction funds addresses 1MDgeDBEZJxKMFy1x6xQzHS4v5Sjhdk3Si and 1NBWjyCYcwfhyaqgQMzyagUgegSxrW2oYM

1NBWjyCYcwfhyaqgQMzyagUgegSxrW2oYM belongs to a rather extensive wallet, controlling dozens of funded adresses:

https://www.blockchain.com/btc/address/1NBWjyCYcwfhyaqgQMzyagUgegSxrW2oYM

Now... What does this mean to you?

A) 1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV certainly belongs to the thief... If you ever find somebody posting this address, you can link it to a name

B) 14Vc3rodXBCAMR8NXYJDzSv6X9FKVXxQ4e and 16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j *probably* belong to the thief... Altough one of them could be a mixer, an exchange, a casino or some serviceprovider and the other one could be a change address... Altough the amounts seem strange to me...  If i robbed you, i'd either try to wash all the stolen funds, or i would wash none of them.
My gut feeling tells me that 14Vc3rodXBCAMR8NXYJDzSv6X9FKVXxQ4e is probably an address belonging to the robber, and 16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j  is either an address belonging to the robber OR a service provider. If somebody posts either address anywhere, this person is either your robber OR somebody that got payed directly by your robber... So you can tie those addresses to a person

C) IF one of the other addresses ever get posted, you can try to work your way back to the owner of 16YJ7uM8rwvXvA1o2YSdgvEsiHRT32Ma1j  and then use this owner to find the owner of 1EdnLXoWy2DJnwgJbvzGRH72Wx2VYxYzDV ... Anyways, it becomes a longshot.

[JTO]

Mocacinno,

Thanks for your time and effort,

JTO