btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 19, 2019, 12:39:52 AM |
|
Hi, this is my first time posting here. Keep in mind that I'm a noob. I sent 105 euro worth of bitcoin (0.0302 btc) from my etoro mobile wallet to my Electrum 3.3.0 wallet. In a few minutes, at 00:49 local time the btc was transferred in my desktop wallet address but at the exact same minute the btc was sent to this address: 16CAY7PhHPCbV5veTGUjxMfthNYbLnNESu. This address is not in my Electrum list of addresses. How could the btc have been stolen this quickly? Even if someone somehow got their hands on my seed can they set it for the btc to be transferred to a set address instantly without assistance? I can't imagine them sitting there with the finger on the button for months on end for the exact right time to strike. I never used this months old address for any transactions ever before tonight. I checked for malware with Malwarebytes but there was nothing suspicious on my pc. Any chances of getting my btc back? Am I not getting something? How is this possible? Is something wrong with that stupid etoro wallet or electrum? Ask me for more details if necessary. Help!
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6325
Self-proclaimed Genius
|
If others already got your SEED, they can definitely do that but I doubt it. You must be hacked or downloaded a fake Electrum version.
From where did you downloaded Electrum (it must be electrum.org), double check your browser's history to be sure.
Also, did you received an error message in Electrum regarding a mandatory update and followed the link (not the official site or Github page)? If that's the case, you've been a victim of a Phishing scam by malicious electrum servers.
|
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 19, 2019, 01:05:01 AM |
|
Thanks for reply. In what way could I've been hacked? There's nothing unusual in my pc, I'm a crypto noob but not a PC noob, and I don't even have a file with the seed. I just don't get how this is possible. Electrum was definitely downloaded from electrum.org, I checked in my history. I didn't receive any error message and made no upgrade since 20 december 2018.
|
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 19, 2019, 01:13:25 AM |
|
I meant *no Update since 12.20, did not meanto say upgrade. I'm just baffled. Electrum says Insufficient funds so I guess it's all gone, right?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6325
Self-proclaimed Genius
|
|
March 19, 2019, 02:46:00 AM |
|
There are several ways to get hacked like getting infected by malwares, viruses, visiting malicious websites and software vulnerability exploitation. But most malware and viruses are detectable by AVs, so if you've been hacked, it must be through malicious links. Some examples are those fake links to images posted by hackers here in the forum ( so far, I've reported 2 posts) or through Winrar's bug by sharing a malicious .rar file. But the hacker must also know your wallet's passphrase if you've been hacked, unless it came with a keylogger. Okay, in case that's not what happened, how did you created the wallet? - Through Standard method (create a new SEED)
- Import SEED
- Import Private key(s)
- or the wallet file came from an external source?
Because there's no other reason except the SEED being compromised if it wasn't a hack or the famous phishing scam.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
How could the btc have been stolen this quickly? Even if someone somehow got their hands on my seed can they set it for the btc to be transferred to a set address instantly without assistance? I can't imagine them sitting there with the finger on the button for months on end for the exact right time to strike.
Yes it is possible to setup a script that automatically transfers BTC from an address (if you have the appropriate private key/seed)... check out the transaction times for this address: 1CC3X2gu58d6wXUWMffpuzN9JAfTUWu4KjIt is the address that matches the "sample" private key listed on the Bitcoin Wiki: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KFPeople occasionally send a few satoshi's to this address and they are generally moved within minutes (if not seconds). Given the speed with which your coins moved (approx 2 seconds)... either your wallet software is "bad"™ and is configured to automatically send coins out... or your seed/private keys have been compromised somehow and the thief has an automated script monitoring the addresses for deposits. Electrum was definitely downloaded from electrum.org, I checked in my history.
Do you still have the install file or the .exe for portable or standalone Windows version? If so, have you checked and verified the digital signature of the file? This is the only way to guarantee authenticity of the wallet.
|
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 19, 2019, 03:14:51 AM |
|
I created the wallet myself many months ago through a new seed (standard method). I never used the wallet until today (its history was completely blank) and no one around me even knows what bitcoin or a bitcoin seed are or how to use. I should've used Jaxx and generate a fresh new wallet which i wanted to do but I was too lazy, damn it . I still have the 3.3.0 installer. What kinda information do you need?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6325
Self-proclaimed Genius
|
|
March 19, 2019, 03:23:09 AM |
|
You must verify it as HCP said, you'll never know if it was the old redirecting eIectrum.org <-Fake Site from google search. Follow these guides ( select depending on your OS):
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
March 19, 2019, 04:57:30 AM |
|
I should've used Jaxx and generate a fresh new wallet which i wanted to do but I was too lazy, damn it . I think Electrum is one of the best wallet out there. So like others said, you must be hacked or your Electrum is fake. It is not really Electrum fault per se that your funds got lost instantly, if that was the case, there will be a lot of people protesting here and Electrum should be dead since long time ago. My suggestion is make sure to always verify any file that you've downloaded from the internet to prevent something like this from happening again.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
poordeveloper
|
|
March 19, 2019, 05:34:17 AM |
|
Thanks for reply. In what way could I've been hacked? There's nothing unusual in my pc, I'm a crypto noob but not a PC noob, and I don't even have a file with the seed. I just don't get how this is possible. Electrum was definitely downloaded from electrum.org, I checked in my history. I didn't receive any error message and made no upgrade since 20 december 2018.
This is the fake mandatory upgrade attack other users are talking about: https://bitcointalk.org/index.php?topic=5090097.0
|
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 19, 2019, 04:59:19 PM |
|
I don't know. I'm gonna keep the compromised wallet for awhile, maybe the thief grows a consciousness and sends the coin back . I checked that address on blockchain.com and the money hasn't been sent forward so far. After a month or so I'm gonna delete the bad wallet, electrum and every single file associated with it, registry entries, etc., maybe even reinstall Windows. I'm really paranoid right now. You say Electrum is safe which might be true but since there are so many bad clones out there and servers and attacks I wouldn't consider it safe. Of course, my mistake was using that old wallet which I had no reason to.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
March 19, 2019, 10:16:04 PM |
|
I still have the 3.3.0 installer. What kinda information do you need?
If you still have the installer... I would still try and verify the digital signature. Use the guides as posted by nc50lc. Or, if you can't verify it yourself, feel free to upload it to a filehost somewhere... PM me the link to it, and I can try and verify the signature for you. At least that way maybe we can either confirm or eliminate the "fake wallet" possibility as the reason for your wallet being compromised.
|
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 20, 2019, 12:34:04 AM |
|
Verifying the Electrum installer seems a bit complicated and I didn't manage to do it. No updates were made to this version ever since I installed it in december last year. The installer has been in my PC ever since. I'm usually super careful but apparently not when I should've been the most careful.
|
|
|
|
elda34b
|
|
March 20, 2019, 12:59:27 AM |
|
Verifying the Electrum installer seems a bit complicated and I didn't manage to do it. No updates were made to this version ever since I installed it in december last year. The installer has been in my PC ever since. I'm usually super careful but apparently not when I should've been the most careful.
Then can you do what HCP suggested? Maybe we can help you verify the files if that's really legit or not. If that's legit then you're hacked, if not, then you lost your funds because the software is fake (or can be both).
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
I have gone ahead and verified the installer as provided on the link via PM from btcSCNB... results are as follows: PS C:\Users\HCP\Downloads\Crypto\Electrum\suspect> gpg --verify .\electrum-3.3.0-setup.exe.asc gpg: assuming signed data in '.\electrum-3.3.0-setup.exe' gpg: Signature made 12/20/18 09:10:44 [redacted] gpg: using RSA key 2BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown] gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown] gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 PS C:\Users\HCP\Downloads\Crypto\Electrum\suspect> So, that would indicate that the installer is "good"... Therefore, assuming that the rest of the information we have is correct, the wallet was most likely to have been compromised in some other manner... keylogger or RAT that somehow managed to get seed mnemonic or wallet file+password... or the OP has unknowingly leaked their seed through some other manner (claiming forks from dodgy wallets? unlikely given it was an unused wallet) or stored it "digitally" in one form or another (ie. email/IM/screen shot/text file) and that storage has been compromised. @btcSCNB, at this time, and unless you can positively identify how your seed/wallet was compromised, I would seriously contemplate wiping your computer and doing a fresh OS install... then changing ALL your passwords to EVERYTHING... as it would appear something on your PC or with your "OpSec" is compromised.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7537
Playgram - The Telegram Casino
|
|
March 20, 2019, 09:40:41 AM |
|
OP have you downloaded any suspicious files since installing your Electrum wallet? Any browser plugins? How did you save your seed? You say you don't have a file with your seed but did you create one initially that you saved somewhere on your PC? Is it a shared PC, could someone have gotten access to it? Did you save it in an email client, viber, whatsapp, sent it over facebook, google drive etc? Do you use the same PC where your Electrum is installed for other online activities, torrenting, gaming, xxx?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
btcSCNB (OP)
Newbie
Offline
Activity: 8
Merit: 1
|
|
March 20, 2019, 07:09:01 PM |
|
No, no suspicious files, I'm very careful about what I download. The only extension is Ant video downloader for Firefox. I don't remember what I did with the seed, I'm sure I had a text file with the seed at some point but it was stored only on my PC and I deleted it a long time ago or got lost when my old HDD failed. The old HDD never left the house, it's under my desk right now. I only had the old empty wallet which I now wish I had lost too. The wallet was exported on a stick and the stick always stayed in my house. Only I have access to this PC, I'm the only user. I rarely use Google drive, it wasn't ever uploaded there; I went trough all the old emails in my most used accounts and searched for terms and there's no trace of any wallet or seed and I don't remember ever sending anything like that over email in the first place. I don't even use or used Whatsapp, viber or similar apps. I use facebook but never used it for anything crypto related, I didn't have any reason to. I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. I disinfected dozens of PCs myself in my lifetime, I would've found something if there was something. I mean it's just 100€ but I'm still bitter about it, I could've used that money.
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3108
Merit: 2176
Playgram - The Telegram Casino
|
|
March 21, 2019, 10:04:42 AM |
|
[...] I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. [...]
Maybe you caught something on one of the torrent sites. While porn sites are supposedly surprisingly safe, torrent and streaming sites can't be quite as choosy as far as advertisers are concerned, so sometimes you'll get nasty little malware just from entering the site. Happened to me a couple years back, I wasn't sure whether to be pissed off or impressed. Either use ad blockers / disable JavaScript or use a VM when visiting any piracy related sites. Also note that well written malware doesn't necessarily turn up on virus scans. Actually malware doesn't necessarily need to be well written to remain overlooked, it often suffices if it's just rare enough to slip under the radar. Accordingly I'd probably consider reinstalling my OS from scratch if I were you. Do you have any spell checkers installed? Turns out they potentially leak your seed and other sensitive information: https://www.zdnet.com/article/cryptocurrency-wallet-caught-sending-user-passwords-to-googles-spellchecker/
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7537
Playgram - The Telegram Casino
|
|
March 22, 2019, 09:16:09 AM |
|
[...] I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. [...] That can be an issue and a potential security threat. A PC where you keep your Bitcoins and your wealth shouldn't be used for shady activities like watching porn or downloading torrents. It takes time for new threats to be discovered by AV vendors and for the code to be recognised as malicious. Like HeRetiK said, reinstalling your OS is the safest thing you can do now.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Valerian77
|
|
March 22, 2019, 05:17:12 PM |
|
Maybe its worth to try https://www.spyshelter.com/ and reboot the system. If there is a keylogger or some other kind of evil software Spyshelter will find it.
|
|
|
|
|