Bitcoin 'successfully' transferred to an invalid bitcoin address

[fentanyl08]

I was trying to pay a Bitpay.com invoice and opened the invoice in Electrum-BTC desktop wallet. I don't know how, but somehow that transaction got sent to and invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
The transaction should be returned if the address is not even a valid bitcoin address (it has non-supported characters right?) but it appears that the transaction is already confirmed
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45
Please help me out there

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

[pooya87]

invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
it has non-supported characters right

why do you think this address is "invalid" or have "non-supported characters"?

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

you can not be sure unless you have actually verified the digital signature of the installer you downloaded and installed with this PGP public key. and unfortunately it seems like you didn't and were a victim of a phishing attack:
similar case with same address: https://github.com/spesmilo/electrum/issues/5072

[nc50lc]

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

Check your browsing history if it's actually electrum.org or https://github.com/spesmilo/electrum/.
That's to know the reason why you've been hacked, but with this:

the transaction is already confirmed
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45

You won't be able to reverse the transaction.

For the validity of the address, read this: https://en.bitcoin.it/wiki/Address
(the 1st paragraph is enough).

[fentanyl08]

The website I downloaded update from was official https://prnt.sc/p2ys86
Also, this address doesn't show up on Block Explorer when I search "Invalid input" message appears, that's why I assumed it is invalid.

[turndealer]

I was trying to pay a Bitpay.com invoice and opened the invoice in Electrum-BTC desktop wallet. I don't know how, but somehow that transaction got sent to and invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
The transaction should be returned if the address is not even a valid bitcoin address (it has non-supported characters right?) but it appears that the transaction is already confirmed
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45
Please help me out there

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

Addresses started with bc1 are segwit address, They are of bech32 type.

Thus they are valid address

Here it is on blockchain explorer

https://blockchair.com/bitcoin/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
and Tx here
https://blockchair.com/bitcoin/transaction/1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45

It can not be reversed.

Electrum does create bech32 address. You should investigate more or provide more details what you were trying to do !

Thanks


PS: Just checked your screenshot , Thats a scam phishing site electrumproject .  org!!

[fentanyl08]

I was trying to pay a Bitpay.com invoice and opened the invoice in Electrum-BTC desktop wallet. I don't know how, but somehow that transaction got sent to and invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
The transaction should be returned if the address is not even a valid bitcoin address (it has non-supported characters right?) but it appears that the transaction is already confirmed
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45
Please help me out there

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

Addresses started with bc1 are segwit address, They are of bech32 type.

Thus they are valid address

Here it is on blockchain explorer

https://blockchair.com/bitcoin/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
and Tx here
https://blockchair.com/bitcoin/transaction/1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45

It can not be reversed.

Electrum does create bech32 address. You should investigate more or provide more details what you were trying to do !

Thanks

I was trying to pay a Bitpay invoice. I opened the invoice in Electrum app and tried to pay it. I contacted the Bitpay support with this address but they say it doesn't belong to them.

[turndealer]

I was trying to pay a Bitpay.com invoice and opened the invoice in Electrum-BTC desktop wallet. I don't know how, but somehow that transaction got sent to and invalid address bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
The transaction should be returned if the address is not even a valid bitcoin address (it has non-supported characters right?) but it appears that the transaction is already confirmed
Transaction id 1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45
Please help me out there

P.S
 The wallet prompted me to install an update before sending the transaction and I'm pretty sure it was official electrum-btc website.

Addresses started with bc1 are segwit address, They are of bech32 type.

Thus they are valid address

Here it is on blockchain explorer

https://blockchair.com/bitcoin/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny
and Tx here
https://blockchair.com/bitcoin/transaction/1cdc45c6f92430d021f387af6564353cb90281da4ee8e1e9721387ad05874c45

It can not be reversed.

Electrum does create bech32 address. You should investigate more or provide more details what you were trying to do !

Thanks

I was trying to pay a Bitpay invoice. I opened the invoice in Electrum app and tried to pay it. I contacted the Bitpay support with this address but they say it doesn't belong to them.

PS: Just checked your screenshot , Thats a scam phishing site electrumproject .  org!!


Software you downloaded is malware cum phishing tool

[Pmalek]

The website I downloaded update from was official https://prnt.sc/p2ys86

Not it is not! What makes you think that is the official site? I think I replied in your thread on another board but now my suspicion has been confirmed. You downloaded a fake 4.0 version of Electrum.

The newest OFFICIAL release is 3.3.8, there is no 4.0 release and the only official site is https://electrum.org/#download and not the one you downloaded from.

[ralle14]

I was trying to pay a Bitpay invoice. I opened the invoice in Electrum app and tried to pay it. I contacted the Bitpay support with this address but they say it doesn't belong to them.

They're right it's not from them, as what others mentioned you were tricked in to downloading the wrong version of electrum.

If you're asked to update always check the site first. What version were you using before you downloaded the fake one?

[fentanyl08]

The website I downloaded update from was official https://prnt.sc/p2ys86

Not it is not! What makes you think that is the official site? I think I replied in your thread on another board but now my suspicion has been confirmed. You downloaded a fake 4.0 version of Electrum.

The newest OFFICIAL release is 3.3.8, there is no 4.0 release and the only official site is https://electrum.org/#download and not the one you downloaded from.

Thanks for info. How should I proceed to properly get rid of this infected software? Uninstalling it and reinstalling from electrum.org should suffice?

[o_e_l_e_o]

Uninstalling it and reinstalling from electrum.org should suffice?

Should suffice? Maybe. Definitely will suffice? No.

I don't think anyone has fully analyzed the version 4 malware to find out exactly what it is doing. It is clear that it modifies transactions to send your coins to the hacker's address, but it could be doing a bunch of other things including accessing your seed and sending that to the hackers or even installing clipboard or keylogging malware on your device.

At the very least you should be backing up your wallet files, uninstalling all versions of Electrum, searching your drives for any traces of Electrum and wiping those, running extensive antivirus and antimalware scams, downloading and verifying the latest version from https://electrum.org/#download, setting up a new wallet, and transferring all your funds to the new wallet. This doesn't guarantee your safety by any means, though. Using Electrum in conjunction with a hardware wallet would add a lot more security to this set up.

To be completely sure that you aren't still infected, you will need to reformat your computer.

[TalkStar]

Feeling really sad for your loses. There is lot of incidents happened like this before where most of the time user got scammed due to visiting electrum phishing web link. It is to notify you that in every electrum phishing attack hackers take the advantage by pushing visitors to their fake websites. In most of these cases new electrum users put their foot on this kinda trap because of having little knowledge about this kinda attacks. Its important to check your browsers address bar to be confirmed about real website address before make any kind of transaction. I think you give less priority to check before browsing. For now try to clean your computer before making any new transaction.

You could get rid off these kinda attacks in future by using your browser's bookmark option. Try to bookmark all official website address to keep you safer from another phishing attack in future.

[jjjfff]

This is so unfortunate.

Is there somewhere we can blacklist Bitcoin addresses?

Is there a directory for this sort of thing?

[TryNinja]

This is so unfortunate.

Is there somewhere we can blacklist Bitcoin addresses?

Is there a directory for this sort of thing?

Who is we? Where should they be blacklisted? It wouldn't work anyways. What prevents them from creating a new wallet instantly, change their address and keep stealing people?

[AdolfinWolf]

This is so unfortunate.

Is there somewhere we can blacklist Bitcoin addresses?

Is there a directory for this sort of thing?

You can add bitcoin adresses to all sorts of directories, but they're really just useless (See Ninja's reply.).

You have https://www.scambitcoin.com & https://bitcoinwhoswho.com/scams that i know of.

These directories would only become somewhat interesting if Electrum somehow adds a plugin with a blacklist of these addresses, but considering the amount of false positives & the way malware would be able to simply maneuver around such a block & the fact that scammers can generate endless new addresses just makes it utterly useless to do. Not to mention that it's really a step in the wrong direction, towards centralization et al.

TLDR; be your own bank.

[o_e_l_e_o]

Its important to check your browsers address bar to be confirmed about real website address before make any kind of transaction.

You could get rid off these kinda attacks in future by using your browser's bookmark option.

This is good practice, but it isn't sufficient. There exist fake websites using punycode to disguise themselves as the real thing, sometimes indistinguishably. If you are using Firefox (which you should be if you care about your privacy), then open a new tab, type about:config, search for network.IDN_show_punycode, and toggle it to true. This will protect you from punycode attacks.

Even then, this isn't enough. The official electrum.org site could still be hacked and start hosting malware. As it says on the Electrum site, you should verify the file you have downloaded before installing it. There's an easy to follow guide to doing this here: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/.

[jjjfff]

This is so unfortunate.

Is there somewhere we can blacklist Bitcoin addresses?

Is there a directory for this sort of thing?

Who is we? Where should they be blacklisted? It wouldn't work anyways. What prevents them from creating a new wallet instantly, change their address and keep stealing people?

Sure, I understand that.

I meant after the hack is done, how do we track where the stolen coins go? Is there a standard way to know "this address has funds that were stolen on mm/yyyy?

[TalkStar]

This is good practice, but it isn't sufficient. There exist fake websites using punycode to disguise themselves as the real thing, sometimes indistinguishably. If you are using Firefox (which you should be if you care about your privacy), then open a new tab, type about:config, search for network.IDN_show_punycode, and toggle it to true. This will protect you from punycode attacks.

Even then, this isn't enough. The official electrum.org site could still be hacked and start hosting malware. As it says on the Electrum site, you should verify the file you have downloaded before installing it. There's an easy to follow guide to doing this here: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/.

Another bunch of necessary information which will absolutely help electrum users to be careful enough before installing the file. If electrum official site go under hacker control then its quite expected that at first they will plant their malware on file download section. Everyone who will download file after this kinda hacking attempt will get malware infected file on their devices. Electrum related scam incidents isn't a new thing now. So its undoubtedly better to build the habit of verifying file before installing.

[nc50lc]

I meant after the hack is done, how do we track where the stolen coins go? Is there a standard way to know "this address has funds that were stolen on mm/yyyy?

Just knowing where the particular UTXO was spent or if the address was publicly posted as "his", nothing else.

I would be a game of cat and mouse.
For the hacker, he can just send the coins to a mixer or ConJoin to reduce the chance of being traced.
For the authorities (not Bitcoin developers), they use specialized software and tools to check if addresses belong to the same wallet or other techniques like Dust attack to accomplish it.

If you ask me, the hacker has the advantage on this game, but that depends on his wit.

[Pmalek]

I meant after the hack is done, how do we track where the stolen coins go? Is there a standard way to know "this address has funds that were stolen on mm/yyyy?

It wouldn't change anything even if you do. Bitcoin transactions are irreversible so there is no way of getting it back and as previous users mentioned the hackers will find ways to keep stay safe by either mixing the coins or exchanging them for a privacy coin like Monero.
Depending where you are from law enforcement can't or won't do much about stolen Bitcoins unless the amount is significant.