Bitcoin Forum
February 23, 2020, 05:46:43 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: My Electrum wallet just got hacked for $35k+  (Read 226 times)
mostmodest1
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 11, 2020, 04:25:52 AM
 #1

This just happened.

I was sitting at my computer and then I see a popup from my Electrum wallet that I have a pending transaction.

Then a minute later another popup from my second Electrum wallet.

Fuck. How could this happen? I'm on vacation right now and using a mobile sim tethered to my laptop. Is that it? Are these wallets that easy to hack?

Is there anything I can do? This is a significant amount of money for me.

Here are the two transactions.

https://blockstream.info/tx/84ff8d61c72a83c773b8cd987d6c1ced3ce1054fb245e302c602c4f8e07e1dfb
https://blockstream.info/tx/0176ec22ae957a08e686daa3db0e7c20e6882931b941ce088b1b45bee06ab369
1582436803
Hero Member
*
Offline Offline

Posts: 1582436803

View Profile Personal Message (Offline)

Ignore
1582436803
Reply with quote  #2

1582436803
Report to moderator
1582436803
Hero Member
*
Offline Offline

Posts: 1582436803

View Profile Personal Message (Offline)

Ignore
1582436803
Reply with quote  #2

1582436803
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582436803
Hero Member
*
Offline Offline

Posts: 1582436803

View Profile Personal Message (Offline)

Ignore
1582436803
Reply with quote  #2

1582436803
Report to moderator
1582436803
Hero Member
*
Offline Offline

Posts: 1582436803

View Profile Personal Message (Offline)

Ignore
1582436803
Reply with quote  #2

1582436803
Report to moderator
nc50lc
Legendary
*
Offline Offline

Activity: 868
Merit: 1003


Self-proclaimed Genius ㊙️


View Profile WWW
February 11, 2020, 04:33:21 AM
 #2

As far as the Electrum is concerned, it's the device where it was installed will decide if it's "easy to hack".
Plus the wallet type, 2FA and an "air-gap" set-up are pretty much "unhackable".

How about the wallet's seed, is it stored somewhere safe?
Can you tell which version of the wallet are you using and where did you downloaded it?

Is there anything I can do? This is a significant amount of money for me.
Those transactions were confirmed and cannot be reversed.
You can report it to the authorities as the only way to recover your coins is to find the culprit.

mostmodest1
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 11, 2020, 04:39:25 AM
 #3

As far as the Electrum is concerned, it's the device where it was installed will decide if it's "easy to hack".

How about the wallet's seed, is it stored somewhere safe?
Can you tell which version of the wallet are you using and where did you downloaded it?

No I guess not. Stored in Evernote on my computer.

Version 3.3.8, downloaded from the official site.  https://electrum.org/#home

How would the authorities go about finding whoever stole them? Would they even investigate this? Seems like an impossible task.
nc50lc
Legendary
*
Offline Offline

Activity: 868
Merit: 1003


Self-proclaimed Genius ㊙️


View Profile WWW
February 11, 2020, 04:53:44 AM
Last edit: February 11, 2020, 05:09:19 AM by nc50lc
 #4

No I guess not. Stored in Evernote on my computer.
This isn't secured since it's stored as non-encrypted plain text.
The seed phrase should be stored "physically" offline in a piece of paper.

You should've followed the instructions:

Although we can't rule out other possibilities, but I got a hunch that it's the seed that got hacked.

If a hacker can get his hands on your files, then he wouldn't be needing your Electrum wallet at all.
He can just import it to his own Electrum installation and spend your funds from there.

mostmodest1
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 11, 2020, 04:59:08 AM
 #5

So how did this happen?

Someone hacked into my computer went through my notes and found the seed?

Do you know anything about this company?
https://ciphertrace.com/about-us/
nc50lc
Legendary
*
Offline Offline

Activity: 868
Merit: 1003


Self-proclaimed Genius ㊙️


View Profile WWW
February 11, 2020, 05:18:14 AM
 #6

So how did this happen?
It's hard to tell exactly how.

Maybe your Evernote's login info was compromised.
It could also be someone near that area since the transactions were made after you opened your wallet at that time.
...Or not, because if the connection is slow, it could take a minute to display the next/latest transaction(s).

Do you know anything about this company?
https://ciphertrace.com/about-us/
Haven't heard of them, but it looks similar to chainalysis.com that investigates these cases.

TheUltraElite
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 855


Reached 850 merit! #ChallengeComplete


View Profile WWW
February 11, 2020, 07:28:01 AM
 #7

Someone hacked into my computer went through my notes and found the seed?
It is unsafe to store your wallet private key in a note taking software that can be logged from other devices in case someone gets access to your login credentials there. Sorry to say that if you are looking to store money in crytpocurrencies you should not store the keys in such notebooks. It is important that you also keep your devices clean of malware which could also be the source of data leak to hackers.

There is no much legal approach that you can take here unless you are living in some place where cryptocurrency is understood by the authorities. Still you can approach your cybercrime department but I doubt it would go anywhere.

███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄██▀▀▄▄ ████▄▀██████
█████ ███ ████ ▀▀████ █████
████ █████ ███▀▀▀▄████ ████
████ ███▀▀▀▄▄▄████████ ████
████ ██▄▄▀▀███████▀▄▄█ ████
█████ █████ █▀██▀▄███ █████
██████▄▀███▀▄█▀▄███▀▄██████
████████▄▄▀▀▀ ▀▀▀▄▄████████
██████████▀▄███████████████
██████████████████████████
.
.FORTUNEJACK   JOIN INVINCIBLE JACKMATE AND WIN......10 BTC........
█████████████████████████
█████████████████████████
██████▀▀▀       ▀▀▀██████
█████  ▄▄▄█████▄▄▄  █████
█████  █████ █████  █████
█████  ██▄     ▄██  █████
█████  ████   ████  █████
█████▄  ██▄▄█▄▄██  ▄█████
██████▄  ███████  ▄██████
███████▄   ▀▀▀   ▄███████
██████████▄▄ ▄▄██████████
█████████████████████████
█████████████████████████
.
..
Thekool1s
Legendary
*
Offline Offline

Activity: 1358
Merit: 1159


LuckyB.it is Back!


View Profile WWW
February 11, 2020, 02:22:00 PM
 #8

Quote from: mostmodest1
How would the authorities go about finding whoever stole them? Would they even investigate this? Seems like an impossible task.

Depends on how dumb your hacker was. I did a bit of googling and found that Evernote logs your IPs and an estimated geographic location so that may be a good starting point.[1] If it was someone dumb who got access to your seed they might be very easy to track with the help of authorities. Also, check https://haveibeenpwned.com/ to verify if your password has been leaked online for the email you have used on Evernote. Just hope it isn't the case as this will really shave off the list of potential suspects in your case. Other than that Sorry for your loss man.


Source:
[1] https://help.evernote.com/hc/en-us/articles/208314178-How-to-view-the-log-in-access-history-of-your-Evernote-account

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
AltcoinBuilder
Copper Member
Jr. Member
*
Offline Offline

Activity: 96
Merit: 5


View Profile WWW
February 11, 2020, 03:54:39 PM
 #9



Someone hacked into my computer went through my notes and found the seed?

you stored seed in your computer?
mostmodest1
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 11, 2020, 05:24:45 PM
 #10

Quote from: mostmodest1
How would the authorities go about finding whoever stole them? Would they even investigate this? Seems like an impossible task.

Depends on how dumb your hacker was. I did a bit of googling and found that Evernote logs your IPs and an estimated geographic location so that may be a good starting point.[1] If it was someone dumb who got access to your seed they might be very easy to track with the help of authorities. Also, check https://haveibeenpwned.com/ to verify if your password has been leaked online for the email you have used on Evernote. Just hope it isn't the case as this will really shave off the list of potential suspects in your case. Other than that Sorry for your loss man.


Source:
[1] https://help.evernote.com/hc/en-us/articles/208314178-How-to-view-the-log-in-access-history-of-your-Evernote-account

This is what I got from Evernote. Looks like the hacker is from Russia or Romania.

https://i.gyazo.com/b2430a529357b99666850ad0c5f11e75.png

What do I do with this? I live in Canada but currently traveling in Florida. Do I go to the police in my city when I get back?

As for that site it says Pwned on 14 breached sites and found 1 paste.
RapTarX
Sr. Member
****
Offline Offline

Activity: 392
Merit: 505



View Profile WWW
February 11, 2020, 05:56:18 PM
 #11

This is what I got from Evernote. Looks like the hacker is from Russia or Romania.



What do I do with this? I live in Canada but currently traveling in Florida. Do I go to the police in my city when I get back?

A hacker would never be such stupid to use their own IP address. Probably they used TOR and it's pretty common.
There's nothing you can do other than file a suit. The chance of getting back your BTC almost zero. However, you must file a suit.
BitMaxz
Legendary
*
Offline Offline

Activity: 1708
Merit: 1339


Beware on fake ledger nano, trezor and electrum.


View Profile WWW
February 11, 2020, 08:02:38 PM
 #12

There's no way to take them back and the above post might be right but you can report it to the local authorities. Since it's a big money it might be help to track down your bitcoin.

The bad thing you did here is you save the seed backup in Evernote which is an online app. So, you place your backup in a risky online app and Evernote is only using for taking note, archiving or use for task management. It's not built for saving important files.

Next time don't save your important file online. I suggest you if you are going to save your backup seed write them down on the piece of paper or any offline devices. Which is not connected to the internet or buy a hardware wallet instead.

harizen
Legendary
*
Offline Offline

Activity: 1806
Merit: 1277


WOLF.BET - Provably Fair Dice Game


View Profile
February 11, 2020, 08:47:42 PM
 #13


Evernote has been involved in several breaching issues in the past.

So unusual to see that someone with $35,000 did not take the security into a much higher level. No offense.

OP don't you received notifications because of that unusual login location? Evernote should consider that as a suspicious activity already as someone is accessing it on your not usual location within just the same day and can also be considered as someone is logging it via VPN or proxy connection.

Sorry to say but chances of your BTC to recover is so slim but giving the authority a heads up should be considered. Just hope that the mole is just around the corner or maybe someone knows your personal and private stuff.

.WOLF.BET.▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██

█████
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
█████


joniboini
Legendary
*
Offline Offline

Activity: 840
Merit: 1285


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
February 12, 2020, 04:30:21 AM
 #14

OP don't you received notifications because of that unusual login location? Evernote should consider that as a suspicious activity already as someone is accessing it on your not usual location within just the same day and can also be considered as someone is logging it via VPN or proxy connection.

Evernote is never that good for security. Add that with unencrypted text and other security settings, you're fucked up.

OP, you should stop using online cloud storage to store your unencrypted seed/private key. Even if you encrypt it, that will only slow them down before your wallet got emptied again.

mostmodest1
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 12, 2020, 05:18:17 AM
 #15

No I didn't get any alert from Evernote about strange IPs logging into my account.

I'm annoyed that Electrum let another user log into my account while I was logged in. How can they let two computers log into one account at the same time??

Wish that I just stuck with Coinbase and LocalBitcoin wallet. Been using those for years without any issues.

I'm curious how this hacker found me in the first place and what I can do to avoid him in the future. I bet he's going to target me again considering how easy I made things for him this time.

I didn't realize how important those seed words were. Never been hacked in the past and I don't visit any shady sites so couldn't imagine it happening to me. Stored the seeds in Evernote out of convenience, can't lose them there.

Very expensive lesson for me. Trying to not let it ruin my vacation but I'm finding that hard at the moment. I would have preferred to be robbed at gunpoint, would cost me less than 35k. If Evernote was the cause this could have been easily avoided.
nc50lc
Legendary
*
Offline Offline

Activity: 868
Merit: 1003


Self-proclaimed Genius ㊙️


View Profile WWW
February 12, 2020, 05:27:00 AM
 #16

No I didn't get any alert from Evernote about strange IPs logging into my account.

I'm annoyed that Electrum let another user log into my account while I was logged in. How can they let two computers log into one account at the same time??
Cryptocurrency non-custodial wallets like Electrum doesn't work like a bank account.
It stores the private keys of your addresses that's used as the "key" to spend from the "recorded" data in the blockchain.
You're in full control of your funds including the security, Electrum developers or servers cannot intervene.

And that seed phrase contains all of those keys, it's never meant to be a "login info",
it's a "full backup" as stated in the warning from the wallet creation window (the image in my previous post #4).

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3647


Decent


View Profile
February 12, 2020, 09:50:29 AM
 #17

No I didn't get any alert from Evernote about strange IPs logging into my account.
I'm not sure they offer this service, and even if they did, by the time a suspicious IP has logged in, its too late.

I'm annoyed that Electrum let another user log into my account while I was logged in. How can they let two computers log into one account at the same time??
Because wallets aren't "accounts" that need to be logged in to. Electrum is simply an interface to allow you to interact with your seed and private keys in a user friendly way. If someone else has a copy of your seed, then they can interact with it in the exact same way. It would be like if someone had stolen some sensitive documents from your Evernote, and you were asking "How can Microsoft Word let two computers view the same document at the same time?"

Wish that I just stuck with Coinbase and LocalBitcoin wallet. Been using those for years without any issues.
Your situation is exactly why you shouldn't use online wallets. Storing information online is not safe, as you have unfortunately just found out.

I'm curious how this hacker found me in the first place and what I can do to avoid him in the future.
Do you use the same email address for all your logins? Do you use the same email for Evernote and for crypto related activities? What about the same password? There are countless services which have experienced hacks and have leaked millions of user credentials.

I didn't realize how important those seed words were.
As pointed out above, Electrum gives explicit instructions not to store these online.

Thekool1s
Legendary
*
Offline Offline

Activity: 1358
Merit: 1159


LuckyB.it is Back!


View Profile WWW
February 12, 2020, 10:07:34 AM
Last edit: February 13, 2020, 02:28:11 PM by Thekool1s
Merited by Pmalek (1)
 #18

Quote from: mostmodest1
I'm annoyed that Electrum let another user log into my account while I was logged in. How can they let two computers log into one account at the same time??

Wish that I just stuck with Coinbase and LocalBitcoin wallet. Been using those for years without any issues.

Jeez! I don't want to offend you but you clearly don't understand how bitcoin works in general as mentioned by others. What's surprising to me is you placed $35k into something you don't understand. smdh... On Coinbase you don't own your Bitcoins, they hold it for you. Same is the case with LocalBitcoins. In case they get hacked your bitcoins are gone forever. Bitcoin doesn't works like a bank, once a transaction is confirmed it's not reversible. The only way you might get your Bitcoins back with them is that they decide to repay for all the hacked Bitcoins out of their pocket... Yeah, they might do a better job in protecting your funds but they aren't immune to getting hacked either. Just keep this in mind, If you don't have a seed for your wallet that means you don't own any bitcoins.

There are many guides available on the internet on how to protect your seed, start there so that you may not repeat your mistakes again. Only you can protect yourself in an online world. Anyways if you decide to invest again in Bitcoin consider investing in a hardware wallet, Something which a good guide will suggest as well. Look into ColdCard if you decide to go the hardware route.

Quote from: mostmodest1
As for that site it says Pwned on 14 breached sites and found 1 paste.

Consider changing your passwords on all of the websites you have used this email on, Consider something like keypass to manage your passwords moving forward. As I said above only you can protect yourself in an online world consider reading into things like how to protect your privacy. There are many great guides available on the internet. Just to get you started you could have blurred your IPs in the screenshot you shared with us and could have only left the IPs from Russia and Romania... Anyway man Goodluck moving forward...

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
Abdussamad
Legendary
*
Offline Offline

Activity: 2380
Merit: 1255



View Profile
February 12, 2020, 11:05:09 AM
 #19

Quote from: mostmodest1
How would the authorities go about finding whoever stole them? Would they even investigate this? Seems like an impossible task.

Depends on how dumb your hacker was. I did a bit of googling and found that Evernote logs your IPs and an estimated geographic location so that may be a good starting point.[1] If it was someone dumb who got access to your seed they might be very easy to track with the help of authorities. Also, check https://haveibeenpwned.com/ to verify if your password has been leaked online for the email you have used on Evernote. Just hope it isn't the case as this will really shave off the list of potential suspects in your case. Other than that Sorry for your loss man.


Source:
[1] https://help.evernote.com/hc/en-us/articles/208314178-How-to-view-the-log-in-access-history-of-your-Evernote-account

This is what I got from Evernote. Looks like the hacker is from Russia or Romania.



What do I do with this? I live in Canada but currently traveling in Florida. Do I go to the police in my city when I get back?

As for that site it says Pwned on 14 breached sites and found 1 paste.


looks like an open and shut case. at least you know how it was done

you could complain to the police if you think it'll help you with the tax authorities down the line. but there's zero chance they'll recover your money from foreign criminals.
Lucius
Legendary
*
Offline Offline

Activity: 1694
Merit: 1528


⚔ Fortis Fortuna Adiuvat ⚔


View Profile WWW
February 12, 2020, 12:10:16 PM
 #20

On Coinbase you don't own your Bitcoins, they hold it for you. Same is the case with LocalBitcoins. In case they get hacked your bitcoins are gone forever. Bitcoin doesn't works like a bank, once a transaction is confirmed it's not reversible. The only way you might get your Bitcoins back with them is that they decide to repay for all the hacked Bitcoins out of their pocket... Yeah, they might do a better job in protecting your funds but they aren't immune to getting hacked either. Just keep this in mind, If you don't have a seed for your wallet that means you don't own any bitcoins.

In this case perhaps it would be better that the OP is keep coins on Coinbase or any other reputable crypto exchange, but again even that may not help if his login data was stored in same way as Electrum seed. Coinbase is keep 98% of user funds in cold wallet, and in case of hack only damage can be for their hot wallet, but in case of personal account hack/phishing the situation is the same as if someone hacked any desktop/mobile wallet.

OP can report this case to police, but as far as international crime is concerned, it is a very small amount of money that makes it impossible to expect an international investigation. Best chance in such situations is to track coin transaction and report to crypto exchanges with the hope that some of them might freeze funds. But most hackers are not so stupid, they act quickly and mask the trail with as many transactions as possible.

malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2478
Merit: 1336



View Profile
February 14, 2020, 05:17:40 AM
 #21

99.9% chance your money's as good as lost at this point.

To avoid similar costly mistakes, get a hardware wallet (Trezor or Ledger are fine) and keep your seed in a safe place.

It won't hurt to shoot an email to every one of these coin tracking/blockchain analysis companies on the rare chance they know something, or might know in the future. If the thief is a Romanian then you might have stand a chance at recovering the bitcoins, if it's a Muscovite consider the money lost.

Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!