qbits (OP)
|
|
July 08, 2020, 06:21:36 PM |
|
Regrettably, I have discovered today that my bitcoins were stolen, I had them in Electrum wallet for years with no problem. I'm not sure how, as I did not use the wallet for 6 months and funds have disappeared about a month ago.
Some made it to the Huobi exchange... and yes I've tried contacting them. What else should I do? Does posting my wallet addresses here help?
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
July 08, 2020, 08:51:35 PM |
|
You can try posting the addresses or reporting it to the police, but there's practically no chance that your coins will be returned.
What you need to do now is to analyze how your coins were stolen, so that it won't happen again in the future. Did you store your seed in your email, cloud storage or your computer? Could your coins have been physically compromised, i.e. someone physically stole/copied your seed? Did you use some unsecure wallet generation method, like picking the seed words manually? Do you use a cold storage setup, or did you access your wallet from a live machine? Is the password on your wallet file strong?
|
|
|
|
LeGaulois
Copper Member
Legendary
Offline
Activity: 2940
Merit: 4101
Top Crypto Casino
|
|
July 08, 2020, 08:55:03 PM |
|
Nothing you can do, transactions are irreversible. You will be considered extraordinarily lucky if Huobi blocks the coins and give back to you. Don't waste your time with the police, they will hardly be able to do something, not even to understand a transaction
The most important thing now is to check your machine for a vulnerability (virus, malware,...) and to try to understand what could have happened to you and how you could have been robbed...
If it has been done with a malicious Electrum update, malware, or something else.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 08, 2020, 11:30:26 PM |
|
Regrettably, I have discovered today that my bitcoins were stolen, I had them in Electrum wallet for years with no problem. I'm not sure how, as I did not use the wallet for 6 months and funds have disappeared about a month ago.
What version of Electrum were you using? And did you ever do the digital signature verification when you installed it?
|
|
|
|
qbits (OP)
|
|
July 09, 2020, 07:18:10 AM |
|
What version of Electrum were you using? And did you ever do the digital signature verification when you installed it? 3.3.8, last time I used it before yesterday's discovery was in February, download was from osx app store
|
|
|
|
qbits (OP)
|
|
July 09, 2020, 07:22:49 AM |
|
You can try posting the addresses or reporting it to the police, but there's practically no chance that your coins will be returned.
What you need to do now is to analyze how your coins were stolen, so that it won't happen again in the future. - have no clue how Did you store your seed in your email, cloud storage or your computer? - no, only on my personal file server on private network since 2013 Could your coins have been physically compromised, i.e. someone physically stole/copied your seed? - have no idea, one wallet is safe, only default_wallet is compromised Did you use some unsecure wallet generation method, like picking the seed words manually? - no Do you use a cold storage setup, or did you access your wallet from a live machine? - live machine Is the password on your wallet file strong? - yes
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3864
Merit: 6592
Looking for campaign manager? Contact icopress!
|
|
July 09, 2020, 07:40:05 AM |
|
so that it won't happen again in the future.
From the things you've posted, the keeping the seed in electronic format can be a weak point, I have no other clue. Or maybe somebody stole directly from your phone or your phone's files. But one idea to prevent this for the future would he a hardware wallet. You generate safely a new seed in the wallet, you send the coins there, keep the seed only on paper (multiple copies) and you are good.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
July 09, 2020, 08:08:01 AM |
|
To me it seems that there are 2 likely scenarios:
1) Your mobile is compromised. This is quite unlikely because you said you have 2 wallet files stored there but only 1 got compromised. Further your wallet was password protected and since you didn't open it for 5 months it is quite odd that it got emptied 1 month ago.
2) Your mnemonic code somehow got exposed. That's what i would guess. You stored your mnemonic on a file server. Is there a (any) route from your file server to the internet? If yes, then most likely your file server somehow got compromised.
Number 2) would be my guess. What kind of software is running on your file server, which version? How is it running inside of your network (old PC, etc..)? Do you have a firewall set up?
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
July 09, 2020, 07:26:43 PM |
|
What you need to do now is to analyze how your coins were stolen, so that it won't happen again in the future. - have no clue how
Did you store your seed in your email, cloud storage or your computer? - no, only on my personal file server on private network since 2013
Could your coins have been physically compromised, i.e. someone physically stole/copied your seed? - have no idea, one wallet is safe, only default_wallet is compromised
Did you use some unsecure wallet generation method, like picking the seed words manually? - no
Do you use a cold storage setup, or did you access your wallet from a live machine? - live machine
Is the password on your wallet file strong? - yes
If there's a 5 month gap between last time you accessed coins and the theft, it might mean that some malware stole your wallet file and bruteforced your password. You might want to move the coins from your other wallet to a freshly created one in isolated environment. Your story is pretty strange, but I've seen similar stories before, and it's usually discovered that a seed or wallet file were stored insecurely and a malware incident or online hacking took place.
|
|
|
|
qbits (OP)
|
|
July 09, 2020, 08:48:38 PM |
|
To me it seems that there are 2 likely scenarios:
1) Your mobile is compromised. This is quite unlikely because you said you have 2 wallet files stored there but only 1 got compromised. Further your wallet was password protected and since you didn't open it for 5 months it is quite odd that it got emptied 1 month ago.
2) Your mnemonic code somehow got exposed. That's what i would guess. You stored your mnemonic on a file server. Is there a (any) route from your file server to the internet? If yes, then most likely your file server somehow got compromised.
Number 2) would be my guess. What kind of software is running on your file server, which version? How is it running inside of your network (old PC, etc..)? Do you have a firewall set up?
file server is a qnap server and yes about a month ago I had to upgrade firmware on it however I doubt this would be the cause. Firewall, yes, it is there but I doubt it is of much help if the exposure came from a malware or something like that as computers do have to have access to file server files...
|
|
|
|
qbits (OP)
|
|
July 09, 2020, 08:51:07 PM |
|
What you need to do now is to analyze how your coins were stolen, so that it won't happen again in the future. - have no clue how
Did you store your seed in your email, cloud storage or your computer? - no, only on my personal file server on private network since 2013
Could your coins have been physically compromised, i.e. someone physically stole/copied your seed? - have no idea, one wallet is safe, only default_wallet is compromised
Did you use some unsecure wallet generation method, like picking the seed words manually? - no
Do you use a cold storage setup, or did you access your wallet from a live machine? - live machine
Is the password on your wallet file strong? - yes
If there's a 5 month gap between last time you accessed coins and the theft, it might mean that some malware stole your wallet file and bruteforced your password. You might want to move the coins from your other wallet to a freshly created one in isolated environment. Your story is pretty strange, but I've seen similar stories before, and it's usually discovered that a seed or wallet file were stored insecurely and a malware incident or online hacking took place. can wallet be bruteforced? How long would it take for a 8 char (small+caps+digits)? Quite some time I would assume.
|
|
|
|
joniboini
Legendary
Offline
Activity: 2380
Merit: 1807
|
|
July 10, 2020, 06:08:30 AM |
|
can wallet be bruteforced? How long would it take for a 8 char (small+caps+digits)? Quite some time I would assume.
It would depend on what machine the hacker use and the entropy of your password. You can try some tools to predict how long it would take to crack your password such as https://tmedweb.tulane.edu/content_open/bfcalc.php.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Pmalek
Legendary
Offline
Activity: 2954
Merit: 7561
Playgram - The Telegram Casino
|
|
July 10, 2020, 03:30:57 PM |
|
Unfortunately, there is very little you can do in terms of getting your Bitcoin back. What you should do now is change the way you handle sensitive information to prevent similar incidents in the future.
- Don't save your seed on your computer, file server, or any other digital media. Write it down by hand on a piece of paper and keep it safe. - If for some reason you absolutely must save it in on a computer, (there shouldn't be one, but just in case) at least make sure it is password protected and/or encrypted.
I hope your bad experience wont be a reason to turn your back on Bitcoin.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
July 10, 2020, 07:20:47 PM |
|
can wallet be bruteforced? How long would it take for a 8 char (small+caps+digits)? Quite some time I would assume.
Within ~5 months? I would guess so, yes. But this depends on the hardware the attacker is using and the efficiency. I'd still believe that your file server has been somehow compromised.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
July 11, 2020, 09:54:56 AM |
|
3.3.8, last time I used it before yesterday's discovery was in February, download was from osx app store
OSX App Store? I wasn't aware that Electrum was available on the Mac App-Store... The only legit location I know of is the download section at electrum.org ( https://electrum.org/#download) Is it possible you downloaded a fake version from the app store? Is it still listed on the OSX App Store? Can you provide a link?
|
|
|
|
abuya55
Jr. Member
Offline
Activity: 42
Merit: 1
|
|
July 12, 2020, 05:19:20 AM |
|
The only thing you can do now is to analyze how this happened. Maybe you should buy a hardware wallet or create a paper wallet.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6157
Crypto Swap Exchange🈺
|
|
July 12, 2020, 11:23:19 AM |
|
OSX App Store? I wasn't aware that Electrum was available on the Mac App-Store...
My search results confirm that the OSX App Store does not contain Electrum for download. But there’s Electron Cash (BCH wallet), and something called Electrum Unity, but that has nothing to do with the crypto wallet. If the OP can confirm that he actually download Electrum from there, it is possible that it was a fake wallet that was removed. https://www.apple.com/us/search/electrum?src=globalnav
|
|
|
|
qbits (OP)
|
|
July 13, 2020, 06:42:01 AM |
|
3.3.8, last time I used it before yesterday's discovery was in February, download was from osx app store
OSX App Store? I wasn't aware that Electrum was available on the Mac App-Store... The only legit location I know of is the download section at electrum.org ( https://electrum.org/#download) Is it possible you downloaded a fake version from the app store? Is it still listed on the OSX App Store? Can you provide a link? I miss-spoke. I downloaded it using brew, which is kind of command line GNU store: macbook:Downloads arijan$ brew cask list blender chromium electrum gimp handbrake inkscape inssider onyx processing scribus vlc xquartz
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6157
Crypto Swap Exchange🈺
|
|
July 14, 2020, 01:38:56 PM |
|
I miss-spoke. I downloaded it using brew, which is kind of command line GNU store:
Brew definitely offers Electrum installation options, now the only question is whether anyone uses this method to distribute fake wallets. Since you did not make a signature verification and did not download the program from the official site, it seems that this is the reason why you were hacked. Of course it is possible that you took the wrong step elsewhere, but my bet would go in this direction.
|
|
|
|
|