I lost my Bitcoins by fishing attack "update electrum 4".

[NeuroticFish]

3. I am newer here, and don't know all yours community specifics. Don't Judge Me so Strong.

I'm not really the judging type, especially on online forums, I just gave some info which I considered useful.
It's really your choice if you change the caps or adjust the story from "pushing the button Send" on a "cold storage" or explain it better (in the main topic).

The outcome is the same. The money are gone. Next time you should know and never again go online with a cold storage.

[1715021257]

1715021257

[1715021257]

1715021257

[bob123]

For the future, verify every download before installing.
You can find a tutorial for that on electrum.org.

1. Writing all uppercase means this question more important to me.

Writing all uppercase means that we care way less about helping you.

2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.

Unfortunately you won't get your coins back.

[HCP]

2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.

I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

This single lapse in his transaction workflow (and failing to verify the electrum download) cost him a substantial amount of money

[bob123]

I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

Going online with a cold wallet to make a quick transaction wasn't the smartest move.
Signing the transaction offline and broadcasting it on an online device wouldn't take much longer. Especially since he seemed to already be used to it due to using it as an cold wallet for most of the time.

Given that the burglary probably was already a few hours(?) ago, this 1 minute most likely wouldn't be an issue.


Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

We are not yet at that point where storing and using bitcoin without any risks can be achieved by any random person. At least some awareness is still needed.

[Lucius]

Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise. I have already written in one of the similar topics that the number of such cases will start to increase every time a bull run occurs, which means that the person behind the phishing attack receives donations every day.

If we look at the address from OP -> bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny, from 25.07.2019 until today hacker is take over 90+ BTC, which only confirms that the OP is not alone in a very wrong approach to all this.

This is of course just one of the addresses that have so far been linked to this attack - the total amount of stolen BTC is certainly more than 1000 until today.

[bob123]

It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise.

But this still doesn't justify the core aspects of securing data.
Keeping software up-to-date is one of the most important things. There is a reason for windows to auto update itself all the time.

Going online with a 2+ year old wallet without updating it and installing a "new version" without verifying the signature (which is exactly described on electrum.org and takes only 2 minutes) is irresponsible.


Unfortunately this won't change and most people only adjust their habits after losing their coins. This quite simple phishing attack really shouldn't have achieved so much.

I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.

[HCP]

Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.

"Humans gonna Human"

It's just a fact of life that humans are incredibly irrational beings... and we do really "dumb"/unexpected things when put under stress/duress... witness people taking the time to get their carry-on bags out of overhead lockers when the aircraft they are in is on fire! I stopped being surprised by people doing "stupid" things a long time ago... but then, I'm old and have done a lot of stupid things myself over the years

So, yeah... while breaking "best practise" and hooking the cold wallet up to the net and trying to shift funds was definitely a lapse in judgement, I can certainly understand why OP did it...

The worse part is that they're likely not going to be the last victim either Are there any reliable metrics on how many "bad" servers there are currently in operation? Is there a way to detect them?

[BitMaxz]

~snip~
Are there any reliable metrics on how many "bad" servers there are currently in operation? Is there a way to detect them?

I can't seem to find any tools to detect bad servers but I think you can only find those bad servers in old Electrum when it asks for an update. I think it's a sign that the server is bad leading you to install phishing Electrum.

And I heard there are no verified trusted Electrum server lists and you can only find those bad servers when you use old versions of Electrum.

[Lucius]

I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.

The situation may be a little better when it comes to hardware wallets, but if someone is not aware of the basics, then we have a certain percentage of users who will do something like typing their seed online or in fake HW extension. And if you look at how many cases there are of those who are hacked even though they use HW, then it is clear that not even the best security solution is resistant to human stupidity.

The worse part is that they're likely not going to be the last victim either Are there any reliable metrics on how many "bad" servers there are currently in operation? Is there a way to detect them?

I don't think the number of such servers matters, because even though the whole thing boiled over at the end of 2018 - there are still a lot of those who haven't opened their wallets since then. All versions of Electrum below 3.3.4 are still vulnerable, and if you only look at the address posted by the OP, the inflow of BTC is constant, which just means that it still pays to run bad servers.

[bob123]

Are there any reliable metrics on how many "bad" servers there are currently in operation? Is there a way to detect them?

I guess one could try to simulate an older electrum wallet by connection to random servers and checking their responses when trying to broadcast a transaction.
Creating a list with bad servers and the ratio between bad and good server could be used as a metric.

But i am not aware of whether someone has created such a list already.