think i was scammed but not sure how. please help.

[osiris999]

well guys it looks like i just lost 1100$ worth of bitcoin but im not sure what i did.
been a little while since i used electrum. this is the first time ive used 4.03. i had a few dollars worth already on electrum but i went to add about 1100$ worth. i clicked on receive and it gave me an address in a box. i sent the bitcoin i just purchased to that address. as soon as i did the transaction was showing up on my balance as incoming like usual. then all of a sudden electrum said my balance was now zero. it confirmed 6 times and is now a green check mark in my history. my balance is still 0. the weird thing is when i look at my history it shows 2 transactions at the same exact time. one coming in with the new bitcoin and one going out with the total amount.

i know that money more than likely gone but im scared to buy any bitcoin till i know how this happened and how i can prevent this.

[1715404534]

1715404534

[1715404534]

1715404534

[1715404534]

1715404534

[1715404534]

1715404534

[jackg]

How did you update your version of electrum? There was a phishing message on the old version (anything around 3.x should be considered vulnerable now anyway).

Is there anything else you could've clicked on if it wasn't a phishing message, for example is your wallet password protected as it might be easier to accidentally click send on something otherwise.

[osiris999]

i went to electrum.org/ and downloaded the 4.0.3 stand alone exe. before i was using 3.3.8.

[HCP]

... the weird thing is when i look at my history it shows 2 transactions at the same exact time. one coming in with the new bitcoin and one going out with the total amount.

It would appear that your wallet has been compromised... most likely someone else has the seed for your wallet... they were monitoring your wallet and upon seeing the incoming transaction for $1000+, they created a transaction to steal it all.

How did you backup your wallet seed mnemonic (the 12 recovery words)? Did you ever store this digitally on your computer or on a cloud based server? For example: screenshot, text document, instant messenger, "note" application, email etc?

What address were your coins sent to?

i went to electrum.org/ and downloaded the 4.0.3 stand alone exe. before i was using 3.3.8.

Did you verify the digital signature of that standalone .exe file using GPG/Kleopatra (as per the instructions here)?

If you still have the .exe, you should download the signature file (https://download.electrum.org/4.0.3/electrum-4.0.3.exe.asc) and then verify it, to make sure that the version of Electrum you downloaded is actually legitimate...

[osiris999]

... the weird thing is when i look at my history it shows 2 transactions at the same exact time. one coming in with the new bitcoin and one going out with the total amount.

It would appear that your wallet has been compromised... most likely someone else has the seed for your wallet... they were monitoring your wallet and upon seeing the incoming transaction for $1000+, they created a transaction to steal it all.

How did you backup your wallet seed mnemonic (the 12 recovery words)? Did you ever store this digitally on your computer or on a cloud based server? For example: screenshot, text document, instant messenger, "note" application, email etc?

What address were your coins sent to?

i went to electrum.org/ and downloaded the 4.0.3 stand alone exe. before i was using 3.3.8.

Did you verify the digital signature of that standalone .exe file using GPG/Kleopatra (as per the instructions here)?

If you still have the .exe, you should download the signature file (https[Suspicious link removed].asc) and then verify it, to make sure that the version of Electrum you downloaded is actually legitimate...

seems like i gotta learn this the hard way. when verifying the exe i get "could not determine whether this is an s/mime or an openpgp signature" so i must be doing something wrong. as far as saving my seed looks like i made a big opsec error. its saved in a text file on my windoes pc and also a text file on tails. the text file on windows is what probably burned me. 

[osiris999]

coins were sent to 16jPSWsActk43MgzN9xZkwdnSpyLJk8iSH btw

[HCP]

as far as saving my seed looks like i made a big opsec error. its saved in a text file on my windoes pc and also a text file on tails. the text file on windows is what probably burned me. 

Yes, I would think that this is indeed where the problem comes from... it would tend to indicate that your PC has been compromised. You should seriously consider completely wiping that PC and reinstalling a fresh OS.

And in the future... NEVER store your seed on an "online" device. It should always be "offline".

coins were sent to 16jPSWsActk43MgzN9xZkwdnSpyLJk8iSH btw

Sorry, I was trying to clarify whether that is your wallet address or that is the address that the thief sent them to?

[sheenshane]

Just my assumption and I think you're not downloading the phishing Electrum, probably since then your key has been compromised already with someone else, and waiting to have any amount to withdraw. If you visit the official website of Electrum and download the new version, you're safe in that way, so I think if you are using the old one Electrum key we don't know that has been compromised, that's a problem.

It is easy to make a new Electrum wallet, if you created a new one upon before storing big amounts, probably you're safe from a hack. We should learn how to value our valuable stuff to avoid scam/hack incidents. Never keep your key anywhere else most especially in an email account or social media accounts, it is easy for them to steal your wallet credentials. As the comment above, learn how to verify Electrum using GPG before you will download it.

coins were sent to 16jPSWsActk43MgzN9xZkwdnSpyLJk8iSH btw

If ain't mistaken, the last drop in your Bitcoin is on this address, 1N1RftauCKATtkVFsx1iifRPQVo45myqsm.
Sorry for your loss.

[AhmadM]

coins were sent to 16jPSWsActk43MgzN9xZkwdnSpyLJk8iSH btw

If that is your wallet address then I have hypothesis that your address has been compromised in dusting attack (based on this tx)
And according to this post the attack will leads to this page:

Code:

https://memo.sv/topic/hmwyda

CMIIW

[Pmalek]

i went to electrum.org/ and downloaded the 4.0.3 stand alone exe. before i was using 3.3.8.

Are you absolutely positive that you went to the official site and downloaded an official version of the software. I am confused why you couldn't verify it?!

It would appear that your wallet has been compromised... most likely someone else has the seed for your wallet... they were monitoring your wallet and upon seeing the incoming transaction for $1000+, they created a transaction to steal it all.

That fast? OP says that he has two transactions in his history. One incoming and one outgoing at the same time. This looks more like a fake Electrum version/script, rather than someone monitoring his wallet. If, in fact the 2 transactions took place so quickly one after the other.

@osiris999
In your history, how much time passed before the incoming and outgoing transactions in your wallet?
Do you share the computer with anyone? If you didn't download a fake Electrum client, the question is who found your seed and how!?

[Lucius]

Do you share the computer with anyone? If you didn't download a fake Electrum client, the question is who found your seed and how!?

This is a real question, because if more people use this computer, everyone could see the seed that the OP saved as a plain text file.

as far as saving my seed looks like i made a big opsec error. its saved in a text file on my windoes pc and also a text file on tails. the text file on windows is what probably burned me. 

If he is the only user of that computer, then someone did it remotely, and one remote access trojan is quite enough for something like that. It would not be strange if someone had control over his crypto wallet from before, but he was waiting for a slightly higher amount of a few $ that the OP had until then.

Also, although it was not mentioned, maybe that seed was not generated by the OP, but it was a way of buying BTC. In addition to the trick of selling watch-only wallets, some sell the actual seed with a certain amount of BTC - and when a buyer at some point sends a larger amount into his wallet, an unpleasant surprise awaits them.