I've been hacked, seeds on paper

[ElectrumHACKED]

Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

Ps. Editing the title to clarify

[1715520866]

1715520866

[1715520866]

1715520866

[1715520866]

1715520866

[1715520866]

1715520866

[jackg]

There's a chance the funds have been sent somewhere that pays clients as small amounts seem to be taken off but it does get reconstructed back to 0.91 at some point so that might be unlikely.

I'm not sure what they're is uou can do now, transactions are irreversible and unless you can trace them ending up in an exchange you probably won't have an argument and it has already taken a lot of hops to get where it is now.

Were you running an old version of electrum as I think there's an ongoing phishing attack?

[ElectrumHACKED]

There's a chance the funds have been sent somewhere that pays clients as small amounts seem to be taken off but it does get reconstructed back to 0.91 at some point so that might be unlikely.

I don't understand what you are describing here

I'm not sure what they're is uou can do now, transactions are irreversible and unless you can trace them ending up in an exchange you probably won't have an argument and it has already taken a lot of hops to get where it is now.

Were you running an old version of electrum as I think there's an ongoing phishing attack?

I was using Electrum 4.0.6, official download.

- It seems the receiving addres is bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r

[TryNinja]

I was using Electrum 4.0.6, official download.

Did you download it from Electrum.org? Did you verify its signature? Were you storing your backup seed/private keys on the cloud, your computer desktop, your email, etc...? Were you downloading unknown/shady/random software from the internet, as you may have been infected?

There isn't much we can do, like it was already said. Reporting it to the police is probably your only option, but I don't see much they can do either. =/

You are the only one who can probably find out what happened. Examine your setup, run an AV like Malwarebytes, etc...

edit: I just saw your other topic. Sounds weird that this happened while the device has never been connected to the internet. Did anyone other than you had access to that device?

edit 2: The hacker may have sent your coins to Kucoin. Try to contact them? https://vivigle.com/BitWallet/wallet?address=bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r

[Easteregg69]

Go get em. I will come and step on them when they are caught.

[ElectrumHACKED]

I was using Electrum 4.0.6, official download.

Did you download it from Electrum.org?

Yes, always checking url includes https

Did you verify its signature?

No

Were you storing your backup seed/private keys on the cloud, your computer desktop, your email, etc...?

No, only on paper

Were you downloading unknown/shady/random software from the internet, as you may have been infected?

No

There isn't much we can do, like it was already said. Reporting it to the police is probably your only option, but I don't see much they can do either. =/

You are the only one who can probably find out what happened. Examine your setup, run an AV like Malwarebytes, etc...

edit: I just saw your other topic. Sounds weird that this happened while the device has never been connected to the internet. Did anyone other than you had access to that device?

No

edit 2: The hacker may have sent your coins to Kucoin. Try to contact them? https://vivigle.com/BitWallet/wallet?address=bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r

I'm already contacting Kucoin and filling a police report

[bitmover]

Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

It is important now to discover how did the hacker hacked you. He didn't hack electrum, he hacked you.

How did you store your seeds, was it in a gmail draft or something like that?

Your secret words should be kept offline, the best way is to just note down in a piece of paper (which cannot be hacked)

Your computer is probably compromised (or your email, cloud storage, etc if your seed was there).
 I would certainly format my computer if I were you.

[ElectrumHACKED]

Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

It is important now to discover how did the hacker hacked you. He didn't hack electrum, he hacked you.

How did you store your seeds, was it in a gmail draft or something like that?

In paper, never on internet

Your secret words should be kept offline, the best way is to just note down in a piece of paper (which cannot be hacked)

Your computer is probably compromised (or your email, cloud storage, etc if your seed was there).
 I would certainly format my computer if I were you.

I already did, everything anew

This is all the tx the guy did:

My original wallet:

https://vivigle.com/BitWallet/wallet?address=bc1q7g7923ewsy6lssrmpejq46c0ljdd5n84ppt6pe

The following ''masking'' transactions:

- https://vivigle.com/BitWallet/wallet?address=18Y8B6CJFEMS93zgSPycySNkBNbFwhvE2S

- https://vivigle.com/BitWallet/wallet?address=1KgiSi5wrVYumSskG3GPaaE2MSRdFKyzj7

- https://vivigle.com/BitWallet/wallet?address=1Fhn2mcHQhSkaLFAA5WmgSV7oW3f7D5wR2

- https://vivigle.com/BitWallet/wallet?address=1GdPhnXH3RWf3iedYjTAY5qoNtnQqmG3iF

- https://vivigle.com/BitWallet/wallet?address=14kZSuC6zjvnsjHi5piEw75tNzUr6er966

- https://vivigle.com/BitWallet/wallet?address=1MP9iVYizD4rb3WFQZtjY9Kx9fjNV8Wcca

- EXCHANGE WALLET

https://vivigle.com/BitWallet/wallet?address=bc1ql72syjwvm4m9lwajpaylaxvj9lxc2tzn706ruj

Seems Kucoin is the owner, I'm already in contact and filling police report asap

[ElectrumHACKED]

I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Low chance if he will swap  it to private coin like Monero  on the  freshy exchange with no KYC. All your story is very sad but you need to take lesson from it.  When  fiddling with crypto the fist things in the morning is the safety securance  of you computer,  SEED, passwords, accounts etc. Everything else needs to be second-guessed.

I know man, chances are slim, but this is a crime regardless of my security. I will move forward with the steps needed, and I'll be sure not to repeat the same mistakes, for sure.

[HCP]

... and I'll be sure not to repeat the same mistakes, for sure.

The tricky part will be identifying exactly where it went wrong and how your wallet was compromised so that you don't repeat the same mistakes...

Unless you figure out the "how" part of this unfortunate incident, and then take the necessary steps to prevent that from happening, you could well lose more coins in the future

[FireBallex]

The fault isn't from electrum wallet, I've kept over 2BTC in Electrum wallet before moving them to Copay wallet years ago, Electrum wallet can't be hacked, the mistake must be from your end, you claimed you write down the seed but are you leaving alone? How many people knew you are into Bitcoin?

[Pmalek]

Sadly OP hasn't been active since the day he created this thread and we don't know what exactly happened. I don't remember ever reading a case in which a user got hacked and the evidence pointed to a bug in the Electrum software, bad coding, or some other kind of malpractice by the software/development team. It's always the user who unfortunately makes a bad step somewhere.

OP said his seed was extended, but how and where was the seed kept? Who knew or could have found out where he stored the paper? Was the additional passphrase kept alongside the seed or were they in separate places?

OP said that nobody had access to his computer. But can he say with absolute certainty there wasn't an old girlfriend with a grudge, friend, construction worker, or another person or group at his place who could have known or found out that he has bitcoin and keeps a seed hidden inside a book on his dresser?!