Greg774 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 28, 2020, 12:27:12 PM |
|
Hi there. I recently recovered my Electrum wallet using a seed ( which worked successfully ) but it shows a transaction was made on the 2nd of December which I didnt make!!! All of my bitcoin is now missing? Can anything like this happen by recovering a wallet multiple times? I have the transaction ID. I'm afraid I'm not super clued up on all this stuff. Any help wold be most appreciated. I cant see how anyone could my wallet, but who knows. G
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 28, 2020, 12:30:18 PM |
|
Do you have antivirus on your machine?
It's possible that a piece of malware has taken your seed or signed a transaction. Also can you check the source you downloaded electrum from (this'll likely be in your browser).
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4141
Campaign Manager. My Telegram @Royse777
|
|
December 28, 2020, 12:35:00 PM |
|
This sounds to me as this: You have downloaded fake Elecrtum. Once you entered your seed, the hacker got the information and there was a script that transferred everything the given address by the hacker. You had no clue in between.
Sorry this happened to you. How much you have lost?
Also take a lesson from this that never install a software without verifying the signature.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Greg774 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 28, 2020, 12:43:48 PM |
|
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
then updated using this DL address is electrum.org/4.0.9/electrum-4.0.9.exe later in December.
Would it help to post the transaction ID?
Thanks
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2604
Merit: 6407
Self-proclaimed Genius
|
|
December 28, 2020, 12:51:22 PM |
|
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
This is the correct Github repository of Electrum: https://github.com/spesmilo/electrumSorry to say that you're funds were hacked and bitcoin transactions are irreversible.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4141
Campaign Manager. My Telegram @Royse777
|
|
December 28, 2020, 12:52:31 PM |
|
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
then updated using this DL address is electrum.org/4.0.9/electrum-4.0.9.exe later in December. Thanks
https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe No idea how did you find this url and no idea if this is a legitimate exe but from your experience it's probably fair to say that this is a fake copy of the exe file. It was suppose to be very simple. Search "Electrum" Take https://electrum.orgDownload the exe from there which is their official site. Besides not limit yourself only with downloading the file from the official site but also verify the signature they provide. A nice tutorial for you for the next time : https://bitcoinelectrum.com/how-to-verify-your-electrum-download/Please be careful when you are handling virtual currency. Would it help to post the transaction ID? I do not think it will help much to you since you can not get the money back. Bitcoin are irreversible. But maybe you can aware the community and give the receiving address. Also you can track the address (maybe require some tools) and if you see this ended up in any KYC exchange then file a report to freeze that account and maybe with their help you can find the hacker. All these are very complicated with zero chance I guess.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
December 28, 2020, 02:03:00 PM |
|
The only thing that is certain is that something happened between November 28 when you installed Electrum and December 2 when an unauthorized transaction occurred. If we assume that you have downloaded a legitimate Electrum file (and nc50lc confirms this), then your seed has somehow leaked.
It is possible that you have a keylogger on your computer, and it recorded every keystroke on your keyboard and passed that information to the person who stole your BTC - and it is also possible that you have something even more dangerous called a remote access trojan that allows the attacker to complete control over your computer.
You can try to find out what actually happened, but it probably won't give you back what was stolen - so it would be best to format the disk and do a clean installation of the operating system.
|
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4141
Campaign Manager. My Telegram @Royse777
|
|
December 28, 2020, 02:57:59 PM |
|
The only thing that is certain is that something happened between November 28 when you installed Electrum and December 2 when an unauthorized transaction occurred. If we assume that you have downloaded a legitimate Electrum file (and nc50lc confirms this), then your seed has somehow leaked.
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
This is the correct Github repository of Electrum: https://github.com/spesmilo/electrumI guess nc50lc confirms that the quote is the wrong link and his link is the correct Github repository of Electrum. We all know that trying to get the fund back is impossible and right now OP only needs to accept the loss and learn the lesson for future.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
December 28, 2020, 03:02:30 PM Merited by Foxpup (2), Lucius (1) |
|
If we assume that you have downloaded a legitimate Electrum file (and nc50lc confirms this) No. He downloaded a fake and malicious version of Electrum. Look closely at the github link he posted. specnimo/specnilon. The real Electrum github is under the name spesmilo. It looks like he later updated using the correct website, but by then the attacker already has his seed and therefore cleared out his wallet a few days later. He also makes no mention of verifying the file, which is the most important step. Simply downloading from the official github or website is not good enough - these can be compromised.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
December 28, 2020, 10:15:27 PM |
|
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
That's a fake (and now removed) github repository. You downloaded a fake version of Electrum which sent all your funds after you restored/opened your wallet file using it. then updated using this DL address is electrum.org/4.0.9/electrum-4.0.9.exe later in December.
That is most likely the correct and legit version of Electrum, but by then it was too late Would it help to post the transaction ID?
No, your funds are gone. The transactions are irreversible. You will not be getting those coins back. I hope you didn't lose too much.
|
|
|
|
BitMaxz
Legendary
Online
Activity: 3444
Merit: 3173
Playbet.io - Crypto Casino and Sportsbook
|
|
December 28, 2020, 11:44:06 PM |
|
raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe How did you get this link it seems that you just invented this and you don't know actually the right link? I tried to check every archive it seems no result even on Google. What I think is you're trying to promote this link and soon you are going to build this account with a fake Electrum? I'm actually trying to retrieve the file from that link by following this but it seems the link wasn't created before. Anyway, maybe you just manually type it and didn't share the correct URL? Next time do research first before you install software which is you don't know or always go to this forum to ask if what are legit sites or fake.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3640
Merit: 11039
Crypto Swap Exchange
|
|
December 29, 2020, 03:47:29 AM |
|
raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe How did you get this link it seems that you just invented this and you don't know actually the right link? I tried to check every archive it seems no result even on Google. What I think is you're trying to promote this link and soon you are going to build this account with a fake Electrum? I'm actually trying to retrieve the file from that link by following this but it seems the link wasn't created before. Anyway, maybe you just manually type it and didn't share the correct URL? Next time do research first before you install software which is you don't know or always go to this forum to ask if what are legit sites or fake. Good thing about GitHub is that when malicious software that are abusing the name of another popular project are reported they are rather fast at removing them. So even if OP had plans to promote this malicious thing he is out of luck since the account is now nuked.
|
|
|
|
Greg774 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 29, 2020, 10:15:23 AM |
|
So I installed this 1st on the 28th of Nov https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe
then updated using this DL address is electrum.org/4.0.9/electrum-4.0.9.exe later in December. Thanks
https:raw.githubusercontent.com/specnimo/specnilon/main/electrum-4.0.5-setup.exe No idea how did you find this url and no idea if this is a legitimate exe but from your experience it's probably fair to say that this is a fake copy of the exe file. All of the links I used to update/download the wallet were from the Electrum website. I had no pop ups nothing!!!!! I had little blue text at the bottom of my wallet stating there is an update available which was the 4.0.9 . I cant see how Electrum cant be held responsible in anyway if someone is posing to be them and allowing for fund to be removed without any warning? Is there literally nothing that can be done?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
December 29, 2020, 10:28:06 AM |
|
All of the links I used to update/download the wallet were from the Electrum website. If that specnimo/specnilon site is where you visited, then you have absolutely downloaded a fake version. There is an endless stream of fake and phishing Electrum sites which pop up and disappear regularly. If you simply typed "Electrum" in to Google, then there is a relatively high chance of landing on a fake site. Can you check your internet history to see if you visited any site other than electrum.org? This is why you should always verify the software you download (not just Electrum) prior to using it. I cant see how Electrum cant be held responsible in anyway if someone is posing to be them and allowing for fund to be removed without any warning? Just as your bank wouldn't be responsible if you visited a fake site and entered your card details, Electrum are not responsible if you visited a fake site and downloaded malware. Is there literally nothing that can be done?
The most you can do is open a police report, but the chance of recovering your coins is almost zero I'm afraid.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
December 29, 2020, 10:30:15 AM |
|
All of the links I used to update/download the wallet were from the Electrum website. I had no pop ups nothing!!!!! I had little blue text at the bottom of my wallet stating there is an update available which was the 4.0.9 . I cant see how Electrum cant be held responsible in anyway if someone is posing to be them and allowing for fund to be removed without any warning?
Is there literally nothing that can be done?
Was there a pop up saying that your Electrum was outdated? I assume your prior version wasn't below 3.3.4? The likely scenario I can think of is that you clicked on one of the top few results of Electrum if you've Googled it. Your Electrum was compromised when you installed the github version which is only 4.0.5. There is nothing to be done, unfortunately. It's a good practice to be downloading and verifying the PGP signature of the binaries because these phishing attempts are very common. They cannot be held responsible, there is nothing they can do if users were to accidentally get phished because they didn't verify the binaries.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
December 29, 2020, 10:40:47 AM |
|
All of the links I used to update/download the wallet were from the Electrum website. I had no pop ups nothing!!!!! I had little blue text at the bottom of my wallet stating there is an update available which was the 4.0.9 . I cant see how Electrum cant be held responsible in anyway if someone is posing to be them and allowing for fund to be removed without any warning?
If the link indeed was from "the electrum website", then you also have visited the wrong website. The correct one is https://electrum.org/. Everything else is fake. Especially the github link you posted is not the official one. You have downloaded and installed malware. Is there literally nothing that can be done?
To get your coins back? No. But this doesn't mean that you are done. Depending on the malware you have downloaded, the attacker might have full access to your system. Or he might be downloading your whole hard drive, spying on your keystrokes, etc.. You need to backup important files, format your hard drive and reinstall your operating system.
|
|
|
|
Greg774 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 29, 2020, 10:45:36 AM |
|
Well I don't want this happening to anyone else so I wil try and pass as much info on as poss.. Ive found the file I downloaded and scanned it, but says there was no threat?
I will post all the DL links here late and look up the sites I visited.
Thanks for your help.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
December 29, 2020, 10:54:01 AM |
|
Most virus scanners simply compare code against a database of known malicious code. If all that the malicious version of Electrum does is email your seed phrase to an attacker or upload it to a server, then it could easily avoid detection from virus scanners since it is a very simple piece of code and isn't actually doing anything to your system. There is a good article from Malwarebytes about the common Electrum malware here: https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
December 29, 2020, 02:29:07 PM |
|
I guess nc50lc confirms that the quote is the wrong link and his link is the correct Github repository of Electrum.
No. He downloaded a fake and malicious version of Electrum.
You're right, of course, I don't know how I missed it - but the thing is very clear then, and it's less important that the OP claims that it was redirected to that link from the official Electrum site. This is just another warning for everyone to check every link and when they are convinced it is legitimate to save it in their bookmarks and always use it from there. If you simply typed "Electrum" in to Google, then there is a relatively high chance of landing on a fake site.
Only in the case when AdBlock is not used, otherwise, at least for me, the original Electrum site is always displayed at the top of the search, followed by other legitimate links.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
December 29, 2020, 04:45:12 PM |
|
Ive found the file I downloaded and scanned it, but says there was no threat?
AV's classify malware based on (basically) two methods. The first one are heuristics where the AV is checking the signature of the software and compares it with a database. The second one is a runtime analysis where the file is being run in a sandbox. The classification is depending on the state of the system before and after executing that file. If now "only" your coins are stolen and this exact malware is not known to the AV yet, neither the signature nor the runtime analysis will result in a positive scan result. Further, it is good to know that it can be quite easy to 1) change the signature and 2) detect whether the software is run in a sandbox to not execute malicious code when being scanned. Therefore, an AV will never be extremely accurate. It helps against well known and poorly coded malware, but won't protect you against sophisticated ones.
|
|
|
|
|