|
|
|
|
hosseinimr93
Legendary
 Offline
Activity: 2618
Merit: 5742
|
 |
October 12, 2021, 07:10:11 AM |
|
This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID
The address in question has received some withdrawals from binance. Click here to see one of them. I don't know how this can help you. Unfortunately, your fund has gone. Bitcoin transactions are irreversible. This is binance hot wallet address and has over 1 million transactions. Note that it's not true to say any address that has connection with this address belongs to a scammer. |
|
|
|
nc50lc
Legendary
Offline
Activity: 2632
Merit: 6512
Self-proclaimed Genius
|
|
October 12, 2021, 07:18:01 AM |
|
-snip-
This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID
Were you looking for the TXID of the transaction that spent 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2? If so, here it is: 4c31735ea4d497459b6e2dea4e59195c39c10f11ae999e92cf36887b5670914dBitcoins was sent to 13DCkgkHea1kgihtEY8uuveUtdn67nv2pM and 3G3Tq629nZ5HkybHQ1Uoofb3rLgzSBJLir ( change) It is the change, because it was used as input together with 3EHvCce1Ke6fypBpjJatqiFXUY8Wj8USbr which was also used with 3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm.Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s (that was also reported here on this forum)
I can't see any strong correlation since both aren't used as inputs in a single transaction. And it belongs to Binance. The address in question has received some withdrawals from binance. -snip-
Most likely that those are from compromised Binance accounts, hacked by the same hacker(s). |
|
|
|
|
larry_vw_1955
|
|
October 12, 2021, 07:49:45 AM |
|
I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.
How does this happen though? That's what I want to know. |
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3598
Merit: 5277
https://merel.mobi => buy facemasks with BTC/LTC
|
I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.
How does this happen though? That's what I want to know. Only the OP can answer this question... This being said, the most common attack vectors are: - The seed phrase: if a hacker gets his/her hands on this seed phrase, your btc is gone... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
- The wallet file itself: if a hacker gets his/her hands on the wallet file, your btc is gone if it isn't properly encrypted (and even if it IS properly encrypted, it can be only a matter of time before your funds are gone)... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
- The victim's computer: if a hacker gains access to your system, the odds of your funds dissapearing increase dramatically
- A vulnerability in the wallet software... IDK if there are vulnerability's in OP's version... but it has happened for other wallets in the past
|
|
|
|
DaveF
Legendary
Offline
Activity: 3696
Merit: 6686
Crypto Swap Exchange
|
|
October 12, 2021, 11:24:48 AM |
|
The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):
1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018
So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.
It's easy to think that they got access only minutes before the tx occurred, but if really looked to be a stagnant wallet a thief could have waited for while to see if more BTC was coming in before they took it all.
-Dave
|
|
|
|
|
larry_vw_1955
|
|
October 13, 2021, 02:13:04 AM |
|
The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):
1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018
So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.
-Dave
the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet??  you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think.  |
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 13, 2021, 02:44:11 AM |
|
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined. I'm not sure if Exodus wallet encryption was or is as bad as other wallets (like Jaxx etc) that have done stupid things like use a 4 digit PIN for encryption or store the phrase in plaintext etc.
However, it is also impossible to know for sure what the user has or hasn't done either. It's possible they used the same recovery phrase in another (compromised) wallet/website... it's possible they stored their seed in an email or on a cloud drive or as a screenshot... it's possible their computer was compromised etc.
|
|
|
|
|
larry_vw_1955
|
|
October 13, 2021, 02:49:08 AM |
|
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.
That's an unfortunate thing but people can decide for themself if the risk is worth the benefit. On the other hand, the scammer address is receiving this type of transactions into it regularly which indicates an ongoing scamming process, not just a one-off thing. |
|
|
|
|
wir3man (OP)
Newbie
Offline
Activity: 2
Merit: 0
|
|
October 13, 2021, 03:16:37 AM |
|
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.
That's an unfortunate thing but people can decide for themself if the risk is worth the benefit. On the other hand, the scammer address is receiving this type of transactions into it regularly which indicates an ongoing scamming process, not just a one-off thing.
use a 4 digit PIN for encryption or store the phrase in plaintext etc.
However, it is also impossible to know for sure what the user has or hasn't done either. It's possible they used the same recovery phrase in another (compromised) wallet/website... it's possible they stored their seed in an email or on a cloud drive or as a screenshot... it's possible their computer was compromised etc.
No 4 digits pin but a medium password. easy for me to remember but hard to guess. Computer compromised? I unplugged the power from the old pc and prepared a new system.
The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):
1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018
So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.
the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. One of my very first BTC transaction . The one from Dec 25 2017 was from a faucet. took me days to get to the payout. I was purely holding....now I can hold a candle.🕯️ I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance. Thanks to all for the support and hopefully there are no more user loosing cryptos. |
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 13, 2021, 04:58:32 AM |
|
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.
So you put your 12 word seed phrase into Mycelium?  If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins.  |
|
|
|
|
larry_vw_1955
|
|
October 13, 2021, 10:32:48 AM |
|
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.
So you put your 12 word seed phrase into Mycelium? If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. Especially if that device is a phone. Most andoid apps you don't know what you are really running. |
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3528
Merit: 17822
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
October 13, 2021, 10:54:02 AM |
|
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance. So you put your 12 word seed phrase into Mycelium? Mycelium can be used as a watch-only wallet for just the addresses. |
| | Peach
BTC bitcoin | │ | Buy and Sell
Bitcoin P2P | │ | .
.
▄▄███████▄▄
▄██████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA
LATIN AMERICA | | | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
█████████████▀
▐███████████▌
▐███████████▌
█████████████▄
██████████████
███▀███▀▀███▀ | .
Download on the
App Store | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀ | .
GET IT ON
Google Play | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ |
|
|
|
|
larry_vw_1955
|
|
October 14, 2021, 02:58:16 AM |
|
Mycelium can be used as a watch-only wallet for just the addresses.
In an ideal world people would use that feature but in a non-ideal world they just use their seed phrase.  But if you really thought you could trust something then there should be no problem doing that. |
|
|
|
|
|
larry_vw_1955
|
|
October 18, 2021, 06:43:14 AM |
|
Even if you fully trust Mycelium (which had few controversy), there are some security concern (which mentioned earlier by @mocacinno) if you simply use their seed phrase. For example, malicious virtual keyboard and outdated android version.
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said. the reason for that is apps that are obtained from the play store for the most part are not audited and are not open source so you don't know really what's running on your phone. you just trust the wallet's reputation. whether thats good enough for someone depends on how much money they have at risk. and what it would mean to lose it.  |
|
|
|
|
Lucius
Legendary
Offline
Activity: 3458
Merit: 6236
Crypto Swap Exchange🈺
|
|
October 18, 2021, 01:31:11 PM |
|
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.
Therefore, we should always strive for proven solutions, but again with an exceptional dose of caution and verification of downloaded files before we start using them. No matter if millions of people may say that Electrum is a legal crypto wallet, that doesn't mean that there aren't countless fake copies just waiting for the next sucker who has no idea what awaits him. When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad. |
|
|
|
LoyceV
Legendary
Offline
Activity: 3528
Merit: 17822
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
October 18, 2021, 03:40:35 PM |
|
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? It's not only the wallet itself, but any software you install increases the risk of compromising your wallet. That's why I prefer to install as few apps as possible on my phone. On my PC I use a VM whenever I install anything new. I keep a freshly installed VM for this, and clone it each time before I use it. I typically name it something like: "wallet X, delete when done". When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad. This is what makes a simple transaction take an hour sometimes  Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe. |
| | Peach
BTC bitcoin | │ | Buy and Sell
Bitcoin P2P | │ | .
.
▄▄███████▄▄
▄██████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA
LATIN AMERICA | | | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
█████████████▀
▐███████████▌
▐███████████▌
█████████████▄
██████████████
███▀███▀▀███▀ | .
Download on the
App Store | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀ | .
GET IT ON
Google Play | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ |
|
|
|
Lucius
Legendary
Offline
Activity: 3458
Merit: 6236
Crypto Swap Exchange🈺
|
|
October 19, 2021, 10:31:14 AM |
|
This is what makes a simple transaction take an hour sometimes Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe. I’ll always choose the “slow but safe” option, rather than “fast but risky,” because it’s something that definitely worked all these years since I’ve been interested in Bitcoin. When I look at all this from a distance, it paid off to apply the advice of those who were experienced members of the forum 6-7 years ago. I think we can all agree that cryptocurrencies are an area that requires everyone to be extremely careful in everything they do, otherwise what happened to the OP will happen to everyone sooner or later. |
|
|
|
Pmalek
Legendary
Offline
Activity: 2982
Merit: 7642
Playgram - The Telegram Casino
|
|
October 19, 2021, 04:31:17 PM |
|
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said. You wouldn't unless you know how to inspect the code and look for backdoors and things in the codebase that shouldn't be there. That's why it's recommended to use open-source wallets. But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code. But at least it's possible to do so, and you are trusting that others have done it properly. If a wallet has been around as long as Electrum has, you can be sure that it has been thoroughly checked by numerous security experts. |
|
|
|
|
|
▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
█████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████ |
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ |
▄▄▄░░
▀▄
█
█
█
█
█
█
█
▄▀
▀▀▀░░
| │ | ▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀███▄██▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
██████████▀██████████████
▀███████▌▐██▄████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░█
░█████▀██▄▄░▄▄██▀█████░█
█████▄░▄███▄███▄░▄██████
████████████████████████
████████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░███
██░░░█░██░░░█░██░░░█░████
██░░█░░██░░█░░██░░█░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████ | | │ | ► | |
[/ |
|
|
|
