electrum wallet got hacked

[aiaihey]

hey hi guys!
i logged into my electrum acc and saw that all my funds was sent to another address, it's like someone logged into my acc and paid all my funds to someone by one payment.
is it hacked? i didnt even login at the time that transaction happened.
if it's hacked couldit be because of using a free vpn?
and is it safe if i make a new wallet with another information on electrum?
also i scanned for malwares there were none.
thanks in advance 

[1715634716]

1715634716

[ranochigo]

I'm assuming by logging in, you're talking about opening your desktop app and keying in your password and not using some online interface?

You will not be hacked by a free VPN because Electrum does not transmit anything sensitive online. That is if the free VPN is not some malware or trojan. You absolutely should not make a new wallet right now, instead you need to identify what went wrong. Antiviruses are not foolproof, there are ways to bypass that detection so I would urge you to just do a complete reinstall of your operating system. Did you verify your Electrum download before you open it? Are you sure you downloaded it from the actual Electrum website?

[OmegaStarScream]

Is your seed/private keys stored safely offline? Or have you used them before on another device or site? If so, this could be the cause.

And no, it's not recommended to create another wallet on that device. It could be infected even if your anti-malware is saying otherwise.

[BlackHatCoiner]

i logged into my electrum acc

Just to clarify. You're using Electrum, the wallet, whose software was downloaded from electrum.org, correct? Which means you're opening a wallet file, not an account.

it's like someone logged into my acc and paid all my funds to someone by one payment.

This sounds like a malware-like case. What's your OS? Did you verify the signature, as said above?

[aiaihey]

I'm assuming by logging in, you're talking about opening your desktop app and keying in your password and not using some online interface?

You will not be hacked by a free VPN because Electrum does not transmit anything sensitive online. That is if the free VPN is not some malware or trojan. You absolutely should not make a new wallet right now, instead you need to identify what went wrong. Antiviruses are not foolproof, there are ways to bypass that detection so I would urge you to just do a complete reinstall of your operating system. Did you verify your Electrum download before you open it? Are you sure you downloaded it from the actual Electrum website?

yes i meant opening the desktop app, and yes i downloaded the app from the actual site but the version is not the latest, i use version 4.1.5 .
and i cant really understand what happened, there was absoulotly not any security gap, maybe just one wrong thing was that i use addresses that never expires to receive bitcoins. could it be something?

[ranochigo]

yes i meant opening the desktop app, and yes i downloaded the app from the actual site but the version is not the latest, i use version 4.1.5 .
and i cant really understand what happened, there was absoulotly not any security gap, maybe just one wrong thing was that i use addresses that never expires to receive bitcoins. could it be something?

Nope. Unrelated, there isn't any vulnerability from that version on.

I provided the two scenarios and the only thing you can do now is to just re-install your operating system and ensure that you thoroughly validate[1] your file before installing it.

[1] https://bitcointalk.org/index.php?topic=5240594.0

[BlackHatCoiner]

I confirm 4.1.5 is fine as that's what I've been using a year now.

maybe just one wrong thing was that i use addresses that never expires to receive bitcoins.

Addresses never expire. This is common misconception with Electrum and I still don't understand why they choose to confuse people that way.

and i cant really understand what happened, there was absoulotly not any security gap

Your system is infected with a virus. This is what has happened. You didn't answer if you indeed verified the software, though.

[aiaihey]

I confirm 4.1.5 is fine as that's what I've been using a year now.

maybe just one wrong thing was that i use addresses that never expires to receive bitcoins.

Addresses never expire. This is common misconception with Electrum and I still don't understand why they choose to confuse people that way.

and i cant really understand what happened, there was absoulotly not any security gap

Your system is infected with a virus. This is what has happened. You didn't answer if you indeed verified the software, though.

yes i verify the software, and i reinstalled everything now and did all setups again , will there be a problem if i start using it again?
also when i use older electrum version it open without needing kleopatra to be open, but 4.4.2 version needs that other app so it will work, it's confusing/

[BlackHatCoiner]

will there be a problem if i start using it again?

Again, your machine is likely infected. If you don't format or move to another machine, any coins you deposit are going to be stolen sooner or later. Do format it. Not only for your coins' safety; this can likely gain access to your personal info and even blackmail you.

also when i use older electrum version it open without needing kleopatra to be open, but 4.4.2 version needs that other app so it will work, it's confusing/

You don't need to have Kleopatra opened to run Electrum.


Verifying signature is such a hustle, especially if you don't know why you're doing it. The tutorial requires some modification, I've said this before.

[aiaihey]

will there be a problem if i start using it again?

Again, your machine is likely infected. If you don't format or move to another machine, any coins you deposit are going to be stolen sooner or later. Do format it. Not only for your coins' safety; this can likely gain access to your personal info and even blackmail you.

also when i use older electrum version it open without needing kleopatra to be open, but 4.4.2 version needs that other app so it will work, it's confusing/

You don't need to have Kleopatra opened to run Electrum.


Verifying signature is such a hustle, especially if you don't know why you're doing it. The tutorial requires some modification, I've said this before.

thank you so much for your help everyone!<3

[khaled0111]

also when i use older electrum version it open without needing kleopatra to be open, but 4.4.2 version needs that other app so it will work, it's confusing/

Maybe when you were trying to open Electrum V4.4.2 you mistakenly clicked on the .asc file instead of the .exe file. This will automatically open Kleopatra and it's the only logical explanation I can think of because Electrum doesn't need Kleopatra to run.

After formatting your device's hard drive and reinstalling the OS and Electrum, make sure to create a completely new wallet by generating a new seed. Do not reuse your old wallet by recovering it from seed.

[Cricktor]

@aiaihey
Did you ever save your mnemonic seed words of your wallet(s) in some digital form (made a digital picture of your mnemonic seed words on paper; saved the mnemonic seed words in any unencrypted file or if encrypted file, then used some weak password for it)?

If I were you, I'd consider my emptied wallet as compromised. As proposed by others already your computer might have been infected by malware. My question above is not an uncommon attack vector to compromise a wallet or get it compromised rather as a result of a wallet owner being somewhat reckless (your mnemonic seed words should not be saved in a way where they can be easily stolen; digital pictures/files can be stolen e.g. by malware without noticing it, accidently shared, ...).

You should try to figure out what went wrong to prevent that in the future.

[Abdussamad]

there is no 4.4.2 version. make sure you are downloading it from electrum.org. there are many fake sites out there with coin stealing versions of electrum.

[o_e_l_e_o]

yes i verify the software, and i reinstalled everything now and did all setups again , will there be a problem if i start using it again?

Simply uninstalling and reinstalling Electrum is not enough. You do not yet know for sure how your wallet was compromised. It could have been your Electrum version, it could be malware on your computer, it could be how you stored your seed phrase, it could be something else entirely. If you cannot work out how your wallet was compromised, then at a minimum you'll need to format your computer and reinstall your OS from scratch to be sure you do not still have malware on your device.

also when i use older electrum version it open without needing kleopatra to be open, but 4.4.2 version needs that other app so it will work, it's confusing/

Why do you have two versions of Electrum installed?
Unless you have made a typo, then version 4.4.2 is malicious. The latest real version is 4.2.2.
Electrum does not need any other apps open to run. If your Electrum is opening other things in the background, then chances are it is malicious.