AlwaysTheTeddy (OP)
Newbie
Offline
Activity: 5
Merit: 5
|
|
September 14, 2022, 06:30:34 PM |
|
Hey, im kinda of a noob in bitcoin in general so please bear with me. I sent some bitcoin to my electrum wallet as soon as they appeared in there as unconfirmed there appeared a secound payment order. That payment order was for that exact amount (it was empty before) and it sent the coins i just received to god knows where. Now both are fully confirmed and i kinda dont know what to do. Anyone got some advice?
|
|
|
|
stompix
Legendary
Offline
Activity: 3038
Merit: 6617
Leading Crypto Sports Betting & Casino Platform
|
|
September 14, 2022, 06:42:32 PM |
|
Was that wallet freshly installed or have you used it before, if the first case, where did you download it from?
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
AlwaysTheTeddy (OP)
Newbie
Offline
Activity: 5
Merit: 5
|
|
September 14, 2022, 06:50:01 PM |
|
Was not the first time, had it for a long time
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17501
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
September 14, 2022, 07:38:05 PM |
|
It sounds like your wallet got compromised. Maybe someone got your seed phrase, maybe you have malware, or maybe the version of Electrum you downloaded is the malware. I wouldn't trust anything on your computer anymore. To be safe: disconnect the internet, backup your data, wipe your computer, and reinstall it. Then, don't use that Electrum wallet anymore. Create a fresh one, or better, get a hardware wallet and keep your seed phrase offline.
|
|
|
|
wd1
Jr. Member
Offline
Activity: 102
Merit: 4
|
|
September 14, 2022, 07:40:46 PM |
|
I hope it wasn't a lot. Please get a hardware wallet and store your seed phrase offline if you are dealing with any kind of significant funds.
|
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2548
Merit: 5641
|
|
September 14, 2022, 08:06:00 PM Last edit: September 14, 2022, 08:28:12 PM by hosseinimr93 |
|
Now both are fully confirmed and i kinda dont know what to do.
There's nothing you can do. Bitcoin transactions are irreversible The only thing you can do now is to avoid sending any more fund to your wallet and as mentioned above, format your computer and install a fresh operating system. Take note that if you want to be completely secure in the future, you should install electrum on air-gapped device. If you can't do that for any reason, it's recommended to use a hardware wallet.
|
|
|
|
Marvelman
Full Member
Offline
Activity: 1008
Merit: 139
★Bitvest.io★ Play Plinko or Invest!
|
|
September 14, 2022, 10:52:23 PM |
|
Was not the first time, had it for a long time
You are probably no longer the sole owner of that wallet, i.e. someone else has access to your private key or seed phrase. Did you share your private key with someone or did someone else create that wallet for you? Whatever the case, consider that wallet compromised and you have no way to get your coins back unless you know the perpetrator.
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3402
Merit: 3143
Is the $100k BTC possible?
|
|
September 14, 2022, 11:47:24 PM |
|
Was not the first time, had it for a long time
How long? If the wallet was created with Electrum version below 3.4.4 and it's currently installed in your device or PC then it will give you the notice to download the latest version with a link if you updated it using the link it will lead you to a phishing site and then if you downloaded and installed it in your device/PC then your wallet is already compromised. Electrum.org remove the warning but a few months ago you can see this warning below on their website. Warning: Electrum versions older than 3.3.4 are susceptible to phishing. Do not download Electrum from another source than electrum.org, and learn to verify GPG signatures. So before you install Electrum or update it make sure you always verify the Electrum to make sure you have the original Electrum installer. There are many people who suffer from this a year ago so be careful with any phishing sites. About your current case if the transaction is still unconfirmed yet I think you can double spend the transaction and transfer it to your new wallet.
|
BTC Road to $80k...
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2548
Merit: 5641
|
|
September 15, 2022, 06:28:02 AM |
|
About your current case if the transaction is still unconfirmed yet I think you can double spend the transaction and transfer it to your new wallet.
Since OP made this topic, the mempool has been emptied several times. Therefore, even if the transaction in the question has been made with the fee rate of 1 sat/vbyte, it has been surely confirmed and there is no way to double spend it. Also, it was mentioned in the OP that both transactions (the one made by OP and the one made by the hacker/thief) have been confirmed.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17501
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
September 15, 2022, 07:17:39 AM |
|
About your current case if the transaction is still unconfirmed See: both are fully confirmed
|
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2310
Merit: 4494
Join the world-leading crypto sportsbook NOW!
|
|
September 15, 2022, 02:59:02 PM |
|
I sent some bitcoin to my electrum wallet as soon as they appeared in there as unconfirmed there appeared a secound payment order. That payment order was for that exact amount (it was empty before) and it sent the coins i just received to god knows where. Now both are fully confirmed and i kinda dont know what to do.
This sounds a lot like the behavior of that malicious version of Electrum that plagued the community around the end of 2018. Do you remember from where you downloaded Electrum? I'm not going to ask you to disclose any information you want to keep private, but I'm curious if you would be willing to share the address to where you coins were sent? No big deal if not, if my suspicion is accurate, the coins probably just moved from there to a mixing service, anyway. I also encourage you to heed LoyceV's warnings and advice; back up what you need from the device, then purge the OS and reinstall it. I also suggest that you read this post before installing Electrum again. [GUIDE] How to Safely Download and Verify Electrum [Guide]
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3822
Merit: 6547
Looking for campaign manager? Contact icopress!
|
|
September 15, 2022, 03:07:21 PM |
|
As all have said, the wallet is compromised. Maybe your OS too. This means that you should no longer use any address of that wallet, this means that you should create safely (fresh OS, maybe hardware wallet) a completely new wallet.
I think that the rest was covered by the previous posts.
|
|
|
|
AlwaysTheTeddy (OP)
Newbie
Offline
Activity: 5
Merit: 5
|
Okay so to answer all the questions No it was not a lot thankfully I have used that wallet for a long time now and it always worked like normal in all that time i didnt update it form my original version (3.3. The original setup was the electrum 3.3.8 from the real electrum.org. After this incident i updated it (like someone mentioned that could be the problem) to the newest version with the link the update notification provided. Again this was AFTER everything i described happened. Thought maybe it would be there like normal on a new version lol No i created the wallet myself and never shared it with anyone, kinda guess that means my whole system is compromised right? because how would anyone have access without that. @DireWolfM14 It was sent to this adress: bc1qzwmd424kpgdl6n57fe8cxlre9v3e2jwzcgxl53 Dont know if this is safe to share: https://blockstream.info/tx/1d7e75d00847a550983185c6cd3ceb011f5ad5daefd81f62f38fef061482ff00 Wallets fucked anyways And thanks for all the help guys, appreciate it
|
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2310
Merit: 4494
Join the world-leading crypto sportsbook NOW!
|
|
September 15, 2022, 03:27:21 PM |
|
The only danger in sharing the information above is breaching your privacy, no security risks exist. But I did notice a clue that's tells me you got scammed somehow; the fee rate that was applied to the outbound transaction: 227 sats per v-Byte is a huge overpayment on fees. It's a typical tactic used by scammer scripts that force huge fees to make sure the scam transaction gets confirmed in the next block, and prevents the victim from double spending the transaction in an attempt to thwart the theft. I also see that you've used the same address as recently as last month with no ill affects. That makes me think that something on your system must have changed after August 21. Do you recall installing any new software, or making some adjustments to your OS in the past few weeks?
|
|
|
|
AlwaysTheTeddy (OP)
Newbie
Offline
Activity: 5
Merit: 5
|
|
September 15, 2022, 04:27:05 PM |
|
in that timeframe i downloaded a single PDF file about some unrelated stuff
didnt really go on any dodgy websites or opened any e-mails
Kinda weird i dont know how i couldve been compromised
Unrelated bc it happened after the incident, but i downloaded the new electrum update from the original electrum.org
|
|
|
|
DaveF
Legendary
Offline
Activity: 3626
Merit: 6611
Crypto Swap Exchange
|
|
September 15, 2022, 06:17:51 PM |
|
in that timeframe i downloaded a single PDF file about some unrelated stuff
didnt really go on any dodgy websites or opened any e-mails
Kinda weird i dont know how i couldve been compromised
Unrelated bc it happened after the incident, but i downloaded the new electrum update from the original electrum.org
Sadly something could have been something sitting dormant for months before they decided to take your BTCIf your wallet was compromised a while ago they probably had a bot sitting there monitoring transactions, waiting for one above a certain amount to be sent to you. If that big transaction did not after a certain amount of time they just grab whatever comes in and move on. -Dave
|
|
|
|
Marvelman
Full Member
Offline
Activity: 1008
Merit: 139
★Bitvest.io★ Play Plinko or Invest!
|
|
September 15, 2022, 07:06:04 PM Merited by DaveF (1), nc50lc (1) |
|
Not sure if the script is the culprit here. The outgoing transaction is 10 minutes after the incoming one. Scripts are usually activated immediately after the first confirmation. I still think that someone made a manual transaction after receiving notification about the incoming transaction. The OP may have some spyware on his/her computer, or the private key (seed phrase) was leaked in some other way. But of course, it is impossible to know for sure.
|
|
|
|
GxSTxV
|
|
September 15, 2022, 07:17:55 PM |
|
Okay so to answer all the questions No it was not a lot thankfully I have used that wallet for a long time now and it always worked like normal in all that time i didnt update it form my original version (3.3. The original setup was the electrum 3.3.8 from the real electrum.org. After this incident i updated it (like someone mentioned that could be the problem) to the newest version with the link the update notification provided. Again this was AFTER everything i described happened. Thought maybe it would be there like normal on a new version lol No i created the wallet myself and never shared it with anyone, kinda guess that means my whole system is compromised right? because how would anyone have access without that. @DireWolfM14 It was sent to this adress: bc1qzwmd424kpgdl6n57fe8cxlre9v3e2jwzcgxl53 Dont know if this is safe to share: https://blockstream.info/tx/1d7e75d00847a550983185c6cd3ceb011f5ad5daefd81f62f38fef061482ff00 Wallets fucked anyways And thanks for all the help guys, appreciate it You received the amount on your wallet then after 10 minutes that amount has been sent again to that address you mentioned, i can’t say if your wallet is infected by something as the honeypot bots that keep withdrawing any money received in honeypot wallet. But to be sure now since that bitcoin is gone forever i suggest that you clean your computer and change the wallet you are using This is the transactions from your wallet https://www.blockchain.com/btc/address/bc1qwqrkxuq89fnka9lxn4c6d35s5v7aps72cr94xr
|
| | | . .Duelbits. | | | █▀▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄▄ | TRY OUR
NEW UNIQUE GAMES! | | . ..DICE... | ███████████████████████████████ ███▀▀ ▀▀███ ███ ▄▄▄▄ ▄▄▄▄ ███ ███ ██████ ██████ ███ ███ ▀████▀ ▀████▀ ███ ███ ███ ███ ███ ███ ███ ███ ▄████▄ ▄████▄ ███ ███ ██████ ██████ ███ ███ ▀▀▀▀ ▀▀▀▀ ███ ███▄▄ ▄▄███ ███████████████████████████████ | . .MINES. | ███████████████████████████████ ████████████████████████▄▀▄████ ██████████████▀▄▄▄▀█████▄▀▄████ ████████████▀ █████▄▀████ █████ ██████████ █████▄▀▀▄██████ ███████▀ ▀████████████ █████▀ ▀██████████ █████ ██████████ ████▌ ▐█████████ █████ ██████████ ██████▄ ▄███████████ ████████▄▄ ▄▄█████████████ ███████████████████████████████ | . .PLINKO. | ███████████████████████████████ █████████▀▀▀ ▀▀▀█████████ ██████▀ ▄▄███ ███ ▀██████ █████ ▄▀▀ █████ ████ ▀ ████ ███ ███ ███ ███ ███ ███ ████ ████ █████ █████ ██████▄ ▄██████ █████████▄▄▄ ▄▄▄█████████ ███████████████████████████████ | 10,000x MULTIPLIER | │ | NEARLY UP TO .50%. REWARDS | | | ▀▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄▄█ |
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2310
Merit: 4494
Join the world-leading crypto sportsbook NOW!
|
Not sure if the script is the culprit here. The outgoing transaction is 10 minutes after the incoming one. Scripts are usually activated immediately after the first confirmation. I still think that someone made a manual transaction after receiving notification about the incoming transaction. The OP may have some spyware on his/her computer, or the private key (seed phrase) was leaked in some other way. But of course, it is impossible to know for sure.
What makes you think it took ten minutes for the scam transaction to be initiated? To me it looks like it was generated instantly after the OP's wallet received the Tx. I checked three different block explorers and they all show the two transactions with identical timestamps.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3822
Merit: 6547
Looking for campaign manager? Contact icopress!
|
|
September 15, 2022, 09:50:11 PM |
|
Not sure if the script is the culprit here. The outgoing transaction is 10 minutes after the incoming one. Scripts are usually activated immediately after the first confirmation.
Sorry, but you're wrong. The two transactions: ddcfe5fd98cf4418c926b0d9b61b8fdcc85f0034614b3c1a5530a7c821b357ab 1d7e75d00847a550983185c6cd3ceb011f5ad5daefd81f62f38fef061482ff00
were both mined/included in the same block (754092). You can look that up on mempool.space. No 10 min difference. Of course then that they have both same timestamp, as DireWolfM14 said. And this is usually automatic. Still, manually made transaction should not be ruled out, since one could have been notified when the tx was sent and not at the moment of getting confirmed, allowing (giving time) somebody spend the unconfirmed input (I expect the scripts work exactly the same, just faster), which will have the same result: both tx in the same block.
|
|
|
|
|