I've been hacked (Electrum 4.3.2)

[Findingnemo]

I have been watching this drama since last night and I don't really want to blame OP for his mistake because everyone makes mistakes and sometimes it can ruin our entire progress which took years to build but as everyone said you holds the responsibility of paying it back to the company that is the only way to prove your not guilty.

Sometimes everything works against us and that's the life so don't lose your heart and think what you can do further and about your system I think its better to take back-up and flash the OS as soon as possible instead of looking for clipboard malware or something, and move whatever funds and any sensitive information stored should be moved to a new wallet and document.to ensure its safety.

[1715327504]

1715327504

[1715327504]

1715327504

[Edwardard]

To be very true, i am feeling anxious as most people use Electrum on the computer and trust it that our funds are safe. What else can we use if we do not have a hardware wallet?

A separate device or a linux pc with just your wallet and no other BS installed should do. Just dont use that device for any other thing.
Our security is in our hands, if we are reckless enough even the hardware wallet can get drained
I assume OP was/is using the same windows PC for browsing, downloading stuffs, holding funds, etc. which is not recommended at all. Too many malwares across the internet (smarter than your antivirus), you click a simple link and wont even know what problems are waiting for you ahead.

[icopress]

I created a new wallet for these campaigns since the previous Electrum wallet I had was not segwit, it's a legacy wallet, eats more fees.

For the last six months, in the mempool, I see approximately the same information about transaction fees, so I'm not sure that we are talking about big savings. In addition, when processing weekly payments, I very often manually significantly increase transaction costs so that users can immediately manage their funds.

How is it going to resolve the problem? Because of the tag you left, many campaign mangers will deny him joining their campaign, companies will deny him to give their projects, resulting he is not going to financially benefit from the forum. As per his explanation the forum is his only earning source. sucks but it's reality for him.

It's a delusion. I, like other managers, have repeatedly accepted users with red tags into the campaign, especially when the user has more green tags than red tags (we are not talking about tags associated with outright fraud). No self-respecting manager will remove high quality posters from a campaign just because they got a red tag, this rule is more like a deterrent factor for those accounts that generate spam (as far as I remember, you also participated in the signature campaign when you had a red tag ). As for me, I will immediately remove my red tag as soon as one of the members of the DT tags julerz12.

[Poker Player]

As for me, I will immediately remove my red tag as soon as one of the members of the DT tags julerz12.

Hey man! I don't understand you. You leaving or removing a tag shouldn't depend on what other people do. It should depend on your criteria. Moreover, you are DT2, so I don't know what you are talking about.

I've left him a neutral tag but I think a negative is acceptable. He himself has acknowledged that.

Red tag by icopress is fine everyone, he has all the right to make that judgment, kindly stop bickering about it.

[icopress]

Hey man! I don't understand you. You leaving or removing a tag shouldn't depend on what other people do. It should depend on your criteria. Moreover, you are DT2, so I don't know what you are talking about.

I meant that I didn't think having a few red tags would help matters. 

[mv1986]

@icopress went for it and pulled the trigger.
 I am not sure that was the appropriate action to take here.

If you check julerz12's trust lists, the only user that doesn't trust him is icopress. Probably there were other incidents that led icopress to such conclusions. But as for the negative tag, it will not affect the decision of the managers in any way, in case julerz12 decides to participate in the subscription company. It's just that all managers are already aware of what happened, and one way or another, only they decide whether to accept this user or not. It has already been said many times that a negative mark can easily change in the event of a positive outcome. In the end, this is only a minimum compared to what those who actually lost money experienced. After all, everyone will agree that other people's money can never be compared with their own. And julerz12 lost other people's money, which one hurts more?

I think that

The only thing stopping me from Supporting the Flag is this:

I've seen an escrow involved in someone losing $50,000, and everyone still trusts him.

I don't think OP, who actually posted the problem by himself, deserves a harsher treatment than the other guy.

this reasoning also makes sense. If we want to keep a slight sense of fairness and equality, than this doesn't quite add up.

I would at least given him a couple of days to come forward with a reimbursement plan. You could leave a neutral tag and still turn it into red when after a week or two there is zero or irrelevant action being taken. And still, a manager tagging a manager comes with a bitter taste especially when nobody else of the more neutral DT members decided to pull the trigger. @icopress isn't any bad as a manager because he left a red tag, not at all. In fact he does a good job, but the red tag after less than half a day(?) of the incident comes across as biased.  

[UmerIdrees]

To be very true, i am feeling anxious as most people use Electrum on the computer and trust it that our funds are safe. What else can we use if we do not have a hardware wallet?

A separate device or a linux pc with just your wallet and no other BS installed should do. Just dont use that device for any other thing.
Our security is in our hands, if we are reckless enough even the hardware wallet can get drained

I can understand this as julerz12 was doing the same, using the computer with electrum installed and at the same time using it for other purposes too. Most of us do that, don't we?

Anyways, what if we uninstall the electrum wallet from the PC and install it again if we want to send the funds? We can still receive funds if the wallet is not installed on the computer. (for those who do not have a spare computer)

2nd option, use a password-protected wallet file, Malware can't decode the code, isn't ?

[julerz12]

The only apps that were running at the time were Adobe Photoshop, Telegram, Discord, and Google Chrome

Stop using Google Chrome and use Firefox instead. There is suspicion that Google Chrome likely is compromised these days. Stop using it, uninstall it from your device at the moment. Firefox and Tor browsers are better. If you don't use Google Chrome, you shouldn't use Brave browser too.

Thanks for the tips. I have no other reason for using Google Chrome other than being used to it since I started working online way before I entered crypto-space. I guess it never crossed my mind how vulnerable I am using it.

It is your good move until the dust settles.
I notice that you did not change your forum account password. Why not?

And if you use a captcha bypass code, please change it to a new code too.

Changing them all now and after you make sure your device is clean, changing them all one more time.
I got your invitation to work with you in some projects and I appreciated it a lot so it is very bad for me to see this accident. Good luck and get well soon julerz12.

Thanks, I just changed it right after I made a full scan of my current system. 
A bunch of wacky scripts were found by my current AV, forgot the names 'cause I just immediately let the AV settle it. I will now wipe my system and install a new one.

I assume OP was/is using the same windows PC for browsing, downloading stuffs, holding funds, etc. which is not recommended at all. Too many malwares across the internet (smarter than your antivirus), you click a simple link and wont even know what problems are waiting for you ahead.

Unfortunately Yes. While I have another device, it's a Chromebook that's used by my wife. It doesn't necessarily support the Apps I required to run the bounty campaign management service. So I'm stuck with my one and only PC.

[FatFork]

I can understand this as julerz12 was doing the same, using the computer with electrum installed and at the same time using it for other purposes too. Most of us do that, don't we?

I hope that is not the case, otherwise all of the good practices and safety tips that have been mentioned repeatedly by members here would be in vain.

Anyways, what if we uninstall the electrum wallet from the PC and install it again if we want to send the funds? We can still receive funds if the wallet is not installed on the computer. (for those who do not have a spare computer)

2nd option, use a password-protected wallet file, Malware can't decode the code, isn't ?

Both of your tips are equally bad. Let's assume that your system is infected with malware at some point, it can be difficult to know the extent of the damage it may cause. For example, the malware could potentially access and alter the contents of your clipboard, or even include a keylogger to record your keystrokes. This means that if you have ever copied or typed your password or seed phrase while the malware was present on your system, hackers may be able to gain access to your coins. Uninstalling the wallet or adding a password will have ZERO impact on protecting your coins.

[Cantsay]

2nd option, use a password-protected wallet file, Malware can't decode the code, isn't ?

Everything is possible as long as the system is connected to the internet. So you can't actually protected your wallet by just putting a password.
The only way I can possibly think of right now is that Op should try to buy a new laptop one that has never been connected to the internet before or if it has he should wipe everything from the system and install a new Os. After which he should install his wallet and try as much as possible not to ever use the system for any other activities such as surfing the internet.
That will definitely prevent the system from being infested with malware.

[FatFork]

A bunch of wacky scripts were found by my current AV, forgot the names 'cause I just immediately let the AV settle it. I will now wipe my system and install a new one.

It's unfortunate that you have to resort to wiping your system clean. Conducting a comprehensive forensic examination of your system would be extremely beneficial in identifying the cause of this issue. Not only could this information assist you in recovering your funds, but it could also serve as an informative resource for other members of the community to avoid similar incidents in the future.

Unfortunately Yes. While I have another device, it's a Chromebook that's used by my wife. It doesn't necessarily support the Apps I required to run the bounty campaign management service. So I'm stuck with my one and only PC.

Even when utilizing a single device, there are still various options available to ensure the security of your assets. One option is to set up a dual boot system, another is to use a Live OS from a USB drive or other external media, and as a final alternative, you can also consider installing free virtual PC software and use a secondary OS that way.

[shahzadafzal]

A bunch of wacky scripts were found by my current AV, forgot the names 'cause I just immediately let the AV settle it. I will now wipe my system and install a new one.

It's unfortunate that you have to resort to wiping your system clean. Conducting a comprehensive forensic examination of your system would be extremely beneficial in identifying the cause of this issue. Not only could this information assist you in recovering your funds, but it could also serve as an informative resource for other members of the community to avoid similar incidents in the future.

That's true you shouldn't format it without proper examination, you must know what really happened. Otherwise even with a new PC or reformatted PC you are still at risk as before, you still don't know which door you have left open for the hackers.

By the way reformatting is also not a final solution, it has been reported that there are malwares that can survive disk format and OS reinstalls

Moonbounce is a persistent malware that can survive drive formats and OS reinstalls

Keep your pc for your daily non essential work but don't use it for any crypto transactions.

[Ucy]

Op made a terrible mistake which I hope others will not repeat. There are certain people you take seriously on the forum or Cryptospace (who are helping to protect it behind the scene) even though they are not popular as they don't actually like being popular.  We are surrounded by enemies who hate this space and want to conquer it. Members are impenetrable and can't be successful attacked because of a Shield but if any mishaves or mistreat the ones protecting them, their shield may be weakened. Believe this if you want to last on this space and continue to take care of your family. . Sorry for your lose.
By the way, I notice you believe in GOD and I hope you understand the spiritual world exist. That's part of where I'm assigned. It's a waste of time and resources to fight only the physical battle. Once you are defeated in the spirit it's over. So  we need people on the forum fighting in both existence. Let's considered them too.
If you need proof to know whether I'm telling the truth, you will get it. You are free to doubt me without the proof


 If a fish is ungrateful to the water it lives in the water would vomit the fish.

[BitcoinGirl.Club]

How is it going to resolve the problem? Because of the tag you left, many campaign mangers will deny him joining their campaign, companies will deny him to give their projects, resulting he is not going to financially benefit from the forum. As per his explanation the forum is his only earning source. sucks but it's reality for him.

It's a delusion. I, like other managers, have repeatedly accepted users with red tags into the campaign, especially when the user has more green tags than red tags (we are not talking about tags associated with outright fraud). No self-respecting manager will remove high quality posters from a campaign just because they got a red tag, this rule is more like a deterrent factor for those accounts that generate spam (as far as I remember, you also participated in the signature campaign when you had a red tag ).

Fair enough, I would like to see how it develops. Especially I would like to observe in any of your campaign when you have spot and OP applies then your willingness of accepting OP.



Hopefully you don't mind the yellow warning too.

I've left him a neutral tag but I think a negative is acceptable. He himself has acknowledged that.

Red tag by icopress is fine everyone, he has all the right to make that judgment, kindly stop bickering about it.

I don't call it happily accepting but to accept because arguing is not going to help him. I see a surrender there because his voice are weak now. I don't call it acknowledgment for real. Stop being JollyGood (sorry man JG, no mean to discredit you, you built up your own identity). Give the man a fair chance.

I am sorry, maybe my responses are not diplomatic like many others but I like straight talk. The forum do not need policemen and a crime bureau to spy others all the time.

[virasog]

A bunch of wacky scripts were found by my current AV, forgot the names 'cause I just immediately let the AV settle it. I will now wipe my system and install a new one.

Although your Antivirus settles the wacky scripts, but they usually maintain the history of which scripts or malware they blocked etc. If you can show them to the public, maybe someone can advise what were the scripts and what damage they can do. Though you have been already affected but it may be helpful for other user's awareness.

By the way it's really concerning if the malware / Scripts can hack anyone's wallet and leave you empty handed. Its seems that hardware wallets will become a necessity if you want to store your crypto safely.

[dkbit98]

First suggestion for OP is to think about installing Linux OS on his computer instead of using wInd0wS, and always use ledger wallet connected with Electrum in future.
Linux is much safer if used correctly and attack surface is much less, but even dual boot (win/linux) would be acceptable solution.
Than I would like to see a realistic plan posted by him, explaining how exactly he is going to pay money back to companies that paid him.
I don't know if that is going to be borrowing money from people he trusts, or selling his stuff, but this would be the only way towards fixing his reputation.

[Stalker22]

First suggestion for OP is to think about installing Linux OS on his computer instead of using wInd0wS, and always use ledger wallet connected with Electrum in future.
Linux is much safer if used correctly and attack surface is much less, but even dual boot (win/linux) would be acceptable solution.

That is a good suggestion. Linux is a more secure operating system than Windows, and using it in conjunction with a hardware wallet can provide an added layer of security for your crypto holdings. Linux is less susceptible to malware and other types of malicious software, as it has a smaller market share than Windows, and thus is less of a target for attackers.

But I think that "if used correctly" is also an important part of your statement. If you do not know what you are doing and try to use Linux, it can be just as dangerous as using Windows!


@julerz12, since you mentioned Adobe Photoshop just a friendly reminder, using software obtained from unofficial sources like warez or cracked versions may put your computer at risk of malware infection, which can lead to issues like the ones you are facing. This also includes illegal versions of the Windows system and various "activators" available online. It is always best to acquire software through legitimate means to keep your computer safe and ensure that the software you are using is free from any harmful code.

[DireWolfM14]

As the first part above was just the thoughts pouring in to my mind that I had to post it immediately.

Here's some clarifications.

Again I am using Electrum 4.3.2. That wallet has been telling me to update itself but I neglected that info thinking the wallet is safe.

The 12 word pass phrase was never written on any document online. I wrote it down directly into my personal notebook. The password to it is also unique for which I have never used anywhere else.

The problem is my system had no anti-virus or whatsoever, it does have windows defender but now, I think that shitty app isn't doing anything. I got zero ping that someone is accesing my system. If I haven't been informed by Coinomize team that the funds were transferred, I wouldn't have notice it since the Electrum wallet was last openned four hours ago after the funds were transferred. Meaning, the wallet is offline.

I know all of you will not believe me but I will do everything I can to repay the lost funds even if it takes a while.

The Yo!Mix team and Coinomize team will probably post a scam accusation soon and rightfully so since I have no means to prove my innocence. I will accept whatever this community would think of me as I know this is all my fault for being so careless and stupid.

I've been in this forum since 2017 and I'm truly heart broken that this happened.

Sorry to hear about your loss, I hope you are able to recover the funds and carry on with your business.

Everybody seems to want to jump to the conclusion that your system was hacked, or you suffered due to some malware or virus, but it's been my experience that most of the time these things are a result of carelessness.  I'm not convinced that you've been hacked or infected with malware.

You said you wrote down the seed phrase in your personal notebook, correct?  Did you also write the seed phrase for your hardware wallet in the same notebook?  How securely is that notebook stored?  Did you leave it out somewhere where someone could have seen it?  You seem to be confident that the funds in your Ledger wallet are safe, how can you be so sure?  You mentioned that you only have alts stored in the Ledger, it may be just a matter of time before the thief finds those accounts too.

Until you can answer the question of how this happened to your hot Electrum wallet, you should assume that all your seed phrases and all your funds are compromised.

Good luck.

P.S.  Some people will tell you to stop using Windows...  I don't care what you use for an operating system, no OS will save you from yourself.

[NotATether]

[exactly the reason why I do not store any funds on Windows (and Mac) and will never ever do that.]

To be very true, i am feeling anxious as most people use Electrum on the computer and trust it that our funds are safe. What else can we use if we do not have a hardware wallet?

Use a Linux system, but you will have to install the applications yourself from the package manager, and only use portable apps if you verified the release or trust the vendor.

The chances of stock malware breaking into an X Windows desktop on Linux is nil, because they're all written for Windows. You would have to be specifically targeted like Dashjr was in order to be at risk.

But whatever you do, do not install WINE with Electrum, or at the very least, disable or uninstall WINE, as it enables running Windows programs on Linux including malware. Not that many hackers are aware of that, but still.

[fortunecrypto]

I have been watching this drama since last night and I don't really want to blame OP for his mistake because everyone makes mistakes and sometimes it can ruin our entire progress which took years to build but as everyone said you holds the responsibility of paying it back to the company that is the only way to prove your not guilty.

Many of us do watch this thread, this thing can happen to all of us, but so far OP has all the things that need to be done he created a thread on what happened, and he reaches out to the developers of the projects he is managing, he opened himself to criticism, he offers a plan on the payment of the stolen fund, he allows to get tagged.
All he wants is to get back on his feet, so let's give him a chance to redeem himself, he deserves it he worked his way to become a trusted manager for five years.

Sometimes everything works against us and that's the life so don't lose your heart and think what you can do further and about your system I think its better to take back-up and flash the OS as soon as possible instead of looking for clipboard malware or something, and move whatever funds and any sensitive information stored should be moved to a new wallet and document.to ensure its safety.

After what happened to OP, I spent the whole night checking my PC since I'm also using Electrum to download additional anti-virus and checked all unused applications, OP opened our eyes to the fact that we must have a conscious effort to safeguard our system.