I've been hacked (Electrum 4.3.2)

[joker_josue]

~~

If you're still doing analysis, to understand where the hacker could have entered, I recommend that you don't just look at the programs you have installed and used.

Check what files you downloaded in the last 3 months.
Check links that you eventually received via email and that you accessed in the last 3 months.

And if for some reason you used some non-genuine program, that could have been a problem.
I remember that nowadays, it is easy and cheap to get original programs.
If you need help finding them, or if you want me to buy them for you, let me know. I would be delighted to be able to help.

[1miau]

Wow, very sad to hear what happened to you, OP.
I don't beleive that you are a malicious actor and tried to scam someone.
I'll hope for DT to react in a moderate manner and don't destroy your account. We won't gain an advantage if DT does so.
The most beneficial way: next time, you should give the campaign money to a trusted escrow and the trusted escrow should handle payments.
By doing so, you could increase your reputation again. 

Since hacks are always responsible for speculations and hot takes, a few people here have wrongfully blamed Electrum to be insecure.
It's just wrong!
Electrum isn't insecure as it's open source and one of the most famous Bitcoin wallets. Open source and famous means, coders dedicated to Blockchain will review it frequently.
As always let's locate the problem: the person in front of the screen.
It might be unfortunate but somewhere you might have screwed up. We don't know where, it could be due to a download from a wrong site, you might have downloaded another app infecting your device, let your device open and someone got access to it or something else.
But not because Electrum is insecure.

tl;dr: blaming Electrum to be insecure because you got hacked is like blaming Bitcoin to be insecure because you've lost your private key. It's BULLSHIT. 
thanks for coming to my TED talk. 


But one question:
Why so much funds were held on your wallet? 5k USD are a lot of money, enough for several weeks of payouts?
Normally, allocations are much smaller, lasting for around 4 weeks, not more?
Or am I just having a wrong impression?
I'm not Bounty Manager of course. 


Best wishes for your recovery. 

[BenCodie]

I do not have any doubts that you were hacked if you were using windows. It is all too easy for the OS to be hacked. All it takes is one file, or one malicious website, to be infected with something that could render your system completely compromised. If you are a daily internet user and you rely on nothing but windows defender, do no system monitoring and regularly download files, then you are likely to be hacked. Unfortunately in this day and age there is not enough information on the forefront to keep you sufficiently protected and even the most vigilant users can still be targeted.

[julerz12]

Even when utilizing a single device, there are still various options available to ensure the security of your assets. One option is to set up a dual boot system, another is to use a Live OS from a USB drive or other external media, and as a final alternative, you can also consider installing free virtual PC software and use a secondary OS that way.

Thanks for the tips. I'll look into it.

By the way reformatting is also not a final solution, it has been reported that there are malwares that can survive disk format and OS reinstalls
Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
Keep your pc for your daily non essential work but don't use it for any crypto transactions.

That's one scary malware. Thanks for the info.

You said you wrote down the seed phrase in your personal notebook, correct?  Did you also write the seed phrase for your hardware wallet in the same notebook?  How securely is that notebook stored?  Did you leave it out somewhere where someone could have seen it?  You seem to be confident that the funds in your Ledger wallet are safe, how can you be so sure?  You mentioned that you only have alts stored in the Ledger, it may be just a matter of time before the thief finds those accounts too.

Until you can answer the question of how this happened to your hot Electrum wallet, you should assume that all your seed phrases and all your funds are compromised.

That notebook is totally secure, no one else but myself knows where it is within our home. I'm 100% sure no one else has access to it. So those seed phrases are secure.
As I've previously mentioned in this thread, the blame was on me for having a crappy system that I've been using for a long time without a care for its security.

Use a Linux system, but you will have to install the applications yourself from the package manager, and only use portable apps if you verified the release or trust the vendor.

The chances of stock malware breaking into an X Windows desktop on Linux is nil, because they're all written for Windows. You would have to be specifically targeted like Dashjr was in order to be at risk.

But whatever you do, do not install WINE with Electrum, or at the very least, disable or uninstall WINE, as it enables running Windows programs on Linux including malware. Not that many hackers are aware of that, but still.

Thanks for the tips. I'll make sure to remember this.

After what happened to OP, I spent the whole night checking my PC since I'm also using Electrum to download additional anti-virus and checked all unused applications, OP opened our eyes to the fact that we must have a conscious effort to safeguard our system.

Yes. At the very least, some are made aware (again) that this incident could possibly happen to anyone. Man, I only wish I was not made an example though, too late.

But one question:
Why so much funds were held on your wallet? 5k USD are a lot of money, enough for several weeks of payouts?
Normally, allocations are much smaller, lasting for around 4 weeks, not more?
Or am I just having a wrong impression?
I'm not Bounty Manager of course.  

All of those funds are only for 1-week worth of signature campaign. It just became a big amount as the number of participants on Yo!Mix was suppose to be 40 per week. 10 for Coinomize.

First suggestion for OP is to think about installing Linux OS on his computer instead of using wInd0wS, and always use ledger wallet connected with Electrum in future.
Linux is much safer if used correctly and attack surface is much less, but even dual boot (win/linux) would be acceptable solution.

Yes. I've just installed a clean windows OS and currently looking a way to dual boot Linux on it.

Than I would like to see a realistic plan posted by him, explaining how exactly he is going to pay money back to companies that paid him.
I don't know if that is going to be borrowing money from people he trusts, or selling his stuff, but this would be the only way towards fixing his reputation.

My plan is simple.
As I've previously mentioned on this thread, I've got a motorbike, probably cost around $1,000 if I sell it which I will. That should cover the lost funds for Coinomize ($1,000). Although it might take a while for it to get sold so I'll start sending whatever amount I can gather for now.
Also, a portion of my upcoming bounty management fees will be used to pay these debts that I now owe to Coinomize and Yo!Mix. For starters, I just launched another campaign yesterday for which I was paid $400 to manage it for 4-weeks (here); I've already informed both project teams (Coinomize & Yo!Mix) that they'll be refunded with $150 each for now. I still need $100 for my family's expenses which isn't much but we will try and make do for the rest of the month.
Any means of additional income I get, a portion of it will be sent to these project teams. Signature payouts, management fees, etc.

The $320 BTC management fee from Yo!Mix that they've also sent upfront prior to the incident will also be returned to them today.
I just need both parties to confirm the BTC addresses they've given (through private messages) here on this thread so the whole community would know that I'm sending out refunds to correct wallet addresses and not to just some random wallet address that I made up.

Code:

Coinomize:
Great Thanks ;)

BTC Address: 17fd4FLbj7rQCCPhRo3yqdZQPtKggs7mqc

Code:

Yo!Mix:
hello, sorry we have only btc
bc1q5xzdzzdagmtny5n285q02hfczjcm6hpdwu6mr3

[BenCodie]

tl;dr: blaming Electrum to be insecure because you got hacked is like blaming Bitcoin to be insecure because you've lost your private key. It's BULLSHIT. 
thanks for coming to my TED talk. 

After re-reading the posts and seeing this one, I +1 this heavily. Lack of personal security does not mean that the software that you were using on a compromised system is insecure. If software was flawed, it'd affect everyone. If it is only your lack of security that caused loss, the software or technology is definitely not to blame.

[Poker Player]

At the moment the flag is no longer visible, and I believe that with the attitude of julerz12, who not only has not hidden at any time, but has given detailed answers and plans to start right away a repayment plan, his reputation will not be very damaged. As long as things go the way they seem to be going.

[Bitstar_coin]

My plan is simple.
As I've previously mentioned on this thread, I've got a motorbike, probably cost around $1,000 if I sell it which I will. That should cover the lost funds for Coinomize ($1,000). Although it might take a while for it to get sold so I'll start sending whatever amount I can gather for now.
Also, a portion of my upcoming bounty management fees will be used to pay these debts that I now owe to Coinomize and Yo!Mix. For starters, I just launched another campaign yesterday for which I was paid $400 to manage it for 4-weeks (here); I've already informed both project teams (Coinomize & Yo!Mix) that they'll be refunded with $150 each for now. I still need $100 for my family's expenses which isn't much but we will try and make do for the rest of the month.
Any means of additional income I get, a portion of it will be sent to these project teams. Signature payouts, management fees, etc.

The $320 BTC management fee from Yo!Mix that they've also sent upfront prior to the incident will also be returned to them today.
I just need both parties to confirm the BTC addresses they've given (through private messages) here on this thread so the whole community would know that I'm sending out refunds to correct wallet addresses and not to just some random wallet address that I made up.

Code:

Coinomize:
Great Thanks ;)

BTC Address: 17fd4FLbj7rQCCPhRo3yqdZQPtKggs7mqc

Code:

Yo!Mix:
hello, sorry we have only btc
bc1q5xzdzzdagmtny5n285q02hfczjcm6hpdwu6mr3

These few days must be very exhausting for you and your family, I can only imagine. It is very clear that this is an unfortunate incident that can happen to any one of us, this is a learning experience not just for you but for the rest of us who have not taken any proper security measures to safeguard and protect our devices.
I have seen your hard work in this forum as a bm so I know you will keep every promise you have made to the victims of this unfortunate hack.
I think you have given enough explanation about the incident and your plan to repay the lost funds that everyone should already get it by now.
With continous hardwork everything will be back to normal in no time, keep doing what you do bro.

[Coinomize.biz]

Code:

Coinomize:
Great Thanks ;)

BTC Address: 17fd4FLbj7rQCCPhRo3yqdZQPtKggs7mqc

Address Confirmed.


Total debts: 0.06349097 BTC

Already received:
In Bitcoin: 0.00861601 BTC
Creation of signature: 0.0016 BTC
1 week campaign manager + wearing our signature:  0.0077 BTC
1 week campaign manager + wearing our signature:  0.0070 BTC
1 week campaign manager + wearing our signature:  0.0069 BTC
1 week campaign manager + wearing our signature:  0.0069 BTC
1 week campaign manager + wearing our signature:  0.0073 BTC
1 week campaign manager + wearing our signature:  0.0073 BTC
1 week campaign manager + wearing our signature:  0.0068 BTC
1 week campaign manager + wearing our signature:  0.0071 BTC

Remaining amount:  0 BTC Everything paid!

[YoMix]

Code:

Yo!Mix:
hello, sorry we have only btc
bc1q5xzdzzdagmtny5n285q02hfczjcm6hpdwu6mr3

Confirmed.

[lovesmayfamilis]

Thanks for the tips. I have no other reason for using Google Chrome other than being used to it since I started working online way before I entered crypto-space. I guess it never crossed my mind how vulnerable I am using it.

A bunch of wacky scripts were found by my current AV, forgot the names 'cause I just immediately let the AV settle it. I will now wipe my system and install a new one.

I assume OP was/is using the same windows PC for browsing, downloading stuffs, holding funds, etc. which is not recommended at all. Too many malwares across the internet (smarter than your antivirus), you click a simple link and wont even know what problems are waiting for you ahead.

Unfortunately Yes. While I have another device, it's a Chromebook that's used by my wife. It doesn't necessarily support the Apps I required to run the bounty campaign management service. So I'm stuck with my one and only PC.

God, what are we talking about? Guilty or not? I asked the OP if he was an advanced computer user . According to all the responses, julerz12 does not understand the entire concept of network security. And unfortunately, you can feel sorry for him, but knowing his level of attitude toward other people's funds, I would not trust him in the future.
Using Windows for surfing and keeping money on a shared computer is just careless. It doesn't matter that you were the only user; you need to separate your general life from your financial one. A lot of people think, like, "This won't happen to me." But, alas, it's only a matter of time.

Those are all reasons to Support the Type 1 Newbie Warning Flag. It doesn't matter that it's not fraud. You call it an accident, I call using hot wallets for large funds an accident waiting to happen.

I only recently read another article about the  RAT, despite recalling it yesterday; a hacker can wait for a convenient time, and that time has come. Speaking of  RAT, this is not an unfounded opinion; it is enough to download a supposedly useful plugin for Photoshop, and that's it; you are already in sight, thinking that you downloaded from the right source.

P.S.  Some people will tell you to stop using Windows...  I don't care what you use for an operating system, no OS will save you from yourself.

verily

[John Abraham]

Maybe I was going to be hacked, or maybe not. I was trying to create a wallet address using electrum. I entered everything, and when I tried to click on Accept the TOS, My system got frozen. I could move the mouse pointer but could not click anywhere. Then I turned off my system. I was aware of your issue. That's why I was afraid.

[Bobrox]

As I've previously mentioned on this thread, I've got a motorbike, probably cost around $1,000 if I sell it which I will. That should cover the lost funds for Coinomize ($1,000). Although it might take a while for it to get sold so I'll start sending whatever amount I can gather for now.
Also, a portion of my upcoming bounty management fees will be used to pay these debts that I now owe to Coinomize and Yo!Mix.

Appreciated with your responsibility refunding Coinomize team with $1,000 after selling motorbike, right now left with current campaign and seems heavy because above $4,000 and you need find way could be loan collateral or looking for other alternative how to refund all assets hacked.

There are not accepted reason when talking our assets hacked and loss from responsibility, I hope you can recover all assets loss and seems current active campaign now helped well due your promote altcoin bounties campaign. In Bitcointalk forum have several board given loan service, don't take care about how much interest have to pay but you need resolve as soon possible to get your reputation.

[SmartGold01]

I feels so sorry about every single thing that just happened and we can't apportion blames to him now, after I finished reading lots of comments and i found out op is totally free, though is his fault for not being careful at the moment, he is not a scammer, if not you wouldn't have found him still here replying messages and also accepted to pay back, for that he also offered to sell his motorbike to continue some payments.
I am a lady, not just a lady but a mother, I bear and understand the kind of frustration Op would be now or how his body system would be reacting presently, with such situation I don't even know if he can barely have good food since the hack till this very moment. From my investigations he has been managing bounties for long and have no bad records, so all I plead from everyone is to give him a chance to try his best to make sure he will work harder to clear all the money.

Sorry sir.

[Wind_FURY]

Use a Linux system, but you will have to install the applications yourself from the package manager, and only use portable apps if you verified the release or trust the vendor.

The chances of stock malware breaking into an X Windows desktop on Linux is nil, because they're all written for Windows. You would have to be specifically targeted like Dashjr was in order to be at risk.

But whatever you do, do not install WINE with Electrum, or at the very least, disable or uninstall WINE, as it enables running Windows programs on Linux including malware. Not that many hackers are aware of that, but still.

Thanks for the tips. I'll make sure to remember this.

Don't just say it, as one of the security measures, you truly need to learn Linux if you are involved in cryptocurrencies. It's not that hard. But if you really need to run Windows, you can run it as a VM within your Linux OS. It's much safer.

I would never use Windows + Chrome/Firefox for my exchange/banking/Bitcoin needs, it's just a security hole, and a hack/malware waiting to happen. Plus you said you use Windows' Defender. I hope you don't watch porn in that PC.

[joker_josue]

Don't just say it, as one of the security measures, you truly need to learn Linux if you are involved in cryptocurrencies. It's not that hard. But if you really need to run Windows, you can run it as a VM within your Linux OS. It's much safer.

I would never use Windows + Chrome/Firefox for my exchange/banking/Bitcoin needs, it's just a security hole, and a hack/malware waiting to happen.

I think that kind of observation is a bit radical!

Regardless of the system used, security begins with user behavior. If the person has a bad behavior, he is subject to problems, regardless of the system he has. It is true that one or another system can make it difficult to have problems, but they are not infallible.

Safety is always related to the behavior that the person has!

[julerz12]

I think that kind of observation is a bit radical!

Regardless of the system used, security begins with user behavior. If the person has a bad behavior, he is subject to problems, regardless of the system he has. It is true that one or another system can make it difficult to have problems, but they are not infallible.

Safety is always related to the behavior that the person has!

Yes. Which is why I vouch to change my behavior. Being so careless got me into these bad circumstances and it sucks.
Not only that I now have a constant headache, and I could barely sleep thinking over and over again how I fucked up, I lost what little reputation I had in this forum.
So, never again. I'd do whatever it takes to keep what little crypto I have left safe.

Just some thoughts. Even though this happened very early of freaking 2023, I still have high hopes everything will be ok since I see some members in this forum giving me encouragement (though I know most still doubt me for what happened) it does ease the pain a little.

Anyways here some update,

Yo!Mix: $320 management fee returned + $150 initial refund for the lost funds: https://www.blockchain.com/explorer/transactions/btc/bdae89f63a82d45cde5412b6c9dd63802a999cb389a3da51adb63d289842c579
Coinomize: $150 initial refund for the lost funds: https://www.blockchain.com/explorer/transactions/btc/246520fe68abe0439c1ea10f8cb17c1f8ff4699fe78e2044102427a637af84e5

[slothypeep]

I'm sorry to say, but looks like you guys are all getting conned.

Alt-coin address in OPs profile: 0x5e0668b2aa5836aa3ce67827e9e8d267d2f42d73
https://i.imgur.com/jj7eJ6Z.png


Let's see, a 4000 BUSD (BSC-USD) balance. Hm.
https://i.imgur.com/lTD7Svl.png


Oh Look. Timing also corresponds to the 'hack'.
https://i.imgur.com/2vmXPtx.png


I only registered to post this after seeing a 'How to keep Electrum safe' post referenced elsewhere. I have no stakes here and this doesn't really concern me.
But y'all really need to pay attention when you're getting conned.

[LoyceV]

I'm sorry to say, but looks like you guys are all getting conned.

Alt-coin address in OPs profile: 0x5e0668b2aa5836aa3ce67827e9e8d267d2f42d73
~
Let's see, a 4000 BUSD balance. Hm.

See:

Also, just for everyone's info.
I am currently managing this bounty campaign wherein $4,000 USDT is (again) in my care, sitting on my Ledger wallet (Address)
I have already contacted several escrows including Hhampuz in hopes of being able to transfer these funds to them to act as a new official escrow.

But y'all really need to pay attention when you're getting conned.

You should get all the facts before making an accusation.

[Hhampuz]

I'm sorry to say, but looks like you guys are all getting conned.

Alt-coin address in OPs profile: 0x5e0668b2aa5836aa3ce67827e9e8d267d2f42d73


Let's see, a 4000 BUSD balance. Hm.


Oh Look. Timing also corresponds to the 'hack'.


I only registered to post this after seeing a 'How to keep Electrum safe' post referenced elsewhere. I have no stakes here and this doesn't really concern me.
But y'all really need to pay attention when you're getting conned.

He mentioned the $4k earlier from being for a bounty campaign that he is managing/going to manage. He's currently seeking for an escrow to hold/distribute said funds so I doubt this is some masterplan of stealing the $4k from Yo!Mix..

[slothypeep]

Perhaps. Awfully interesting coincidence timing-wise though.
I also made a mistake. It isn't BUSD - It's USDT (Binance Peg).