Hacker moved coins from my wallet

[Avirunes]

What happened:  Today I requested additional loan in shasan's thread here https://bitcointalk.org/index.php?topic=5030169.msg62169183#msg62169183. After some discussions privately with shasan it was approved by him and he sent the coins. As soon as it arrived the hacker moved it from my wallet address: bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 (only one in the wallet). I am not sure how he got control of my Electrum wallet  (despite Malwarebytes on my laptop) but as soon as it happened I reset password of forum and other sites via my mobile and did fresh install of Windows.

Scammers Wallet Address: bc1qzzvml53wkc5g4w5tuk6xz0t0j332rfgftymf2f

Amount Scammed: 0.015 BTC


In seclog both the recent password changes were done by me and to confirm that I am the real Avirunes here is the signed message from my oldest address which I have kept safe on my blockchain.info:

Address:

Code:

1oooTXKUgGbLhVTG4zZ4FJi71Xzk6vijL

Message:

Code:

This is Avirunes and I confirm bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 has been compromised.

Signature:

Code:

G9NT2IalfZX4tApHIlpKvXnpV0nzKk+yHFdY9adx6naZc0mjxdxkq9BnGLjLVSUNxxZG8sNHbC+3pqB152JwHH4=

Even after the signed message, I think shasan can verify that I am real Avirunes here as we were always in touch through telegram.


I am clueless as to how this could have happened as like I said I had Malwarebytes on my laptop but despite that this incident happened.I know how dumb and idiot I look right now but I still can't wrap my head around how this could have happened.

[1714585346]

1714585346

[1714585346]

1714585346

[1714585346]

1714585346

[1714585346]

1714585346

[Charles-Tim]

What is Malwarebytes? Is it an anti-malware? Do not rely on anti-malware to the extent you will start to using your device in an unsecured way. Always use ad blockers, stop downloading torrent files, stop visiting unsecure sites, start to be careful of malware and start protecting your device.

For better security, use cold wallet or multisig wallet. Or for convenience and security, get a hardware wallet.

Always still be careful of malware.

[shasan]

Sorry to hear about your loss. A few weeks ago the same thing happened to Julerz now happened to you. Can't imagine what is going on with Electrum. Also can't remember but seen a similar case for an Electrum hack. Have you clicked on an update after logging in to the Electrum wallet? I never click on anything through Electrum. I am afraid that I will fall into this type of trap.

[hosseinimr93]

Sorry to hear about your loss. A few weeks ago the same thing happened to Julerz now happened to you. Can't imagine what is going on with Electrum.

Whatever happened, there is no problem with electrum itself. Electrum (if it's used properly) is secure enough. julerz12 used electrum on an online device and Avirunes probably did the same thing.
Any online device is always prone to hacking.

[robelneo]

I am clueless as to how this could have happened as like I said I had Malwarebytes on my laptop but despite that this incident happened.I know how dumb and idiot I look right now but I still can't wrap my head around how this could have happened.

Sorry for your loss Avirunes, you're not dumb and idiot, things like this happen just when we thought we are safe, I also thought that Malwarebytes is good for blocking intrusion but it's not you did the right thing securing your computer, and your account here in Bitcointalk.
You can still get back what you've loss Shasan is a good man he will understand and you can regain what you've lost, when you are ok and you figure out what really went wrong you can share and update so we can also learn from this.
I'm also an Electrum user but I seldom use it now after Julerz's story.

[ItsCrafty]

PC is much dangerous for crypto and hackers are now so smarts and its possible that they introduced malware which are not detectable by any antimalware software. 0.015 btc is not a small amount but now you cannot do anything except be careful from next time.

For future safety i will recommend hardware wallet to recieve any big amount.

Never Enter your phrase, personal Gmail, Social accounts related to crypto because Laptop or Pc can easily be hacked through malware. Mobile is secure so far as i am using for 5 years and did not faced any problem while using PC my phrase compromised 3 times

[Charles-Tim]

Sorry to hear about your loss. A few weeks ago the same thing happened to Julerz now happened to you. Can't imagine what is going on with Electrum. Also can't remember but seen a similar case for an Electrum hack. Have you clicked on an update after logging in to the Electrum wallet? I never click on anything through Electrum. I am afraid that I will fall into this type of trap.

Only what I noticed that you can click on is the Electrum URL for update, which was never like before but having the correct Electrum URL for update. Another thing that I know that can be clicked on is the blockchain explorer.

You can fall for the trap too if you are the type of person that do not take wallet safety and online security seriously. It is not about Electrum wallet, it is about carelessness. Anyone that can fall for the scam while using Electrum can also fall for the scam while using any other online wallet.

[hosseinimr93]

I'm also an Electrum user but I seldom use it now after Julerz's story.

As I said in my previous post electrum is secure enough. Just because someone got hacked doesn't mean electrum isn't secure. Electrum is open-source and there's nothing hidden from the users.
As long as your device is online, whatever wallet you use, there's the chance of getting hacked.

Never Enter your phrase, personal Gmail, Social accounts related to crypto because Laptop or Pc can easily be hacked through malware. Mobile is secure so far as i am using for 5 years and did not faced any problem while using PC my phrase compromised 3 times

This doesn't mean a mobile is more secure than a PC. This only means that your PC had been infected with a malware and you have been lucky that your mobile hasn't been hacked yet.

[Charles-Tim]

Never Enter your phrase, personal Gmail, Social accounts related to crypto because Laptop or Pc can easily be hacked through malware. Mobile is secure so far as i am using for 5 years and did not faced any problem while using PC my phrase compromised 3 times

This doesn't mean a mobile is more secure than a PC. This only means that your PC had been infected with a malware and you have been lucky that your mobile hasn't been hacked yet.

@ItsCrafty
On my laptop, what I used it most for are 2FA enabled exchange accounts, Netflix and YouTube Premium (I hate ads). Having little amount of bitcoin on Electrum on the laptop and still expecting malware, although not likely. It depends on how you use your device, be it phone or computer. But you should know that you should not have the coins that you can not afford to lose on an online wallet, there are cold wallet options that you can go for. Mobile devices are always online, be careful.

[GxSTxV]

I feel bad just hearing about the continuous and unstoppable attacks. I myself experienced something similar a few weeks ago when my BNB was instantly transformed into another wallet upon receiving it. I understand the shock and bad feeling that you are going through right now, so I’m very sorry for that.
I don't think the issue lies with the Electrum wallet itself, If hackers had found a security loophole in Electrum without having to access your pc first they would target wallets of whales with large amounts of Bitcoin logically. I am sure that your device has been hacked using a malicious program or file you downloaded and your antimalware defense isn’t enough. If you could recall the latest files that you downloaded before the last time you used your Electrum wallet on your PC and run a test on VirusTotal for example and you may find something. Since I’m not sure tracing the hacker’s wallet will lead into something.
And as other users have suggested using a wallet on an online PC is a ticking time bomb waiting to explode. The solution to prevent such painful experiences is to use another device only for a Bitcoin wallet or a better option which is to get a cold wallet.

[alterra57]

You probably had the malware in your computer for a while and it got activated once it detected coins in your wallet. When was the last time you made a transfer using this computer?

[Gladitorcomeback]

Very sad to hear that you lost 450$. I just want to inquire that you saved this phrase cloudly online anywhere. If you saved then this is possible reason hacker got access to your wallet and success in transfer fund. Online savings phrase may be gmail, photos l, Notes Telegram or other social media where you send phrase. hackers send these btc to another wallet. More chance that he mixed it using any mixer or deposited into his own other wallet.

You did right job to reset all password on time but its not enough yet because it's essential to know how hacker get access to wallet.

[Saint-loup]

What happened:  Today I requested additional loan in shasan's thread here https://bitcointalk.org/index.php?topic=5030169.msg62169183#msg62169183. After some discussions privately with shasan it was approved by him and he sent the coins. As soon as it arrived the hacker moved it from my wallet address: bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 (only one in the wallet). I am not sure how he got control of my Electrum wallet  (despite Malwarebytes on my laptop) but as soon as it happened I reset password of forum and other sites via my mobile and did fresh install of Windows.

Scammers Wallet Address: bc1qzzvml53wkc5g4w5tuk6xz0t0j332rfgftymf2f

Amount Scammed: 0.015 BTC

It's the first time you get hacked ? Other funds on other addresses from your wallets are still here or some other have been theft too? Did you check your logs from Electrum to see if your funds have been stolen through Electrum on your computer? Because if you haven't exposed your seed anywhere else, I wonder how the attacker has been able to hack your funds, if it's not from Electrum directly ? It would be a really bad news because it would mean that Electrum is currently not safe anymore.

[andulolika]

If your private key was recoverable with security questions then you might have the answer.

[Beparanf]

It’s unusual for a malware to get through on Malwarebytes since it’s very active on blocking any incoming malware from the web. You should combine WD on top of your malwarebytes to have second layer of security.

By any chance, Do you accidentally allow something which malwarebytes blocked?

[DireWolfM14]

Sorry for your loss, Avirunes.  This is getting concerning, there seems to be an increase in these reports.  So far the ones I've seen have all been on Windows machines, but I don't know if other operating systems are immune.  A similar event was recently discussed on Github, I've added the link below.  

Issue discussed on Github: https://github.com/spesmilo/electrum/issues/8263
Corresponding forum thread: https://bitcointalk.org/index.php?topic=5445300.0
Recent similar incident: https://bitcointalk.org/index.php?topic=5433643.0

the hacker moved it from my wallet address: bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 (only one in the wallet).

What do you mean "only one in the wallet"?  Did you create the wallet with an imported private key?  So, you don't have a seed phrase?

I am not sure how he got control of my Electrum wallet  (despite Malwarebytes on my laptop) but as soon as it happened I reset password of forum and other sites via my mobile and did fresh install of Windows.

Can you give us more detail, please?  Windows version, Electrum version before the re-install, any other software you may have downloaded in the recent months?

I am clueless as to how this could have happened as like I said I had Malwarebytes on my laptop but despite that this incident happened.I know how dumb and idiot I look right now but I still can't wrap my head around how this could have happened.

I don't use any malware software other than what's included in Win11, and to be honest I don't know how effective any of them really are.  It seems like they can only work once the malware is identified by the developer, and added to the software's blacklist.

I don't know how this is happening either, but I suspect there might be some malware being promoted to crypto users that attacks Electrum and extracts funded private keys.  Based on the Github discussion to which I linked above, multiple victims had their funds stolen in one transaction that included multiple address types, indicating the private keys were swept.

All I can say is be very careful and suspicious of any software you install your system, and diligently verify Electrum downloads.

[bitbollo]

If your private key was recoverable with security questions then you might have the answer.

Hi andulolika
you can recover private keys from electrum with security question?!
I've never heard of this possibility.
it's a "classic" wallet they shouldn't have this option since you don't set... but I could be wrong maybe I don't know this function ?!?

[Stalker22]

Regrettably, stories of this nature seem to surface all too often. What frustrates me most about such cases is that the truth behind them is often shrouded in mystery. There could be a multitude of reasons why someone's cryptocurrency is compromised - an unsecured wallet or device (where the thief had physical access to the computer), malware or spyware on the system, falling prey to a phishing attack (where the user knowingly or unknowingly exposed the private key or seed to third parties), an outdated or insecure operating system (many people are hesitant to admit using a cracked version of software, which could introduce numerous threats), or even a remote hack on the system. The list of potential culprits is virtually endless.

What we can be sure of is that these cases are isolated and do not reflect the overall security of the Electrum wallet. Electrum is a reputable and widely used cryptocurrency wallet that has undergone numerous security audits and has proven to be highly secure.

By the way, OP, I'm sorry for your loss. This may be a good time to consider getting a hardware wallet to prevent situations like this from happening again in the future.

[acroman08]

sorry about your loss, it would be nice if you could update us if you ever find out what was the cause of your wallet being compromised.

Sorry to hear about your loss. A few weeks ago the same thing happened to Julerz now happened to you. Can't imagine what is going on with Electrum. Also can't remember but seen a similar case for an Electrum hack. Have you clicked on an update after logging in to the Electrum wallet? I never click on anything through Electrum. I am afraid that I will fall into this type of trap.

perhaps creating a multi-sig wallet would help to greatly increase the security of your wallet and the asset inside it.

[Saint-loup]

Sorry for your loss, Avirunes.  This is getting concerning, there seems to be an increase in these reports.  So far the ones I've seen have all been on Windows machines, but I don't know if other operating systems are immune.  A similar event was recently discussed on Github, I've added the link below.  

Issue discussed on Github: https://github.com/spesmilo/electrum/issues/8263
Corresponding forum thread: https://bitcointalk.org/index.php?topic=5445300.0
Recent similar incident: https://bitcointalk.org/index.php?topic=5433643.0
[...]

Wow even if I wouldn't call that a massive attack for now, it starts to scare me a little bit to be honest. Unlike what some people are saying above, Electrum could be not so safe to use anymore if those testimonies are true. So what could we do now ? Only using it as a cold wallet? But how we will make Lightning Network transactions now? We can't do that with a cold wallet unfortunately. I really hope it's just a coincidence because it would be a really bad news for Bitcoin, many people are using Electrum has a hot wallet on their computer  

What we can be sure of is that these cases are isolated and do not reflect the overall security of the Electrum wallet. Electrum is a reputable and widely used cryptocurrency wallet that has undergone numerous security audits and has proven to be highly secure.

By the way, OP, I'm sorry for your loss. This may be a good time to consider getting a hardware wallet to prevent situations like this from happening again in the future.

LOL You like to be funny bro