I will try to answer as much as questions as I can but right now since I don't have any particular answer I will say due to my carelessness it happened. I will be quick and direct as much as I can so pardon me for not explaining properly or to the point as needed.
Have you clicked on an update after logging in to the Electrum wallet?
It wasn't through any Electrum popup and I am aware about case where someone installed a hacker version of Electrum. I actually updated the Electrum wallet some time ago. Maybe like 2-3 months from the site after verifying gpg signatures.
I just want to inquire that you saved this phrase cloudly online anywhere.
No, it wasn't.
It's the first time you get hacked ? Other funds on other addresses from your wallets are still here or some other have been theft too? Did you check your logs from Electrum to see if your funds have been stolen through Electrum on your computer? Because if you haven't exposed your seed anywhere else, I wonder how the attacker has been able to hack your funds, if it's not from Electrum directly ? It would be a really bad news because it would mean that Electrum is currently not safe anymore.
a) Yes, its my first time getting hacked like this.
b) There were other addresses but they didn't had any transactions.
c) I don't think it was Electrum actually because I have been using Electrum for long time and before installing, I confirm its from original source. The question is why now?
I highly suspect something running in the background. But I've autorun software to check if there is something malicious in registry which has been set to autorun and I check it too and I check the processes running in background regularly as well.
Do you accidentally allow something which malwarebytes blocked?
No if my memory serves me right. I usually read the alerts by antivirus, antimalware programs and I always choose quarantine/remove option , allow is not even a chance.
What do you mean "only one in the wallet"? Did you create the wallet with an imported private key? So, you don't have a seed phrase?
This will serve as an answer to anduloika and you as well: The wallet address was created by VanitySearch and I trust this software but as a precaution I use it for only small amounts. Since its been so long , I started trusting for more balance. There were other addresses as well which also was created by VanitySearch as I like to generate some cool addresses and use it but none of them had any balance in it or were used in the forum except the one I use.
so @anduloika it wasn't a private key with recoverable security questions.
Can you give us more detail, please? Windows version, Electrum version before the re-install, any other software you may have downloaded in the recent months?
Yes, it was a Windows version. I am not sure of Electrum version but I recall something like 4.3.3 something. Software I could have but they were usual like Chrome and Winrar and stuff. Just the things I need. All were downloaded from original sources.
I don't use any malware software other than what's included in Win11, and to be honest I don't know how effective any of them really are. It seems like they can only work once the malware is identified by the developer, and added to the software's blacklist.
Yes, it is only added once some has been affected by it. By the time its added, they already have got their initial victims. I am not saying it happened to me or maybe it did but the purpose is to let others aware of problems like this.
I don't think Electrum is the case actually as I've been using it for more than 2-3 years in this lappie and over this course of years bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3.... address has received many signature campaign earnings and later on there were times when there was more funds than that. So why now?
I've also come to conclusion right now that it was probably some script running in background whenever I open Electrum and it probably sends private keys of all the addresses in the wallet and then have a system of some sorts which sweeps all the balances when the addresses receives some balances. <--as some of you guys have mentioned here
As for Malwarebytes, I am bit surprised that it didn't alerted something running in background whenever I opened Electrum. I am bit paranoid about scripts running in background or autostartup so I had softwares to check those as well and delete/remove those things as well.
What I am not sure of is that entry point of this script/malware or whatever. I also seriously don't recall anything suspicious being downloaded. I've already made a fresh install of the Windows on my laptop after clearing everything in every partition my laptop has including the partition in MB size having some boot records so I can't go back and check those things about what happened for clear.
At the end, I can only say always be wary of these things. Anti-viruses/anti-malware also sometimes might not protect you all the time.
About hardware wallet, I still have a Ledger Nano which I have used in the past to hold big balances but right now I don't use it. So yeah I have the policy of big balances to hardware wallets but there are cases where I need to move coins fast I tend to loose up a little and move into wallets that I have in my easily accessible devices.
Thank you everyone for answering here and discussing with ideas on what could have happened.
