|
apogio (OP)
|
 |
July 27, 2023, 05:31:55 PM Merited by JayJuanGee (1) |
|
I have been hacked yesterday. I had 2 UTXOs in a single-sig, hot wallet. My seed phrase was 12 words long. I had originally created the wallet using Bluewallet. Here is the transaction: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37I don't know you the thief is, but I really wish that they lose all of their belongings. Even though I had a single-sig wallet. Even though I had not used my own node to connect to. Even though I have done many mistakes, stealing is not acceptable... PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only... Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this. |
|
|
|
|
|
|
|
|
|
|
|
|
Whoever mines the block which ends up containing your transaction will get its fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
Zaguru12
|
|
July 27, 2023, 05:39:15 PM Merited by JayJuanGee (1) |
|
Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this.
Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase since it has 256 bits of entropy compared to the 128 bits of 12 seed phrase. The probability of guessing the words accurately will be higher in 24 seeds than in 12 seeds. But still this doesn’t eliminate the fact that both will face same faith if exposed to malware. From your post it seems you either might have caught malware or you expose your seeds either through phishing attack or any other way. Going forward I would advice you prioritize offline method of storing your keys and seeds, because without taking full control of them even if you have 200 seeds as recovery phrases the same thing will happen without proper storage. |
|
|
|
Charles-Tim
Legendary
 Offline
Activity: 1526
Merit: 4833
|
|
July 27, 2023, 05:39:58 PM Merited by JayJuanGee (1) |
|
Sorry for your loss. It might be a malware. But it might be an offline attack, like someone to see your seed phrase backup. Or when you give them your device or something like that and password is not enabled. I will recommend you wallet on an airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not on the same device your wallet is. Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase
Not more secure during online attack or if the seed phrase is seen offline. But passphrase can help against offline attack. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 05:43:25 PM |
|
Sorry for your loss.
It might be a malware. But it might be an offline attack z like someone to see your seed phrase backup, or when you give them your device or something like that.
I will recommend you wallet on airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not in the same device your wallet is.
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node. I start to worry about this setup too now... |
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1526
Merit: 4833
|
|
July 27, 2023, 05:48:36 PM |
|
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.
I start to worry about this setup too now...
Having the 2-of-3 multisig on hardware devices is very safe and secure. One of the best options to go for. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 05:54:49 PM |
|
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.
I start to worry about this setup too now...
Having the 2-of-3 multisig on hardware device is very safe and secure. One if the best options to go for. It's not a hardware device actually. It's a seed signer, meaning it has no memory at all. My seed phrases are on paper on 3 different places. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok? |
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16577
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 27, 2023, 05:55:50 PM |
|
Going forward I would advice you prioritize offline method of storing your keys and seeds OP had less than 0.001 BTC in a hot wallet. That's a totally acceptable amount to risk losing, and I assume OP has most of his funds in cold storage already. The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6: it received many more transactions, all within 24 hours. It looks like someone targeted many wallets at once. Update: It gets weirder: many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok? I trust 12 seed words. You should look elsewhere, changing to 24 words will only give you a false sense of security. |
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 06:00:21 PM |
|
OP had less than 0.001BTC in a hot wallet. That's a totally acceptable amount to risk losing, and I assume OP has most of his funds in cold storage already.
Hello Loyce. It's not the amount... It's the fact I got hacked... I have both a multisig vault and a cold wallet with passphrase. That's where I keep my entire net worth. I really couldn't afford losing it. That's why you see me desperate and forgive me for that... As I said, it's from the website where I sent some sats to play roulette, I think it's a scam. I trust 12 seed words. You should look elsewhere, changing to 24 words will only give you a false sense of security.
Thanks, I really appreciate this answer. It's what I thought anyway, so... |
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1526
Merit: 4833
|
|
July 27, 2023, 06:01:55 PM |
|
It's not a hardware device actually. It's a seed signer, meaning it has no memory at all. My seed phrases are on paper on 3 different places. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok?
12 word seed phrases for 2-of-3 multisig wallet created on a hardware wallet is very safe and secure, you can not compare that with single sig online wallet which is far more vulnerable if you compare them both. Having the backup in this order in different places also makes the backup to be safe: Seed 1, MPK 2 Seed 2, MPK 3 Seed 3, MPK 1 |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16577
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 27, 2023, 06:03:24 PM |
|
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam. I'm confused: you said you "originally" created the seed phrase in Bluewallet. Does that mean you imported your seed phrase elsewhere? Which wallet did you use, and how can the website you sent funds to have anything to do with that? |
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 06:07:43 PM |
|
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam. I'm confused: you said you "originally" created the seed phrase in Bluewallet. Does that mean you imported your seed phrase elsewhere? Which wallet did you use, and how can the website you sent funds to have anything to do with that? I had used Bluewallet all the way from the beginning till the end with this wallet. I created the seed phrase there = I created the wallet there and used it as a hot wallet. 12 word seed phrases for 2-of-3 multisig wallet created on a hardware wallet is very safe and secure, you can not compare that with single sig online wallet which is far more vulnerable if you compare them both.
Having the backup in this order in different places also makes the backup to be safe:
Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1
As far as the multisig vault is concerned: This is exactly how I have backed-up my wallet. In fact the only thing I have done using a device connected to the internet, it to monitor my wallet importing my xpubs to Sparrow which is connected to my personal electrum server. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
July 27, 2023, 07:23:53 PM Merited by JayJuanGee (1) |
|
12 words are more than sufficient. 24 words are harder to brute force, yes, but brute forcing 12 words is already impossible. The number of words makes no difference if an attacker compromises your back up.
If the seed phrases from your multi-sig set up have never touched an internet connected device, then they remain as safe as possible.
What you should really be focusing on is how your hot wallet was compromised. How did you store the seed phrase back up, and did you import it anywhere else? It could well be that the device which was hosting this hot wallet is infected with malware, meaning you will need to think about formatting it and reinstalling your OS.
|
|
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2170
Merit: 4237
Join the world-leading crypto sportsbook NOW!
|
|
July 27, 2023, 07:54:13 PM Merited by JayJuanGee (1) |
|
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam.
Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before? That's where you're money went, did you log onto the roulette site to see if the funds are there? Are you sure you didn't send the funds while on a fortified hookah bender, and just forgot? Does anyone else have access to the device where you have the hot wallet? |
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 09:30:17 PM |
|
12 words are more than sufficient. 24 words are harder to brute force, yes, but brute forcing 12 words is already impossible. The number of words makes no difference if an attacker compromises your back up.
If the seed phrases from your multi-sig set up have never touched an internet connected device, then they remain as safe as possible.
What you should really be focusing on is how your hot wallet was compromised. How did you store the seed phrase back up, and did you import it anywhere else? It could well be that the device which was hosting this hot wallet is infected with malware, meaning you will need to think about formatting it and reinstalling your OS.
Sounds correct. My device is actually my phone. I really can't understand what went wrong... My seed phrase has never been imported to any other software apart from Bluewallet on my phone. Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before? That's where you're money went, did you log onto the roulette site to see if the funds are there? Are you sure you didn't send the funds while on a fortified hookah bender, and just forgot? Does anyone else have access to the device where you have the hot wallet? Nobody has access to my seed phrase (nor my phone) apart from me. I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went). |
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2380
Merit: 5235
|
|
July 27, 2023, 09:33:44 PM |
|
PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...
There is nothing suspicious with windice. They gave you a deposit address and you sent bitcoin to that address. That's all. There is no way they can gain access to your private keys or seed phrase and make transaction from your wallet. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
apogio (OP)
|
|
July 27, 2023, 09:42:18 PM |
|
PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...
There is nothing suspicious with windice. They gave you a deposit address and you sent bitcoin to that address. That's all. There is no way they can gain access to your private keys or seed phrase and make transaction from your wallet. Hello! So, what do you think has happened? I can assure you that nobody has ever seen my seed phrase. But the phone may be compromised. I just can't understand what I see in mempool. I have never seen the receiving address before. |
|
|
|
logfiles
Copper Member
Legendary
Offline
Activity: 1960
Merit: 1643
Top Crypto Casino
|
|
July 27, 2023, 11:59:00 PM Merited by JayJuanGee (1) |
|
I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).
I remember this casino, they even advertised themselves in this forum, I think around 2018-2019. Let me look up the links But I don't think a site would access your private keys (seeds) or something like that. There is a possibility there was some security lapse that led to the leakage of your private keys (seeds) recently or way back, and you can't remember. Their ANN: ♨️🎲 WINDICE.io 🎲 Contests 🏆 TvT 🔰 Progressive Faucet💰 Jackpots 🎁❤Their former Signature Campaign: Windice.io Signature Campaign(CLOSED) |
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 06:36:34 AM |
|
I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).
I remember this casino, they even advertised themselves in this forum, I think around 2018-2019. Let me look up the links But I don't think a site would access your private keys (seeds) or something like that. There is a possibility there was some security lapse that led to the leakage of your private keys (seeds) recently or way back, and you can't remember. Their ANN: ♨️🎲 WINDICE.io 🎲 Contests 🏆 TvT 🔰 Progressive Faucet💰 Jackpots 🎁❤Their former Signature Campaign: Windice.io Signature Campaign(CLOSED)Yeah I guess they couldn't access my PK, but I still wonder how someone gained access to my wallet... |
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16577
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 28, 2023, 07:16:43 AM |
|
As I said, it's from the website where I sent some sats to play roulette You're contradicting yourself: I have never sent money to this address First, you say your Bitcoin was sent to the address above. Then you say it's from a website you've used, while you say you've never sent funds to that address. It doesn't add up. How do you know which website the address belongs to? |
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 07:25:54 AM
Last edit: July 28, 2023, 07:48:00 AM by apogio |
|
As I said, it's from the website where I sent some sats to play roulette You're contradicting yourself: I have never sent money to this address First, you say your Bitcoin was sent to the address above. Then you say it's from a website you've used, while you say you've never sent funds to that address. It doesn't add up. How do you know which website the address belongs to? Hang on, I have been misunderstood, perhaps because english is not my native language. So, I have a hot wallet on my BlueWallet application. I have sent multiple time to an address that the website (windice.io) provided me, which was looking like this: 3J....... I don't show the exact address because I don't want to expose all of my transactions for privacy reasons. So, my wallet had multiple transactions to the address above. Then, suddenly, I have seen this transaction from my wallet: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37The output address of this transaction is this one: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6I don't own the keys that generate this address. I hope I made myself clear and I am happy to add any more information if needed. |
|
|
|
|
