I thought I would never get hacked...

[LoyceV]

3Jp9hU........p6ai. I don't show the exact address because I don't want to expose all of my transactions for privacy reasons.

You can't obfuscate addresses like this, it's trivial to find.

Then, suddenly, I have seen this transaction from my wallet: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37

The output address of this transaction is this one:  bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6

I don't own the keys that generate this address.

Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions.
It also means my first post still applies:

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6:
~ many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why.

Weird. It looks like someone was testing his malware backend.

[1714329378]

1714329378

[1714329378]

1714329378

[apogio]

You can't obfuscate addresses like this, it's trivial to find.
Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions.

Ok, sorry my bad for both of the above.

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6:
~ many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why.

Weird. It looks like someone was testing his malware backend.
[/quote]

If you want to explain further, I would appreciate it.

What does it mean that someone was testing his malware?

In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.
2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.
3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.
4. My phone is compromised somehow and someone gained access to my phone's storage.

However all those options seem too obscure to me and I can't understand how it happened.

[LoyceV]

Weird. It looks like someone was testing his malware backend.

If you want to explain further, I would appreciate it.

Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees.

What does it mean that someone was testing his malware?

It's just a guess because I can't think of any other reason to create such transactions.

In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.

Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario.

2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.

It's possible.

3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.

It's possible.

4. My phone is compromised somehow and someone gained access to my phone's storage.

It's possible.

Option 5: someone had access to your phone for a moment, and swept your funds.

[apogio]

Weird. It looks like someone was testing his malware backend.

If you want to explain further, I would appreciate it.

Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees.

What does it mean that someone was testing his malware?

It's just a guess because I can't think of any other reason to create such transactions.

In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.

Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario.

2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.

It's possible.

3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.

It's possible.

4. My phone is compromised somehow and someone gained access to my phone's storage.

It's possible.

Option 5: someone had access to your phone for a moment, and swept your funds.

Thanks. I have no sendable merit, but I appreciate your answer. In my opinion the most likely scenarios are (3), (4).

[LoyceV]

In my opinion the most likely scenarios are (3), (4).

I guess it's #4. #3 would mean many more people would lose much larger amounts.
So backup your data, factory reset your phone, and start over.

[o_e_l_e_o]

Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.

Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.

[Agbe]

Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.

Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.

Yes hot wallet is not secured as we think but the carelessness of the user can also make the hacker to have access to the funds. Just like our living rooms are not secured but the way we protect the house will prevent arm robbers not to enter the house. But if they use extra measures to penetrate and that how wallet all is. The most important things to do in the protection of one's wallet is to keep your seed phrase and the password in very secure place. Don't disclose it to anyone unless you will it to someone.
In most time, our carelessness of login to another person device can also case this hack. And this is what is happening in this days. So one of the preventive measures is to steer clear from other people device with your wallet.

[apogio]

In my opinion the most likely scenarios are (3), (4).

I guess it's #4. #3 would mean many more people would lose much larger amounts.
So backup your data, factory reset your phone, and start over.

definetely. I will.

Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.

Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.

Now that you mention it, I have imported my seedphrase once to another application (blockstream green) because I was thinking of switching from BlueWallet to BS Green. I have forgotten it because it was a month ago and I never thought it was suspicious. I have downloaded the app from the playstore. After I decided to keep using Bluewallet instead of green wallet, I uninstalled the green wallet and kept using BlueWallet.

So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.

[hosseinimr93]

So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.

We don't know what exactly caused your wallet to be compromised, but you should never do this.
With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for any reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that.

[apogio]

So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.

We don't know what exactly caused your wallet to be compromised, but you should never do this.
With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for nay reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that.

Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.

[hosseinimr93]

Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.

Assume that you have created a wallet using wallet A. Generally speaking, it's possible that there's a vulnerability in wallet A that may cause you to lose your fund. It's also possible that there's a malware which can attack wallet A if your device is infected with.
With importing your seed phrase into wallet B, you increase the risk of getting hacked. Now, you will lose your fund if there's a vulnerability in each of wallets A and B. It's possible that your device is infected with a malware that can attack wallet B while it has nothing to do with wallet A.

The more wallets you import your seed phrase in, the more attack vectors you open for hackers.

[o_e_l_e_o]

Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.

[apogio]

Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.

This is true, indeed. Btw I am using Swiftkey as my main keyboard app.

[o_e_l_e_o]

Btw I am using Swiftkey as my main keyboard app.

Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world.

[LoyceV]

Still, I can't figure out why it is a bad idea.

It's a trade-off between paying a transaction fee, or doubling the risk of using a compromised wallet. In this case, with a small wallet, I wouldn't have moved the funds, but instead use both wallets (the new one for receiving funds, the old one for paying until it's empty).

Every app on your phone has access to your keyboard inputs.

Really? Even when they're at the background? That would be a terrible flaw in Android!

[apogio]

Btw I am using Swiftkey as my main keyboard app.

Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world.

F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.

[BitMaxz]

This is true, indeed. Btw I am using Swiftkey as my main keyboard app.

Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password.

[apogio]

This is true, indeed. Btw I am using Swiftkey as my main keyboard app.

Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password.

Thanks so much for the info. It makes absolute sense.

[o_e_l_e_o]

Really? Even when they're at the background? That would be a terrible flaw in Android!

Maybe. Maybe not. Malware is obviously specifically designed to bypass the usual security protocols. And given that most phone firmware and most apps are largely closed source, who knows for sure? But I'm certainly not going to assume that Android or Apple have created the first 100% fool proof security system.

F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.

This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.

[apogio]

This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.

Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.