LoyceV
Legendary
Offline
Activity: 3304
Merit: 16585
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 28, 2023, 07:42:48 AM |
|
3Jp9hU........p6ai. I don't show the exact address because I don't want to expose all of my transactions for privacy reasons. You can't obfuscate addresses like this, it's trivial to find.Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions. It also means my first post still applies: Weird. It looks like someone was testing his malware backend.
|
|
|
|
|
|
|
|
|
If you want to be a moderator, report many posts with accuracy. You will be noticed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
apogio (OP)
|
|
July 28, 2023, 07:56:32 AM Merited by JayJuanGee (1) |
|
You can't obfuscate addresses like this, it's trivial to find.Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions. Ok, sorry my bad for both of the above. Weird. It looks like someone was testing his malware backend. [/quote] If you want to explain further, I would appreciate it. What does it mean that someone was testing his malware? In my opinion there are the following options: 1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.3. My BlueWallet app is compromised somehow. I downloaded it from the playstore. 4. My phone is compromised somehow and someone gained access to my phone's storage. However all those options seem too obscure to me and I can't understand how it happened.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3304
Merit: 16585
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 28, 2023, 08:10:30 AM Merited by JayJuanGee (1) |
|
Weird. It looks like someone was testing his malware backend. If you want to explain further, I would appreciate it. Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees. What does it mean that someone was testing his malware? It's just a guess because I can't think of any other reason to create such transactions. In my opinion there are the following options: 1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space. Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario. 2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me. It's possible. 3. My BlueWallet app is compromised somehow. I downloaded it from the playstore. It's possible. 4. My phone is compromised somehow and someone gained access to my phone's storage. It's possible. Option 5: someone had access to your phone for a moment, and swept your funds.
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 08:19:04 AM |
|
Weird. It looks like someone was testing his malware backend. If you want to explain further, I would appreciate it. Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees. What does it mean that someone was testing his malware? It's just a guess because I can't think of any other reason to create such transactions. In my opinion there are the following options: 1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space. Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario. 2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me. It's possible. 3. My BlueWallet app is compromised somehow. I downloaded it from the playstore. It's possible. 4. My phone is compromised somehow and someone gained access to my phone's storage. It's possible. Option 5: someone had access to your phone for a moment, and swept your funds. Thanks. I have no sendable merit, but I appreciate your answer. In my opinion the most likely scenarios are (3), (4).
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3304
Merit: 16585
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 28, 2023, 08:42:55 AM |
|
In my opinion the most likely scenarios are (3), (4). I guess it's #4. #3 would mean many more people would lose much larger amounts. So backup your data, factory reset your phone, and start over.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
July 28, 2023, 08:59:45 AM |
|
Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
|
|
|
|
Agbe
|
|
July 28, 2023, 09:20:09 AM |
|
Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Yes hot wallet is not secured as we think but the carelessness of the user can also make the hacker to have access to the funds. Just like our living rooms are not secured but the way we protect the house will prevent arm robbers not to enter the house. But if they use extra measures to penetrate and that how wallet all is. The most important things to do in the protection of one's wallet is to keep your seed phrase and the password in very secure place. Don't disclose it to anyone unless you will it to someone. In most time, our carelessness of login to another person device can also case this hack. And this is what is happening in this days. So one of the preventive measures is to steer clear from other people device with your wallet.
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 09:31:27 AM |
|
In my opinion the most likely scenarios are (3), (4). I guess it's #4. #3 would mean many more people would lose much larger amounts. So backup your data, factory reset your phone, and start over. definetely. I will. Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Now that you mention it, I have imported my seedphrase once to another application (blockstream green) because I was thinking of switching from BlueWallet to BS Green. I have forgotten it because it was a month ago and I never thought it was suspicious. I have downloaded the app from the playstore. After I decided to keep using Bluewallet instead of green wallet, I uninstalled the green wallet and kept using BlueWallet. So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
|
|
|
|
hosseinimr93
Legendary
Online
Activity: 2394
Merit: 5235
|
|
July 28, 2023, 10:03:31 AM Last edit: July 28, 2023, 10:16:25 AM by hosseinimr93 Merited by LoyceV (4), Cricktor (1) |
|
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
We don't know what exactly caused your wallet to be compromised, but you should never do this. With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for any reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 10:18:19 AM |
|
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
We don't know what exactly caused your wallet to be compromised, but you should never do this. With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for nay reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that. Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.
|
|
|
|
hosseinimr93
Legendary
Online
Activity: 2394
Merit: 5235
|
|
July 28, 2023, 10:29:32 AM |
|
Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.
Assume that you have created a wallet using wallet A. Generally speaking, it's possible that there's a vulnerability in wallet A that may cause you to lose your fund. It's also possible that there's a malware which can attack wallet A if your device is infected with. With importing your seed phrase into wallet B, you increase the risk of getting hacked. Now, you will lose your fund if there's a vulnerability in each of wallets A and B. It's possible that your device is infected with a malware that can attack wallet B while it has nothing to do with wallet A. The more wallets you import your seed phrase in, the more attack vectors you open for hackers.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 12:03:15 PM |
|
Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
Btw I am using Swiftkey as my main keyboard app. Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3304
Merit: 16585
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 28, 2023, 12:23:17 PM |
|
Still, I can't figure out why it is a bad idea. It's a trade-off between paying a transaction fee, or doubling the risk of using a compromised wallet. In this case, with a small wallet, I wouldn't have moved the funds, but instead use both wallets (the new one for receiving funds, the old one for paying until it's empty). Every app on your phone has access to your keyboard inputs. Really? Even when they're at the background? That would be a terrible flaw in Android!
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 12:23:57 PM |
|
Btw I am using Swiftkey as my main keyboard app. Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world. F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3248
Merit: 2955
Block halving is coming.
|
|
July 28, 2023, 12:32:57 PM |
|
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password.
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 12:47:00 PM |
|
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password. Thanks so much for the info. It makes absolute sense.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
July 28, 2023, 01:15:30 PM |
|
Really? Even when they're at the background? That would be a terrible flaw in Android! Maybe. Maybe not. Malware is obviously specifically designed to bypass the usual security protocols. And given that most phone firmware and most apps are largely closed source, who knows for sure? But I'm certainly not going to assume that Android or Apple have created the first 100% fool proof security system. F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.
This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.
|
|
|
|
apogio (OP)
|
|
July 28, 2023, 01:33:38 PM |
|
This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.
Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.
|
|
|
|
|