My more than 2 bitcoins got stolen just 2 days ago.

[mbLI]

Hi. Kept my password only in my head on noone had access to seed-phrases. It leaked purely internally because if the wallet itself. Guys, pleas,e advise what to do. 50k$ are gone

[1714276487]

1714276487

[1714276487]

1714276487

[1714276487]

1714276487

[Faisal2202]

What wallet were you using? And provide some hash or wallet address so that we can confirm and judge the tx, because without any help from you, we might not help you. And to be honest, if someone got into your wallet (intentionally) then the money is gone and there might be no way for it to be recovered.

PS: I assume, you are talking about Electrum wallet.

Well, if that's the case, then please share your whole story. because the type of electrum depends, whether you were using it on Phone or a Desktop, because both have some differences. And What did you do, that you think your wallet got hack.

[Zaguru12]

If your story is true then you might have visited a phishing site using the device that holds the wallet or probably your device caught a malware that Leaked the seed to the hackers.

Since you’re posting on electrum board I will assume it is electrum wallet and there is no breach of electrum wallet this is a personal breach. And sorry to put it out I don’t think anything can be done if the funds are no longer there, you just need to discard that seed and create a new one and probably have a proper scan of that device for malware.

[albert0bsd]

Hi. Kept my password only in my head on noone had access to seed-phrases. It leaked purely internally because if the wallet itself. Guys, pleas,e advise what to do. 50k$ are gone

Sadly there is nothing that you can do, as you should know the transactions aren't reversibles, those are permanent.

But this history coming from a brand new account its unbelieve.

[mbLI]

Yes, Electrum wallet used on my laptop only.

I used the wallet just once - a year ago - just received a couple of transactions from my own account on trusted crypto exchange.
And this is it - never used this wallet somewehre else. It was created specifically for the security reasons. For HODL.

The password fpr the wallet was only in my memory.

Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.

It is clearly a hole in ELectrum itself.

[nc50lc]

Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.

It's not recommended to save the seed phrase in your PC, it's always has to be on a piece of paper or any alternative.

Hiding it in some folder, no matter how "hidden" you think it is isn't something that can protect you from private key/seed crawlers that an attacker can perform to your drives.
Electrum's seed phrase is only 12words by default, rearranging it is just a futile effort to protect it either.
Attackers can arrange it in correct order within minutes or even seconds.

If you want to check the code for possible backdoors, check it here (it's "open-source", and the builds are reproducible): https://github.com/spesmilo/electrum

[o_e_l_e_o]

It is clearly a hole in ELectrum itself.

Unlikely. Electrum is incredibly widely used, and so if it had a critical flaw in it we would expect to see hundreds if not thousands of reports from users losing their funds.

You made several mistakes I'm afraid OP. First, you stored more than you were willing to lose in a hot wallet. Then you ignored the warnings in Electrum which say "Please save these 12 words on paper" and "Do not store it electronically". By far the most likely way in which your coins were stolen is from malware or similar accessing the text file containing your seed phrase. It does not matter where on your hard drive it is (since malware can just scan your entire drive for words from the public word list), nor does it matter what order they are stored in since descrambling 12 words is incredibly easy and quick on even cheap hardware.

The password you remembered is irrelevant - your seed phrase is all that is needed to access your coins. The password only encrypts your local Electrum file.

What you need to do now is consider your computer compromised. At a minimum scan with antivirus and antimalware software, but ideally format it and reinstall your OS. Assume any other wallets or sensitive data on that computer are also compromised, including any saved website logins and passwords.

[khaled0111]

Are you sure you are looking at the right wallet? Do you see the hashes of old transactions you received from the crypto exchange on the history tab?
If yes then most likely your laptop has been compromised and the attacker got access to your wallet's seed (he doesn't need the password to steal your coins as o-e-l-e-o mentioned above). It's unlikely that you are using a fake Electrum version since you've been using it for more than a year and your coins were stolen just recently.

[Bitcoin Smith]

It is clearly a hole in ELectrum itself.

I don't think any such vulnerabilities found in the electrum wallet for year now. So something happened from your end.

Yes, Electrum wallet used on my laptop only.

I used the wallet just once - a year ago - just received a couple of transactions from my own account on trusted crypto exchange.
And this is it - never used this wallet somewehre else. It was created specifically for the security reasons. For HODL.

The password fpr the wallet was only in my memory.

Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.

So, you never turned the device in the meanwhile?

There are only two possibilities, you downloaded electrum from an unofficial site or someone accessed your device and moved funds.

Please post the TXid to know understand you are talking about.

[BitMaxz]

Yes, Electrum wallet used on my laptop only.

Are you sure if your Laptop is clean?
You might be using a cracked OS?
Or maybe you are using a fake Electrum wallet?

If this is for HODL you should make a wallet on an offline device or laptop and never save the password and seed phrase anywhere in your PC/Laptop.


How are you sure that your funds got stolen?
Did you check it from blockchain explorer?

You can maybe still able to reverse the transaction if it is still unconfirmed why not share your wallet address here?

[The Sceptical Chymist]

First, you stored more than you were willing to lose in a hot wallet.

Ugh.  This has always puzzled me.  In what way(s) is it risky to store large amounts of BTC in an Electrum wallet?  Obviously one way is the malware seedcrawler you mentioned, but how in the hell does one get infected with such a thing?

Are there other risks?  And I'm still wondering what really happened with OP's wallet and how it apparently got hacked.  I do agree that if there was such a big flaw in the code that there would be pandemonium throughout the entire bitcoin space, so it's got to be one of the reasons you mentioned....but I'm curious as to exactly how it got hacked, you know?

[hosseinimr93]

Ugh.  This has always puzzled me.  In what way(s) is it risky to store large amounts of BTC in an Electrum wallet?  Obviously one way is the malware seedcrawler you mentioned, but how in the hell does one get infected with such a thing?

Any online device is always prone to hacking. OP's device was probably infected with a malware and how exactly the malware could gain access to OP's keys is known only by the hacker.
If you want to be completely secure, you should create your wallet using a safe tool on an air-gapped device and your keys should never connect to the internet. Otherwise, there's always the chance of getting hacked.

[mbLI]

Are you sure you are looking at the right wallet? Do you see the hashes of old transactions you received from the crypto exchange on the history tab?
If yes then most likely your laptop has been compromised and the attacker got access to your wallet's seed (he doesn't need the password to steal your coins as o-e-l-e-o mentioned above). It's unlikely that you are using a fake Electrum version since you've been using it for more than a year and your coins were stolen just recently.

Yes, I'm sure, I'm using the right wallet.

I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.

Please post the TXid to know understand you are talking about.

574e046337f18b9debe4eb26cb3d303b42586d047211e04cde5a22114742f792

Will it help somehow? Do you think it worth going to the Police in Dubai?

I think I have the installation files of the software that caused the leakage of the information. Do you think it may help the police to find our where the data was sent to? Or it is not possible to track this from the software files?

[Bitcoin Smith]

Please post the TXid to know understand you are talking about.

574e046337f18b9debe4eb26cb3d303b42586d047211e04cde5a22114742f792

I explored the address bc1qg0ghptl62pgyjadv9hu9a9uhg4rxpgw62ajhqk, where the funds sent to and apart from that there were few other incoming TXs as well on the same day so its probably affected more than one wallet user. But you are the one who lost huge funds and I don't think it happened due to the Electrum, in the last two days your system infected by a malware, possible something called Bunny Loader and I read that it has capability to execute remote commands as well so that's how your funds were moved from your device so if that is true then you should probably came online in that device on that time period.

Will it help somehow? Do you think it worth going to the Police in Dubai?

I think I have the installation files of the software that caused the leakage of the information. Do you think it may help the police to find our where the data was sent to? Or it is not possible to track this from the software files?

If the hacker moved funds to an exchange or anywhere KYCed then it's possible to trace the identity of the individual, but I don't think who is smart enough to execute this will be dumb like that to leave the traces, so I don't think there is any hope.


Out of curiosity why the address : bc1qg0ghptl62pgyjadv9hu9a9uhg4rxpgw62ajhqk shows 6.4BTC as total received



but I manually calculated the numbers are only around 2.6BTC only, tried multiple explorers too.

[mbLI]

Please post the TXid to know understand you are talking about.

574e046337f18b9debe4eb26cb3d303b42586d047211e04cde5a22114742f792

I explored the address bc1qg0ghptl62pgyjadv9hu9a9uhg4rxpgw62ajhqk, where the funds sent to and apart from that there were few other incoming TXs as well on the same day so its probably affected more than one wallet user. But you are the one who lost huge funds and I don't think it happened due to the Electrum, in the last two days your system infected by a malware, possible something called Bunny Loader and I read that it has capability to execute remote commands as well so that's how your funds were moved from your device so if that is true then you should probably came online in that device on that time period.

Will it help somehow? Do you think it worth going to the Police in Dubai?

I think I have the installation files of the software that caused the leakage of the information. Do you think it may help the police to find our where the data was sent to? Or it is not possible to track this from the software files?

If the hacker moved funds to an exchange or anywhere KYCed then it's possible to trace the identity of the individual, but I don't think who is smart enough to execute this will be dumb like that to leave the traces, so I don't think there is any hope.

Fair enough... Seems like the police won't be able to help.

[FatFork]

The password fpr the wallet was only in my memory.

If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself.

Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.

That's a glaring security oversight on your part. Keeping a seed phrase in plain text on an internet-connected computer is almost as bad as to posting it on a giant billboard for everyone to see. Okay, I might be exaggerating a bit, but you get the point. No amount of encryption and password protection on your wallet can save you if someone gets hold to your seed phrase. Even if you mixed the words up a bit.

It is clearly a hole in ELectrum itself.

No it's not. Especially considering your previous statement.

[hosseinimr93]

Out of curiosity why the address : bc1qg0ghptl62pgyjadv9hu9a9uhg4rxpgw62ajhqk shows 6.4BTC as total received

That's true.
In all outgoing transactions that have a change, the change has been sent back to the same address and you didn't consider them when calculating the total received amount. 
For example, in this transaction, 1.73632521 BTC has been sent and 1.23624061 BTC of that has been sent back to the same address.

[mbLI]

The password fpr the wallet was only in my memory.

If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself.

I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum.

Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC?

[FatFork]

The password fpr the wallet was only in my memory.

If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself.

I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum.

Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC?

Absolutely! It's indeed possible to trace blockchain transactions and follow the trail of money. While I'm no blockchain expert, I gave it a shot and attempted to trace the blockchain records of your transaction. If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:



The address bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz is associated with the hot wallet of the KuCoin exchange, as documented on their website:
https://www.kucoin.com/blog/transparency-and-trust-a-detailed-list-of-kucoin-s-wallets

If I were in your shoes, I'd take this information, get a lawyer who knows about crypto and online scams. Then, I'd proceed to file a criminal complaint with the local authorities for online crimes. If you act quickly, you can request KuCoin to freeze both the suspected account and the funds linked to the criminal activity.

[mbLI]

The password fpr the wallet was only in my memory.

If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself.

I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum.

Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC?

Absolutely! It's indeed possible to trace blockchain transactions and follow the trail of money. While I'm no blockchain expert, I gave it a shot and attempted to trace the blockchain records of your transaction. If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:

https://talkimg.com/images/2023/10/08/RAfpI.jpeg

The address bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz is associated with the hot wallet of the KuCoin exchange, as documented on their website:
https://www.kucoin.com/blog/transparency-and-trust-a-detailed-list-of-kucoin-s-wallets

If I were in your shoes, I'd take this information, get a lawyer who knows about crypto and online scams. Then, I'd proceed to file a criminal complaint with the local authorities for online crimes. If you act quickly, you can request KuCoin to freeze both the suspected account and the funds linked to the criminal activity.

Man, if this will work out I will share the part of the returned funds with you! Many thanks.

I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be.

What service did you use to get the full visualisation?