My more than 2 bitcoins got stolen just 2 days ago.

[FatFork]

Man, if this will work out I will share the part of the returned funds with you! Many thanks.

I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be.

What service did you use to get the full visualisation?

You probably don't need legal representation; I just thought it might be helpful in following proper procedures and getting things done. But you can likely go directly to the police, specifically the internet crime unit.

I used Crystal Lite Explorer to create the visualization, but you can achieve the same with any blockchain explorer. Just follow a few transactions further, and they all lead to the same address from the KuCoin exchange. I hope this information proves useful to you.

[1714579915]

1714579915

[1714579915]

1714579915

[1714579915]

1714579915

[1714579915]

1714579915

[mbLI]

Man, if this will work out I will share the part of the returned funds with you! Many thanks.

I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be.

What service did you use to get the full visualisation?

You probably don't need legal representation; I just thought it might be helpful in following proper procedures and getting things done. But you can likely go directly to the police, specifically the internet crime unit.

I used Crystal Lite Explorer to create the visualization, but you can achieve the same with any blockchain explorer. Just follow a few transactions further, and they all lead to the same address from the KuCoin exchange. I hope this information proves useful to you.

Ok, spoke to KuCoin support. The address which you pointed out is general KuCoin wallet. The one before it - is personal KuCoin wallet and it is verified - meaning it went through KYC. They won't give any further info without official document from the police. The account is frozen already, meaning someone reported before me.

They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real.

I will keep you posted.

[Synchronice]

The password fpr the wallet was only in my memory.

Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.

It is clearly a hole in ELectrum itself.

Were you using 12 words seed phrase or 24 words seed phrase? If you were using 12 words and have saved them in unordered way, then it's still possible to brute force wallet in minutes, here is an article Bitcoin enthusiast cracks known 12-word seed phrase in minutes

It's very unlikely that there is a hole in Electrum.

If the hacker moved funds to an exchange or anywhere KYCed then it's possible to trace the identity of the individual, but I don't think who is smart enough to execute this will be dumb like that to leave the traces, so I don't think there is any hope.

There have been way smarter individuals who got caught.

I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be.

What service did you use to get the full visualisation?

If I were you, I would immediately contact KuCoin and would explain the situation to them to freeze the scammer's account as soon as possible, this will take you some minutes to figure out with their live support, so, I would do it ASAP, you lose nothing by doing this.
Can't help about the police and lawyers, I have no experience.

EDIT
It seems, you already spoke with them, the timing of my post was a little late.

[khaled0111]

They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real.

You did the right thing by contacting kucoin's support and informing them about this incident. Now that the culprit's account has been frozen, all you have to do is to file a police report.
Dubai and the UAE is one of the most crypto friendly governments in the world. I'm sure it won't be hard to find a qualified lawyer who can help you with your case.

[Cricktor]

Yes, I'm sure, I'm using the right wallet.

You're not very specific how you checked that your Electrum download was actually genuine and untampered. Let's assume the best and you did properly check the download file's signature by best practices and your wallet originated from https://www.electrum.org.

I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.

As o_e_l_e_o already pointed out a few errors that the OP did himself, I want to highlight another one which I didn't read in this thread so far. You put your hodl wallet as a hot wallet on an online computer and even worse a laptop with which you do your daily stuff and internet and download shit. This is insane in my opinion with a software wallet that holds a decent amount of coins.

I would've used a decent hardware wallet already for far less than the amount of stolen coins here.

[mbLI]

They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real.

You did the right thing by contacting kucoin's support and informing them about this incident. Now that the culprit's account has been frozen, all you have to do is to file a police report.
Dubai and the UAE is one of the most crypto friendly governments in the world. I'm sure it won't be hard to find a qualified lawyer who can help you with your case.

Will try to get the police report asap. But it seems that the account on KuCoin is already empty.

Do you think I will need a lawyer for this case? It is not possible just to report to the police to get things going?

Yes, I'm sure, I'm using the right wallet.

You're not very specific how you checked that your Electrum download was actually genuine and untampered. Let's assume the best and you did properly check the download file's signature by best practices and your wallet originated from https://www.electrum.org.

I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.

As o_e_l_e_o already pointed out a few errors that the OP did himself, I want to highlight another one which I didn't read in this thread so far. You put your hodl wallet as a hot wallet on an online computer and even worse a laptop with which you do your daily stuff and internet and download shit. This is insane in my opinion with a software wallet that holds a decent amount of coins.

I would've used a decent hardware wallet already for far less than the amount of stolen coins here.

I downloaded it from Electrum web-site directly and it did work good for one year.

I agree, that was not very smart from my side, but I based on the information that was in my head at that moment, I thought it is impossbile to get this from my laptop. Now I know.

[hosseinimr93]

If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:

As displayed in the image, the hacker split the stolen funds between five addresses and then sent them separately to four different deposit addresses.

I used to use Kucoin. I used their service until they made KYC compulsory. If nothing has changed, they don't generate new deposit addresses and users have to reuse the same deposit address.
Maybe, the hacker had mutliple accounts on Kucoin and if that's the case, the hacker must have used four different documents.

[o_e_l_e_o]

In what way(s) is it risky to store large amounts of BTC in an Electrum wallet?

It's not Electrum itself that is unsafe per se, but rather any device which is connected to the internet. Electrum can be used as a cold wallet on a permanently airgapped machine, in which case it is very safe indeed. But using Electrum as a hot wallet will always bring risks, as will using any software on an internet connected device.

Obviously one way is the malware seedcrawler you mentioned, but how in the hell does one get infected with such a thing?

You can never be 100% sure that every piece of software you install, every file you download, every website you visit, etc., are 100% clean and free from malware. And you can never be 100% sure that your computer is 100% impenetrable to attacks. Indeed, it seems OP downloaded some software which contained the malware:

I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.

I downloaded it from Electrum web-site directly and it did work good for one year.

Note that downloading from (what you think is) the official Electrum website is insufficient - you must also verify your download prior to installation.

[FatFork]

If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:

As displayed in the image, the hacker split the stolen funds between five addresses and then sent them separately to four different deposit addresses.

I used to use Kucoin. I used their service until they made KYC compulsory. If nothing has changed, they don't generate new deposit addresses and users have to reuse the same deposit address.
Maybe, the hacker had mutliple accounts on Kucoin and if that's the case, the hacker must have used four different documents.

Good point - KuCoin doesn't let you make new deposit addresses.  So the hacker must've used a bunch of accounts to "launder" the stolen coins. They probably faked the KYC info for those accounts too and I really doubt they'd be stupid enough to send hacked coins to a KYC exchange tied to their real name and info!

[mbLI]

If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:

As displayed in the image, the hacker split the stolen funds between five addresses and then sent them separately to four different deposit addresses.

I used to use Kucoin. I used their service until they made KYC compulsory. If nothing has changed, they don't generate new deposit addresses and users have to reuse the same deposit address.
Maybe, the hacker had mutliple accounts on Kucoin and if that's the case, the hacker must have used four different documents.

Good point - KuCoin doesn't let you make new deposit addresses.  So the hacker must've used a bunch of accounts to "launder" the stolen coins. They probably faked the KYC info for those accounts too and I really doubt they'd be stupid enough to send hacked coins to a KYC exchange tied to their real name and info!

But is the last blochain transaction is made in KuCoin this means he withdrwn in fiat? In this case it might be possible to trace him - depends on the jurisdiction he is in?

[nc50lc]

-snip-
But is the last blochain transaction is made in KuCoin this means he withdrwn in fiat? In this case it might be possible to trace him - depends on the jurisdiction he is in?

That's only possible if the hacker isn't good at his trade.

Most notorious ones use any leaked credentials to pass KYC on centralized exchanges.
For withdrawal, they don't usually go for fiat, but rather withdraw anonymous altcoins like Monero which they can then transact without being traced.

Your chance is to flag it to KuCoin as soon as possible before the hacker withdraw your funds.
(they only do that if you have substantial evidence and backing from authorities though)

[mbLI]

-snip-
But is the last blochain transaction is made in KuCoin this means he withdrwn in fiat? In this case it might be possible to trace him - depends on the jurisdiction he is in?

That's only possible if the hacker isn't good at his trade.

Most notorious ones use any leaked credentials to pass KYC on centralized exchanges.
For withdrawal, they don't usually go for fiat, but rather withdraw anonymous altcoins like Monero which they can then transact without being traced.

Your chance is to flag it to KuCoin as soon as possible before the hacker withdraw your funds.
(they only do that if you have substantial evidence and backing from authorities though)

If they withdraw in altcoins like you say - there is completely on chance to trace it further, right?
Most likely he did it. And most likely KuCoin account is empty - KuCoin didn't tell me this directly, but I understood this from our conversation.

I'm trying to get the form from Dubai police. The first offcier from the cybercrime departent I met refused to open the case since it is on the Internet and out of UAE jurisdiction. Which is kinda nonsense. I'm tryong to push this another way.

[Wapfika]

If they withdraw in altcoins like you say - there is completely on chance to trace it further, right?
Most likely he did it. And most likely KuCoin account is empty - KuCoin didn't tell me this directly, but I understood this from our conversation.

Yes you can track it further when the hacker withdraws it on a non privacy token but you will still need Kucoin helps to track it since Kucoin use multiple hot wallets which means internal transactions within exchange can’t be determined if you re just using blockchain records. So his Bitcoin will still remain on his exchange wallet address while he can get altcoins on different address without blockchain record of exchange.

Your best chance to caught this hacker is by freezing his asset on a centralized service such as exchange instead of tracking him more on altcoins.


You will be lucky if the hacker sent your Bitcoin directly on exchange address because you can prove ownership by signing message on your Bitcoin address.

[nc50lc]

-snip-

If they withdraw in altcoins like you say - there is completely on chance to trace it further, right?
Most likely he did it. And most likely KuCoin account is empty - KuCoin didn't tell me this directly, but I understood this from our conversation.

If it's something like Monero (or any "privacy coin"), I'd say yes.
That coin is designed to be anonymous so tracing it would be difficult compared to Bitcoin transactions.
It's not totally untraceable though as there are techniques that can be applied, but generally, that specific coin is untraceable if the user is wary of the privacy practices himself.

There are companies that's good at it and even won the bounty for tracing Monero/lightning transactions (didn't specified which one they're paid for)
More information here: https://www.reddit.com/r/Monero/comments/z9j62d/the_irs_bounty_the_full_story/

I'm trying to get the form from Dubai police. The first offcier from the cybercrime departent I met refused to open the case since it is on the Internet and out of UAE jurisdiction. Which is kinda nonsense. I'm tryong to push this another way.

That would be a problem since those exchanges typically wouldn't cooperate and wont even provide minimal information without it.

[mbLI]

The password fpr the wallet was only in my memory.

If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself.

I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum.

Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC?

Absolutely! It's indeed possible to trace blockchain transactions and follow the trail of money. While I'm no blockchain expert, I gave it a shot and attempted to trace the blockchain records of your transaction. If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:

https://talkimg.com/images/2023/10/08/RAfpI.jpeg

The address bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz is associated with the hot wallet of the KuCoin exchange, as documented on their website:
https://www.kucoin.com/blog/transparency-and-trust-a-detailed-list-of-kucoin-s-wallets

If I were in your shoes, I'd take this information, get a lawyer who knows about crypto and online scams. Then, I'd proceed to file a criminal complaint with the local authorities for online crimes. If you act quickly, you can request KuCoin to freeze both the suspected account and the funds linked to the criminal activity.

Can you please help me to get the same chain of transactions that you show here?

When I open this theft transaction ID and open the next transactions, I get to the KuCoin hot wallet - the same as you did, right.
https://talkimg.com/images/2023/10/10/RmZBG.png

But I can't get all tre previous incoming transcations which lead eventually back to the hacker's first wallet:
https://talkimg.com/images/2023/10/10/RmCXD.png

If I open incoming transactions for the final KuCoin hot wallet - they show 72 incoming.
https://talkimg.com/images/2023/10/10/RmQzf.png

Can you tell me please how you got all the chains from this starting point to the final one?
https://talkimg.com/images/2023/10/10/RmGhZ.png

[The Sceptical Chymist]

Any online device is always prone to hacking. OP's device was probably infected with a malware and how exactly the malware could gain access to OP's keys is known only by the hacker.
If you want to be completely secure, you should create your wallet using a safe tool on an air-gapped device and your keys should never connect to the internet. Otherwise, there's always the chance of getting hacked.

I did know all of what you wrote before I posted my question--I guess I'm just wondering how big a risk it is to use Electrum as a storage wallet if you don't visit weird sites and don't download fishy things.  It baffles me how computers get infected with malware so bad that they can steal coins from your wallet, particularly because pretty much everyone has anti-malware software of some kind.  And I know this isn't the thread to start a conversation about that.

Ok, spoke to KuCoin support. The address which you pointed out is general KuCoin wallet. The one before it - is personal KuCoin wallet and it is verified - meaning it went through KYC. They won't give any further info without official document from the police. The account is frozen already, meaning someone reported before me.

They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real.

OP, best of luck to you.  From what I've seen on this forum with hacks like what you're describing, there's rarely a good outcome (or the person doesn't bother to update the community).  You've got a lot of money on the line here, so I hope you get the fuckers who stole from you.  I'm sending positive vibes in your direction.

[hosseinimr93]

Can you tell me please how you got all the chains from this starting point to the final one?

Click on the address. After that, a new window will pop up at right side of the page.


https://lite.crystalblockchain.com/

You should check the transactions you want to be displayed in the visual one by one. Take note that you will need to play around with the "Date " and/or "Debit/Credit, BTC" to find all transactions you are looking for.

[mbLI]

Can you tell me please how you got all the chains from this starting point to the final one?

Click on the address and a new window will pop up at right side of the page.

https://www.talkimg.com/images/2023/10/10/RmFBo.jpeg
https://lite.crystalblockchain.com/

You should check the transactions you want to be displayed in the visual one by one. Take note that you will need to play around with the "Date " and/or "Debit/Credit, BTC" to find all transactions you are looking for.

https://www.talkimg.com/images/2023/10/10/RmEdT.jpeg

Thanks. It only shows 5, that's why I didn't see all. The date range helps to filter.

[albert0bsd]

OP what kind of information are you looking for, if you want i can help with some analysis of the transactions but TBH i doubt that there is something useful there.

[mbLI]

OP what kind of information are you looking for, if you want i can help with some analysis of the transactions but TBH i doubt that there is something useful there.

To be honest - I don't know. Any kind of information that might help me to get my bitcoins back.
At the moment I'm working on getting this official report from the police and provide it to KuCoin. I don't see anything else. But a crypto specialist might be able to find something elese in these transactions.