bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 08:16:24 AM |
|
So I had an old electrum wallet with some funds in it. I have recently created a new electrum wallet on my iMac running MacOS Sonoma. The Electrum wallet was downloaded from their official website, I have double checked that. On 7th of March I have transferred those funds in this new wallet, address: bc1q99qq2awpvu72mrs7gng84dkzyxcxk3q5gfwkx8
Then the funds were transferred mysteriously on 9th of March, to an address I do know nor does it belong to me. The address is: bc1q5chaqcn56sk2fq29z3cl37n5pfzhh06e2gx5uz and the tx id is: 85918ae49e2e40ee1ec481be089bebf929f7769c4247e03c8856140df3c2f0d6
My computer is protected by a password and I'm the only one knowing the password. Also the wallet file was protected by a password and again nobody knows that password. I'm using ESET antivirus on my computer with real time scanning. So on the 9th of March, at 20:42 the transaction was initiated and my funds were transferred. I was not at home at that time, the wallet was closed. I have not shared with anyone that wallet nor did I use the wallet address on any website.
I know that probably the funds are lost for good, I'm just trying to find a reasonable explanation for this.
Any help is kindly appreciated. If any of you has any way of recovering those funds, I'm ready to split the 50/50 the entire amount (which was around 6K USD).
|
|
|
|
OmegaStarScream
Staff
Legendary
Offline
Activity: 3696
Merit: 6539
|
|
March 15, 2024, 08:19:09 AM |
|
It doesn't seem like the funds have moved anywhere else either. How about your seed? do you have it physically stored somewhere safe? or is it on some online cloud storage)? If the latter, then that could be an issue.
|
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1764
Merit: 5259
Leading Crypto Sports Betting & Casino Platform
|
|
March 15, 2024, 08:52:37 AM |
|
In addition to what OmegaStarScream posted already
This is one of the reasons I use passphrase to extend my seed phrase in a way my coins can not just be easily stolen also through offline attack. Hope your seed phrase is not compromised offline where you store the backup?
Also you do not have to believe in antivirus. Avoid malware instead. Probably malware can cause it.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2618
Merit: 5743
|
|
March 15, 2024, 08:53:29 AM |
|
If you didn't make that transaction, either someone had access to your seed phrase or your wallet was hacked. Take note that any online device is prone to hacking and it's possible that your device is infected with a malware.
Don't use your device for receiving any fund anymore until you format your hard drive and reinstall your operating system.
|
|
|
|
bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 08:59:32 AM |
|
It doesn't seem like the funds have moved anywhere else either. How about your seed? do you have it physically stored somewhere safe? or is it on some online cloud storage)? If the latter, then that could be an issue.
The seed is saved on a text file, on a linux virtual machine which runs on a server which is at my home. I'm the only one who has access to that server. I do have notifications when someone tries to connect via SSH to the server no matter from where. I'm using that server for years and never something like his happened. This is really really weird. I do not store stuff like this in the cloud. The seed is saved on an encrypted partition using BestCrypt. I'm using this type of partition for the last 5-6 years or more. The only way I see here is that somehow there's some sort of malware on my iMac or some clipboard copier or whatever but I can't figure out how to check that
|
|
|
|
promise444c5
Sr. Member
Offline
Activity: 504
Merit: 307
Learning never stops!
|
|
March 15, 2024, 09:07:37 AM |
|
~
The reasonable explanation to this is that your seed phrase or its backup had been compromised or your computer is completely compromised . You need to be careful on how you allow people to access your computer
|
|
██ ██ ██████ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ██████ ██ ██ | ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | ██████████████ THE #1 SOLANA CASINO
██████████████ | ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | [ [ | 5,000+ GAMES INSTANT WITHDRAWALS | ][ ][ | HUGE REWARDS VIP PROGRAM | ] ] | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████████████████████████████████████████████████ PLAY NOW ████████████████████████████████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ |
|
|
|
bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 09:32:35 AM |
|
Is there any way to figure out where that the receiving BTC address was created? As in which wallet? country maybe. Just curious...
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3612
Merit: 5279
https://merel.mobi => buy facemasks with BTC/LTC
|
|
March 15, 2024, 09:50:08 AM Last edit: March 15, 2024, 10:10:37 AM by mocacinno |
|
Is there any way to figure out where that the receiving BTC address was created? As in which wallet? country maybe. Just curious...
not really.... Unless the person that generated said adress used a custodial web wallet (or exchange) and didn't use a vpn or tor... You don't have to register addresses, you can generate addresses 100% offline if you want to, and the address will only be known if somebody funds it. EDIT: just wanted to add that even IF the person generating the address used a custodial wallet, YOU still don't know anything about him/her... But the owner of the custodial service does know a little bit about him/her, especially if KYC info was given or if no vpn/tor was used... But you don't even know if the user used a custodial wallet to begin with.
|
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2618
Merit: 5743
|
|
March 15, 2024, 09:50:50 AM |
|
Is there any way to figure out where that the receiving BTC address was created?
No. The only information we have about that address is that it was first used on March 9, it has received only 1 transaction and there is no outgoing transaction made from that. Nothing more. In the case the fund which was stolen from you is sent to a custodial service like an exchange in the future, it may be possible to know which exchange the fund has been sent to.
|
|
|
|
FatFork
Legendary
Offline
Activity: 1806
Merit: 2698
Crypto Swap Exchange
|
|
March 15, 2024, 10:15:46 AM |
|
Is there any way to figure out where that the receiving BTC address was created? As in which wallet? country maybe. Just curious...
Unfortunately, that's close to impossible. That address has only been used once so far, to receive coins, so there are no blockchain traces that could lead to any information about the owner. Note that wallets (and addresses) can be created completely offline and the blockchain does not save any information of them, unless you make a transaction. So all you can do now is track where the coins will end up next.
|
|
|
|
lovesmayfamilis
Legendary
Offline
Activity: 2310
Merit: 4565
✿♥‿♥✿
|
|
March 15, 2024, 02:13:40 PM |
|
I'm using this type of partition for the last 5-6 years or more. The only way I see here is that somehow there's some sort of malware on my iMac or some clipboard copier or whatever but I can't figure out how to check that
Several years ago, there was a virus called ElectroRAT. If you say that you have been using a server on a virtual machine for several years, could a similar virus somehow hide in your system and wait for the right moment to connect to your crypto wallet? It’s just that all your actions show that you are careful when using the computer, but if there was remote access, your actions could be monitored by virus software. https://intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
|
|
|
|
Z-tight
Legendary
Offline
Activity: 1078
Merit: 1114
Wheel of Whales 🐳
|
|
March 15, 2024, 03:43:10 PM |
|
Any help is kindly appreciated. If any of you has any way of recovering those funds, I'm ready to split the 50/50 the entire amount (which was around 6K USD).
Sorry for your loss, and It is worth mentioning that if anyone contacts you privately that they can help recover your funds, do not believe them as the person is probably a scammer. There is actually no way to recover those funds and it may be best to take it as a lesson to store your funds offline, either in a hardware wallet or an airgapped wallet and add extra layers of security such as a passphrase or setting up a multisig wallet.
|
|
|
|
bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 06:17:52 PM |
|
I know they are lost for good. I still can't understand how it happened. I've already been contacted by someone pretending to be from PayBack-LTD. They provided a lot of explanations, some YouTube channels of their company etc. They want to pay $1500 upfront to recover my funds and 10% of the recovered amount. If nothing is recovered, then the $1500 paid is not refundable.
Sounds like a pretty good deal for them right?
I have scanned my computer with a ton of antivirus and anti-malware software, same my Linux server, and installed everything from ObjectiveSee as in malware monitoring tools. I have the firewall enabled on my iMac, the same goes for my Linux server. I've been working with Linux servers for years; no one ever hacked into any of my servers.
The curious thing is that the wallet is on my iMac, the seed phrase was saved on that Linux virtual machine on an encrypted partition (which unfortunately remained mounted). What's really curious: I generated the wallet on the 7th of March and got the funds in there. They were transferred/stolen almost 48 hours later. I haven't done anything unusual during this time, not installed any new software, nothing. So I would say that either my Linux server got hacked which I totally doubt or somehow someone was able to steal my iMac clipboard history (I have copied/pasted the seed phrase from iMac to Linux). So wallet was on one machine, and the seed was on a different machine. The wallet was protected with a password. I never save the passwords that I use for personal stuff and that I can remember in the clipboard nor do I copy/paste them. So I would say the seed was somehow stolen, used to recover the wallet, and transfer the funds.
What happened now, is unreal (not because it happened to me, I know a lot of people got scammed). Unreal because I'm not a noob when it comes to security. But I guess I was not careful enough! But it is what it is so I have to find a way to get over it.
|
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2618
Merit: 5743
|
|
March 15, 2024, 06:36:29 PM |
|
I know they are lost for good. I still can't understand how it happened. I've already been contacted by someone pretending to be from PayBack-LTD. They provided a lot of explanations, some YouTube channels of their company etc. They want to pay $1500 upfront to recover my funds and 10% of the recovered amount. If nothing is recovered, then the $1500 paid is not refundable.
They are scammers. Don't trust them, if you don't want to lose more money. Bitcoin transactions are irreversible and no one can recover your fund. So I would say the seed was somehow stolen, used to recover the wallet, and transfer the funds.
This is my guess too. Someone probably had access to your seed phrase and made that transaction manaully. If your wallet had been hacked, it wouldn't take 2 days to steal the fund.
|
|
|
|
bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 07:16:19 PM |
|
So I would say the seed was somehow stolen, used to recover the wallet, and transfer the funds.
This is my guess too. Someone probably had access to your seed phrase and made that transaction manually. If your wallet had been hacked, it wouldn't take 2 days to steal the funds. --- It's not clear to me how the wallet has been hacked. Someone generated wallet private keys and then brute force passwords until he managed to find the right one? Can you elaborate a little more in regards to the hacked wallet? Let's assume my computer is somehow infected with a keylogger, any malware whatever. I'm using it daily with my bank account, Paypal, eToro whatever. I have emails, invoices, etc. It's really hard to believe that someone, even if it had access to my computer, waited and waited hoping that someday I'll have a BTC wallet on my computer and he can steal the seed phrase. I'm not saying it's not possible but... Is there any way that the time on the BTC transaction is wrong? (I mean at 20:42 I was not home). But it's that 20:42 my actual time?
|
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2618
Merit: 5743
|
|
March 15, 2024, 07:22:10 PM Last edit: March 15, 2024, 09:07:49 PM by hosseinimr93 |
|
Well, it took 2 days, right? It's not clear to me how the wallet has been hacked.
What I said in my previous post was only a guess. We don't know what exactly happened. We don't know whether someone had access to your seed phrase or it was a hack. Someone generated wallet private keys and then brute force passwords until he managed to find the right one? Can you elaborate a little more in regards to the hacked wallet?
Your password encrypts your wallet file locally. Anyone who has access to your seed phrase or your private keys can steal the fund without any need to your password. The thief would need your password if he has access to your wallet file and don't have your seed phrase. Also note that brute forcing the seed phrase or private keys is impossible.
|
|
|
|
bms8197 (OP)
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 15, 2024, 07:29:18 PM |
|
I have never exported nor saved my wallet's private keys. I know that for a fact. Just to double-check, I have searched all my computer clipboard history (I have an app called ClipMenu that saves the last X entries or so). I have also checked the history commands on my MacOS, virtual machine, Linux server, and so on. Nothing.
So we get back to the seed phrase... How that happened, it's still a mistery. I mean I'm more frustrated right now that I have no clue how it happened rather that I have lost all the funds...
|
|
|
|
Z-tight
Legendary
Offline
Activity: 1078
Merit: 1114
Wheel of Whales 🐳
|
|
March 15, 2024, 08:58:19 PM |
|
So we get back to the seed phrase... How that happened, it's still a mistery. I mean I'm more frustrated right now that I have no clue how it happened rather that I have lost all the funds...
I can imagine how frustrating this is for you, but did you back up your seed phrase on paper? There are people who back up their seed phrase on paper and store it in locations around their house, only for the seed phrase to be exposed somehow and the funds stolen, is this something that can possibly be put into consideration as one of the ways your funds stolen.
|
|
|
|
khaled0111
Legendary
Offline
Activity: 2744
Merit: 3096
Top Crypto Casino
|
|
March 15, 2024, 09:09:42 PM |
|
Is there any way that the time on the BTC transaction is wrong? (I mean at 20:42 I was not home). But it's that 20:42 my actual time?
No one can tell for sure when the transaction was first broadcast. The time you see on blockexplorers is the block timestamp (when the block was mined) not the time when the transaction got broadcast. Blockchain.com says the transaction was first seen 30 minutes earlier which might be accurate given the fee rate that has been set which is more than enough for a fast confirmation at that time. The most likely scenario is that someone got access to your wallet seed and used it to restore the wallet and move the coins. Only you can figure out how this happened. Sorry for your loss!
|
|
|
|
Yamane_Keto
|
|
March 15, 2024, 11:28:29 PM |
|
your hacked bitcoins have not moved since March 9, so they were most likely sent to a wallet and not an exchange. When these coins are moved, you may have a chance to try to track them. Double-check that you have downloaded the correct wallet by verifying the signature. Search the ESET antivirus logs for any activity at that time or search the logs of your computer. If there is no activity, most likely your seeds have been discovered and it is best for you to consider creating a new wallet.
|
えいごをはなせますか。
|
|
|
|