BTC funds dissapeared from my Electrum Wallet

[Abdussamad]

So we get back to the seed phrase... How that happened, it's still a mistery. I mean I'm more frustrated right now that I have no clue how it happened rather that I have lost all the funds...

I can imagine how frustrating this is for you, but did you back up your seed phrase on paper? There are people who back up their seed phrase on paper and store it in locations around their house, only for the seed phrase to be exposed somehow and the funds stolen, is this something that can possibly be put into consideration as one of the ways your funds stolen.

he says he stored the seed words in a text file on his server. one should never store the seed like that.

[bms8197]

I know it might sound foolish but I believe that I might have been in this scenario:

If you've used the "sweep" functionality in Electrum to import private keys, it's important to understand that this process typically involves transferring the funds from the imported address to a new address controlled by the wallet. This means that after sweeping the private keys, the funds associated with those keys are no longer stored at the original address but have been moved to a new address within your Electrum wallet.

So if I have the seed and the private keys but I'm still unable to see the funds, what I'm supposed to do?

After a lot of digging, I discovered that the transaction was made at 18:42 (while I was home). And since there's no history of nothing I remember I have imported some private keys and I might have used Sweep. I don't know this for a fact but I'm trying to figure out if I have indeed used sweep and why I'm unable to see the funds.

So assuming I have used the sweep functionality is there anyway to figure out why the funds are not visible? I was reading somewhere that doing a new sweep (even if there's a new fee) might help.

I know that it sounds like I'm losing it but I've been thinking and I believe it is worth trying. I have nothing to lose, I've already considered the funds gone or stolen.

Also I read that my funds might be in a change address. I'm not sure how to check that if that's the case.

[hosseinimr93]

After a lot of digging, I discovered that the transaction was made at 18:42 (while I was home). And since there's no history of nothing I remember I have imported some private keys and I might have used Sweep.

You can't sweep a seed phrase. You can only a sweep private keys. Do you remember exporting any of private keys from your wallet?
If you swept your private key, the fund should have moved to a new wallet and it's normal that it's not displayed in the original wallet.

[bms8197]

I believe I have swept the private keys somehow. Wasn't I supposed to use the original wallet keys of the actual wallet from which I have initiated the sweep?

So basically if I remember right this might be a very possible scenario.

I had the funds in some wallet -> transferred to this new wallet which was created from scratch. Then I have saved the seed somewhere. Then I believe I have use the SWEEP on this wallet and pasted some private keys. I'm not sure which private keys or how did I do it. So what can I do in this situation?

This is starting to make sense now...

And yes I believe I have exported those keys. That being said how can I access that wallet where the funds went after sweeping private keys?

[hosseinimr93]

I believe I have swept the private keys somehow. Wasn't I supposed to use the original wallet keys of the actual wallet from which I have initiated the sweep?

For sweeping, you need the private key. If you do so, you have surely exported the private keys from the original wallet.

I had the funds in some wallet -> transferred to this new wallet which was created from scratch. Then I have saved the seed somewhere. Then I believe I have use the SWEEP on this wallet and pasted some private keys. I'm not sure which private keys or how did I do it. So what can I do in this situation?

If that's the case, now you need the seed phrase of the new wallet (the one in which you swept your private key) it its file to access the fund.

And yes I believe I have exported those keys. That being said how can I access that wallet where the funds went after sweeping private keys?

See if you can find the new wallet file.

[bms8197]

Well I'm not quite sure I do understand.

The way I see it. I have opened the wallet containing the funds. Exported the private keys. Then probably by mistake I have used the sweep private keys (on the exact same wallet which had the funds). I don't think I've created a new wallet nor do I remember having any seed. I assume in order to sweep I was supposed to use the private keys for the current wallet (the one which had the funds right?).

I can't find any wallet file. When you export the private keys, there's a long list of keys. I saw that you can import the wallet using only private key. Does it make any difference if you use all the private keys or only one of them? I can't remember if doing that sweep I have used a specific key or all of them...

[hosseinimr93]

The way I see it. I have opened the wallet containing the funds. Exported the private keys. Then probably by mistake I have used the sweep private keys (on the exact same wallet which had the funds). I don't think I've created a new wallet nor do I remember having any seed.

If you sweep the private key(s) into the same wallet, the fund should be sent back to the same wallet. Since the fund has been moved from your wallet, that doesn't seem to be the case.

I can't find any wallet file.

Did you check the default directory?
Where is the Electrum datadir located?

When you export the private keys, there's a long list of keys. I saw that you can import the wallet using only private key. Does it make any difference if you use all the private keys or only one of them? I can't remember if doing that sweep I have used a specific key or all of them...

There is no difference.
You can import/sweep any number of private keys.

[flatfly]

I believe I have swept the private keys somehow. Wasn't I supposed to use the original wallet keys of the actual wallet from which I have initiated the sweep?

So basically if I remember right this might be a very possible scenario.

I had the funds in some wallet -> transferred to this new wallet which was created from scratch. Then I have saved the seed somewhere. Then I believe I have use the SWEEP on this wallet and pasted some private keys. I'm not sure which private keys or how did I do it. So what can I do in this situation?

This is starting to make sense now...

And yes I believe I have exported those keys. That being said how can I access that wallet where the funds went after sweeping private keys?

You say you "have saved the seed somewhere".

So can you just try this: file -> new/restore -> standard wallet -> i already have a seed -> type your seed

[Cricktor]

I can't stress it often enough. DO NOT copy/paste mnemonic recovery words on an online digital device where multiple applications could've access to clipboard. Even worse, where you have an app installed that retains a clipboard history. THAT is bad crypto wallet security.

Try as hard as possible to avoid digital storage and transfer of your mnemonic recovery words. You should know why.

Another recommendation is to always carefully document when, for what purpose and derivation path you create a new wallet. Add this documentation to the offline saved mnemonic recovery details of your wallet. You should also better not delete any recovery details of any wallet you've created. You never know when you may need them again.


Now to OP's mystery case. Electrum wallets are HD wallets, ie. all present and future keys in that wallet are predetermined by the hierachical determinism process of key derivation used by the wallet. (Same applies to standard BIP-39 HD wallets).
Therefore you can't add foreign private keys to a HD wallet where the foreign private keys don't belong to the HD wallet. You therefore can only sweep coins controlled by foreign private keys to addresses of your HD wallet. Sweeping here means you create a transaction that moves all UTXOs controlled by the source ("imported" foreign) private key to an address of your Electrum wallet (you don't actually import the foreign private key as this is not possible because you can't recreate this foreign private key from your wallet's mnemonic recovery words).

The reason why Electrum wallet only offers to sweep foreign private keys instead of adding them to the wallet file is simple: derivation path, optional mnemonic passphrase and mnemonic recovery words is all is needed to recover a wallet, but this recovery process couldn't cover and take care of imported foreign private keys and derived public keys and public addresses from them. Therefore foreign keys can only be swept / emptied into a wallet.

IF OP swept the UTXO of 0.08284172BTC of address bc1q99qq2awpvu72mrs7gng84dkzyxcxk3q5gfwkx8 to address bc1q5chaqcn56sk2fq29z3cl37n5pfzhh06e2gx5uz which is part of any of his at the time of swept used wallets, then OP should better know which wallet that was. If OP thinks he did the sweep himself, then I'm a bit puzzled he doesn't seem to know in which wallet that actually happened. As the swept coins are confirmed, they would certainly add to the balance of the used wallet (unless wallet balance sync with connected Electrum server(s) is screwed). But who am I to judge...

There is of course an attack vector possible: some malicious malware that exchanges bitcoin addresses that show up in the clipboard.


I have various other recommendation to bore you with and which are not easy to accept:

• better not use your daily "computer and online shit" device for your crypto wallet stuff
• while MacOS is likely a safer choice than Windows, apps from the fenced fallen fruit garden store are not guaranteed to be safe (I'm aware that on MacOS you're not limited to Apple's app store; my intend isn't to bash Apple here)
  
• cloud storage is likely never safe in the context of crypto coin wallets