I have been scammed.

[mrooo]

I have been scammed, when I tunred the virus off I got scammed, someone opened my electrum and made this transfere.

https://blockstream.info/tx/7c9892789ab0ad5bb0b54d1c7ce71a805a54e2a73d015e0dda8ef9239f1f7fbb

Please help me, is there something I can do about it ??

Sincerley

[OmegaStarScream]

The transaction already has 4 confirmations, so there's sadly nothing you can do to reverse the transaction.

Since you know it's a malware, make sure to clean your computer properly, and make a completely new wallet afterwards.

[Zaguru12]

I have been scammed, when I tunred the virus off I got scammed, someone opened my electrum and made this transfere.

https://blockstream.info/tx/7c9892789ab0ad5bb0b54d1c7ce71a805a54e2a73d015e0dda8ef9239f1f7fbb

Please help me, is there something I can do about it ??

Sincerley

Firstly sorry for your loss, hopefully you will recover from it.

The next thing is to look for solution to avoid future occurrence, i am a bit confused about your story is it that the transaction was done directly from your device (physical attack) or a through phishing attack or something like s malware on your device. If it is physical attack then you to be extra cautious of who get close to devices that holds your coin.

If it is malware I think you might need to total format your device as the malware would still be on it. If best look towards cold storage. If it is phishing attack then you need to take correction of sites you visit with such devices. Cold storage remains the best solution

[Alphakilo]

The transaction now has 6 confirmations. And like OmegaStarScream mentioned and it is not reversible. Sorry.

Here's what you can do in addition to the advice already given. Do change your password to a strong one and enable additional security measures like using hardware wallets since they have their own two-factor authentication feature. Furthermore do not beat yourself up, it is not the end of the world.

Take it as an opportunity to learn about cyber security practices in cryptocurrency. You could take an online course or two, read articles, YouTube is there to help too and this forum also is another great place to learn about it. Doing so will prevent it from reoccurring in the future.

[mrooo]

I have been scammed, when I tunred the virus off I got scammed, someone opened my electrum and made this transfere.

https://blockstream.info/tx/7c9892789ab0ad5bb0b54d1c7ce71a805a54e2a73d015e0dda8ef9239f1f7fbb

Please help me, is there something I can do about it ??

Sincerley

Firstly sorry for your loss, hopefully you will recover from it.

The next thing is to look for solution to avoid future occurrence, i am a bit confused about your story is it that the transaction was done directly from your device (physical attack) or a through phishing attack or something like s malware on your device. If it is physical attack then you to be extra cautious of who get close to devices that holds your coin.

If it is malware I think you might need to total format your device as the malware would still be on it. If best look towards cold storage. If it is phishing attack then you need to take correction of sites you visit with such devices. Cold storage remains the best solution

What programs to use for finding the malware?

What is cold storage ??

I should reinstall windows and format c:


Best regards

[hosseinimr93]

What is cold storage ??

It means that your private keys (or your seed phrase) should never connect to the internet.
To have a cold storage, you use a trustworthy wallet like electrum on an air-gapped device or go for a hardware wallet.

I should reinstall windows and format c:

Format your hard drive (not only drive C) and then reinstall your operating system.

[Hazink]

I should reinstall windows and format c:

Format your hard drive (not only drive C) and then reinstall your operating system.

And when installing the new OS, he should make sure to get a legal and licensed one from a direct dealer or straight from the company. There are a lot of pirated OS speculating on the software market, and most of them have this virus's design to only target crypto users.

[Z-tight]

Do change your password to a strong one and enable additional security measures like using hardware wallets since they have their own two-factor authentication feature.

Changing the password of a wallet that has already been compromised does not do anything, op should never use that wallet again. A hardware wallet is a good recommendation, however, if it is the 2fa feature you are looking for, you can get that in Electrum, though i prefer to set up a multisig wallet, than to create a 2fa wallet. Another option for extra security is to extend your seed phrase with a passphrase, so an attacker will require seed phrase + passphrase before they can get to your funds.

[mrooo]

I should reinstall windows and format c:

Format your hard drive (not only drive C) and then reinstall your operating system.

And when installing the new OS, he should make sure to get a legal and licensed one from a direct dealer or straight from the company. There are a lot of pirated OS speculating on the software market, and most of them have this virus's design to only target crypto users.

I have got acivated license.

[NotATether]

I have got acivated license.

What kind of programs did you have installed on your Windows computer?

Have you accidentally clicked on any suspicious links in your email recently?

Currently the most prevalent way people are losing their funds now is by downloading a malicious file from their email and opening it on their Windows computer.

[Lucius]

I have been scammed, when I tunred the virus off I got scammed, someone opened my electrum and made this transfere.
~snip~

I assume your antivirus warned you not to download some file, but you disabled it to do so and now you see how bad a move that was. Although AVs can sometimes have false detection, in most cases they protect you from malicious programs, which means that in the future do not disable your AV.

First you have to learn what risks are threatening you from the internet, and only then invest in Bitcoin again - otherwise, a cold or hardware wallet will not help you to prevent something similar from happening to you.

[Cricktor]

Where did you download your Electrum from?

You should only download it from site https://www.electrum.org, never skip to verify your download is genuine and has proper valid GPG signature. It's also better not to install your wallet on the computer where you do your daily internet shit. I recommend a Linux installation for crypto wallet stuff.

Did you store your recovery words of your Electrum wallet in digital form on an online device? Did you make a photo of your written backup of your recovery words?

Were you persuaded to enter your recovery words on any online website?

I'm just curious how your wallet got compromised and the details you provided so far leave a lot of room for speculation how you were actually scammed. It's interesting that the output of the transaction you presented is still unspent in address bc1qtckat8kjghl33lvm7m3ur2x23h5gqmyd2g7app.

[GxSTxV]

Well, I’m sorry for your loss and I believe that you are lucky for not having a big sum in your wallet, otherwise it would be a disaster for you. However, I could understand when you mentioned turning off a virus, so I assume you already knew that your pc is infected and you kept your funds inside electrum? The first thing you do when you know your computer is hacked, you move all your assets from the connected wallets to your computer, change your accounts password and change everything from wallets, accounts and try to not connect the computer to internet until someone experienced deletes the malware and cut it completely.
Unfortunately, the transaction can’t be reversed now, it’s only a valuable lesson to you, take my advice if you could, purchase a cold wallet, otherwise, use a computer that you don’t connect to internet, only for your wallet and never download programs from other non-official sources.

[BlackHatCoiner]

Forget licensed Windows. Load a Linux distro and use that to create a wallet. Tails comes with Electrum pre-installed. You'll probably never find out what was the malware, but this is Windows. You need antivirus and other crap that load in the background to, ultimately, get less protection than an open-source alternative.

What is weird is that your wallet was compromised the moment you turned off your antivirus. Was there a program running in the background, which was monitoring that all the time? We'll never know.

[Z-tight]

The first thing you do when you know your computer is hacked, you move all your assets from the connected wallets to your computer, change your accounts password and change everything from wallets, accounts and try to not connect the computer to internet until someone experienced deletes the malware and cut it completely.

If your wallet is compromised, then it is unlikely for you to still have any funds left there, since the hacker must have emptied the wallet. However, what do you mean when you say 'move funds from wallet to computer', i don't understand what you are talking about there.

If hackers manage to compromise your wallet, then you should never use that wallet again, and the solution is not about connecting your device to the internet again, you have to follow the instructions that have been shared in this topic and make sure your device is 'clean' before you start using it.

[user210822]

Total sum transferred closes to 0.004 BTC. Of course it's hard to loose even one Satoshi without a reason. But it is always better to be safe than sorry. Before initiating any transactions with crypto I've purchased hardwallet. All of them have decent support and educative sources. That may help a lot if studied thoroughly. Very strange thing to me was - your link which I couldn't follow with Error 403. Some problems with server? I could manage only by copying transaction hash and forwarding it to other service.

[Cricktor]

...

The link from OP to blockstream.info works fine for me.


I took a little closer look at the destination address bc1qtckat8kjghl33lvm7m3ur2x23h5gqmyd2g7app and am a bit surprised to see that it has been reused multiple times. Understandable if it's hard-coded in some malware, otherwise not so much. If I were a criminal, I would avoid address reuse as much as possible because it ties criminal actions too easily together.

Interesting are tx 5f547a778366dae8ad14cf8f9d200d5a40b82f6273ef65cbe067c91ccb72bae7 and especially tx 32d5010f9218e99a98e53046621597687c11c5650f83672413c8570e1a3a1f08 where the latter moves 0.29001678BTC to two outputs with address bc1qaxljza7lx9gp6k5ue4377uuty2fengfqmk2ydw receiving the majority of it.

The amount is then transfered to address 3LqMzezxzzS6zcxRsck3CB3CKFcsGJvcUs which is part of a wallet that has seen ~7million transactions attributed to it. Could be an exchange or mixer (I haven't looked any deeper).

[Lucius]

Forget licensed Windows. Load a Linux distro and use that to create a wallet. Tails comes with Electrum pre-installed. You'll probably never find out what was the malware, but this is Windows. You need antivirus and other crap that load in the background to, ultimately, get less protection than an open-source alternative.

I've been using it forever and with premium AV/firewall protection I've never had a problem with cryptocurrencies. Even if the OP used Linux, given that he is obviously involved in downloading pirated software and who knows what else, sooner or later he would have encountered some virus/malware that (albeit to a lesser extent) also exists for other OS.
 

What is weird is that your wallet was compromised the moment you turned off your antivirus. Was there a program running in the background, which was monitoring that all the time? We'll never know.

I already wrote that his AV probably stopped the download or installation of some malware, and the only way for the OP to start it was to turn off the AV. At that moment, he compromised his system, and it is easily possible that he is one of those who keeps his seed as a plain text document - which means that he served the hacker his coins on a silver platter.

[lovesmayfamilis]

Having a licensed Windows is of course good when compared with pirated versions, but we must understand that Linux will not save the OP if he uses the computer for all his interests. Disabling the virus looks like a naive act; why is it protected at all if the owner refuses it on his own? OP, even the coolest firewall and antivirus won’t help you until you understand that Windows is an open window for scammers. It’s even strange how you managed to get Bitcoin with such knowledge.

[BlackHatCoiner]

I've been using it forever and with premium AV/firewall protection I've never had a problem with cryptocurrencies.

It's possible to smoke cigarettes and still live to be 100 years old. That doesn't mean smoking cigarettes is harmless. There have been numerous studies[1][2][3] comparing security vulnerabilities between Linux with Windows, and it's almost certainly the case that Linux is more difficult to compromise. And it's reasonable. Linux is open-source, freely available for code scrutiny at any time, addresses vulnerabilities promptly and follows a privilege model that reduces the risk of malware executing unauthorized actions.

[1] https://www.researchgate.net/publication/366560877_Operating_Systems_Vulnerability_-_An_Examination_of_Windows_10_macOS_and_Ubuntu_from_2015_to_2021
[2] https://www.al-kindipublisher.com/index.php/jcsts/article/view/2763
[3] https://ijmirm.com/index.php/ijmirm/article/view/19