Help with compromised Electrum wallet. I need a fast answer

[CryptForce1]

I used Electrum with my notebook but now I got a reason to believe my wallet was compromised since I got a trojan. I was immediately sending my funds to a new wallet on a new device. I will now buy a hardware wallet to send the funds to the hardware wallet just in case this happens again but for now the story is not over.

I sold some items in person to a friend and he send me the money in Bitcoin at a time when I did not notice my wallet have may been compromised. The transaction is arround a few thousand dollars but this is a low fee transaction so I have a little bit of time to find a fast solution.

The Bitcoin he was sending me goes straight to my compromised wallet and as the Blockchain explorer expects it arrives at a time where I am at work.

Is there a bot, a script, a service or a wallet I can put my private key into which will scan my wallet until the transaction arrives to send it to my new wallet?

I appreciate any help

[Zaguru12]

You can simply just tell the friend to do a RBF to another address of a different wallet for you. As long as it is not confirmed yet it will definitely work out. The reason why I suggest this is because there are malwares on wallets that do not allow you to even have seconds of spending your bitcoin from that wallet and as such it is better not let the coins even get to it.

The other way could be using the CPFP method were you spend the incoming coins info another wallet address

[CryptForce1]

You can simply just tell the friend to do a RBF to another address of a different wallet for you. As long as it is not confirmed yet it will definitely work out.

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

[serjent05]

You can simply just tell the friend to do a RBF to another address of a different wallet for you. As long as it is not confirmed yet it will definitely work out.

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

Have you tried the other option Zaguru12 told you?  By using CPFP you are spending an unconfirmed transaction and sending it to your safe wallet address.  I believe this can be done even if the sending wallet RBF is disabled.

If the stuck transaction has RBF disabled, then you might be able to accelerate by creating a CPFP transaction. To learn more about CPFP, visit: What is a Child-Pays-For-Parent (CPFP) transaction?

I think it is worth a try, but be cautious and check the receiving address carefully to see if it is correct before executing the CPFP.

[Zaguru12]

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

If the wallet doesn’t supports RBF then I will suggest he imports the same wallet Private key into another wallet like electrum. For clarification, a non-RBF transactions can never be turned into a RBF transaction but with the most nodes now set on Full RBF then there is a chance that if he double spends the transaction it will work. The Nodes which have settings on full RBF should get the old transaction replaced with the new one. I am not so sure but I think it might work out.

But if it is not a malware that sweeps transaction immediately then CPFP should work

[BitMaxz]

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

That's pretty bad if your friend is using an exchange wallet or custodial wallet if you don't have full control of this wallet you can't do anything but to wait for the transaction to be confirmed and react right away from your old wallet to send it to your new wallet.

Do you have a backup seed of your old Electrum wallet? Why not import it to a new device that you know is safe from viruses and then while the transaction is not confirmed you can make a transaction or do CPFP and send it directly to your new wallet.

and I think you can also make a double spend on coinb.in just to cancel your friend's transaction but this is a bit hard you need two devices offline for signing and online for editing and broadcasting the transaction.

[CryptForce1]

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

If the wallet doesn’t supports RBF then I will suggest he imports the same wallet Private key into another wallet like electrum. For clarification, a non-RBF transactions can never be turned into a RBF transaction but with the most nodes now set on Full RBF then there is a chance that if he double spends the transaction it will work. The Nodes which have settings on full RBF should get the old transaction replaced with the new one. I am not so sure but I think it might work out.

But if it is not a malware that sweeps transaction immediately then CPFP should work

That‘s the problem. He was not using a self controlled wallet like I do. I don‘t think he can request the key.

[CryptForce1]

We looked it up but the transaction is not marked as RBF on the blockchain explorer. His wallet does not support RBF and it is not a RBF transaction. Is there a solution he can fix that afterwards?

I do not think that it is a very professionell malware since I was able to recover my previous funds from my compromised wallet also.

That's pretty bad if your friend is using an exchange wallet or custodial wallet if you don't have full control of this wallet you can't do anything but to wait for the transaction to be confirmed and react right away from your old wallet to send it to your new wallet.

Do you have a backup seed of your old Electrum wallet? Why not import it to a new device that you know is safe from viruses and then while the transaction is not confirmed you can make a transaction or do CPFP and send it directly to your new wallet.

and I think you can also make a double spend on coinb.in just to cancel your friend's transaction but this is a bit hard you need two devices offline for signing and online for editing and broadcasting the transaction.

I have the seed but I had to unlock the wallet with internet connection when I noticed the trojan. I withdrawed my previous funds to a new wallet on a new device. The trojan could have my password and my wallet file.

[Nwada001]

That‘s the problem. He was not using a self controlled wallet like I do. I don‘t think he can request the key.

He can't request the key because there is no key; the exchange can't even provide it to him, the reason being that each account address is not associated with a private key. I'm talking about the address the exchange provides, and many others address that belong to other users using the same exchange might be controlled by one private key.

[Stalker22]

I have the seed but I had to unlock the wallet with internet connection when I noticed the trojan. I withdrawed my previous funds to a new wallet on a new device. The trojan could have my password and my wallet file.

But you still dont know for sure, right? Your wallet might not have been compromised at all?

Heres an option: try sending a smaller amount to your wallet with a higher fee to expedite confirmation. Its a calculated risk, but it would provide the funds you need within your wallet to perform a CPFP transaction. Remember, CPFP allows you to spend funds even from an unconfirmed incoming transaction, so this would cover the fees for both

[BitMaxz]

I have the seed but I had to unlock the wallet with internet connection when I noticed the trojan. I withdrawed my previous funds to a new wallet on a new device. The trojan could have my password and my wallet file.

Since you withdrew your funds from your old wallet successfully maybe it is just your instinct that tells you your wallet is compromised.

Try CPFP like other suggestions above but I would suggest disconnect the compromised PC from the internet and make offline transactions from the device that you know is clean and signing it using your old wallet offline and broadcast it to your online device or copy the raw/hex codes and paste it to any pushtx sites from the following link below

- https://en.bitcoin.it/wiki/Transaction_broadcasting

You can also use your phone so that you can easily scan the QR code of the signed transaction from your old wallet.

[hd49728]

I used Electrum with my notebook but now I got a reason to believe my wallet was compromised since I got a trojan.

You need to check things you need for backups on your notebook. After finish with backup, it's time for you to clean up your notebook, install the OS on it.

I sold some items in person to a friend and he send me the money in Bitcoin at a time when I did not notice my wallet have may been compromised. The transaction is arround a few thousand dollars but this is a low fee transaction so I have a little bit of time to find a fast solution.

If the trade of you and your friend, is in few thousands of dollar, you need to get a confirmation to finish the trade so low transaction fee is not good. It can be reason for scam with double spend.

The Bitcoin he was sending me goes straight to my compromised wallet and as the Blockchain explorer expects it arrives at a time where I am at work.

It can be confirmed anytime, depends on mempools and Bitcoin miners. Low fee rate transactions in mempools will have to wait longer than higher fee rate transactions but if mempools suddenly drop, you will see your transaction is confirmed faster than estimated time.

My transaction has been unconfirmed for a long time. What can I do?
You can ask your friend to cancel it, double spend it.

Cancel the transaction. This is only possible for “replaceable” transactions. Electrum creates replaceable transactions by default, except for lightning channel open/close transactions. Transactions that are replaceable have “Replace by fee: True” in the transaction details screen. To cancel a replaceable transaction right click on its entry on the history tab and choose “Cancel (double-spend)”. Set an appropriate fee and click on “OK”. A window will popup with the unsigned transaction. Click on “Sign” and then “Broadcast”.

[MinMan]

That‘s the problem. He was not using a self controlled wallet like I do. I don‘t think he can request the key.

He can't request the key because there is no key; the exchange can't even provide it to him, the reason being that each account address is not associated with a private key. I'm talking about the address the exchange provides, and many others address that belong to other users using the same exchange might be controlled by one private key.

But he already said that he have the seed phrases, so this only means that he is using a non-custodial wallet. I think crypto exchanges or the wallets that they are using are also non-custodial, so they also have its keys and as well as the keys for each users wallet/address. And I think it is possible to request it to them if it's really needed.

I have the seed but I had to unlock the wallet with internet connection when I noticed the trojan. I withdrawed my previous funds to a new wallet on a new device. The trojan could have my password and my wallet file.

Unlocking the wallet without an internet connection is also possible and it is more safer to do offline transactions than the online ones. I think this is possible but most of the times we need an internet connection to access all of the features of a crypto wallet. I think what you did there is right. We need to migrate to a new wallet as much as possible if we think our wallet is compromised. Also we need to use a new device, if we don't have a knowledge to reformat the previous device that we have used.

Since you withdrew your funds from your old wallet successfully maybe it is just your instinct that tells you your wallet is compromised.

He said it was previous funds that he withdraw, so there might still be new funds that are currently being compromised by the virus. Even if let say it was only his instincts, I think that was still great and it only shows that he is very aware about what is happening around and he can take immediate actions before the problem gets worse just in case there is. He is also doing the practice of the saying prevention is better than cure.

[cryptocoupons]

for automated solutions you can use electrum wallet scripts