About a month ago, while researching BIP39 with Copilot, I was given an example of a BIP39 seed. I entered it into Electrum and saw that there were 2 transactions

in the change address: 172LHmTcW1VESuNtVtPKUdpQNPh2XURjar for 99 BTC. I didn't pay much attention to it, but today I opened Electrum and out of curiosity I

googled that address 172LHmTcW1VESuNtVtPKUdpQNPh2XURjar and found this post https://coinforum.de/topic/30100-einzahlung-auf-electrum-wurde-direkt-an-fremde-adresse-weitergeleitet/ where a user says they lost those 99 BTC.

What could have happened here?.

I suspect that the user might have had bad luck downloading compromised software, although this happens daily. I'm intrigued by why only this change address

was used that one time, and all the others have 0 transactions. It's overwhelming to think that someone with access to such a large amount of money was a victim of

this rare and little-known case.

What do you think could have happened here?.

You're overthinking it.
The owner is free to select which address that he will use as a paper wallet from his wallet's keys and address.
He might have selected a change address maybe because he's thinking that it's safer.

If it's not a paper wallet (unlike the author mentioned), it could be an RBF transaction that sent the BTC back to self.
e.g.: Electrum uses its change address as a recipient when using that feature, given the relatively high fee, he may have attempted to do it in Electrum but on a compromised client/machine.

Anyways, you'll only be receiving "educated guesses" without solid information about the case.
Is the seed phrase somehow peculiar?

Surely this is what happened to him: he downloaded compromised software and the hacker used CPFP through a bot. Because according to him, his sending wallet's funds remained intact, so the compromised one was the receiving wallet. I say it's compromised software because I don't think the user would use a seed suggested by an AI.


The seed itself isn't strange; what's strange is that Copilot used it as an example, citing https://everybithelps.io/bip39-wordlist/, but there's no indication of the seed on that page.

The thread opener ("TO") in coinforum.de topic refused to answer some questions that arose while the topic was "hot".

Some details were a bit vague, but to me it seems his Electrum wallet software was genuine, so no fake Electrum wallet used. "TO" stated that the compromised receiving address was part of an Electrum wallet he owned. No details were provided how this receiving Electrum wallet was created.

There was no RBF involved, the stealing transactions spent the unconfirmed output(s) of the destination Electrum wallet's address as a CPFP in the same block. It's obvious that the private key(s) of the destination address(es) is/are compromised and known to the thief.

How and why the destination wallet's private key(s) were compromised could not be determined. I can think of many stupid ways of how to compromise a wallet. Most of them gravitate around making digital backups or pictures of your mnemonic seed words, compromised devices and/or using extremely weak or bad entropy or even publicly known mnemonic seed words, how stupid is that!