BTC stolen from electrum wallet

[LAMarcellus]

If someone gives you a private key as a "prize" you should always sweep from it, not import it, because they control that address as well if your wallet ever happens to use it as a change address.

OP can you confirm whether this address is a deterministic one that Electrum gave you or is this an imported public address/private key pair?

cbeast thanks for the explanation!

[edgebits]

If someone gives you a private key as a "prize" you should always sweep from it, not import it, because they control that address as well if your wallet ever happens to use it as a change address.

OP can you confirm whether this address is a deterministic one that Electrum gave you or is this an imported public address/private key pair?

cbeast thanks for the explanation!

All the addresses I used were ones generated by electrum

[DigitalHermit]

Well, here is the report.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/04/2014
Scan Time: 9:17:54 PM
Logfile:
Administrator: Yes
...

Processes: 1
Trojan.MSIL, C:\Users\Damien\AppData\Roaming\Adobe\AdobeUpdate.exe, 2644, , [ba7479ac88f3df57e729af99629fc040]

It appears likely that you have a Trojan/Malware on your computer posing as AdobeUpdate.

http://www.virusradar.com/en/MSIL_BattleBot.A/description

This was very likely used by a remote intruder to take a copy of your wallet file(s) and to run a keylogger that captured your password.

[edgebits]

Well, here is the report.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/04/2014
Scan Time: 9:17:54 PM
Logfile:
Administrator: Yes
...

Processes: 1
Trojan.MSIL, C:\Users\Damien\AppData\Roaming\Adobe\AdobeUpdate.exe, 2644, , [ba7479ac88f3df57e729af99629fc040]

It appears likely that you have a Trojan/Malware on your computer posing as AdobeUpdate.

http://www.virusradar.com/en/MSIL_BattleBot.A/description

This was very likely used by a remote intruder to take a copy of your wallet file(s) and to run a keylogger that captured your password.

Well i deleted all the files that came up from the report, should I be safe now? And what so I do now for a new wallet? I don't really trust electrum but I guess it had nothing to do with it. Is it safe to make a new wallet with that program?

[dabura667]

Well i deleted all the files that came up from the report, should I be safe now? And what so I do now for a new wallet? I don't really trust electrum but I guess it had nothing to do with it. Is it safe to make a new wallet with that program?

Let me say this: Electrum is a free piece of software that is open source. You should only trust it as much as you trust a collective group of people on the internet (everyone using Electrum and vouching for it), OR your ability to understand python code.

I personally trust my ability to read/code in python, so I don't need to trust Thomas or anyone telling me "this is a good program." I can verify this by myself.


As for this incident. I hate to say it, but your computer was compromised, and currently there is no piece of software for wallet that can protect you from a computer with a trojan.

If you deleted all the files from the report, I would say "maybe" you're safe. A good hacker could make a new form of trojan not traceable by malware detection, and then put in a second "dumb" trojan so that you will scan for it, find it, delete it, then continue on normal feeling safe... but you're not.

The best thing to do is ALWAYS ASSUME YOUR COMPUTER IS COMPROMISED.

If you want to keep your coins safe, buy a USB memory stick with over 8 GB and install Ubuntu on it, and boot your Electrum from there.

http://pastebin.com/YhUj6fzt

[edgebits]

Well i deleted all the files that came up from the report, should I be safe now? And what so I do now for a new wallet? I don't really trust electrum but I guess it had nothing to do with it. Is it safe to make a new wallet with that program?

Let me say this: Electrum is a free piece of software that is open source. You should only trust it as much as you trust a collective group of people on the internet (everyone using Electrum and vouching for it), OR your ability to understand python code.

I personally trust my ability to read/code in python, so I don't need to trust Thomas or anyone telling me "this is a good program." I can verify this by myself.


As for this incident. I hate to say it, but your computer was compromised, and currently there is no piece of software for wallet that can protect you from a computer with a trojan.

If you deleted all the files from the report, I would say "maybe" you're safe. A good hacker could make a new form of trojan not traceable by malware detection, and then put in a second "dumb" trojan so that you will scan for it, find it, delete it, then continue on normal feeling safe... but you're not.

The best thing to do is ALWAYS ASSUME YOUR COMPUTER IS COMPROMISED.

If you want to keep your coins safe, buy a USB memory stick with over 8 GB and install Ubuntu on it, and boot your Electrum from there.

http://pastebin.com/YhUj6fzt

Thank you.

[escrow.ms]

If you want to keep your coins safe, buy a USB memory stick with over 8 GB and install Ubuntu on it, and boot your Electrum from there.

http://pastebin.com/YhUj6fzt

+1, and OP if you have Java enabled in your browser, disable it.

Here are some more tips
https://bitcointalk.org/index.php?topic=203876.0

[dabura667]

Well i deleted all the files that came up from the report, should I be safe now? And what so I do now for a new wallet? I don't really trust electrum but I guess it had nothing to do with it. Is it safe to make a new wallet with that program?

Let me say this: Electrum is a free piece of software that is open source. You should only trust it as much as you trust a collective group of people on the internet (everyone using Electrum and vouching for it), OR your ability to understand python code.

I personally trust my ability to read/code in python, so I don't need to trust Thomas or anyone telling me "this is a good program." I can verify this by myself.


As for this incident. I hate to say it, but your computer was compromised, and currently there is no piece of software for wallet that can protect you from a computer with a trojan.

If you deleted all the files from the report, I would say "maybe" you're safe. A good hacker could make a new form of trojan not traceable by malware detection, and then put in a second "dumb" trojan so that you will scan for it, find it, delete it, then continue on normal feeling safe... but you're not.

The best thing to do is ALWAYS ASSUME YOUR COMPUTER IS COMPROMISED.

If you want to keep your coins safe, buy a USB memory stick with over 8 GB and install Ubuntu on it, and boot your Electrum from there.

http://pastebin.com/YhUj6fzt

Thank you.

You're welcome, I originally wrote that in Japanese for my friends here in Japan, and I translated into English so I'm sorry if it's hard to understand.

If you have any questions about the process feel free to ask.

[edgebits]

If I always used safekeys to enter password for creation/withdrawal from electrum, would that make me 100% safe?

[dabura667]

If I always used safekeys to enter password for creation/withdrawal from electrum, would that make me 100% safe?

Anyone who tells you something is 100% safe is lying.

You might be 99% safe, 93% safe or 60% safe, no one knows... but I would garner a guess that safekeys would keep you MORE safe than you are NOT using it.

The most important thing is to scan your system regularly with malware bytes and run something like Microsoft Security Essentials... Also, Disable Javascript in your browser, and whenever you come to a legit site (like youtube etc) you can click "add to exceptions" and it will let you view that page with javascript. If a sketchy site requires javascript. Do NOT activate it.


I recommend safe paper wallets made offline if you're not too good with computers.

[jbrnt]

I use an old laptop for bitcoin related thing. Reinstalled windows myself, chrome browser, then a antivirus software and that is it. No java, no shareware, just use electrum and blockchain wallet via chrome. Please do not install any other altcoin wallet either.