Bitcoin Forum
December 15, 2024, 05:51:56 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Theft from Electrum 1.9.8 wallet  (Read 1414 times)
xephyr (OP)
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250


View Profile
May 31, 2014, 05:44:25 AM
 #1

I recently had a problem with theft of a small amount of bitcoin from an Electrum 1.9.8 portable wallet protected with a strong password. Once I noticed the theft I changed the password immediately and be damned if the thief hit me again a day later. My Electrum 1.9.8 watching only wallet was not affected. I spent a good amount of time scanning my computer for malware with no results, nada. Have bitcoin thieves become so sophisticated that local wallets protected with strong passwords are no longer secure enough and cold storage is now essential?
RUEHL
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
May 31, 2014, 05:46:02 AM
 #2

I recently had a problem with theft of a small amount of bitcoin from an Electrum 1.9.8 portable wallet protected with a strong password. Once I noticed the theft I changed the password immediately and be damned if the thief hit me again a day later. My Electrum 1.9.8 watching only wallet was not affected. I spent a good amount of time scanning my computer for malware with no results, nada. Have bitcoin thieves become so sophisticated that local wallets protected with strong passwords are no longer secure enough and cold storage is now essential?
Sounds like a root kit, something that won't be found by conventional scanners.  I'd suggest re-imaging the system.  

Also, they may have your private key so a password wouldn't matter.

Donate BTC: 1FzpMgR34pJbEqtiMEujRiidoL7PgGPaUH
Light
Hero Member
*****
Offline Offline

Activity: 742
Merit: 502


Circa 2010


View Profile
May 31, 2014, 05:53:17 AM
 #3

Also, they may have your private key so a password wouldn't matter.

This was probably the reason why you managed to get hit twice by the thief. If your coins get stolen you have to assume the your private key has also been compromised and hence you should immediately generate a new wallet with a new password. No point in storing coins in an address where the thief has control over it.
dabura667
Sr. Member
****
Offline Offline

Activity: 475
Merit: 252


View Profile
May 31, 2014, 06:04:05 AM
 #4

Also, they may have your private key so a password wouldn't matter.

This. If I hack your wallet once. I now own your wallet, changing the password doesn't matter.

To put it in simple terms. That 12 word seed you received when you created the wallet, THEY KNOW THAT NOW.

Any bitcoins put into your wallet now will be stolen by them within minutes.

CREATE A NEW WALLET AND STOP USING YOUR OLD WALLET.

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
Bitcoin++
Full Member
***
Offline Offline

Activity: 180
Merit: 100


View Profile
June 03, 2014, 06:10:02 AM
 #5

The thief hit me again a day later

How can this be? If the thief had the seed he'd take everything at once. Isn't it likely he only had one private key at first and later discovered another key? If so, the long time it took indicates some brute-forcing? In theory that should be impossible, right? Unless he found a way to make qualified guesses.... I am no expert at all on this, so good if a developer makes a clarifying comment.
Light
Hero Member
*****
Offline Offline

Activity: 742
Merit: 502


Circa 2010


View Profile
June 03, 2014, 06:21:40 AM
 #6

How can this be? If the thief had the seed he'd take everything at once. Isn't it likely he only had one private key at first and later discovered another key? If so, the long time it took indicates some brute-forcing? In theory that should be impossible, right? Unless he found a way to make qualified guesses.... I am no expert at all on this, so good if a developer makes a clarifying comment.

Highly unlikely that the private key was brute-forced. The private keys in a wallet have no mathematical relationship to one another - they are completely random (most are except for deterministic wallets, but even then you cannot determine the next private key without the seed anyway). If you want to be convinced it is unlikely to happen go search for that Dyson Sphere Sun photo that tells you you "Bitcoin is protected by the laws of the universe".

Far more probable is that his private keys were stolen and that when OP used the same address again the hacker simply stole the coins.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
June 03, 2014, 08:29:57 PM
 #7

The thief hit me again a day later

How can this be? If the thief had the seed he'd take everything at once. Isn't it likely he only had one private key at first and later discovered another key? If so, the long time it took indicates some brute-forcing? In theory that should be impossible, right? Unless he found a way to make qualified guesses.... I am no expert at all on this, so good if a developer makes a clarifying comment.

1. OP probably put funds back into his wallet and the thief took it again...

2.  maybe the thief took the seed and generated the first 5 addresses, then later generated a longer list.

3. Seem it is true that with one private key you can discover others in the same wallet.  There is a warning message in the
electrum wallet about this.  This is not the same thing is simply knowing multiple addresses from
the same wallet, but if you have the private key, I think you can figure out some of the other private keys.



darlidada
Hero Member
*****
Offline Offline

Activity: 723
Merit: 503


View Profile
June 03, 2014, 09:37:08 PM
 #8

what is the difference between the seeds and the private key?
Abdussamad
Legendary
*
Offline Offline

Activity: 3710
Merit: 1586



View Profile
June 03, 2014, 11:46:10 PM
 #9

3. Seem it is true that with one private key you can discover others in the same wallet.  There is a warning message in the
electrum wallet about this.  This is not the same thing is simply knowing multiple addresses from
the same wallet, but if you have the private key, I think you can figure out some of the other private keys.

You need any one private key + master public key to calculate the master private key (which is the stretched seed as we've covered in other threads) .  Just the private key is not sufficient. But note, however, that the master public key is not encrypted in the wallet file. Only the seed is. So exposure of a private key carries significant risk. That is why you have the warning.
Abdussamad
Legendary
*
Offline Offline

Activity: 3710
Merit: 1586



View Profile
June 03, 2014, 11:50:06 PM
 #10

what is the difference between the seeds and the private key?

An electrum wallet has one seed. All bitcoin private keys in a wallet are derived from the seed. It makes backups easier since you have to do the one backup of the seed and it's good for life. The downside is that if the seed is revealed to a thief all your bitcoins can be stolen.
xephyr (OP)
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250


View Profile
June 04, 2014, 01:54:27 AM
 #11

Thanks for the input. I made the OP to make sure folks understand that just protecting your Electrum wallet with a strong password is not enough nowadays. If you use Electrum you really should set up cold storage as outlined at https://electrum.org/tutorials.html#offline-mpk
Bitcoin++
Full Member
***
Offline Offline

Activity: 180
Merit: 100


View Profile
June 09, 2014, 09:05:17 AM
 #12

Just for information.

Personally I've never experience theft, but to be safe I use multiple Electrum wallets.
My daily wallet has a limited amount of BTC. This has an added benefit that I cannot by accident spend 10x or 100x too much in case of a typo on the decimal point.
My long-term savings are on wallets generated offline. I have multiple copies of the seed saved on paper notes. I use watch-only wallets on my online computer.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!