Author

Topic: Bitcoin stolen from Electrum wallet (Read 368 times)

member
Activity: 742
Merit: 12
March 09, 2018, 06:00:04 PM
#26
I'm feeling very sorry for you, what had happened to you.  Angry
Malicious plugin/scripts stolen your BTC. Now there is nothing to do with it. The next time you store any valuable coins, make sure your system is not compromised and you are fully aware of any malicious/phishing attempts/scripts.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
March 08, 2018, 03:49:00 PM
#25
This discussion is nonsense.
Electrum is a very good initiative, but unless it is working on airgapped computer , even a linux, it doesn't share the same security as a hardware wallet.

And you can anytime recover your funds from any wallet, the only thing you need is the private key. This concern about going something wrong with the hardware, doesn't affect your funds. Your coins are in the blockchain, not in the hardware.

Personally i don't like Electrum (and this crazy seed only recognized by electrum, I didn't knew about that... well, i like it even less now)
legendary
Activity: 916
Merit: 1003
March 08, 2018, 03:48:27 PM
#24
Hardware wallets are specialized, closed source devices that can't be replaced easily.
...
Plus hardware wallets are closed source so I have now way to know how much to trust them
Yes... very closed source... Roll Eyes

https://github.com/trezor/
https://github.com/LedgerHQ
https://github.com/keepkey
https://github.com/digitalbitbox


That's fine except i'd have to order one and wait.
You DON'T have to order one and wait... you missed the point:
Quote
Most (all?) of the hardware wallets use BIP39/44 compatible seeds and can be restored by most HD wallets
It is the equivalent of replacing your PC with other unused PC's you have lying about... you can just restore your hardware wallet into any compatible wallet you want... even Electrum!

I don't know why people seem to think that once you migrate to a Hardware wallet, you're locked into? Huh

OK, OK I learned something new today.  The reason people think you're locked in probably has to do with poor marketing.
I never really intended to get one because of the the "ooh, shiny" hype going on.
HCP
legendary
Activity: 2086
Merit: 4363
March 08, 2018, 03:22:21 PM
#23
Hardware wallets are specialized, closed source devices that can't be replaced easily.
...
Plus hardware wallets are closed source so I have now way to know how much to trust them
Yes... very closed source... Roll Eyes

https://github.com/trezor/
https://github.com/LedgerHQ
https://github.com/keepkey
https://github.com/digitalbitbox


That's fine except i'd have to order one and wait.
You DON'T have to order one and wait... you missed the point:
Quote
Most (all?) of the hardware wallets use BIP39/44 compatible seeds and can be restored by most HD wallets
It is the equivalent of replacing your PC with other unused PC's you have lying about... you can just restore your hardware wallet into any compatible wallet you want... even Electrum!

I don't know why people seem to think that once you migrate to a Hardware wallet, you're locked into? Huh
legendary
Activity: 916
Merit: 1003
March 08, 2018, 02:59:45 PM
#22
Isn't your computer also a "hardware device"? What are you going to do when it dies? Tongue

Apples and oranges, my good man.  My computer is a garden variety PC which can be easily replaced with one of the other unused ones I have lying about.
Hardware wallets are specialized, closed source devices that can't be replaced easily.

Let me guess, restore your wallet from your seed backup right?

Exactly like what you would do with a hardware wallet... Most (all?) of the hardware wallets use BIP39/44 compatible seeds and can be restored by most HD wallets... Unlike Electrum seeds... which are Electrum only Wink

That's fine except i'd have to order one and wait.
Plus hardware wallets are closed source so I have now way to know how much to trust them.  Electrum is Python and I can run it right from source without an installer.
HCP
legendary
Activity: 2086
Merit: 4363
March 08, 2018, 02:44:44 PM
#21
Regarding hardware wallets: for me the jury's still out.  I don't like being dependent on a hardware device in case something goes wrong with it.
Isn't your computer also a "hardware device"? What are you going to do when it dies? Tongue

Let me guess, restore your wallet from your seed backup right?

Exactly like what you would do with a hardware wallet... Most (all?) of the hardware wallets use BIP39/44 compatible seeds and can be restored by most HD wallets... Unlike Electrum seeds... which are Electrum only Wink
legendary
Activity: 1624
Merit: 2481
March 08, 2018, 09:44:28 AM
#20
Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

I wouldn't say 99%.. but it definetely can be somehow safe.
But there are still exploits which simply arent fixed yet and are a perfect entry point for malware targeting crypto user.
There are things which you can't protect yourself from with a desktop wallet.

Additionally the 'basic security precautions' are probably not achievable/doable for 90%+ of the daily windows user.



Regarding hardware wallets: for me the jury's still out.  I don't like being dependent on a hardware device in case something goes wrong with it.
Electrum is an open source program that I can run directly from source code without installation.  That's very empowering.

You can enjoy the electrum GUI and still have the security of a hardware wallet.
When creating a wallet in electrum you have the choice to add a HW wallet (which will hold the private keys / do the TX signing).
legendary
Activity: 916
Merit: 1003
March 08, 2018, 09:07:02 AM
#19
While I really love Linux, advice like this doesn't accomplish anything, makes you sound really elitist.
You can safely use a hardware wallet and be a Windows user. Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

I'm completely unconcerned with how I sound.  I'm only concerned with evidence-based strategies that work.

Usually wallets get hacked because the user installed malware that he downloaded himself, direct attacks are very unlikely, especially if you don't have a big amount of coins.
If you have a big amount of crypto assets, invest in a hardware wallet.

Absolutely.  I don't have any hard statistics I can quote but it seems likely that 99% of malware is inadvertently installed by the users themeselves.

Regarding hardware wallets: for me the jury's still out.  I don't like being dependent on a hardware device in case something goes wrong with it.
Electrum is an open source program that I can run directly from source code without installation.  That's very empowering.

Another important thing to note is that an unconfigured Linux desktop might be a bit safer than Windows by default, but it's not completely safe either.
An uninformed Linux user can do much more damage to his own system than an uninformed Windows user

Yup.  Like any power tool you can do useful work with it or also cut your own hand off.  Taking responsibility for your own actions and safety isn't quick and easy; you have to do actual work.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
March 08, 2018, 08:40:10 AM
#18
If you use windows, you need to take a few precautions:

-Use Firefox latest version
-Download uBlock Extension + Decentraleyes Extension
-Download Malware bytes, updated it daily
-Use windows 10, updated it daily/weekly
-Before downloading anything try it here http://virustotal.com/
-Use windows defender updated.

These are very basically steps. If you had follows them, you wouldn't be infect... ublock will block most of those phishing sites and malware bytes will take care of the rest.

Inform Binance and show them all information you have (screenshots, keylogger, eletrum..)

Personally, i don't trust windows wallets. I prefer to use webwallets like blockchain.info or mobile wallets like coinomi or samourai. Even if you computer if infected, you probably woudn't be robbed....

Hardwallet are much better and should be used if you have more than 1 in my opinion.
legendary
Activity: 1792
Merit: 1283
March 08, 2018, 08:07:17 AM
#17
I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.

It doesn't cost you anything to inform Binance and see where it takes you.

Regarding malware, I'm gonna guess you're a Windows user.  Stop that and switch all your crypto activities to Linux.

While I really love Linux, advice like this doesn't accomplish anything, makes you sound really elitist.
You can safely use a hardware wallet and be a Windows user. Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.

Usually wallets get hacked because the user installed malware that he downloaded himself, direct attacks are very unlikely, especially if you don't have a big amount of coins.
If you have a big amount of crypto assets, invest in a hardware wallet.

Another important thing to note is that an unconfigured Linux desktop might be a bit safer than Windows by default, but it's not completely safe either.
An uninformed Linux user can do much more damage to his own system than an uninformed Windows user
member
Activity: 116
Merit: 10
March 08, 2018, 07:57:28 AM
#16
You were infected either via RAT or someone snickly installed the virus without your knowledge..
best you could do is by re-installing the OS and tightening your securities, do not downloaded anything else unless it really important to you..

Sorry for you loss
legendary
Activity: 916
Merit: 1003
March 08, 2018, 07:02:22 AM
#15
Here's something else to consider.  I'm a Linux user but you still have to be careful since there *are* Linux exploits.  The only reason Windows seems more vulnerable to hacking is that it's low-hanging fruit to hackers i.e. there are way more Windows users than any other OS.

For the truly paranoid, one could use  something like Qubes that spins up a fresh VM every time you do something.  If a VM instance is infected it doesn't matter because the VM template is always secure in the future.

It sounds like OP's computer was infected with remcos beforehand by a bad actor.  Someone with physical access may have installed it or it may have been delivered by a tainted download.  Either way, OP has multiple opportunities to tighten up his security.
sr. member
Activity: 868
Merit: 281
March 08, 2018, 12:37:21 AM
#14
Wow. Very good advice on this thread. Some of the interesting ones: use Linux, a hardware wallet when possible, and make sure you always, always check for malware before doing transactions.
HCP
legendary
Activity: 2086
Merit: 4363
March 07, 2018, 10:29:41 PM
#13
I suspect they didn't "hack" your wallet, or your 2FA... they will have keylogged the seed when you had to enter it during wallet setup.

By using the seed they will have been able to restore the 2FA wallet in "disabled" mode, with two private keys in the wallet file, allowing them to create and sign transactions while bypassing TrustedCoin's 2FA system.

An unfortunate, and costly, lesson about the dangers of malware and cryptocurrency Undecided


I traced the stolen bitcoins to Binance, unsure what I can do from here.
Pretty much nothing. I doubt Binance will care and to be honest, aside from "your word", there is no way to prove they were actually "stolen". Yes, they were transferred... but there is no way to prove that this was an unauthorised transfer, as the thief "proved" ownership by signing the transaction with the private keys...

Cryptocurrency can be a harsh mistress.  Undecided
newbie
Activity: 9
Merit: 0
March 07, 2018, 03:14:25 PM
#12
I didn't say the Electrum wallet was infected, but yea my computer was infected by this malware at some point, and they used it to hack my Electrum wallet and withdrew the funds.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
March 07, 2018, 02:45:12 PM
#11
Thanks for the answers. I downloaded the software from this page:

https://electrum.org/#download

It is the official version I would say. But they used the REMCOS malware to keylog everything and stole my money like this.

I guess that they didn't just keylog everything, they also copied some of your files (at least the wallet file).
Since they logged all, they have your password too, so they could access your private keys, even if you had the 2FA.

All in all, your money was not stolen from Electrum. It was stolen .. from you.
Very sad story Sad

You should have really check your computer for viruses before trying to keep one Bitcoin on it...
legendary
Activity: 916
Merit: 1003
March 07, 2018, 02:42:15 PM
#10
You're assuming remcos was packaged with Electrum.  It's more likely that you were already infected.
newbie
Activity: 9
Merit: 0
March 07, 2018, 02:36:28 PM
#9
Thanks for the answers. I downloaded the software from this page:

https://electrum.org/#download

It is the official version I would say. But they used the REMCOS malware to keylog everything and stole my money like this.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
March 07, 2018, 12:55:29 PM
#8
There are many phishing sites these days, and mostly they are abusing the free service from google or bing ads.

they are promoting a fake electrum because its mostly use by many bitcoin users and they can target and choose only new users with adwords or bing ads. I have basic seo knowledge and I know how to setup the adwords and bing ads I use them for a long time when promoting a whitehat niche so I know those scammers doing..

I already posted a sample of a fake website here in the forum you can check my post here

https://bitcointalksearch.org/topic/m.30441754

I heard someone downloaded a fake electrum, but in LTC version past few days ago and maybe this is the website where you download the electrum.
Code:
http://electrumltc.org/


If the site is different better to share with us the correct website so that we can report it immediately to google or bing ads. to remove this fake website.
legendary
Activity: 916
Merit: 1003
March 07, 2018, 12:53:52 PM
#7
I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.

It doesn't cost you anything to inform Binance and see where it takes you.

Regarding malware, I'm gonna guess you're a Windows user.  Stop that and switch all your crypto activities to Linux.
newbie
Activity: 9
Merit: 0
March 07, 2018, 12:43:25 PM
#6
I downloaded from the official website, but I found a malware "remcos" on my computer, and they keylogged everything.

I traced the stolen bitcoins to Binance, unsure what I can do from here.
legendary
Activity: 1624
Merit: 2481
March 07, 2018, 11:43:54 AM
#5
This morning I created an Electrum wallet (3.1.0) and transfered 1BTC. 1 hour later 2 withdraws were made, and now my wallet is empty. I lost the 1 BTC I had there.

I had 2 FA activated how is that even possible.
Also how come it didn't ask the hacker 2FA to withdraw?

If you really had 2FA 'activated' the most likely 2 things which happened (in my opinion) are those:
1) You have downloaded a malicious version of electrum and therefore didn't have any real 2FA activated.
2) You are completely compromised. Someone has access to a) your PC and b) has either cloned your mobile or cloned your GA code(s).

You should definetely scan your system for any malware. And to be on the safe side you should setup a fresh OS install.

Additionally, the next time you are going to store BTC: Make sure to store relatively high amounts (like 1 BTC is currently) safe offline (hardware or paper wallet).
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
March 07, 2018, 11:38:52 AM
#4
So your Electrum wallet address is which? Can you show the transaction you made to your wallet? The tx ids you've shared seem to be the one transferring it out. If the first tx is yours, then the 2nd only transferred out 0.015+ BTC. How about a more detailed description? Are you sure your wallet's fully synced(green button, bottom right) and your balance (bottom left) is 0?

Like you said, if 2fa was enabled, doesn't seem likely. Also, if this was your first transaction with Electrum 2FA, it should have spent the fee to TrustedCoin.
jr. member
Activity: 41
Merit: 10
March 07, 2018, 11:00:10 AM
#3
Check your Download-History, did you load Electrum from the original electrum.org website?
newbie
Activity: 9
Merit: 0
March 07, 2018, 10:58:37 AM
#2
The 2 transaction TX were:

6f99b1fe0040443d8dcf2bb1793a26148989f386769c0296645a3171fc32ee4f
48a8c22d0ba6ae103d2e2da068b814e701f73af38c7aa556ab12e0cf27d23e17

The IP from which they connected to the wallet must be known to Electrum! Also how come it didn't ask the hacker 2FA to withdraw?

Please help.
newbie
Activity: 9
Merit: 0
March 07, 2018, 10:52:29 AM
#1
This morning I created an Electrum wallet (3.1.0) and transfered 1BTC. 1 hour later 2 withdraws were made, and now my wallet is empty. I lost the 1 BTC I had there.

I had 2 FA activated how is that even possible.

Please help me.
Jump to: