Author

Topic: Bitcoin stolen instantly? (Read 650 times)

jr. member
Activity: 48
Merit: 10
March 29, 2019, 11:38:35 AM
#26
Looks likes you are using hacked version of wallet or your pc was infected. Your funds are gone, you can try to scan your pc with live antivirus cd or rescue disk like Kaspersky Rescue Disk. Its really hurts when you loose funds.
legendary
Activity: 3346
Merit: 3125
March 25, 2019, 01:59:34 PM
#25
This happens a lot with people who use weak phrases to make their wallets with vanity gen, maybe this is not the scenario but if you make an addy from the phrase 'cocacola' and send money there, you will see how fast the bitcoin disappear from that addy. I think some hackers load al the weak addys and made a script to instantly send the money to their addys after someone put BTC on those weak addys.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
March 24, 2019, 05:20:59 PM
#24
No, no suspicious files, I'm very careful about what I download. The only extension is Ant video downloader for Firefox. I don't remember what I did with the seed, I'm sure I had a text file with the seed at some point but it was stored only on my PC and I deleted it a long time ago or got lost when my old HDD failed. The old HDD never left the house, it's under my desk right now. I only had the old empty wallet which I now wish I had lost too. The wallet was exported on a stick and the stick always stayed in my house. Only I have access to this PC, I'm the only user. I rarely use Google drive, it wasn't ever uploaded there; I went trough all the old emails in my most used accounts and searched for terms and there's no trace of any wallet or seed and I don't remember ever sending anything like that over email in the first place. I don't even use or used Whatsapp, viber or similar apps. I use facebook but never used it for anything crypto related, I didn't have any reason to. I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. I disinfected dozens of PCs myself in my lifetime, I would've found something if there was something.
I mean it's just 100€ but I'm still bitter about it, I could've used that money.
If you didn't paste your seed somewhere online or some website your seed is safe.
So I'm sure you could be infected there's something blocking the file from scanning that is why the Malwarebytes couldn't find any malicious files inside in your PC.
If the virus was executed and running behind and pretending as system file I'm sure the Malwarebytes can't detect it or any antivirus this most likely a trojan virus.

Did you tried to scan the HDD as external to other PC just to make sure the infected file is not running from HDD? If not do this but make sure that the PC is clean before you scan the whole external HDD.
legendary
Activity: 2366
Merit: 2054
March 24, 2019, 03:25:25 AM
#23
Quote
I still have the 3.3.0 installer. What kinda information do you need?
look like you ddnt't update your file, i thing this because it, deflecting server or something wrong when sinc of server.
Quote
Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org.
legendary
Activity: 2170
Merit: 1789
March 22, 2019, 11:26:30 PM
#22
Maybe its worth to try  https://www.spyshelter.com/ and reboot the system. If there is a keylogger or some other kind of evil software Spyshelter will find it.

Looks like this is Windows only? How good is this? By the looks of it, seems like this is made for Windows XP?
Looks very old too (got an award in 2013).

Is there an alternative software for other OS?
Not that I'm gonna need it but maybe some users find it useful.
legendary
Activity: 3682
Merit: 1580
March 22, 2019, 02:54:35 PM
#21
You're not supposed to store the seed on the PC. Any program could have read that text file. Maybe it was backed up to the cloud by some backup program.
sr. member
Activity: 437
Merit: 255
March 22, 2019, 12:17:12 PM
#20
Maybe its worth to try  https://www.spyshelter.com/ and reboot the system. If there is a keylogger or some other kind of evil software Spyshelter will find it.
legendary
Activity: 2730
Merit: 7065
March 22, 2019, 04:16:09 AM
#19
[...] I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. [...]
That can be an issue and a potential security threat. A PC where you keep your Bitcoins and your wealth shouldn't be used for shady activities like watching porn or downloading torrents. It takes time for new threats to be discovered by AV vendors and for the code to be recognised as malicious.

Like HeRetiK said, reinstalling your OS is the safest thing you can do now. 
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
March 21, 2019, 05:04:42 AM
#18
[...] I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. [...]

Maybe you caught something on one of the torrent sites. While porn sites are supposedly surprisingly safe, torrent and streaming sites can't be quite as choosy as far as advertisers are concerned, so sometimes you'll get nasty little malware just from entering the site. Happened to me a couple years back, I wasn't sure whether to be pissed off or impressed. Either use ad blockers / disable JavaScript or use a VM when visiting any piracy related sites.

Also note that well written malware doesn't necessarily turn up on virus scans. Actually malware doesn't necessarily need to be well written to remain overlooked, it often suffices if it's just rare enough to slip under the radar. Accordingly I'd probably consider reinstalling my OS from scratch if I were you.

Do you have any spell checkers installed? Turns out they potentially leak your seed and other sensitive information:
https://www.zdnet.com/article/cryptocurrency-wallet-caught-sending-user-passwords-to-googles-spellchecker/
newbie
Activity: 8
Merit: 1
March 20, 2019, 02:09:01 PM
#17
No, no suspicious files, I'm very careful about what I download. The only extension is Ant video downloader for Firefox. I don't remember what I did with the seed, I'm sure I had a text file with the seed at some point but it was stored only on my PC and I deleted it a long time ago or got lost when my old HDD failed. The old HDD never left the house, it's under my desk right now. I only had the old empty wallet which I now wish I had lost too. The wallet was exported on a stick and the stick always stayed in my house. Only I have access to this PC, I'm the only user. I rarely use Google drive, it wasn't ever uploaded there; I went trough all the old emails in my most used accounts and searched for terms and there's no trace of any wallet or seed and I don't remember ever sending anything like that over email in the first place. I don't even use or used Whatsapp, viber or similar apps. I use facebook but never used it for anything crypto related, I didn't have any reason to. I do use this PC for almost everything I do online (mainly youtube watching, wikipedia) including xxx and, rarely, torrents but I did deep scans and couldn't find any virus or malware anywhere. I disinfected dozens of PCs myself in my lifetime, I would've found something if there was something.
I mean it's just 100€ but I'm still bitter about it, I could've used that money.
legendary
Activity: 2730
Merit: 7065
March 20, 2019, 04:40:41 AM
#16
OP have you downloaded any suspicious files since installing your Electrum wallet?
Any browser plugins?
How did you save your seed? You say you don't have a file with your seed but did you create one initially that you saved somewhere on your PC?
Is it a shared PC, could someone have gotten access to it?
Did you save it in an email client, viber, whatsapp, sent it over facebook, google drive etc?
Do you use the same PC where your Electrum is installed for other online activities, torrenting, gaming, xxx?
HCP
legendary
Activity: 2086
Merit: 4361
March 19, 2019, 08:12:57 PM
#15
I have gone ahead and verified the installer as provided on the link via PM from btcSCNB... results are as follows:
Quote
PS C:\Users\HCP\Downloads\Crypto\Electrum\suspect> gpg --verify .\electrum-3.3.0-setup.exe.asc
gpg: assuming signed data in '.\electrum-3.3.0-setup.exe'
gpg: Signature made 12/20/18 09:10:44 [redacted]
gpg:                using RSA key 2BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
gpg:                 aka "ThomasV <[email protected]>" [unknown]
gpg:                 aka "Thomas Voegtlin <[email protected]>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
PS C:\Users\HCP\Downloads\Crypto\Electrum\suspect>

So, that would indicate that the installer is "good"...

Therefore, assuming that the rest of the information we have is correct, the wallet was most likely to have been compromised in some other manner... keylogger or RAT that somehow managed to get seed mnemonic or wallet file+password... or the OP has unknowingly leaked their seed through some other manner (claiming forks from dodgy wallets? unlikely given it was an unused wallet) or stored it "digitally" in one form or another (ie. email/IM/screen shot/text file) and that storage has been compromised. Huh

@btcSCNB, at this time, and unless you can positively identify how your seed/wallet was compromised, I would seriously contemplate wiping your computer and doing a fresh OS install... then changing ALL your passwords to EVERYTHING... as it would appear something on your PC or with your "OpSec" is compromised. Undecided
sr. member
Activity: 910
Merit: 351
March 19, 2019, 07:59:27 PM
#14

Verifying the Electrum installer seems a bit complicated and I didn't manage to do it.
No updates were made to this version ever since I installed it in december last year. The installer has been in my PC ever since.
I'm usually super careful but apparently not when I should've been the most careful.

Then can you do what HCP suggested? Maybe we can help you verify the files if that's really legit or not. If that's legit then you're hacked, if not, then you lost your funds because the software is fake (or can be both).
newbie
Activity: 8
Merit: 1
March 19, 2019, 07:34:04 PM
#13

Verifying the Electrum installer seems a bit complicated and I didn't manage to do it.
No updates were made to this version ever since I installed it in december last year. The installer has been in my PC ever since.
I'm usually super careful but apparently not when I should've been the most careful.
HCP
legendary
Activity: 2086
Merit: 4361
March 19, 2019, 05:16:04 PM
#12
I still have the 3.3.0 installer. What kinda information do you need?
If you still have the installer... I would still try and verify the digital signature. Use the guides as posted by nc50lc.

Or, if you can't verify it yourself, feel free to upload it to a filehost somewhere... PM me the link to it, and I can try and verify the signature for you. At least that way maybe we can either confirm or eliminate the "fake wallet" possibility as the reason for your wallet being compromised.
newbie
Activity: 8
Merit: 1
March 19, 2019, 11:59:19 AM
#11
I don't know. I'm gonna keep the compromised wallet for awhile, maybe the thief grows a consciousness and sends the coin back  Roll Eyes. I checked that address on blockchain.com and the money hasn't been sent forward so far. After a month or so I'm gonna delete the bad wallet, electrum and every single file associated with it, registry entries, etc., maybe even reinstall Windows. I'm really paranoid right now. You say Electrum is safe which might be true but since there are so many bad clones out there and servers and attacks I wouldn't consider it safe. Of course, my mistake was using that old wallet which I had no reason to.
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
March 19, 2019, 12:34:17 AM
#10
Thanks for reply.
In what way could I've been hacked? There's nothing unusual in my pc, I'm a crypto noob but not a PC noob, and I don't even have a file with the seed. I just don't get how this is possible. Electrum was definitely downloaded from electrum.org, I checked in my history. I didn't receive any error message and made no upgrade since 20 december 2018.
This is the fake mandatory upgrade attack other users are talking about: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097
legendary
Activity: 2170
Merit: 1789
March 18, 2019, 11:57:30 PM
#9
I should've used Jaxx and generate a fresh new wallet which i wanted to do but I was too lazy, damn it Cry.

I think Electrum is one of the best wallet out there. So like others said, you must be hacked or your Electrum is fake. It is not really Electrum fault per se that your funds got lost instantly, if that was the case, there will be a lot of people protesting here and Electrum should be dead since long time ago.

My suggestion is make sure to always verify any file that you've downloaded from the internet to prevent something like this from happening again.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
March 18, 2019, 10:23:09 PM
#8
You must verify it as HCP said, you'll never know if it was the old redirecting eIectrum.org <-Fake Site from google search.

Follow these guides (select depending on your OS):
newbie
Activity: 8
Merit: 1
March 18, 2019, 10:14:51 PM
#7
I created the wallet myself many months ago through a new seed (standard method). I never used the wallet until today (its history was completely blank) and no one around me even knows what bitcoin or a bitcoin seed are or how to use. I should've used Jaxx and generate a fresh new wallet which i wanted to do but I was too lazy, damn it Cry.

I still have the 3.3.0 installer. What kinda information do you need?
HCP
legendary
Activity: 2086
Merit: 4361
March 18, 2019, 10:03:28 PM
#6
How could the btc have been stolen this quickly? Even if someone somehow got their hands on my seed can they set it for the btc to be transferred to a set address instantly without assistance? I can't imagine them sitting there with the finger on the button for months on end for the exact right time to strike.
Yes it is possible to setup a script that automatically transfers BTC from an address (if you have the appropriate private key/seed)... check out the transaction times for this address: 1CC3X2gu58d6wXUWMffpuzN9JAfTUWu4Kj

It is the address that matches the "sample" private key listed on the Bitcoin Wiki: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

People occasionally send a few satoshi's to this address and they are generally moved within minutes (if not seconds).

Given the speed with which your coins moved (approx 2 seconds)... either your wallet software is "bad"™ and is configured to automatically send coins out... or your seed/private keys have been compromised somehow and the thief has an automated script monitoring the addresses for deposits.


Electrum was definitely downloaded from electrum.org, I checked in my history.
Do you still have the install file or the .exe for portable or standalone Windows version? Huh

If so, have you checked and verified the digital signature of the file? This is the only way to guarantee authenticity of the wallet.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
March 18, 2019, 09:46:00 PM
#5
There are several ways to get hacked like getting infected by malwares, viruses, visiting malicious websites and software vulnerability exploitation.
But most malware and viruses are detectable by AVs, so if you've been hacked, it must be through malicious links.
Some examples are those fake links to images posted by hackers here in the forum (so far, I've reported 2 posts) or through Winrar's bug by sharing a malicious .rar file.

But the hacker must also know your wallet's passphrase if you've been hacked, unless it came with a keylogger.
Okay, in case that's not what happened, how did you created the wallet?
  • Through Standard method (create a new SEED)
  • Import SEED
  • Import Private key(s)
  • or the wallet file came from an external source?

Because there's no other reason except the SEED being compromised if it wasn't a hack or the famous phishing scam.
newbie
Activity: 8
Merit: 1
March 18, 2019, 08:13:25 PM
#4
I meant *no Update since 12.20, did not meanto say upgrade. I'm just baffled. Electrum says Insufficient funds so I guess it's all gone, right?
newbie
Activity: 8
Merit: 1
March 18, 2019, 08:05:01 PM
#3
Thanks for reply.
In what way could I've been hacked? There's nothing unusual in my pc, I'm a crypto noob but not a PC noob, and I don't even have a file with the seed. I just don't get how this is possible. Electrum was definitely downloaded from electrum.org, I checked in my history. I didn't receive any error message and made no upgrade since 20 december 2018.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
March 18, 2019, 07:48:32 PM
#2
If others already got your SEED, they can definitely do that but I doubt it.
You must be hacked or downloaded a fake Electrum version.

From where did you downloaded Electrum (it must be electrum.org), double check your browser's history to be sure.

Also, did you received an error message in Electrum regarding a mandatory update and followed the link (not the official site or Github page)?
If that's the case, you've been a victim of a Phishing scam by malicious electrum servers.
newbie
Activity: 8
Merit: 1
March 18, 2019, 07:39:52 PM
#1
Hi, this is my first time posting here. Keep in mind that I'm a noob.
I sent 105 euro worth of bitcoin (0.0302 btc) from my etoro mobile wallet to my Electrum 3.3.0 wallet. In a few minutes, at 00:49 local time the btc was transferred in my desktop wallet address but at the exact same minute the btc was sent to this address: 16CAY7PhHPCbV5veTGUjxMfthNYbLnNESu. This address is not in my Electrum list of addresses. How could the btc have been stolen this quickly? Even if someone somehow got their hands on my seed can they set it for the btc to be transferred to a set address instantly without assistance? I can't imagine them sitting there with the finger on the button for months on end for the exact right time to strike. I never used this months old address for any transactions ever before tonight. I checked for malware with Malwarebytes but there was nothing suspicious on my pc. Any chances of getting my btc back? Am I not getting something? How is this possible? Is something wrong with that stupid etoro wallet or electrum? Ask me for more details if necessary. Help!
Jump to: