Author

Topic: Electrum 3.0 strange thing and 2 BTC disapeared (Read 313 times)

HCP
legendary
Activity: 2086
Merit: 4361
December 25, 2017, 01:54:58 PM
#17
Yes, that is a fake site... Anything other than www.electrum.org is basically a scam.

I see that electrumonline isn't even working properly now, so I'd be inclined to say that the wallet you downloaded was effectively malware...

You should be very careful with what you're currently doing on that system... The entire system could be compromised with keyloggers and RATs and Satoshi knows what...

A full system scan and sweep with MalwareBytes and SpyBot search and destroy and a reputable antivirus at the very least... But I'd seriously consider a full format and OS reinstall of I were you...
newbie
Activity: 22
Merit: 0
Hello!
Last update when i tried to track where i exactlly got that wallet from i found that i downloaded it from
www.electrumonline.org
is this fake site ?
member
Activity: 350
Merit: 13
guys im not infected. i never downloaded anything unknown. that client downloaded from the site itself
Huh? you mean Electrum Auto downloaded and installed itself? Huh

if so, then it definitely sounds like you got a scam version. Electrum has NEVER had an autodownload or update feature that I'm aware of... That sounds highly suspicious to me.

and noone know that i have btc so i believe its a bug or anyhthing like that
when i tried to increase fess for last transactions money gone.
No one needs to know if you have BTC or not... if you're running a scam version of the software, the hackers don't need to know who you are  or where you  live. They'll have your private keys.

Just because nothing happened for a while doesn't mean your wallet wasn't compromised. They may have been waiting for big deposit or for BTC value to increase etc.

I very much doubt that there there is a bug in the wallet so big that it autosends coins to some random address... that's a ridiculous claim. The more likely answer is either your wallet got compromised by something you did (claimed any fork coins lately? exported your private keys? typed something into a website?) or by a scam version of the wallet.

Have you confirmed the digital signature of the file you downloaded and installed?

i mean i downloaded the wallet from here
https://electrum.org/#home

Its not infected i did not fork or did anything. noone knows about my private keys.
nothing and i never download anything it was new pc
i only downloaded this wallet and bitcoin core wallet. nothing less nothing more

There is only one way to know if your Electrum is authentic and that is to verify the digital signature of the file, even if downloaded from the original source it can be infected.
There are many ways, like host-redirect to phishing webpage, compromised server....etc.

Two important factors here that lead us to believe your Electrum is malicious:
1. Unknown change address.
2. Script monitoring compromised change addresses and auto-forward to another address.

If you check the file signature, we can at least confirm/disconfirm our suspicions.
newbie
Activity: 22
Merit: 0
guys im not infected. i never downloaded anything unknown. that client downloaded from the site itself
Huh? you mean Electrum Auto downloaded and installed itself? Huh

if so, then it definitely sounds like you got a scam version. Electrum has NEVER had an autodownload or update feature that I'm aware of... That sounds highly suspicious to me.

and noone know that i have btc so i believe its a bug or anyhthing like that
when i tried to increase fess for last transactions money gone.
No one needs to know if you have BTC or not... if you're running a scam version of the software, the hackers don't need to know who you are  or where you  live. They'll have your private keys.

Just because nothing happened for a while doesn't mean your wallet wasn't compromised. They may have been waiting for big deposit or for BTC value to increase etc.

I very much doubt that there there is a bug in the wallet so big that it autosends coins to some random address... that's a ridiculous claim. The more likely answer is either your wallet got compromised by something you did (claimed any fork coins lately? exported your private keys? typed something into a website?) or by a scam version of the wallet.

Have you confirmed the digital signature of the file you downloaded and installed?

i mean i downloaded the wallet from here
https://electrum.org/#home

Its not infected i did not fork or did anything. noone knows about my private keys.
nothing and i never download anything it was new pc
i only downloaded this wallet and bitcoin core wallet. nothing less nothing more
HCP
legendary
Activity: 2086
Merit: 4361
guys im not infected. i never downloaded anything unknown. that client downloaded from the site itself
Huh? you mean Electrum Auto downloaded and installed itself? Huh

if so, then it definitely sounds like you got a scam version. Electrum has NEVER had an autodownload or update feature that I'm aware of... That sounds highly suspicious to me.

and noone know that i have btc so i believe its a bug or anyhthing like that
when i tried to increase fess for last transactions money gone.
No one needs to know if you have BTC or not... if you're running a scam version of the software, the hackers don't need to know who you are  or where you  live. They'll have your private keys.

Just because nothing happened for a while doesn't mean your wallet wasn't compromised. They may have been waiting for big deposit or for BTC value to increase etc.

I very much doubt that there there is a bug in the wallet so big that it autosends coins to some random address... that's a ridiculous claim. The more likely answer is either your wallet got compromised by something you did (claimed any fork coins lately? exported your private keys? typed something into a website?) or by a scam version of the wallet.

Have you confirmed the digital signature of the file you downloaded and installed?
newbie
Activity: 22
Merit: 0
guys im not infected. i never downloaded anything unknown. that client downloaded from the site itself and i keept btc on it for long time and nothing happen.
what happened is i sent 2 transcation with low fees i tried to increase fees then i found that 3 transaction sent in same miniute and same second. i sent 2 and the third one not me. i also did not send any large amount so that virust did not replaced the wallet.
and noone know that i have btc so i believe its a bug or anyhthing like that
when i tried to increase fess for last transactions money gone.
legendary
Activity: 3374
Merit: 3095
BTC price road to $80k
This is still not solve just to clarify like the other said better to check where you download your electrum wallet if not you are infected since you said your transaction you made is same time with the 2 btc send to another bitcoin address which is not yours.. Am i right ? if your computer is connected with internet while you are sending or you are sending in offline if you its the same PC there is possibility that you computer is infected or mostly there are people mistaken to paste an address?
For now i can say your bitcoin is impossible to recover if you don't have control to this address..
Maybe there is some glitches when using electrum 3.0 can you install lower version electrum 2.9.3 installer here http://download.electrum.org/
And install it let it sync and check if your bitcoin is there or still nothing..
legendary
Activity: 3024
Merit: 2148
OP, if you still have that Electrum wallet, just drop an .exe file (or whatever file you use to launch if you are on Linux or Mac OS) here: https://md5file.com/calculator

Than tell us what file did you drop there and what its SHA-256 hash says, this will help us to determine if your wallet was real or fake. If your wallet is real, than your system is probably infected with some trojan that managed to replace your change address with hackers address, or maybe it just stole your wallet.dat file and then stole password via keylogging.
HCP
legendary
Activity: 2086
Merit: 4361
I just want to know why in same minute and same second my coins transferred to unknown address
Same minute and same second? Most likely an automated script monitoring compromised addresses... it waits for a suitably large transaction and then forwards it to the address belonging to the thief with a LARGE transaction fee to make sure it confirms ASAP. It looks like your wallet or your computer is compromised... you need to verify the wallet that you downloaded to rule that out.

Did you download the standalone, the windows installer or the portable version?
Are you 100% sure you downloaded from here: https://electrum.org/#download

There are a number of "fake" Electrum websites which look identical! The ONLY way to be 100% sure that you have the legitimate file, is to check the digital signature of the file by using GPG and ThomasV's signature.
member
Activity: 350
Merit: 13
I just want to know why in same minute and same second my coins transferred to unknown address


Since you are sure that it ain't your change address, that is why I think the Electrum you downloaded may be "fake".
Fake client, either change your output address, or fake the change address.

Do you still have the original setup/portable exe file? If you want to, you can upload to https://uploadfiles.io and we can check the authenticity for you, if you don't want to check it yourself.
newbie
Activity: 22
Merit: 0
I just want to know why in same minute and same second my coins transferred to unknown address
member
Activity: 350
Merit: 13
If you are totally sure you don't know that address, then it almost seems like you used a malicious client.
Do you remember where you downloaded Electrum? Did you verify the signature of the download?
Have you used mybtgwallet or claimed forked coins lately?

The 2.0551166BTC that got sent to 1BfzVjwQAouUEBNMU4xStTLqMMkbin15kM got immediately forward to 157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H. Script-sweep like behaviour.


I downloaded that coin from the original site just like anyone else
And I kept funds on this wallet for weeks nothing happened
What happened is I sent two transactions with low fees then I tried to increase fees then signed and broadcasting both transactions then closed my internet
Back after few hours find that the 3 transactions happened in same time and same second

I already have the coins unconfirmed on my wallet but in same time there is a confirmed transactions sent to unknown address
Maybe this funds sent to block or anything like that and instead I got unconfirmed coins on my wallet ?
 The question is hacker has the time to steal it whey he stole it in the time I'm sending my coins
Btw the money transferred like 3 times to different wallets I own it all but the last one I do not own
Also the other question is why I gave the coins but not confirmed? Is it fake ?

I mean as long as you didn't verify the signature of the download, it may have been compromised.

Anyway.
Are you asking why this isn't confirmed? 173fb3745f008b36704a6fae288270a65b247f1acd23af70247cf5f80ab660d6

That is because you double spend to the second transaction here: ae41a0572e3ee85acc1a882e0ee845d0c02ce7252f06939c36d5217ced837e48

Both transactions are real, but the first transaction will never confirm, as it is already double spend.
newbie
Activity: 22
Merit: 0
If you are totally sure you don't know that address, then it almost seems like you used a malicious client.
Do you remember where you downloaded Electrum? Did you verify the signature of the download?
Have you used mybtgwallet or claimed forked coins lately?

The 2.0551166BTC that got sent to 1BfzVjwQAouUEBNMU4xStTLqMMkbin15kM got immediately forward to 157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H. Script-sweep like behaviour.


I downloaded that coin from the original site just like anyone else
And I kept funds on this wallet for weeks nothing happened
What happened is I sent two transactions with low fees then I tried to increase fees then signed and broadcasting both transactions then closed my internet
Back after few hours find that the 3 transactions happened in same time and same second

I already have the coins unconfirmed on my wallet but in same time there is a confirmed transactions sent to unknown address
Maybe this funds sent to block or anything like that and instead I got unconfirmed coins on my wallet ?
 The question is hacker has the time to steal it whey he stole it in the time I'm sending my coins
Btw the money transferred like 3 times to different wallets I own it all but the last one I do not own
Also the other question is why I gave the coins but not confirmed? Is it fake ?
member
Activity: 350
Merit: 13
If you are totally sure you don't know that address, then it almost seems like you used a malicious client.
Do you remember where you downloaded Electrum? Did you verify the signature of the download?
Have you used mybtgwallet or claimed forked coins lately?

The 2.0551166BTC that got sent to 1BfzVjwQAouUEBNMU4xStTLqMMkbin15kM got immediately forward to 157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H. Script-sweep like behaviour.

newbie
Activity: 22
Merit: 0
Im sure im not hacked because i turned of my internet conection when i left my pc.
btw all transactions made in same time if anyone can see that.
is there anyway when that fake transaction gone i recieve my coins backs ?
or this coins gone for ever ?
legendary
Activity: 3374
Merit: 3095
BTC price road to $80k
If you don't have any control with this address 157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H possible you can't recover them make sure you run your electrum wallet in clean PC and with anti virus and maybe your pc is affected by viruses and send your bitcoin to other wallet which is not yours...
Can you try to open electrum again and click address tab and drop down the change addresses and maybe the address 157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H is listed in change addresses..
newbie
Activity: 22
Merit: 0
hello!
today i tried to send someone 0.09 btc but i have sent it with very low fees, so i have tried to send it again with higher fees
Its sent double
check here
https://blockchain.info/address/1JnrQhSCn2qSdnwTqVV9iMj2jicMVc4Bq7
1500$ sent twice one is real and confirmed and other should be fake and unconfirmed.
anyway after that i have logged out and trun off my intenrtnet and back after 5 hours and found that my 2 coins sent and my balance is 0

address that i had money in:
https://blockchain.info/address/1JyAEZfF3o5fSr27bCXcbLdU14btPscj4N
then money sent to my other addy i have no idea how but this addy listed to my wallet
https://blockchain.info/address/1BfzVjwQAouUEBNMU4xStTLqMMkbin15kM

then money stayed here:
https://blockchain.info/address/157WDeAU3LvWopxR4hQXnxUzxpcq1LFE4H
which not on my wallet and i do not own.

so what's really going on
Electrum 3.0 scum ? or just a bug
i lost coins forever ?
Jump to: