Topic: Electrum Wallet (Read 2649 times)

Except that this "electrumsource.org" is a scam and not the official website.

THE ONLY WEBSITE YOU SHOULD USE TO DOWNLOAD ELECTRUM IS https://electrum.org/ - OTHERS ARE A SCAM!

---

As I expected, it was your fault (it's always the user's fault). There is nothing wrong with Electrum.

Ok, maybe I have to explain what just happened with me -

I used electrum-2.9.3 to send some small amount 0.015 to 149xne93ppwQLww733hNnGmFqj51rNPjBC

I've checked all (sum, fee etc) all was correct but money were sent also to 144BdLLSifbZJEmqnHy8i1QkRdrxxHeFf3

see https://btc.com/ebdd24ff41f92aeef948133e788487e4ce1019eae85949c6be6455e27fbb38cf

I downloaded Electrum from OFFICIAL SITE https://www.electrumsource.org/#download for Windows Standalone.

And used cold storage for my wallet.

I'm shocked.

Thes same just happened with me !!!! Don't use Electrum for a while.
My money were stolen to this address: https://blockchain.info/address/144BdLLSifbZJEmqnHy8i1QkRdrxxHeFf3

Silly, I laughed at the title of this article, how an electrum wallet could stole your bitcoin, it was rated as one of the most reliable and secure wallets. I believe you are having some confusion.

This address is on the last page of directory.io, the private key is thus well-known.
Seriously - you have used it knowing that?!

The malware theory doesn't make sense because the address' private key wasn't secret. Just google the address and you'll see that the private key for this address is public knowledge. What would be the point of infecting a computer with malware just to send the money to an open vault so to speak?

I am guessing he might of installed some shitcoin wallet on this computer which put some pre-created wallets into his ~APPDATA~/Roaming directories and the hacker just needs to wait for a transaction.

So far 2 people were tricked. The first guy was tricked 4 months ago.

Check your ~APPDATA~/Roaming and see if you got other wallets in there that shouldn't be there.

Reason for the double spends is because maybe someone else installed the virus who was a professional, and knew that other people might send funds to those addresses and since he knew the private key, he started listening in on those addresses also.

This is sort of what happened but why would a malware author create a wallet file containing an address with a publicly known private key? If he does that he can't guarantee that he will get the money. Anyone could steal from such an address. Are you sure you didn't create this wallet file yourself in the past when browsing directory.io? Perhaps you were having a bit of fun trying out some of those private keys listed there.

What happens when you go to wallet menu > seed on this wallet. I'm guessing the seed option is grayed out because this wallet only contains imported private keys from directory.io's last page.

Since version 2.0 electrum has only generated compressed private keys. This address uses an uncompressed private key which is long obsolete.

yes but i said if the two criteria i mentioned were met then it would be #2.
and it is not a complicated malware either. it can be a simple code that doesn't even have to run in the background. it just runs once and injects a wallet file called "Default_wallet" in the directory. the format of the wallet file is in a way that contains that key as its primary receive address.

Hmm...

When you search the BTC address he used. Google returns the private key from directory.io

Maybe the google spider bot is scanning all the private keys in existance and someone uses a bot too see if any results from directory.io return a valid address with funds

No idea whats going on exactly because why would malware reuse a private key thats public?

Well i do agree with you the only one that can get his money back is 1qxtRzvB8fsXyQjtiGDF56hC6GewTez4x owner   . I mean they can help him to know what happen since they have the address listed there . They may know what really happened .
 

It can not be #2 because the address that the money sent too is already an old address with known public key . So it is prob number #1

Yes

which one of those links did you click to download? tell us so we can double check the link
did you check the signature of the file after you downloaded it? if you don't know how, say what OS you are running so we can explain how.

if the above is true then the only reason is the #2. that Danny said.

what a nightmare.

Not likely. Electrum is one of the most reputed and trusted wallets in the Bitcoin community. I don't think that they would destroy their entire reputation just for 10Bitcoin. There are 2 things that could have gone wrong.

You could have downloaded a tampered version of Electrum. This may have had a malicious file imprinted in it. Did you download it from the official Electrum website?

Another reason could be a trojan or some other hidden file hacked your computer. A hacker could have remotely implanted a virus in your computer and redirected your Bitcoin to another address.

Based on the transaction from 4 months ago and that particular destination address of the tx, (after a little googling) you can come to the conclusion the private key to that address was bot monitored, even at that time.  

How it ended up in your wallet is still an open matter of concern, esp. if you didn't import it in yourself by mistake.

It makes it for you, but is has you record it.


That's not how it works.


Electrum doesn't hash the seed words.

Doesn't Electrum have you make a 12 word seed or something that it derives all your private keys from?  Did you use a common or literary phrase as your seed?  If so, I'm sure bots would be watching addresses hashed from those seed words.

There is nothing they can do.  The bitcoins are spent and confirmed to address 1qxtRzvB8fsXyQjtiGDF56hC6GewTez4x.  Only the person that has access to the private key for 1qxtRzvB8fsXyQjtiGDF56hC6GewTez4x can do anything with those bitcoins.

I am very sorry for what happened to you it is really a lot of money . I have go throw all posts and from what i see it is most likely you downloaded a fake
electrum app what makes me think that is the password part because if you just happen to sent to wrong address you would have still be able to login to your wallet the way your password did not work anymore means it was prob fake electrum wallet from the start . But there is another part to this is . A fake wallet that have pre installed addresses why the hacker put an address that its private key is known to public !! that is really strange .

Take a look into this : https://bitaps.com/17MxKujaf2sFtGzX36tSkVFXwkJCDsSS8J look close to this there is 2 double spent after each other and 4 months ago same thing 2 double spent which make me think it is a script not just someone was online and sent as fast as he saw you btc . But still if this is a script why it use an address that have its private key known .

Maybe try to get in touch with allprivatekeys .com maybe they can help you because they have this address listed with its private key .

You didn't know that scammers, thieves, and malware exist?  What world do you live in?  Sounds like sig-ad nonsense to me.


No. Not fake electrum address. Fake software.

Thieves and scammers create fake software that looks like the real software.  Then they try to trick people into downloading and running it.


This is ALWAYS true of ALL software that you download.  Not just Electrum software.  If you run software on your computer, you are giving that software access to the stuff that is on your computer.  You always need to be careful.


It might.


VERY unlikely.


No. they don't.

Wow it shook me. Like I didn't know these things can be happen. Like there were fake electrum address. Better be careful when downloading. Just I thought that your computer just have some viruses but its something up here. Hope you can recover your coins but I guess not.

@sirdannyhamilton I'm impressed in what you said here. Nice analysis huh. I learned a lot to this. Should be very extra careful like I didn't know these things exist like just in a movie. I guess everyone is worried about this issue, electrum support has a lot to explain.

No need to be worried, as long as you have the real Electrum and you don't have malware on your computer.

Electrum is not stealing bitcoins.

This adds up all, OP have mistakenly sent out bitcoin to wrong address and someone that is tracking all this addresses with known bitcoin addresses have quickly sent out those bitcoin to safe place. I am also using electrum and quite worried right now after seeing this issue. Need clarification from electrum support.  

I used also electrum but i think its safe for keeping bitcoin. Maybe someone stole your private keys that is why they transfer your bitcoin. Many user of electrum wallet and they told that is safe so i used it more than 5 months.

There are 2 possibilities here...


1.  You didn't get the real Electrum.  You accidentally downloaded Electrum from a phishing site that tricked you into thinking you were getting the real Electrum.  This fake Electrum is actually malware that gives you addresses that are under the control of a thief, and they have a constantly running program on their computer that looks for transactions funding any of their addresses and immediately re-spends those bitcoins to a safer address.

2. You have some other malware on your computer that shared your private keys with a thief as soon as it saw that Electrum was being installed.  The thief has a constantly running program on their computer that accepts the stolen/transmitted private keys and looks for transactions funding any associated address. The program immediately re-spends those bitcoins to a safer address.


As others have already pointed out:

1. The real Electrum is open source.  The programming has been looked over carefully by MANY programmers.  If there were any code in the program capable of what you are suggesting, those code reviewers would have made sure the entire internet knew about it.

2. Electrum is one of the 3 oldest bitcoins wallets around. There are thousands (hundreds of thousands?) of Electrum users.  If it was stealing bitcoins as you've described, You wouldn't be the only person with this complaint.


EDIT:  Actually, after some investigation, I suspect that you didn't download the real Electrum.

A bit of searching around the internet indicates that the private key for that address is already publicly known:
5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqeh1xxRnd

There are probably dozens of thieves with programs running 24 hours a day watching for transactions to any address with a known private key and immediately spending those bitcoins.  It is EXTREMELY unlikely (like effectively impossible) that the real Electrum would have generated an address with a publicly known private key.

It is still possible that you have some sort of Malware that modified the address, but from the limited information you've shared downloading the wrong thing seems most likely.

Got it

Even if you just installed electrum wallet if your computer is compromise by a hacker he could get any info he wants in an instant. I am betting  that the hacker is just waiting for the appropriate time to hack you and that was when you sent a BTC to your wallet. If electrum was the one responsible you'll be able to see spam here in forum about the same topic you have.

Scan your computer right now and see what pops up. That really is the most likely explanation. Electrum is used by thousands and thousands of people and no one has ever reported an issue like this.

Yep

Are you using Windows with Remote Access turned on? Are you using antimalware and antivirus? Download free Malwarebytes and scan your computer if not.

Yes. If they can remotely access your computer then they can send it out just as quickly as you can. There might have been something implanted that was waiting. That's a lot of money so it's an incentive for someone to do it for a piddling amount of work.

Another possibility is that you did not download from the website you state and instead you have a copy with malicious code embedded, this is why it is important to verify that the copy we have downloaded comes from the website and that we use ways to verify that the downloads are correct, I do not know if you can verify electrum with checksums but if it is possible you should have done so.

There is something wrong with your computer and it is not the electrum wallet maybe there is malware or virus that controlling your computer. Maybe it is best to check your computer first and scan it by an anti-virus and also a anti-malware applications so you can have the conclusion if there is a virus or malware or just a random fault by the wallet.

That's totally weird. You must have some kind of trojan in your pc that caused that to happen.
Or your computer is hacked and someone can control it remotely.

Most of the members of the forum (not including me) use electrum for their daily use.  

No, they probably didn't. Electrum is an open source project and one of the more reliable wallets available in the cryptocurrency world. I never saw one single person claiming to have been robbed by Electrum. Maybe you should see if you made any mistakes before pointing fingers?

Here what I think may have happened: You had a malware in your computer, someone stole your wallet file or recovery seed and sent your Bitcoins to another wallet. Have you scanned your computer recently?

hmm

If it was Electrum itself it would be all over this forum in seconds.

The most likely explanation is that someone else has control of your computer remotely. Have you scanned it from top to bottom?

What is going on here?