Topic: Electrum Wallet drained after login (Read 338 times)

This is one of the options , no doubt about it. Although it seems to me that if the OP is a player, and gambling is conducted from the same device where he stored his seed phrases and passwords, then there is nothing surprising about where he could get a bunch of viruses from. Just one phishing link is enough; the RAT virus that was detected in him monitored all file openings. And the keylogger quickly transferred his wallet password to the right place. It is surprising that Windows, gambling, and finances for many still exist as something harmless, publicly available, used together, and in the literal sense.

The hackers often obfuscate their malware and that's the reason why most anti-virus software and scanners can't find the malware in a system. Of course after reading your posts and reading most of the posts in this thread, I also came to the conclusion that your computer was infected with a malware and that's the reason why your wallet was drained.

I also suggest you to always keep your wallet and wallet related information in a separate system because these days hackers try their best to steal Bitcoin. I would also suggest you to try storing your Bitcoin in cold wallet as that's much safer than the hot wallets. Personally, I also use Electrum wallet on Windows and so far I haven't faced any issue. I must say that I have separate system where I connect my wallet and kept it there and it has been safe for me. However, my holdings are still in a wallet that not connected to internet.

Funny but yeah all the same source. All of the .exe files were installed on the same date at the same time. Crazy, isnt it? Anyway, thank you guys for helping me figuring things out. I think I am going to switch to a hw wallet but so far not sure which model I chose.

Mind sharing why this ensures that the BIOS has not been tampered with?  I have never heard of this option.  Downgrade and then re apply the latest?  Is it about the signature verification?

-----

Is it the 'cloud' Service they started offering a while ago or is it something entirely different?  I just realized how stupid things are with the Ledger.  You could pay them to store your Seed onto their Servers but I am pretty sure there is no way you can see the Seed yourself!  I think it was impossible to see the Seed again if you lost your piece of paper holding it, or forgot where your washers were buried at!

If you your device is fully secured, and you are very sure that no malware attack will affect your device as you said, then you have revealed your private key with someone or someone have access to your private key without you knowing about it, and the person has done it by sending out all your Bitcoin to his wallet.

It is still possible to have malware attack even in the latest windows because must of these antivirus are not fully secured and some of these windows defenders do get outdated before our notice which can also attract malware.
Next time, make sure you save your seed phrase to in a secured and reliable place because it is very possible that the Bitcoin was stolen by someone who have access to your private key.

Wow, with such bunch of malware lurked in various corners of   you machine it is hard to expect the safety for your stash. It's not a matter of "if" but "when" you wallet had to be emptied ^{it is inevitable}.  I only wonder what concrete malware had its fingers in the pie. Besides, it is hard to believe that all of them came from the same malicious source. Probably there was something like competition between different intruders.

Thanks for sharing this here. With the newly installed PC, make sure you do not download anything from unknown sources. The scammers are getting smart and some of their malware can skip the antivirus just like some of the antivirus didn't detect anything in your PC. In this case, Malwarebytes helped you to find the malware. But who knows, there might be other malware out there that Malwarebytes cannot detect.

So, the idea is not to download anything from unknown sources. This is the 2nd case I have seen in the last couple of months where a member complained about getting drained after opening their Electrum wallet, even though it was downloaded from an official website.

Thanks already did that. Right after the transaction I scanned with the tools one by one and plugged the network cable after to prevent myself. In fact I am posting with the new installed pc.

So it was a spyware or keylogger, or some script that executed right after you entered your passwored.
They were monitoring you, and waiting for you to allow them access, and they took advantage of it.
I'd ran a deep scan of your pc before anything else. Best bet, format your drive

I know there is no login, but you can protect your wallet with a password which you have to insert every time

There is no login option with Electrum wallet, but if you are using wind0ws OS than there is a chance your computer was infected with some malware or keylogger.
Something like this can happen if your seed words got leaked and compromised, either you kept then online, or in digital format on your computer, you should never do that.
Keeping backup offline and using hardware wallets are the good way to improve protection for your coins.

Probably some trojan or mallware you got from some p0rn site. Just kidding... But the method is the same. Either your keys were leaked, or you installed a compromised electrum wallet.
Or as i said, you have a STD on your pc that looks harmless, but is waiting for you to open your wallet

No. Not Ledger. They've done a lot of oddities, the last one being a "feature" to recover the seed off the HW (and no, not in the moment is generated).
If you don't want to take chances of getting surprises in their (closed source) software, avoid Ledger.
I've done the same, I have now my Ledger no longer used, no longer useful. I've bought a Trezor (in my case Trezor Safe 3) and for now I'm happy with the purchase.

Try to avoid disclosing how much coins you might have. It's not needed to do it here.

Ledger crap is closed-source firmware where nobody knows what's going on. For years Ledger's marketing fools kept spinning the mantra "your private keys or seed can't leave the device". Guess what they've implemented in their firmware for their stupid Seed Recovery subscription service? The firmware of currently supported Ledger hardware crap has code to allow the (encrypted) extraction of your wallet's seed secret to Ledger Live and from there to multiple involved companies that Ledger chose for their Seed Recovery service! This is bonkers, to say the least!

To the folks who say, you don't have to use and pay this recovery service, you're safe, I would reply and emphasize that the code to extract your Ledger's seed is in the firmware. It's kind of a backdoor and because the firmware is closed-source, you can't inspect if and how it's implemented properly and safely.

YMMV, but I would choose a hardware wallet that has reproducible and open-source firmware and accompanying wallet software.

As I'm a shitcoin minimalist, I've chosen a BitBox02 for myself. I would be fine with a Trezor Safe 5 or (better) a Foundation Devices Passport 2 or their newest device isn't bad either. A Krux wallet is nice too, and purchasing the hardware for it doesn't leave a trace associated with crypto coins.

I don't know man! I'm not an expert in this field. You can check this post if you have the time (Show off your hardware wallet) or ask anyone from there. They seems to be using hardware wallets, showing pictures to others and sharing their personal experiences with HW's. They can answer you better, more practically. Lastly, whatever do you do your own research.

Thats a missunderstandig. I had Windows defender and spybot running to check my PC after the transaction happened. Both didnt find anything so I installed avast. Same result, than malwarebytes. I am not that stupid but I was sure that something was totally wrong. As I mentioned only malwarebytes was able to detect the things I've written above.


Thanks man! I've spliited my crypto on different wallet including kraken. This here was "only" ~20% of my BTC holdings. I know it's little consolation, but it could have turned out much worse. In fact, I'm am thinking about buying a Ledger, can they still be recommended without hesitation?

Did you by any chance click on any link or download an update? Maybe there might have been a fake update prompt and once you download any of such updates, you become a victim. If this is not the case, you should be very careful next time when clicking links or downloading anything and ensure that you always download updates from Electrum's official website only.

Since you said the transaction happened 10 minutes before you noticed it, I would have assumed that someone who knows you must have had access to your seedphrase which he used to initiate the transaction. Anything must have happened, so be extremely careful next time.

Along with your innovations and a new and clean system, you must determine the level of security on the computer that provides crypto transactions.
You write that you have been using this wallet for quite a long time, but what was in the interval of that time? Does someone have access to your computer? Children, games, surfing—this will be an open window for entering various junk viruses.
Also, a licensed system, firstly, without various types of "left" activation keys. If you follow your link showing what malware was on your computer, then "AsyncRAT is a remote access trojan (RAT), which allows attackers to remotely control computers in an infected network."
Someone waited an hour to send your funds to themselves.

Linux is better but if using Windows with a hot wallet for small fund, it's acceptable.
It is acceptable to use hot wallet on mobile devices too.

Bottom line is with biggest part of your capital, store it in safer OS like Linux and cold storage wallets, hardware wallets.

Recommended wallets.

Best wallets.

Two guides for using Electrum wallet more carefully and safer with basic steps: download it from official site, verify it before using, backup the wallet, test the backup in recovery step before funding it.
[GUIDE] How to Safely Download and Verify Electrum.
The paranoid user's security guide for using Electrum safely.

Sorry to hear that mate! I'm guessing you are using Windows right? It's pretty easy to break into it. I have been a victim of ransomeware malware and clipboard virus a couple of time, and it really sucked. I think it's time for you to change OS and shift to a Linux distro.

Better if you use a hardware wallet or an airgapped device, if you don't intend to move your assets that frequently.


Who uses multiple antivirus software at the same time on the same system anyway!?. They would have been able to work properly, conflicting with each other. Bad idea cause it'll make the system much heavier and slow!