electrum wallet got hacked, 5 years of bitcoin gone

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: BlackHatCoiner on December 05, 2022, 04:29:50 PM

Quote from: ?? on ??

It's possible OP opened infected PDF file on certain PDF reader, where the infected PDF exploit security vulnerability of the PDF reader which can be used to execute arbitrary script.

Why would a PDF reader have access to AppData? Except of course if OP had moved the wallet file somewhere externally.

I'm talking about arbitrary script launched by the PDF reader, not PDF reader itself. And i don't remember Windows have strict security control for folder such as "AppData" since it's located inside user home folder. Anyway, you can check CVE-2021-28550 as example of vulnerability on PDF reader.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: vincetaa22 on November 30, 2022, 12:49:30 AM

hello, i have an electrum wallet save bitcoin for 5 years and got hacked, today, i open a pdf file and that file just stole all my bitcoin in the electrum wallet, I am distraught

any advise?

"Don't open unknown files" is the only real help we can give you. PDF's (and word, excel, PowerPoint, as well as many others) documents can contain macros, and some specially crafted macros can overwhelm the parser and cause it to execute malware. That is what happened here.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: ?? on ??

It's possible OP opened infected PDF file on certain PDF reader, where the infected PDF exploit security vulnerability of the PDF reader which can be used to execute arbitrary script.

Why would a PDF reader have access to AppData? Except of course if OP had moved the wallet file somewhere externally.

Quote from: pooya87 on November 30, 2022, 09:36:28 AM

You need to provide more information than that if you want "advice".

Pretty much that. Isn't it a little weird that newbies show up out of nowhere and ask for help to recover their 5 year lost bitcoin with literally zero effort from their side?

Quote from: hugeblack on December 01, 2022, 08:22:27 AM

because I careless and download a lot of PDF files.

It depends rather on the PDF reader. Use reputable, open-source software. I use the pre-installed Evince (AKA "Document Viewer") from Ubuntu 22.04, which AFAIK doesn't allow executing external applications and is only used for reading.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Edwardard on November 30, 2022, 01:01:10 AM

try contacting all the top exchanges like binance (unless the hacker hasnt converted your btc into fiat already) they may blacklist the hacker's address and any try to deposit btc in the exchanges would lead to freezing of the funds!!

I don't think that's as simple as it sounds. Binance and other exchanges aren't just going to listen to a random person asking to have certain addresses blacklisted. They are going to require proof (proof you don' have) and the involvement of law enforcement. But until that happens, the coins will be long gone.

If the goal of the hacker is to convert the BTC into fiat, he doesn't need to touch centralized exchanges at all. He can mix the coins or take advantage of coinjoin services and exchange them via a decentralized exchange like Bisq. P2P trades are another option.

Unfortunately, it seems like the OP's money is gone. Embarrassed

Quote from: hugeblack on December 01, 2022, 08:22:27 AM

because I careless and download a lot of PDF files.

Stop it, before something happens.

BitMaxz

legendary

Activity: 3234

Merit: 2943

Block halving is coming.

Quote from: hugeblack on December 01, 2022, 08:22:27 AM

AFAIK, most of PDF viruses did not have the ability to move between applications, and then I have not heard of any hack just because of PDF, can anyone confirm this information?! because I careless and download a lot of PDF files.

According to adobe yes it can contain viruses and malicious code that can potentially hack your device or PC.

Why not check Adobe they have their own explanation about this here below

- https://www.adobe.com/acrobat/resources/can-pdfs-contain-viruses.html

hugeblack

legendary

Activity: 2492

Merit: 3612

Buy/Sell crypto at BestChange

Quote from: nc50lc on November 30, 2022, 03:46:18 AM

There should be something more to this than just a pdf file wiping out your Electrum.
There is no reported vulnerability in Electrum that's directly linked with pdf files.

+1

AFAIK, most of PDF viruses did not have the ability to move between applications, and then I have not heard of any hack just because of PDF, can anyone confirm this information?! because I careless and download a lot of PDF files.

Have you signed a transaction during another application that works?

joniboini

legendary

Activity: 2170

Merit: 1789

Did you get that PDF from an e-mail? I've seen a lot of phishing e-mails on my throwaway emails for the last few days. You should never open an attached file from an e-mail if the sender is unknown to you (these e-mails are usually gibberish and should be easy to spot unless you set your e-mail app to automatically download them). Some news reported that these PDF contains a keylogger and other stuff, so Electrum is likely not at fault.

My condolences, try to reinstall your OS and probably wipe your device just in case the malware is still there.

pooya87

legendary

Activity: 3444

Merit: 10537

You need to provide more information than that if you want "advice". What was the link between opening the PDF file and your Electrum wallet being emptied? It just doesn't happen like that and a malware won't give you a warning when stealing your coins. Why do you even think the pdf file was the problem?
Besides, are you sure your coins are stolen? Maybe the wallet is having problem syncing. Is it 5 year old wallet opened today or are you regularly using it? Was your wallet password protected?

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: vincetaa22 on November 30, 2022, 12:49:30 AM

-snip- today, i open a pdf file and that file just stole all my bitcoin in the electrum wallet

any advise?

There should be something more to this than just a pdf file wiping out your Electrum.
There is no reported vulnerability in Electrum that's directly linked with pdf files.

If you need advice, please provide more info on what happened.

But in the end, that confirmed bitcoin transaction cannot be reversed by anyone.

Wexnident

hero member

Activity: 2506

Merit: 628

I don't take loans, ask for sig if I ever do.

Isn't it gone? I doubt most would be able to do anything in terms of recovery once it's moved, maybe if a report is done but I'd say it's rather minimal for exchanges to move to help recover it. I'd honestly try to clean everything from said pc/laptop first and change your security for your emails, accounts, or anything important since as I've said, your funds are most likely lost already. Invest in a hardware wallet to avoid the same thing happening again and try not to well, open stuff you don't know where it came from.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

1. Stop being careless and invest money in a hardware wallet

2. Stop opening random files

3. Report it to the authorities

4. There's a 99.9% chance that your funds are totally gone. Let this be a very important (and expensive) lesson to take security very seriously, especially when talking about long-term investments

Edwardard

hero member

Activity: 1050

Merit: 681

Quote from: vincetaa22 on November 30, 2022, 12:49:30 AM

hello, i have an electrum wallet save bitcoin for 5 years and got hacked, today, i open a pdf file and that file just stole all my bitcoin in the electrum wallet, I am distraught

any advise?

Woah, quite sad story. You shouldn't have opened that pdf in the first place. May we know the source of pdf ? Was that given to you by any known member here ? A website ? This would help others to stay safu! Btw, if the amount is quite large, try contacting all the top exchanges like binance (unless the hacker hasnt converted your btc into fiat already) they may blacklist the hacker's address and any try to deposit btc in the exchanges would lead to freezing of the funds!! Once again, sorry for the loss but you should be more aware next time.

Don Pedro Dinero

legendary

Activity: 1288

Merit: 1491

The first decentralized crypto betting platform

So I understand that you had Electrum installed on your PC or laptop but you didn't have a hardware wallet connected to it, is that it?

My advice for the future would be to buy a hardware wallet as I doubt that you will be able to recover the funds, but for less than 100 dollars you can avoid things like what happened to you. See if it's cheap.

vincetaa22

newbie

Activity: 1

Merit: 0

hello, i have an electrum wallet save bitcoin for 5 years and got hacked, today, i open a pdf file and that file just stole all my bitcoin in the electrum wallet, I am distraught

any advise?

Topic: electrum wallet got hacked, 5 years of bitcoin gone (Read 248 times)