Topic: Hacker moved coins from my wallet - page 2. (Read 612 times)

Hot wallets have never been 100% safe, no matter which one you use. Microsoft Windows has never been safe either, and most computer users make mistakes once in a while. Any substantial funds should indeed be kept in cold wallets.

I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.

I will try to answer as much as questions as I can but right now since I don't have any particular answer I will say due to my carelessness it happened. I will be quick and direct as much as I can so pardon me for not explaining properly or to the point as needed.

---

It wasn't through any Electrum popup and I am aware about case where someone installed a hacker version of Electrum. I actually updated the Electrum wallet some time ago. Maybe like 2-3 months from the site after verifying gpg signatures.


No, it wasn't.



a) Yes, its my first time getting hacked like this.
b) There were other addresses but they didn't had any transactions.
c) I don't think it was Electrum actually because I have been using Electrum for long time and before installing, I confirm its from original source. The question is why now?

I highly suspect something running in the background. But I've autorun software to check if there is something malicious in registry which has been set to autorun and I check it too and I check the processes running in background regularly as well.



No if my memory serves me right. I usually read the alerts by antivirus, antimalware programs and I always choose quarantine/remove option , allow is not even a chance.



This will serve as an answer to anduloika and you as well: The wallet address was created by VanitySearch and I trust this software but as a precaution I use it for only small amounts. Since its been so long , I started trusting for more balance. There were other addresses as well which also was created by VanitySearch as I like to generate some cool addresses and use it but none of them had any balance in it or were used in the forum except the one I use.

so @anduloika it wasn't a private key with recoverable security questions.


Yes, it was a Windows version. I am not sure of Electrum version but I recall something like 4.3.3  something. Software I could have but they were usual like Chrome and Winrar and stuff. Just the things I need. All were downloaded from original sources.



Yes, it is only added once some has been affected by it. By the time its added, they already have got their initial victims. I am not saying it happened to me or maybe it did but the purpose is to let others aware of problems like this.

---

I don't think Electrum is the case actually as I've been using it for more than 2-3 years in this lappie and over this course of years bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3.... address has received many signature campaign earnings and later on there were times when there was more funds than that. So why now?

I've also come to conclusion right now that it was probably some script running in background whenever I open Electrum and it probably sends private keys of all the addresses in the wallet and then have a system of some sorts which sweeps all the balances when the addresses receives some balances. <--as some of you guys have mentioned here

As for Malwarebytes, I am bit surprised that it didn't alerted something running in background whenever I opened Electrum. I am bit paranoid about scripts running in background or autostartup so I had softwares to check those as well and delete/remove those things as well.


What I am not sure of is that entry point of this script/malware or whatever. I also seriously don't recall anything suspicious being downloaded. I've already made a fresh install of the Windows on my laptop after clearing everything in every partition my laptop has including the partition in MB size having some boot records so I can't go back and check those things about what happened for clear.

At the end, I can only say always be wary of these things. Anti-viruses/anti-malware also sometimes might not protect you all the time.

About hardware wallet, I still have a Ledger Nano which I have used in the past to hold big balances but right now I don't use it. So yeah I have the policy of big balances to hardware wallets but there are cases where I need to move coins fast I tend to loose up a little and move into wallets that I have in my easily accessible devices.

---

Thank you everyone for answering here and discussing with ideas on what could have happened.

It has nothing to do with Electrum itself, it has to do with a virus or malware that is capable of sweeping/sending coins from Electrum to an address the moment it is received or as andulolika clued, the virus/malware got the security phrase and the hacker was able to move the coins that way.

I am guessing the OP was using Windows and relied on nothing more than malware-bytes to protect him from online threats, contracted a form of virus/malware at some stage (as presumed Julerz did also) and the hacker was able to sweep/send the funds to their address.

This is yet another validation for the cybersecurity & privacy board to be implemented into the forum.

I also verify and signed the wallet using Electrum and now checking articles and discussions about Electrum's security, this is not good if we have two reputable and I believe knowledgeable members getting hacked using the same wallet,
I hope Avirunes can give us more details about our security concerns, I'm using Malwarebytes too, and Kaspersky if this is not enough I guess the only option is to transfer to Linux for better security, this was highly recommended when Julerz Electrum wallet was hacked.

Hey there! .
It is possible if the private key was created in a different place and imported there.
I find it more likely that his device was compromised by untrustworthy apps which can very very easily leak into the pc such as a fake file or corrupted installer.

I am sorry and saddened by the loss you have experienced.

Electrum is a pretty good bitcoin wallet from what I know that keeps me looking for it by reading every post related to electrum wallet.

A few days ago I signed/verified the address with electrum to prove ownership of the address and it was quoted and verified by @bitbollo

OP broke the news that broke me Today at 12:31:19 PM.
I came across a discussion about electrum wallet users 2FA Today at 11:53:20 AM.

There seems to be continuity.
I just want to follow for the sake of gaining new knowledge.

I think you are right but in the maximum case, we can see hacking of Electrum instead of any other wallet. In the case of Julerz many people thought julerz s lying to steal the fund of the campaign. But there is no way to think that about the OP. Actually, both fall on the hacking and no-one lying.

Wow even if I wouldn't call that a massive attack for now, it starts to scare me a little bit to be honest. Unlike what some people are saying above, Electrum could be not so safe to use anymore if those testimonies are true. So what could we do now ? Only using it as a cold wallet? But how we will make Lightning Network transactions now? We can't do that with a cold wallet unfortunately. I really hope it's just a coincidence because it would be a really bad news for Bitcoin, many people are using Electrum has a hot wallet on their computer  

LOL You like to be funny bro  

sorry about your loss, it would be nice if you could update us if you ever find out what was the cause of your wallet being compromised.

perhaps creating a multi-sig wallet would help to greatly increase the security of your wallet and the asset inside it.

Regrettably, stories of this nature seem to surface all too often. What frustrates me most about such cases is that the truth behind them is often shrouded in mystery. There could be a multitude of reasons why someone's cryptocurrency is compromised - an unsecured wallet or device (where the thief had physical access to the computer), malware or spyware on the system, falling prey to a phishing attack (where the user knowingly or unknowingly exposed the private key or seed to third parties), an outdated or insecure operating system (many people are hesitant to admit using a cracked version of software, which could introduce numerous threats), or even a remote hack on the system. The list of potential culprits is virtually endless.

What we can be sure of is that these cases are isolated and do not reflect the overall security of the Electrum wallet. Electrum is a reputable and widely used cryptocurrency wallet that has undergone numerous security audits and has proven to be highly secure.

By the way, OP, I'm sorry for your loss. This may be a good time to consider getting a hardware wallet to prevent situations like this from happening again in the future.

Hi andulolika
you can recover private keys from electrum with security question?!
I've never heard of this possibility.
it's a "classic" wallet they shouldn't have this option since you don't set... but I could be wrong maybe I don't know this function ?!?

Sorry for your loss, Avirunes.  This is getting concerning, there seems to be an increase in these reports.  So far the ones I've seen have all been on Windows machines, but I don't know if other operating systems are immune.  A similar event was recently discussed on Github, I've added the link below.  

Issue discussed on Github: https://github.com/spesmilo/electrum/issues/8263
Corresponding forum thread: https://bitcointalksearch.org/topic/my-wallet-has-been-hacked-what-to-do-5445300
Recent similar incident: https://bitcointalksearch.org/topic/ive-been-hacked-electrum-432-5433643


What do you mean "only one in the wallet"?  Did you create the wallet with an imported private key?  So, you don't have a seed phrase?



Can you give us more detail, please?  Windows version, Electrum version before the re-install, any other software you may have downloaded in the recent months?



I don't use any malware software other than what's included in Win11, and to be honest I don't know how effective any of them really are.  It seems like they can only work once the malware is identified by the developer, and added to the software's blacklist.

I don't know how this is happening either, but I suspect there might be some malware being promoted to crypto users that attacks Electrum and extracts funded private keys.  Based on the Github discussion to which I linked above, multiple victims had their funds stolen in one transaction that included multiple address types, indicating the private keys were swept.

All I can say is be very careful and suspicious of any software you install your system, and diligently verify Electrum downloads.

It’s unusual for a malware to get through on Malwarebytes since it’s very active on blocking any incoming malware from the web. You should combine WD on top of your malwarebytes to have second layer of security.

By any chance, Do you accidentally allow something which malwarebytes blocked?

If your private key was recoverable with security questions then you might have the answer.

It's the first time you get hacked ? Other funds on other addresses from your wallets are still here or some other have been theft too? Did you check your logs from Electrum to see if your funds have been stolen through Electrum on your computer? Because if you haven't exposed your seed anywhere else, I wonder how the attacker has been able to hack your funds, if it's not from Electrum directly ? It would be a really bad news because it would mean that Electrum is currently not safe anymore.

Very sad to hear that you lost 450$. I just want to inquire that you saved this phrase cloudly online anywhere. If you saved then this is possible reason hacker got access to your wallet and success in transfer fund. Online savings phrase may be gmail, photos l, Notes Telegram or other social media where you send phrase. hackers send these btc to another wallet. More chance that he mixed it using any mixer or deposited into his own other wallet.

You did right job to reset all password on time but its not enough yet because it's essential to know how hacker get access to wallet.

You probably had the malware in your computer for a while and it got activated once it detected coins in your wallet. When was the last time you made a transfer using this computer?

I feel bad just hearing about the continuous and unstoppable attacks. I myself experienced something similar a few weeks ago when my BNB was instantly transformed into another wallet upon receiving it. I understand the shock and bad feeling that you are going through right now, so I’m very sorry for that.
I don't think the issue lies with the Electrum wallet itself, If hackers had found a security loophole in Electrum without having to access your pc first they would target wallets of whales with large amounts of Bitcoin logically. I am sure that your device has been hacked using a malicious program or file you downloaded and your antimalware defense isn’t enough. If you could recall the latest files that you downloaded before the last time you used your Electrum wallet on your PC and run a test on VirusTotal for example and you may find something. Since I’m not sure tracing the hacker’s wallet will lead into something.
And as other users have suggested using a wallet on an online PC is a ticking time bomb waiting to explode. The solution to prevent such painful experiences is to use another device only for a Bitcoin wallet or a better option which is to get a cold wallet.

@ItsCrafty
On my laptop, what I used it most for are 2FA enabled exchange accounts, Netflix and YouTube Premium (I hate ads). Having little amount of bitcoin on Electrum on the laptop and still expecting malware, although not likely. It depends on how you use your device, be it phone or computer. But you should know that you should not have the coins that you can not afford to lose on an online wallet, there are cold wallet options that you can go for. Mobile devices are always online, be careful.

As I said in my previous post electrum is secure enough. Just because someone got hacked doesn't mean electrum isn't secure. Electrum is open-source and there's nothing hidden from the users.
As long as your device is online, whatever wallet you use, there's the chance of getting hacked.


This doesn't mean a mobile is more secure than a PC. This only means that your PC had been infected with a malware and you have been lucky that your mobile hasn't been hacked yet.