Pages:
Author

Topic: Hacker moved coins from my wallet - page 2. (Read 632 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
May 01, 2023, 02:18:03 AM
#27
Wow even if I wouldn't call that a massive attack for now, it starts to scare me a little bit to be honest. Unlike what some people are saying above, Electrum could be not so safe to use anymore if those testimonies are true. So what could we do now ? Only using it as a cold wallet? But how we will make Lightning Network transactions now?
Hot wallets have never been 100% safe, no matter which one you use. Microsoft Windows has never been safe either, and most computer users make mistakes once in a while. Any substantial funds should indeed be kept in cold wallets.

Do you accidentally allow something which malwarebytes blocked?
No if my memory serves me right. I usually read the alerts by antivirus, antimalware programs and I always choose quarantine/remove option , allow is not even a chance.
I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.
legendary
Activity: 3094
Merit: 1472
May 01, 2023, 12:35:31 AM
#26
I will try to answer as much as questions as I can but right now since I don't have any particular answer I will say due to my carelessness it happened. I will be quick and direct as much as I can so pardon me for not explaining properly or to the point as needed.


Have you clicked on an update after logging in to the Electrum wallet?

It wasn't through any Electrum popup and I am aware about case where someone installed a hacker version of Electrum. I actually updated the Electrum wallet some time ago. Maybe like 2-3 months from the site after verifying gpg signatures.

I just want to inquire that you saved this phrase cloudly online anywhere.

No, it wasn't.


It's the first time you get hacked ? Other funds on other addresses from your wallets are still here or some other have been theft too? Did you check your logs from Electrum to see if your funds have been stolen through Electrum on your computer? Because if you haven't exposed your seed anywhere else, I wonder how the attacker has been able to hack your funds, if it's not from Electrum directly ? It would be a really bad news because it would mean that Electrum is currently not safe anymore.

a) Yes, its my first time getting hacked like this.
b) There were other addresses but they didn't had any transactions.
c) I don't think it was Electrum actually because I have been using Electrum for long time and before installing, I confirm its from original source. The question is why now?

I highly suspect something running in the background. But I've autorun software to check if there is something malicious in registry which has been set to autorun and I check it too and I check the processes running in background regularly as well.


Do you accidentally allow something which malwarebytes blocked?

No if my memory serves me right. I usually read the alerts by antivirus, antimalware programs and I always choose quarantine/remove option , allow is not even a chance.


What do you mean "only one in the wallet"?  Did you create the wallet with an imported private key?  So, you don't have a seed phrase?

This will serve as an answer to anduloika and you as well: The wallet address was created by VanitySearch and I trust this software but as a precaution I use it for only small amounts. Since its been so long , I started trusting for more balance. There were other addresses as well which also was created by VanitySearch as I like to generate some cool addresses and use it but none of them had any balance in it or were used in the forum except the one I use.

so @anduloika it wasn't a private key with recoverable security questions.

Can you give us more detail, please?  Windows version, Electrum version before the re-install, any other software you may have downloaded in the recent months?

Yes, it was a Windows version. I am not sure of Electrum version but I recall something like 4.3.3  something. Software I could have but they were usual like Chrome and Winrar and stuff. Just the things I need. All were downloaded from original sources.


I don't use any malware software other than what's included in Win11, and to be honest I don't know how effective any of them really are.  It seems like they can only work once the malware is identified by the developer, and added to the software's blacklist.

Yes, it is only added once some has been affected by it. By the time its added, they already have got their initial victims. I am not saying it happened to me or maybe it did but the purpose is to let others aware of problems like this.



I don't think Electrum is the case actually as I've been using it for more than 2-3 years in this lappie and over this course of years bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3.... address has received many signature campaign earnings and later on there were times when there was more funds than that. So why now?

I've also come to conclusion right now that it was probably some script running in background whenever I open Electrum and it probably sends private keys of all the addresses in the wallet and then have a system of some sorts which sweeps all the balances when the addresses receives some balances. <--as some of you guys have mentioned here

As for Malwarebytes, I am bit surprised that it didn't alerted something running in background whenever I opened Electrum. I am bit paranoid about scripts running in background or autostartup so I had softwares to check those as well and delete/remove those things as well.


What I am not sure of is that entry point of this script/malware or whatever. I also seriously don't recall anything suspicious being downloaded. I've already made a fresh install of the Windows on my laptop after clearing everything in every partition my laptop has including the partition in MB size having some boot records so I can't go back and check those things about what happened for clear.

At the end, I can only say always be wary of these things. Anti-viruses/anti-malware also sometimes might not protect you all the time.

About hardware wallet, I still have a Ledger Nano which I have used in the past to hold big balances but right now I don't use it. So yeah I have the policy of big balances to hardware wallets but there are cases where I need to move coins fast I tend to loose up a little and move into wallets that I have in my easily accessible devices.



Thank you everyone for answering here and discussing with ideas on what could have happened.
legendary
Activity: 1708
Merit: 1048
April 30, 2023, 07:34:29 PM
#25
Only what I noticed that you can click on is the Electrum URL for update, which was never like before but having the correct Electrum URL for update. Another thing that I know that can be clicked on is the blockchain explorer.

You can fall for the trap too if you are the type of person that do not take wallet safety and online security seriously. It is not about Electrum wallet, it is about carelessness. Anyone that can fall for the scam while using Electrum can also fall for the scam while using any other online wallet.
I think you are right but in the maximum case, we can see hacking of Electrum instead of any other wallet. In the case of Julerz many people thought julerz s lying to steal the fund of the campaign. But there is no way to think that about the OP. Actually, both fall on the hacking and no-one lying.

It has nothing to do with Electrum itself, it has to do with a virus or malware that is capable of sweeping/sending coins from Electrum to an address the moment it is received or as andulolika clued, the virus/malware got the security phrase and the hacker was able to move the coins that way.

I am guessing the OP was using Windows and relied on nothing more than malware-bytes to protect him from online threats, contracted a form of virus/malware at some stage (as presumed Julerz did also) and the hacker was able to sweep/send the funds to their address.

This is yet another validation for the cybersecurity & privacy board to be implemented into the forum.

hero member
Activity: 3024
Merit: 614
Leading Crypto Sports Betting & Casino Platform
April 30, 2023, 06:12:07 PM
#24
I am sorry and saddened by the loss you have experienced.

Electrum is a pretty good bitcoin wallet from what I know that keeps me looking for it by reading every post related to electrum wallet.

A few days ago I signed/verified the address with electrum to prove ownership of the address and it was quoted and verified by @bitbollo

OP broke the news that broke me Today at 12:31:19 PM.
I came across a discussion about electrum wallet users 2FA Today at 11:53:20 AM.

There seems to be continuity.
I just want to follow for the sake of gaining new knowledge.

I also verify and signed the wallet using Electrum and now checking articles and discussions about Electrum's security, this is not good if we have two reputable and I believe knowledgeable members getting hacked using the same wallet,
I hope Avirunes can give us more details about our security concerns, I'm using Malwarebytes too, and Kaspersky if this is not enough I guess the only option is to transfer to Linux for better security, this was highly recommended when Julerz Electrum wallet was hacked.
legendary
Activity: 2366
Merit: 1048
April 30, 2023, 05:05:37 PM
#23
If your private key was recoverable with security questions then you might have the answer.

Hi andulolika Smiley
you can recover private keys from electrum with security question?!
I've never heard of this possibility.
it's a "classic" wallet they shouldn't have this option since you don't set... but I could be wrong maybe I don't know this function ?!?
Hey there! Cheesy.
It is possible if the private key was created in a different place and imported there.
I find it more likely that his device was compromised by untrustworthy apps which can very very easily leak into the pc such as a fake file or corrupted installer.
member
Activity: 111
Merit: 17
April 30, 2023, 05:04:33 PM
#22
I am sorry and saddened by the loss you have experienced.

Electrum is a pretty good bitcoin wallet from what I know that keeps me looking for it by reading every post related to electrum wallet.

A few days ago I signed/verified the address with electrum to prove ownership of the address and it was quoted and verified by @bitbollo

OP broke the news that broke me Today at 12:31:19 PM.
I came across a discussion about electrum wallet users 2FA Today at 11:53:20 AM.

There seems to be continuity.
I just want to follow for the sake of gaining new knowledge.
copper member
Activity: 2422
Merit: 1313
Playbet.io - Crypto Casino and Sportsbook
April 30, 2023, 04:50:45 PM
#21
Only what I noticed that you can click on is the Electrum URL for update, which was never like before but having the correct Electrum URL for update. Another thing that I know that can be clicked on is the blockchain explorer.

You can fall for the trap too if you are the type of person that do not take wallet safety and online security seriously. It is not about Electrum wallet, it is about carelessness. Anyone that can fall for the scam while using Electrum can also fall for the scam while using any other online wallet.
I think you are right but in the maximum case, we can see hacking of Electrum instead of any other wallet. In the case of Julerz many people thought julerz s lying to steal the fund of the campaign. But there is no way to think that about the OP. Actually, both fall on the hacking and no-one lying.
legendary
Activity: 2604
Merit: 2353
April 30, 2023, 01:57:58 PM
#20
Sorry for your loss, Avirunes.  This is getting concerning, there seems to be an increase in these reports.  So far the ones I've seen have all been on Windows machines, but I don't know if other operating systems are immune.  A similar event was recently discussed on Github, I've added the link below.  

Issue discussed on Github: https://github.com/spesmilo/electrum/issues/8263
Corresponding forum thread: https://bitcointalksearch.org/topic/my-wallet-has-been-hacked-what-to-do-5445300
Recent similar incident: https://bitcointalksearch.org/topic/ive-been-hacked-electrum-432-5433643
[...]
Wow even if I wouldn't call that a massive attack for now, it starts to scare me a little bit to be honest. Unlike what some people are saying above, Electrum could be not so safe to use anymore if those testimonies are true. So what could we do now ? Only using it as a cold wallet? But how we will make Lightning Network transactions now? We can't do that with a cold wallet unfortunately. I really hope it's just a coincidence because it would be a really bad news for Bitcoin, many people are using Electrum has a hot wallet on their computer  Undecided

What we can be sure of is that these cases are isolated and do not reflect the overall security of the Electrum wallet. Electrum is a reputable and widely used cryptocurrency wallet that has undergone numerous security audits and has proven to be highly secure.

By the way, OP, I'm sorry for your loss. This may be a good time to consider getting a hardware wallet to prevent situations like this from happening again in the future.
LOL Cheesy You like to be funny bro  Roll Eyes
legendary
Activity: 2534
Merit: 1115
April 30, 2023, 01:32:27 PM
#19
sorry about your loss, it would be nice if you could update us if you ever find out what was the cause of your wallet being compromised.

Sorry to hear about your loss. A few weeks ago the same thing happened to Julerz now happened to you. Can't imagine what is going on with Electrum. Also can't remember but seen a similar case for an Electrum hack. Have you clicked on an update after logging in to the Electrum wallet? I never click on anything through Electrum. I am afraid that I will fall into this type of trap.
perhaps creating a multi-sig wallet would help to greatly increase the security of your wallet and the asset inside it.
legendary
Activity: 1526
Merit: 1359
April 30, 2023, 01:03:51 PM
#18
Regrettably, stories of this nature seem to surface all too often. What frustrates me most about such cases is that the truth behind them is often shrouded in mystery. There could be a multitude of reasons why someone's cryptocurrency is compromised - an unsecured wallet or device (where the thief had physical access to the computer), malware or spyware on the system, falling prey to a phishing attack (where the user knowingly or unknowingly exposed the private key or seed to third parties), an outdated or insecure operating system (many people are hesitant to admit using a cracked version of software, which could introduce numerous threats), or even a remote hack on the system. The list of potential culprits is virtually endless.

What we can be sure of is that these cases are isolated and do not reflect the overall security of the Electrum wallet. Electrum is a reputable and widely used cryptocurrency wallet that has undergone numerous security audits and has proven to be highly secure.

By the way, OP, I'm sorry for your loss. This may be a good time to consider getting a hardware wallet to prevent situations like this from happening again in the future.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
April 30, 2023, 01:00:34 PM
#17
If your private key was recoverable with security questions then you might have the answer.

Hi andulolika Smiley
you can recover private keys from electrum with security question?!
I've never heard of this possibility.
it's a "classic" wallet they shouldn't have this option since you don't set... but I could be wrong maybe I don't know this function ?!?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
April 30, 2023, 12:56:36 PM
#16
Sorry for your loss, Avirunes.  This is getting concerning, there seems to be an increase in these reports.  So far the ones I've seen have all been on Windows machines, but I don't know if other operating systems are immune.  A similar event was recently discussed on Github, I've added the link below.  

Issue discussed on Github: https://github.com/spesmilo/electrum/issues/8263
Corresponding forum thread: https://bitcointalksearch.org/topic/my-wallet-has-been-hacked-what-to-do-5445300
Recent similar incident: https://bitcointalksearch.org/topic/ive-been-hacked-electrum-432-5433643

the hacker moved it from my wallet address: bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 (only one in the wallet).

What do you mean "only one in the wallet"?  Did you create the wallet with an imported private key?  So, you don't have a seed phrase?


I am not sure how he got control of my Electrum wallet  (despite Malwarebytes on my laptop) but as soon as it happened I reset password of forum and other sites via my mobile and did fresh install of Windows.

Can you give us more detail, please?  Windows version, Electrum version before the re-install, any other software you may have downloaded in the recent months?


I am clueless as to how this could have happened as like I said I had Malwarebytes on my laptop but despite that this incident happened.I know how dumb and idiot I look right now but I still can't wrap my head around how this could have happened.

I don't use any malware software other than what's included in Win11, and to be honest I don't know how effective any of them really are.  It seems like they can only work once the malware is identified by the developer, and added to the software's blacklist.

I don't know how this is happening either, but I suspect there might be some malware being promoted to crypto users that attacks Electrum and extracts funded private keys.  Based on the Github discussion to which I linked above, multiple victims had their funds stolen in one transaction that included multiple address types, indicating the private keys were swept.

All I can say is be very careful and suspicious of any software you install your system, and diligently verify Electrum downloads.
hero member
Activity: 2954
Merit: 796
April 30, 2023, 12:54:39 PM
#15
It’s unusual for a malware to get through on Malwarebytes since it’s very active on blocking any incoming malware from the web. You should combine WD on top of your malwarebytes to have second layer of security.

By any chance, Do you accidentally allow something which malwarebytes blocked?
legendary
Activity: 2366
Merit: 1048
April 30, 2023, 12:46:49 PM
#14
If your private key was recoverable with security questions then you might have the answer.
legendary
Activity: 2604
Merit: 2353
April 30, 2023, 12:42:46 PM
#13
What happened:  Today I requested additional loan in shasan's thread here https://bitcointalksearch.org/topic/m.62169183. After some discussions privately with shasan it was approved by him and he sent the coins. As soon as it arrived the hacker moved it from my wallet address: bc1qwerty0uuuee9t3jf5tvr0952a099p67qama7k3 (only one in the wallet). I am not sure how he got control of my Electrum wallet  (despite Malwarebytes on my laptop) but as soon as it happened I reset password of forum and other sites via my mobile and did fresh install of Windows.

Scammers Wallet Address: bc1qzzvml53wkc5g4w5tuk6xz0t0j332rfgftymf2f

Amount Scammed: 0.015 BTC
It's the first time you get hacked ? Other funds on other addresses from your wallets are still here or some other have been theft too? Did you check your logs from Electrum to see if your funds have been stolen through Electrum on your computer? Because if you haven't exposed your seed anywhere else, I wonder how the attacker has been able to hack your funds, if it's not from Electrum directly ? It would be a really bad news because it would mean that Electrum is currently not safe anymore.
hero member
Activity: 812
Merit: 619
April 30, 2023, 12:16:38 PM
#12
Very sad to hear that you lost 450$. I just want to inquire that you saved this phrase cloudly online anywhere. If you saved then this is possible reason hacker got access to your wallet and success in transfer fund. Online savings phrase may be gmail, photos l, Notes Telegram or other social media where you send phrase. hackers send these btc to another wallet. More chance that he mixed it using any mixer or deposited into his own other wallet.

You did right job to reset all password on time but its not enough yet because it's essential to know how hacker get access to wallet.
member
Activity: 527
Merit: 72
Crypto - Fiat Exchange
April 30, 2023, 11:25:40 AM
#11
You probably had the malware in your computer for a while and it got activated once it detected coins in your wallet. When was the last time you made a transfer using this computer?
hero member
Activity: 1008
Merit: 755
April 30, 2023, 11:17:52 AM
#10
I feel bad just hearing about the continuous and unstoppable attacks. I myself experienced something similar a few weeks ago when my BNB was instantly transformed into another wallet upon receiving it. I understand the shock and bad feeling that you are going through right now, so I’m very sorry for that.
I don't think the issue lies with the Electrum wallet itself, If hackers had found a security loophole in Electrum without having to access your pc first they would target wallets of whales with large amounts of Bitcoin logically. I am sure that your device has been hacked using a malicious program or file you downloaded and your antimalware defense isn’t enough. If you could recall the latest files that you downloaded before the last time you used your Electrum wallet on your PC and run a test on VirusTotal for example and you may find something. Since I’m not sure tracing the hacker’s wallet will lead into something.
And as other users have suggested using a wallet on an online PC is a ticking time bomb waiting to explode. The solution to prevent such painful experiences is to use another device only for a Bitcoin wallet or a better option which is to get a cold wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
April 30, 2023, 11:02:18 AM
#9
Never Enter your phrase, personal Gmail, Social accounts related to crypto because Laptop or Pc can easily be hacked through malware. Mobile is secure so far as i am using for 5 years and did not faced any problem while using PC my phrase compromised 3 times
This doesn't mean a mobile is more secure than a PC. This only means that your PC had been infected with a malware and you have been lucky that your mobile hasn't been hacked yet.
@ItsCrafty
On my laptop, what I used it most for are 2FA enabled exchange accounts, Netflix and YouTube Premium (I hate ads). Having little amount of bitcoin on Electrum on the laptop and still expecting malware, although not likely. It depends on how you use your device, be it phone or computer. But you should know that you should not have the coins that you can not afford to lose on an online wallet, there are cold wallet options that you can go for. Mobile devices are always online, be careful.
legendary
Activity: 2380
Merit: 5213
April 30, 2023, 10:46:56 AM
#8
I'm also an Electrum user but I seldom use it now after Julerz's story.
As I said in my previous post electrum is secure enough. Just because someone got hacked doesn't mean electrum isn't secure. Electrum is open-source and there's nothing hidden from the users.
As long as your device is online, whatever wallet you use, there's the chance of getting hacked.


Never Enter your phrase, personal Gmail, Social accounts related to crypto because Laptop or Pc can easily be hacked through malware. Mobile is secure so far as i am using for 5 years and did not faced any problem while using PC my phrase compromised 3 times
This doesn't mean a mobile is more secure than a PC. This only means that your PC had been infected with a malware and you have been lucky that your mobile hasn't been hacked yet.
Pages:
Jump to: