Topic: How seed phrase can be hijacked? (Read 265 times)

It would really help if you told your friend to register an account here and explain exactly what he did, what precautions he took to keep his private keys and seed safe, when was the last time he used his wallet, and what he did just before the coins disappeared. 

Unfortunately, nobody can help to get those Bitcoins back but he will learn the right ways to prevent things like this from repeating in the future.

I agree with TryNinja, but think his answer might be a little bit to technical and probably a bit to short. Since you're asking these questions and have these doubts, i can assume you're pretty new to the cryptocurrency ecosystem and have little or no knowledge about the techical details, am i right? There's no shame in this, we all had to learn at some point...

In this case, i'll try to simplify things so you'll have a very basic understanding of what is happening. I'm simplifying here, this isn't the complete technical explanation!!!!

Bitcoins aren't a physical thing, they aren't stored on your hard disk. The bitcoin network is basically a ledger (think of it as a big excel sheet). This ledger contains records (lines in the sheet) that indicate which address is funded with how much unspent outputs (and the value of these unspent outputs).
Since this ledger is decentralised, it's stored on thousands of nodes, so everybody knows what the balance of each address is at any point in time. In order to spend the unspent outputs, you have to generate a signature. This signature is created by a PRIVATE KEY. ONLY the owner of the address is supposed to have this private key (that's why they call it private).
The address is the hash of the public key that belongs to this private key. So if you decide to spend an unspent output funding your address, everybody in the world will be able to verify if the signature you provided is valid, since they have your public key, but nobody will be able to recreate this signature since they do not have your private key.

What electrum does is: it gives you a seed phrase.
This seed phrase is converted into a master private key
Individual private keys are derived from the master private key
The public key is derived from each private key
The public key is then hashed to generate the address

Electrum now queries the electrum nodes with the ADDRESS... The nodes reply which unspent outputs are funding this address... Electrum does NOT send the private key, the master private key or the seed phrase to the electrum node. When you create a transaction, the PUBLIC KEY will be included aswell and the transaction will be broadcasted to a node.... An electrum node will only receive an address, and it'll send information that's publicly known back to the individual's wallet.
The wallet uses the information it receives from the node in order to build and sign a transaction. The transaction will use the unspent outputs funding addresses controlled by him as inputs to create a new transaction, the derived private key(s) will be used to sign the transaction ON THE INDIVIDUAL's PC. The private key(s) will never leave your pc (unless you downloaded a malicious client, or are infected, or are running a very old electrum version). Once a transaction is signed, it'll be broadcasted trough the nodes, but a signed transaction does NOT contain any private key or seed. It contains a list of unspent outputs that'll be used as input, a list of PUBLIC keys, a list of new unspent outputs that'll be created and signatures... No information that's harmfull to you is included in a transaction, so a node will not be able to rob you.

SOOOO... long story short. In order to rob you, a node would need the seed phrase, the master private key or the derived private key key. The node NEVER receives this data from an electrum wallet. You can verify this if you read electrum's sourcecode. Many developers have already verified the sourcecode and confirmed no seed phrase, master private key or derived private key are being sent to the node. The code just isn't there to do this.

They do not download any because the "wallet" isn't stored anywhere. The seed is the wallet (in easy words). The software (Electrum) derivates the private-keys from the seed and this process is totally decentralized, offline and trustless.

Thank you for the replies guys, really appreciate it! The thing is that my friend thinks I'm an idiot who doesn't know what he's talking about so we reached to community to see what they think. I've told basically the same things to him that you did. Only thing as I don't understand where seed phrase is stored though. I mean, how wallet knows what file to download when I enter my seed pharese. That should be it. Thanks a lot!

Well... It's not only fake electrum versions, it's also very old ones that can give a problem... Altough IIRC, most electrum nodes will reject connections from old, vulnerable versions...

Is your friend's electrum version < 3.0.5 without a passphrase and did he open a potentially malicious site? In this case, this vulnerability might have happened:
https://electrum.readthedocs.io/en/latest/cve.html

So... Things that could have happened:

• Your friend downloaded a fake version of electrum
• Your friend saved his seed in an unsafe environment (cloud hosting?)
• Your friend had a version < 3.0.5, an unencrypted wallet and visited an unsafe website
• Your friend had malware on his pc
• Somebody got physical access to his pc containing either the seed, an unencrypted wallet, or a wallet encrypted with a weak password
• Your friend executed a script in electrum's console that looked legit, but actually contained malicious code
• Your friend exported the private keys and stored them insecurely
• Your friend imported the seed in another (closed source?) wallet
• ...

Like others have said, electrum is open source and peer reviewed... Like allmost all software out there, vulnerability's have been found in the past (and they've been patched). There never is 100% guarantee that no new vulnerability's will be found, but at least, with electrum you have the option to review the sourcecode.

I will always argue that the problem is not just how good or bad the software is, but whether it is being used correctly or incorrectly. Seed that can consist of 12-24 words depending on your wallet is a very good idea when it comes to backup, but big problem is in way people keep that backup. E-mail, cloud, simple text file on PC/mobile, a piece of paper left in the reach of children or pets, USB stick in the drawer that ends up in the trash one day - and probably at least that much other stupid ways to lose BTC.

Electrum is free to use, but it is not free from using the brain - and is some cases it can be a great way to lose money. I keep more than 1 BTC in desktop Electrum for years, and I never lost a single satoshi.

Another important question is where he kept the backup of the seed. You know, some still keep it in e-mail or such 
(People are great at making sure they have no back doors open and forgetting to check the front door).

If this is indeed possible, then Electrum would be dead since a long time ago. The fact that it's still one of the most used wallets says it all. Your friend's story is weak.

Aside from keylogger, ask him where he stores his backup. If it's lying on Google drive or something, then try to start from here.

usually people who say this and have already lost their funds are only thinking they were secure whereas in reality they were far from it. you can simply figuring it out by asking them some basic questions. start from "where did you download Electrum from and did you verify its signature" ask them to show you the public key of the developer they used to verify the signature and in 90% of the cases i have seen their story starts to fall apart with this question.

to answer your question, it depends on the person. Electrum is open source and has nothing malicious in it to "hijack" any of your secrets but there are always lots of ways that the users themselves could simply leak it. and unless your "friend" comes here and starts explaining his specific situation and things he did that led to the loss, we can't say anything for sure.

I don't believe Electrum is easy to highjack the seed phrase if your friend downloaded a correct one. Have you tried to ask your friend what exactly happen? Because I almost being hack before when I received a message that looks like coming from the official message of Electrum claiming that I need to update with the latest version. That happened when I make sending a transaction and the message sudden popup.

That I suspected that your friend received a message that comes from a phishing attack that explained it here by theymos. And make sure that your friend has used this correct link upon downloading or updating it into a new version ( https://electrum.org/#download ) the Electrum.

I doubt that it has been caused by a verified Electrum client. As much as your friend can say that it's not malicious there might be something in there..

Maybe brute-forcing the seed phrase to open the account? But the chances of that are so low. 0.001% when I searched for it.

https://bitcoin.stackexchange.com/a/64079

No, that's impossible I have a wallet that I used but never been hijacked from the Electrum server.
A well-known issue about Electrum is when you are using fake Electrum wallet and the update notification which will lead you to the phishing Electrum website.

If he installed a real Electrum wallet when it was below Electrum 3.3.4 and seen a notification that needs to upgrade to the latest version and use the link from the notification. The risk is high that he might be installed a fake Electrum wallet that could lead to bitcoin to be stolen by the hacker.

What OS and protection installed on his PC?


Yeah, agree but it will still depend on us if how we protect our wallets.

No. It's not possible. Your friend probably downloaded a fake Electrum or had a malware on his PC and that's how he lost his BTC. Electrum is one of the safest wallets there is.

Ask him if he received any "update message" asking him to download a new version of Electrum, and where did he download it from.

Hi. My friend had $3,5k worth of BTC stolen recently. He swears he did not install any malicious Electrum clients and his PC, network and, therefore, seed phrase has not been compromised.

He claims that his seed phrase somehow has been jacked from Electrum servers? Is that technically possible? He claims that Electrum is a scam project and they somehow gained access to his wallet via seed phrase. Need someone to explain it better from the inside. Thanks!