I lost my Bitcoins by fishing attack "update electrum 4".

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: HCP on August 11, 2020, 04:42:20 PM

Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh

Is there a way to detect them? Huh

I guess one could try to simulate an older electrum wallet by connection to random servers and checking their responses when trying to broadcast a transaction.
Creating a list with bad servers and the ratio between bad and good server could be used as a metric.

But i am not aware of whether someone has created such a list already.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bob123 on August 11, 2020, 09:28:37 AM

I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.

The situation may be a little better when it comes to hardware wallets, but if someone is not aware of the basics, then we have a certain percentage of users who will do something like typing their seed online or in fake HW extension. And if you look at how many cases there are of those who are hacked even though they use HW, then it is clear that not even the best security solution is resistant to human stupidity.

Quote from: HCP on August 11, 2020, 04:42:20 PM

The worse part is that they're likely not going to be the last victim either Sad

Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh

Is there a way to detect them? Huh

I don't think the number of such servers matters, because even though the whole thing boiled over at the end of 2018 - there are still a lot of those who haven't opened their wallets since then. All versions of Electrum below 3.3.4 are still vulnerable, and if you only look at the address posted by the OP, the inflow of BTC is constant, which just means that it still pays to run bad servers.

BitMaxz

legendary

Activity: 3248

Merit: 2971

Block halving is coming.

Quote from: HCP on August 11, 2020, 04:42:20 PM

~snip~
Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh

Is there a way to detect them? Huh

I can't seem to find any tools to detect bad servers but I think you can only find those bad servers in old Electrum when it asks for an update. I think it's a sign that the server is bad leading you to install phishing Electrum.

And I heard there are no verified trusted Electrum server lists and you can only find those bad servers when you use old versions of Electrum.

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: bob123 on August 11, 2020, 08:34:37 AM

Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.

"Humans gonna Human"

It's just a fact of life that humans are incredibly irrational beings... and we do really "dumb"/unexpected things when put under stress/duress... witness people taking the time to get their carry-on bags out of overhead lockers when the aircraft they are in is on fire! Roll Eyes

I stopped being surprised by people doing "stupid" things a long time ago... but then, I'm old and have done a lot of stupid things myself over the years Tongue

So, yeah... while breaking "best practise" and hooking the cold wallet up to the net and trying to shift funds was definitely a lapse in judgement, I can certainly understand why OP did it...

The worse part is that they're likely not going to be the last victim either Sad

Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh

Is there a way to detect them? Huh

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Lucius on August 11, 2020, 09:01:03 AM

It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise.

But this still doesn't justify the core aspects of securing data.
Keeping software up-to-date is one of the most important things. There is a reason for windows to auto update itself all the time.

Going online with a 2+ year old wallet without updating it and installing a "new version" without verifying the signature (which is exactly described on electrum.org and takes only 2 minutes) is irresponsible.

Unfortunately this won't change and most people only adjust their habits after losing their coins. This quite simple phishing attack really shouldn't have achieved so much.

I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: bob123 on August 11, 2020, 08:34:37 AM

Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise. I have already written in one of the similar topics that the number of such cases will start to increase every time a bull run occurs, which means that the person behind the phishing attack receives donations every day.

If we look at the address from OP -> bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny, from 25.07.2019 until today hacker is take over 90+ BTC, which only confirms that the OP is not alone in a very wrong approach to all this.

This is of course just one of the addresses that have so far been linked to this attack - the total amount of stolen BTC is certainly more than 1000 until today.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: HCP on August 10, 2020, 06:52:04 PM

I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

Going online with a cold wallet to make a quick transaction wasn't the smartest move.
Signing the transaction offline and broadcasting it on an online device wouldn't take much longer. Especially since he seemed to already be used to it due to using it as an cold wallet for most of the time.

Given that the burglary probably was already a few hours(?) ago, this 1 minute most likely wouldn't be an issue.

Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

We are not yet at that point where storing and using bitcoin without any risks can be achieved by any random person. At least some awareness is still needed.

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: bob123 on August 10, 2020, 09:27:46 AM

Quote from: vernalcomfort on August 09, 2020, 12:19:11 PM

2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.

I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

This single lapse in his transaction workflow (and failing to verify the electrum download) cost him a substantial amount of money Undecided

bob123

legendary

Activity: 1624

Merit: 2481

For the future, verify every download before installing.
You can find a tutorial for that on electrum.org.

Quote from: vernalcomfort on August 09, 2020, 12:19:11 PM

1. Writing all uppercase means this question more important to me.

Writing all uppercase means that we care way less about helping you.

Quote from: vernalcomfort on August 09, 2020, 12:19:11 PM

2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.

Unfortunately you won't get your coins back.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: vernalcomfort on August 09, 2020, 12:19:11 PM

3. I am newer here, and don't know all yours community specifics. Don't Judge Me so Strong.

I'm not really the judging type, especially on online forums, I just gave some info which I considered useful.
It's really your choice if you change the caps or adjust the story from "pushing the button Send" on a "cold storage" or explain it better (in the main topic).

The outcome is the same. The money are gone. Next time you should know and never again go online with a cold storage.

vernalcomfort

newbie

Activity: 8

Merit: 0

Quote from: TopTort777 on August 09, 2020, 12:11:55 PM

Sorry for your loss, but there is nothing you can do.
That is a very expensive lesson you have learned. Next time when something asks you to update something, dont be lazy, check official site if they have really made an update.

Thank you. But I will follow that bitcoins. may be in future something I can to do. I am so deeply Not upset because I lost Bitcoins, but because I cannot contact any law enforcement agencies. It very wrong. I know that even they have almost no chance, but at least they have someone to turn to.

vernalcomfort

newbie

Activity: 8

Merit: 0

Quote from: khaled0111 on August 09, 2020, 12:07:34 PM

Sorry to hear that!
Probably the one who broke into your house didn't know about bitcoin that's why he didn't take the note book as he has no clue what those words mean.

Quote from: vernalcomfort on August 09, 2020, 11:14:13 AM

That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....

Now I think so.... but that time I'm not thought. Its very ironic. I wanted to save bitcoins from a thief, but sent them to another scammer.

vernalcomfort

newbie

Activity: 8

Merit: 0

Quote from: NeuroticFish on August 09, 2020, 04:41:15 AM

Quote from: vernalcomfort on August 08, 2020, 11:36:11 AM

HI EVERYONE: IN 04.08.2020. I WANT TO SEND 0.58BTC FROM MY ELECTRUM 3.** COLD WALLET TO ANOTHER ADDRESS: WHEN EVERYTHING WAS READY, I PUSHED THE BUTTON "SEND". BUT ELECTRUM 3.** ANSWER BY ERROR AND THE WINDOW THAT FOR TRANSACTION I MUST TO UPDATE UP TO ELECTRUM 4. I DO THAT AND THE VIRUS THAT I GOT, CHANGED MY BTC ADDRESS OT ANOTHER ONE - NOT MINE

1. Writing all uppercase means you are yelling at us. Maybe you should consider writing normally.
2. Beware, you seem to misunderstand what cold storage means. Cold storage means a computer that's always (and always) offline. It's used to sign transactions, and those transactions will be broadcasted online by another computer. (So in a correct cold storage you would not be able to update since you are offline).

Sorry for your loss though.

1. Writing all uppercase means this question more important to me.
2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick. You can find more details in the description in the post that I telling what happened. It started "I use electrun 3.**"
3. I am newer here, and don't know all yours community specifics. Don't Judge Me so Strong.

TopTort777

legendary

Activity: 2282

Merit: 1435

Sorry for your loss, but there is nothing you can do.
That is a very expensive lesson you have learned. Next time when something asks you to update something, dont be lazy, check official site if they have really made an update.

khaled0111

legendary

Activity: 2520

Merit: 2853

Top Crypto Casino

Sorry to hear that!
Probably the one who broke into your house didn't know about bitcoin that's why he didn't take the note book as he has no clue what those words mean.

Quote from: vernalcomfort on August 09, 2020, 11:14:13 AM

That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....

yes, this is the phishing message you get when using a version older than 3.3.4
You had to verify the signature of the downlaoded file to be sure you didn't download a fake version.

vernalcomfort

newbie

Activity: 8

Merit: 0

Quote from: khaled0111 on August 09, 2020, 09:50:03 AM

Quote from: ?? on ??

maybe there’s something I don’t understand but how malware has managed to change address in transaction signed by cold wallet? Cold wallet is that one which is sitting on air-gapped computer, device never been online and free of any viruses, apriori.

I suppose OP meant to say he didn't use his wallet for a long time. A cold wallet is basically an offline wallet.
To receive the phishing message, your wallet has to be connected to one of the malicious servers.. So no, it can't be a cold wallet.

@OP, sorry for telling you "forget about it". I simply didn't want to give you false hope but deep inside I hope you will, somehow, manage to recover your stolen coins.

I use electrun 3.** and 2 year I only send in by my wallet. I have that wallet seed and my BTC address private key on my paper note book that I keep in a secret place. But someone 5 days ago, entered to my apartment and stole my money. He/she find my note book, but not took it. I was shocked and started to quickly send my bitcoins to another wallet. Because someone is saw all secret information. I opened my electrum offline wallet, connected to internet, open another new wallet, wrote seed, and started to send from old wallet to new. At first the server is not answer and in low right side indicator was red. I select the another server and try to do again. A few time I closed and opened 2 wallets, because I was copy new wallet address, but cant paste to another for send. Then I coped it on MS word, and try again. When everything was ready, in old wallet I wrote new wallet address and chose send maximum BTC in wallet, I pushed button "send". That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....I lost and cash and virtual money same day. HERE IS ALL MY FUN STORY.

khaled0111

legendary

Activity: 2520

Merit: 2853

Top Crypto Casino

Quote from: ?? on ??

maybe there’s something I don’t understand but how malware has managed to change address in transaction signed by cold wallet? Cold wallet is that one which is sitting on air-gapped computer, device never been online and free of any viruses, apriori.

I suppose OP meant to say he didn't use his wallet for a long time. A cold wallet is basically an offline wallet.
To receive the phishing message, your wallet has to be connected to one of the malicious servers.. So no, it can't be a cold wallet.

@OP, sorry for telling you "forget about it". I simply didn't want to give you false hope but deep inside I hope you will, somehow, manage to recover your stolen coins.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: vernalcomfort on August 08, 2020, 11:55:38 PM

I see a lot of peoples here when heard that someone's bitcoins was stolen saying "forget it". Of course, My chances is very small to do something, but I will always active and closely will follow the development of events.

This is unfortunately the case - and that is why cryptocurrency hacking is very popular, in the vast majority of cases it is never revealed who the perpetrator is, especially if it hides the traces well. What you can do is contact all the known big crypto exchanges and try to ask them to block the hacker's address if he ever try to sell your coins through them. Of course, a hacker most likely has a well-established method of laundering those stolen coins - but I agree that it's just wrong to say "move on, nothing can be done".

Prevention is far better than repairing damage, and you have to learn something from this difficult life lesson - and what we keep saying is that such significant amounts of BTC should not be stored in desktop/mobile wallets. Hardware wallets certainly have their drawbacks, but if you had only invested $50 in one such device you might still have your BTC.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: vernalcomfort on August 08, 2020, 11:36:11 AM

HI EVERYONE: IN 04.08.2020. I WANT TO SEND 0.58BTC FROM MY ELECTRUM 3.** COLD WALLET TO ANOTHER ADDRESS: WHEN EVERYTHING WAS READY, I PUSHED THE BUTTON "SEND". BUT ELECTRUM 3.** ANSWER BY ERROR AND THE WINDOW THAT FOR TRANSACTION I MUST TO UPDATE UP TO ELECTRUM 4. I DO THAT AND THE VIRUS THAT I GOT, CHANGED MY BTC ADDRESS OT ANOTHER ONE - NOT MINE

1. Writing all uppercase means you are yelling at us. Maybe you should consider writing normally.
2. Beware, you seem to misunderstand what cold storage means. Cold storage means a computer that's always (and always) offline. It's used to sign transactions, and those transactions will be broadcasted online by another computer. (So in a correct cold storage you would not be able to update since you are offline).

Sorry for your loss though.

vernalcomfort

newbie

Activity: 8

Merit: 0

Quote from: sheenshane on August 08, 2020, 06:54:22 PM

We're almost the same victim of this phishing attack when I was updated my Electrum wallet, but luckily, my habit to always check the official website before downloading anything was saved me from the possible hack.

Again, as they say. Sorry for your loss, the chance of recovering your Bitcoin it might be 10% the rest IDK if you will recover it.

But here is the tip, I saw popular website that has a public database of bitcoin addresses that have been used by hackers/scammers. You can file report on File Bitcoin Abuse Report. It will track the scammer's transaction and mark every linked address as a scam.

Thank you Sheenshane. It really can help me in future, better do something than nothing, right? I see a lot of peoples here when heard that someone's bitcoins was stolen saying "forget it". Of course, My chances is very small to do something, but I will always active and closely will follow the development of events.
Maybe someday in future Luck will smile at me.

Thanks for your help, I report in www.bitcoinabuse.com. Maybe it not help me, but can help others.

Topic: I lost my Bitcoins by fishing attack "update electrum 4". (Read 270 times)