Author

Topic: I lost my Bitcoins by fishing attack "update electrum 4". (Read 275 times)

legendary
Activity: 1624
Merit: 2481
Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh Is there a way to detect them? Huh

I guess one could try to simulate an older electrum wallet by connection to random servers and checking their responses when trying to broadcast a transaction.
Creating a list with bad servers and the ratio between bad and good server could be used as a metric.

But i am not aware of whether someone has created such a list already.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.

The situation may be a little better when it comes to hardware wallets, but if someone is not aware of the basics, then we have a certain percentage of users who will do something like typing their seed online or in fake HW extension. And if you look at how many cases there are of those who are hacked even though they use HW, then it is clear that not even the best security solution is resistant to human stupidity.



The worse part is that they're likely not going to be the last victim either Sad Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh Is there a way to detect them? Huh

I don't think the number of such servers matters, because even though the whole thing boiled over at the end of 2018 - there are still a lot of those who haven't opened their wallets since then. All versions of Electrum below 3.3.4 are still vulnerable, and if you only look at the address posted by the OP, the inflow of BTC is constant, which just means that it still pays to run bad servers.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
~snip~
Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh Is there a way to detect them? Huh

I can't seem to find any tools to detect bad servers but I think you can only find those bad servers in old Electrum when it asks for an update. I think it's a sign that the server is bad leading you to install phishing Electrum.

And I heard there are no verified trusted Electrum server lists and you can only find those bad servers when you use old versions of Electrum.
HCP
legendary
Activity: 2086
Merit: 4363
Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
"Humans gonna Human"

It's just a fact of life that humans are incredibly irrational beings... and we do really "dumb"/unexpected things when put under stress/duress... witness people taking the time to get their carry-on bags out of overhead lockers when the aircraft they are in is on fire! Roll Eyes Roll Eyes Roll Eyes I stopped being surprised by people doing "stupid" things a long time ago... but then, I'm old and have done a lot of stupid things myself over the years Tongue

So, yeah... while breaking "best practise" and hooking the cold wallet up to the net and trying to shift funds was definitely a lapse in judgement, I can certainly understand why OP did it...

The worse part is that they're likely not going to be the last victim either Sad Are there any reliable metrics on how many "bad" servers there are currently in operation? Huh Is there a way to detect them? Huh
legendary
Activity: 1624
Merit: 2481
It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise.

But this still doesn't justify the core aspects of securing data.
Keeping software up-to-date is one of the most important things. There is a reason for windows to auto update itself all the time.

Going online with a 2+ year old wallet without updating it and installing a "new version" without verifying the signature (which is exactly described on electrum.org and takes only 2 minutes) is irresponsible.


Unfortunately this won't change and most people only adjust their habits after losing their coins. This quite simple phishing attack really shouldn't have achieved so much.

I am glad that hardware wallets exist, which are kind of foolproof if the person using it is able to read. They save quite a lot people from losing money.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

It doesn't surprise me at all, and the reason is actually quite simple - a certain number of people approach Bitcoin as a long-term investment - which means that they are activated in case the price of BTC starts to rise. I have already written in one of the similar topics that the number of such cases will start to increase every time a bull run occurs, which means that the person behind the phishing attack receives donations every day.

If we look at the address from OP -> bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny, from 25.07.2019 until today hacker is take over 90+ BTC, which only confirms that the OP is not alone in a very wrong approach to all this.

This is of course just one of the addresses that have so far been linked to this attack - the total amount of stolen BTC is certainly more than 1000 until today.
legendary
Activity: 1624
Merit: 2481
I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

Going online with a cold wallet to make a quick transaction wasn't the smartest move.
Signing the transaction offline and broadcasting it on an online device wouldn't take much longer. Especially since he seemed to already be used to it due to using it as an cold wallet for most of the time.

Given that the burglary probably was already a few hours(?) ago, this 1 minute most likely wouldn't be an issue.


Nevertheless, i still don't understand how people can fall to a 2+ year old phishing attack.
Not updating any software for more than 2 years and not readying any news whatsoever is kind of irresponsible.

We are not yet at that point where storing and using bitcoin without any risks can be achieved by any random person. At least some awareness is still needed.
HCP
legendary
Activity: 2086
Merit: 4363
2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.
I think you missed his point Bob... he was using it as a cold wallet... but, unfortunately, in his panic and haste, he connected that machine to the network to try and make a quick transaction as he was concerned that his wallet mnemonic had been compromised following the burglary.

This single lapse in his transaction workflow (and failing to verify the electrum download) cost him a substantial amount of money Undecided
legendary
Activity: 1624
Merit: 2481
For the future, verify every download before installing.
You can find a tutorial for that on electrum.org.


1. Writing all uppercase means this question more important to me.

Writing all uppercase means that we care way less about helping you.


2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick.

Then don't call it cold wallet.
You were using an online (hot-) wallet and fell for an extremely old phishing scam.

Unfortunately you won't get your coins back.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
3. I am newer here, and don't know all yours community specifics. Don't Judge Me so Strong.

I'm not really the judging type, especially on online forums, I just gave some info which I considered useful.
It's really your choice if you change the caps or adjust the story from "pushing the button Send" on a "cold storage" or explain it better (in the main topic).

The outcome is the same. The money are gone. Next time you should know and never again go online with a cold storage.
newbie
Activity: 8
Merit: 0
Sorry for your loss, but there is nothing you can do.
That  is a very expensive lesson you have learned. Next time when something asks you to update something, dont be lazy, check official site if they have really made an update.
Thank you. But I will follow that bitcoins. may be in future something I can to do. I am so deeply Not upset because I lost Bitcoins, but because I cannot contact any law enforcement agencies. It very wrong. I know that even they have almost no chance, but at least they have someone to turn to.
newbie
Activity: 8
Merit: 0
Sorry to hear that!
Probably the one who broke into your house didn't know about bitcoin that's why he didn't take the note book as he has no clue what those words mean.

That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....
Now I think so.... but that time I'm not thought. Its very ironic. I wanted to save bitcoins from a thief, but sent them to another scammer.
newbie
Activity: 8
Merit: 0
HI EVERYONE: IN 04.08.2020. I WANT TO SEND 0.58BTC FROM MY ELECTRUM 3.** COLD WALLET TO ANOTHER ADDRESS: WHEN EVERYTHING WAS READY, I PUSHED THE BUTTON "SEND". BUT ELECTRUM 3.** ANSWER BY ERROR AND THE WINDOW THAT FOR TRANSACTION I MUST TO UPDATE UP TO ELECTRUM 4. I DO THAT AND THE VIRUS THAT I GOT, CHANGED  MY BTC ADDRESS OT ANOTHER ONE - NOT MINE

1. Writing all uppercase means you are yelling at us. Maybe you should consider writing normally.
2. Beware, you seem to misunderstand what cold storage means. Cold storage means a computer that's always (and always) offline. It's used to sign transactions, and those transactions will be broadcasted online by another computer. (So in a correct cold storage you would not be able to update since you are offline).

Sorry for your loss though.
1. Writing all uppercase means this question more important to me.
2. You right about cold wallet is always offline, and electrum can be cold wallet to, cause as you say t's used to sign transactions, and those transactions will be broadcast online by another computer. But I didn't do that. I was hurry up and was shocked and connect to internet to do that transaction quick. You can find more details in the description in the post that I telling what happened. It started "I use electrun 3.**"
3. I am newer here, and don't know all yours community specifics. Don't Judge Me so Strong.
legendary
Activity: 2520
Merit: 1496
Sorry for your loss, but there is nothing you can do.
That  is a very expensive lesson you have learned. Next time when something asks you to update something, dont be lazy, check official site if they have really made an update.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
Sorry to hear that!
Probably the one who broke into your house didn't know about bitcoin that's why he didn't take the note book as he has no clue what those words mean.

That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....

yes, this is the phishing message you get when using a version older than 3.3.4
You had to verify the signature of the downlaoded file to be sure you didn't download a fake version.
newbie
Activity: 8
Merit: 0
maybe there’s something I don’t understand but how malware has managed to change address in transaction signed by cold wallet? Cold wallet is that one which is sitting on air-gapped computer, device never been online and free of any viruses, apriori.

I suppose OP meant to say he didn't use his wallet for a long time. A cold wallet is basically an offline wallet.
To receive the phishing message, your wallet has to be connected to one of the malicious servers.. So no, it can't be a cold wallet.

@OP, sorry for telling you "forget about it". I simply didn't want to give you false hope but deep inside I hope you will, somehow, manage to recover your stolen coins.

I use electrun 3.** and 2 year I only send in by my wallet. I have that wallet seed and my BTC address private key on my paper note book that I keep in a secret place. But someone 5 days ago, entered to my apartment and stole my money. He/she find my note book, but not took it. I was shocked and started to quickly send my bitcoins to another wallet. Because someone is saw all secret information. I opened my electrum offline wallet, connected to internet, open another new  wallet, wrote seed, and started to send from old wallet to new. At first the server is not answer and in low right side indicator was red. I select the another server and try to do again. A few time I closed and opened 2 wallets, because I was copy new wallet address, but cant paste to another for send. Then I coped it on MS word, and try again. When everything was ready, in old wallet I wrote new wallet address and chose send maximum BTC in wallet, I pushed button "send". That time I was online, and the program give an error. "For sending you must to update your wallet to elecrtum 4, I installed and GOODBYE.....I lost and cash and virtual money same day. HERE IS ALL MY FUN STORY.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
maybe there’s something I don’t understand but how malware has managed to change address in transaction signed by cold wallet? Cold wallet is that one which is sitting on air-gapped computer, device never been online and free of any viruses, apriori.

I suppose OP meant to say he didn't use his wallet for a long time. A cold wallet is basically an offline wallet.
To receive the phishing message, your wallet has to be connected to one of the malicious servers.. So no, it can't be a cold wallet.

@OP, sorry for telling you "forget about it". I simply didn't want to give you false hope but deep inside I hope you will, somehow, manage to recover your stolen coins.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I see a lot of peoples here when heard that someone's bitcoins was stolen saying "forget it". Of course, My chances is very small to do something, but I will always active and closely will follow the development of events.

This is unfortunately the case - and that is why cryptocurrency hacking is very popular, in the vast majority of cases it is never revealed who the perpetrator is, especially if it hides the traces well. What you can do is contact all the known big crypto exchanges and try to ask them to block the hacker's address if he ever try to sell your coins through them. Of course, a hacker most likely has a well-established method of laundering those stolen coins - but I agree that it's just wrong to say "move on, nothing can be done".

Prevention is far better than repairing damage, and you have to learn something from this difficult life lesson - and what we keep saying is that such significant amounts of BTC should not be stored in desktop/mobile wallets. Hardware wallets certainly have their drawbacks, but if you had only invested $50 in one such device you might still have your BTC.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
HI EVERYONE: IN 04.08.2020. I WANT TO SEND 0.58BTC FROM MY ELECTRUM 3.** COLD WALLET TO ANOTHER ADDRESS: WHEN EVERYTHING WAS READY, I PUSHED THE BUTTON "SEND". BUT ELECTRUM 3.** ANSWER BY ERROR AND THE WINDOW THAT FOR TRANSACTION I MUST TO UPDATE UP TO ELECTRUM 4. I DO THAT AND THE VIRUS THAT I GOT, CHANGED  MY BTC ADDRESS OT ANOTHER ONE - NOT MINE

1. Writing all uppercase means you are yelling at us. Maybe you should consider writing normally.
2. Beware, you seem to misunderstand what cold storage means. Cold storage means a computer that's always (and always) offline. It's used to sign transactions, and those transactions will be broadcasted online by another computer. (So in a correct cold storage you would not be able to update since you are offline).

Sorry for your loss though.
newbie
Activity: 8
Merit: 0
We're almost the same victim of this phishing attack when I was updated my Electrum wallet, but luckily, my habit to always check the official website before downloading anything was saved me from the possible hack.

Again, as they say. Sorry for your loss, the chance of recovering your Bitcoin it might be 10% the rest IDK if you will recover it.

But here is the tip, I saw popular website that has a public database of bitcoin addresses that have been used by hackers/scammers. You can file report on File Bitcoin Abuse Report. It will track the scammer's transaction and mark every linked address as a scam.

Thank you Sheenshane. It really can help me in future, better do something than nothing, right? I see a lot of peoples here when heard that someone's bitcoins was stolen saying "forget it". Of course, My chances is very small to do something, but I will always active and closely will follow the development of events.
Maybe someday in future Luck will smile at me.

Thanks for your help, I report in www.bitcoinabuse.com. Maybe it not help me, but can help others.
legendary
Activity: 2520
Merit: 1233
We're almost the same victim of this phishing attack when I was updated my Electrum wallet, but luckily, my habit to always check the official website before downloading anything was saved me from the possible hack.

Again, as they say. Sorry for your loss, the chance of recovering your Bitcoin it might be 10% the rest IDK if you will recover it.

But here is the tip, I saw popular website that has a public database of bitcoin addresses that have been used by hackers/scammers. You can file report on File Bitcoin Abuse Report. It will track the scammer's transaction and mark every linked address as a scam.
hero member
Activity: 2940
Merit: 715
I've seen similar problem in the past, by the way that's phishing, not fishing, in case you'll file a report to the authorities, at least you make it right.

Sorry for your loss, there's nothing you can do but to accept it and learn from your mistakes.
You should have not downloaded when it prompted a message to download or update your app, all downloads must be taken from their official website.
HCP
legendary
Activity: 2086
Merit: 4363
The problem is not, that I lost BTC, but the Lack of international unified regulatory legal framework, which would allow me to contact some kind of cyber police that operates all over the world, no matter my citizenship. Hopefully in the future we will live better conditions.
Sorry for your loss... but I would point out that an "international unified regulatory legal framework", kind of goes against the entire philosophy of Bitcoin. Undecided
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
The hacker's address used here received more than 89 btc and certainly there are more addresses with more stolen money, just imagine the number of victims! We never heard that anyone of them succeeded to get his money back.

Sorry for your loss but if I were you, I would just forget about it and move on.
Even if the hacker gets arrested then there is not much that can be done without the addresses' private keys.

Regarding law enforcement agencies, afaik they will sell the seized bitcoins in public auctions.
newbie
Activity: 8
Merit: 0
Unfortunately, you are the victim of an already well-known attack that dates back to end of 2018, and all users who still have versions older than 3.3.4 are exposed to a phishing attack.

Of course, you can report your case to the police in your country, but they can't do anything about it - because the matter is quite complex, and the person behind the attack is certainly not a naive person. As far as I know, none of the victims managed to get back the stolen coins - and the best chance would be to catch that hacker and take away stolen BTC from him.

Although then each of the victims would have to prove that BTC was stolen from them, and the only correct way is to sign a message from the address from which the BTC was stolen. The chance is always there, but it's very small - I personally wouldn't hope too much.


Thank you Lucius. Alas in Armenia where I'm from, the police don't take my report, cause BTC here have non status. And they don't know what's it. But report another countries law enforcement agencies I have no right. The problem is not, that I lost BTC, but the Lack of international unified regulatory legal framework, which would allow me to contact some kind of cyber police that operates all over the world, no matter my citizenship. Hopefully in the future we will live better conditions.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Unfortunately, you are the victim of an already well-known attack that dates back to end of 2018, and all users who still have versions older than 3.3.4 are exposed to a phishing attack.

Of course, you can report your case to the police in your country, but they can't do anything about it - because the matter is quite complex, and the person behind the attack is certainly not a naive person. As far as I know, none of the victims managed to get back the stolen coins - and the best chance would be to catch that hacker and take away stolen BTC from him.

Although then each of the victims would have to prove that BTC was stolen from them, and the only correct way is to sign a message from the address from which the BTC was stolen. The chance is always there, but it's very small - I personally wouldn't hope too much.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
     But I don’t Lose hope. All the thing is, I haven't lost them. They stole from me. If I was citizen of USA, could I report to FBI for example???
Unless they find the person and force him to reverse the tx, you have no chance.
Bitcoin is not a centralized system where any agency or any tech expert will reverse the tx once the tx is confirmed.


Honestly speaking, your chances are near to zero to receive back the coins. Take this as lesson and be more careful when you are handling crypto currency.
newbie
Activity: 8
Merit: 0
Unfortunately no law enforcement agency and anyone else in the earth can do anything for you. I am sorry that your coins are gone forever. It is always recommended to verify the downloaded file before installing.

     But I don’t Lose hope. All the thing is, I haven't lost them. They stole from me. If I was citizen of USA, could I report to FBI for example???
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Unfortunately no law enforcement agency and anyone else in the earth can do anything for you. I am sorry that your coins are gone forever. It is always recommended to verify the downloaded file before installing.
newbie
Activity: 8
Merit: 0
HI EVERYONE: IN 04.08.2020. I WANT TO SEND 0.58BTC FROM MY ELECTRUM 3.** COLD WALLET TO ANOTHER ADDRESS: WHEN EVERYTHING WAS READY, I PUSHED THE BUTTON "SEND". BUT ELECTRUM 3.** ANSWER BY ERROR AND THE WINDOW THAT FOR TRANSACTION I MUST TO UPDATE UP TO ELECTRUM 4. I DO THAT AND THE VIRUS THAT I GOT, CHANGED  MY BTC ADDRESS OT ANOTHER ONE - NOT MINE - bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny.

    Now. 1. Which law enforcement agencies should I contact to label or mark these Bitcoins are stolen, if I am not citizen USA.
            2. Have I chances to bring it back in future (for ex. after 10 years or more), if law enforcement confiscated in the future that Bitcions.
            3. My BTC address that I lost Bitcoins 12hcyjoHnB8vw6dXnXqn17jYmJ9e14SrbH

Thanks, you are great.
Jump to: