I thought I would never get hacked... - page 5.

apogio

hero member

Activity: 560

Merit: 1060

Quote from: Charles-Tim on July 27, 2023, 12:39:58 PM

Sorry for your loss.

It might be a malware. But it might be an offline attack z like someone to see your seed phrase backup, or when you give them your device or something like that.

I will recommend you wallet on airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not in the same device your wallet is.

I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.

I start to worry about this setup too now...

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Sorry for your loss.

It might be a malware. But it might be an offline attack, like someone to see your seed phrase backup. Or when you give them your device or something like that and password is not enabled.

I will recommend you wallet on an airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not on the same device your wallet is.

Quote from: Zaguru12 on July 27, 2023, 12:39:15 PM

Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase

Not more secure during online attack or if the seed phrase is seen offline. But passphrase can help against offline attack.

Zaguru12

hero member

Activity: 868

Merit: 952

Quote from: apogio on July 27, 2023, 12:31:55 PM

Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this.

Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase since it has 256 bits of entropy compared to the 128 bits of 12 seed phrase. The probability of guessing the words accurately will be higher in 24 seeds than in 12 seeds. But still this doesn’t eliminate the fact that both will face same faith if exposed to malware.

From your post it seems you either might have caught malware or you expose your seeds either through phishing attack or any other way.

Going forward I would advice you prioritize offline method of storing your keys and seeds, because without taking full control of them even if you have 200 seeds as recovery phrases the same thing will happen without proper storage.

apogio

hero member

Activity: 560

Merit: 1060

I have been hacked yesterday. I had 2 UTXOs in a single-sig, hot wallet. My seed phrase was 12 words long. I had originally created the wallet using Bluewallet.

Here is the transaction: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37

I don't know you the thief is, but I really wish that they lose all of their belongings.

Even though I had a single-sig wallet. Even though I had not used my own node to connect to. Even though I have done many mistakes, stealing is not acceptable...

PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...

Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this.

Topic: I thought I would never get hacked... - page 5. (Read 1115 times)