I thought I would never get hacked... - page 5.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: Charles-Tim on July 27, 2023, 01:39:58 PM

Sorry for your loss.

It might be a malware. But it might be an offline attack z like someone to see your seed phrase backup, or when you give them your device or something like that.

I will recommend you wallet on airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not in the same device your wallet is.

I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.

I start to worry about this setup too now...

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Sorry for your loss.

It might be a malware. But it might be an offline attack, like someone to see your seed phrase backup. Or when you give them your device or something like that and password is not enabled.

I will recommend you wallet on an airgapped device, a hardware wallet or Electrum 2FA wallet and make sure the 2FA is not on the same device your wallet is.

Quote from: Zaguru12 on July 27, 2023, 01:39:15 PM

Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase

Not more secure during online attack or if the seed phrase is seen offline. But passphrase can help against offline attack.

Zaguru12

hero member

Activity: 672

Merit: 855

Quote from: apogio on July 27, 2023, 01:31:55 PM

Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this.

Definitely a 24 seed phrase which is longer is more secure than 12 seed phrase since it has 256 bits of entropy compared to the 128 bits of 12 seed phrase. The probability of guessing the words accurately will be higher in 24 seeds than in 12 seeds. But still this doesn’t eliminate the fact that both will face same faith if exposed to malware.

From your post it seems you either might have caught malware or you expose your seeds either through phishing attack or any other way.

Going forward I would advice you prioritize offline method of storing your keys and seeds, because without taking full control of them even if you have 200 seeds as recovery phrases the same thing will happen without proper storage.

apogio

sr. member

Activity: 406

Merit: 896

I have been hacked yesterday. I had 2 UTXOs in a single-sig, hot wallet. My seed phrase was 12 words long. I had originally created the wallet using Bluewallet.

Here is the transaction: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37

I don't know you the thief is, but I really wish that they lose all of their belongings.

Even though I had a single-sig wallet. Even though I had not used my own node to connect to. Even though I have done many mistakes, stealing is not acceptable...

PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...

Please, tell me that there is nothing wrong with 12 words seed phrases. Tell me it was malware and it would have happened even if I used 24 words... I need to hear this.

Topic: I thought I would never get hacked... - page 5. (Read 1038 times)