Topic: I've been hacked (Electrum 4.3.2) - page 7. (Read 12884 times)

Red tag by icopress is fine everyone, he has all the right to make that judgment, kindly stop bickering about it.


Yes. It is pretty quick, the funds from Yo!Mix came in on 2023-01-09 18:51 and the whole Electrum wallet got drained on Date: 2023-01-09 21:35

My best guess is the hacker was somehow able to get my password to the wallet and transfer the funds. Probably from a keylogger which I haven't found yet (currently scanning my system).
The only apps that were running at the time were Adobe Photoshop, Telegram, Discord, and Google Chrome. Electrum wasn't even online until around 23:00 (midnight) where I immediately opened it after got notified by Coinomize team that the funds were transferred.

---

Also, just for everyone's info.
I am currently managing this bounty campaign wherein $4,000 USDT is (again) in my care, sitting on my Ledger wallet (Address)
I have already contacted several escrows including Hhampuz in hopes of being able to transfer these funds to them to act as a new official escrow.

I have also already contacted Coinomize and Yo!Mix so I can partially pay out my debts to them caused by the stolen funds. It isn't much but I hope they'll appreciate it. It's the start of many, I promise.

Note: I was not aware the project team had already transferred the funds, all the negotiations between me and this project team were done weeks ago before the events of today.

Right now is not about of a Electrum code vulnerability like in the past ( see CVE-2018-1000022
CVE-2018-6353) it's about off Electrum "ecosystem" itself .. users can be tricked quite easily when they make an update. That's why  it must be acted with maximum vigilance!

Weak or strong password - it doesn't matter when the hackers are in full control of wallet. The question is how they got that access,  fake update, keylogger, etc. Knowing this, it will prevent other users to get tricked.

IMO. Neutral tags in trust are absolutely correct as trust system is about to describe risks of financial interactions with an exact person. No one still knows how funds were lost so there is a risk of recurrence of the same situation and potential partners should be aware of that. It is not about blaming julerz12, it is about informing others. julerz12 probably should use a respected third party for escrow while managing future campaigns to decrease possible risks.

As about red tags. I can't say that they are incorrect. We have a situation with a known damage. But the situation is going on and julerz12 expressed his intention to solve the problem and return what lost. IMO while there are negotiations between the sides and while julerz12 keeps repaying his debts it is too eary to draw a final conclusion. We can leave a negative reviw any time, so why to hurry? Do we expect any new problems at the moment or in the nearest future? I don't think so. Any julerz12's activity will be carefully watched for long long time so there is not too much risk that a potential partner of julerz12 woun't read neutral tags about this situation and nobody will warn about it. So IMO there's no need in red tags while maintaining the current state of affairs.

I am trying to wrap my head around how exactly did you manage to get hacked so quickly.

Certainly it was not from a vulnerability in the Electrum wallet. Did you use a weak password or even no password at all?

What else was running on your Windows PC?

[exactly the reason why I do not store any funds on Windows (and Mac) and will never ever do that.]

Since I think you have reasonable on positions on many topics, I would be interested in your opinion on "bounty managers red tagging other bounty managers". Whether or not someone is rightfully in that position to do so (DT1 , DT2), most people probably won't deny the fact that there is an additional incentive for a red tag from members of a specific group who are in competition with each other. Taking into account that @julerz12 did apparently rake in some very well paying campaigns that drew a lot of attention from many members of this forum, I am not that surprised that the red tag comes from a bounty manager.

I did expect @Hhampuz to actually do what he did: not red tag and instead offer his service to keep damage to the forum's reputation at a minimum. @icopress went for it and pulled the trigger.

Again, @icopress is in the position to do so, but when I were running a car dealership and fucked up and would have to go to court, I'd probably feel more comfortable if the judge wasn't owning a competing car dealership around the corner of mine. In fact, the judge would probably be rejected because of bias right away. This does not mean that the judge would necessarily make a bad or unfair judgment, but to prevent bias and false incentive discussions from coming up, it is just correct to actually not let that judge have any influence about the outcome of such a court case.

All those who could have given a red tag but didn't and are also not bounty managers actually acted the way I personally thought is the right one for the moment. This is not to say that the tag could be turned into red by @Poker Player, it absolutely could and should. But even though I expected @icopress to go for such a move, I am not sure that was the appropriate action to take here.

I would agree with you, but unfortunately, YoMix doesn't think in that direction. I think he should get a chance to pay off the debt by working until he eventually collects the entire amount. they will allocate new funds for the manager, while at the same time, julerz's reputation will completely sink. I believe that everyone deserves a second chance.

Feels sad about your lose Julerz this mistake really makes a hard time to recover its includes the funds, trust and reputation because of this, its time to make a format with your PC I guess you just get a phishing, or malware attack before and the hacker just waiting for your funds to get in, ideal really use the hardware wallet and other security features of the electrum, there's no safe in the internet its not just only for julerz to other people still using the hot wallet this serves too as information to invest to your security.

you can see here in his official service thread how many campaigns julerz12 has already led and also successfully completed and there were also some BTC campaigns also in it
i now ask myself, he has always acted so grossly negligent and all his funds on a hot wallet on his pc always stored?
if so, then he has until last sunday still had luck and yesterday it was then unfortunately so far and he was allegedly 'hacked'...
and as icopress already wrote, i can't understand how you can run a campaign without having at least double secured the funds and built up reserves to compensate a sudden loss as good and as fast as possible again.
i don't want to judge if he was really hacked or if he planned it all somehow, but you can see what a lot of pressure is on a bounty manager when he runs a signature campaign... no matter if for 1-2 weeks or over several months
therefore great respect to all renowned bm's here from the forum and at the same time now also the hint to all best asap to send your funds for your participants on a hardwallet...

just my 2 sats

Electrum has a long history of vulnerabilities ( including indirect vulnerabilities ) and many time this wallet got hacked. As you know, because is a lite bitcoin wallet, it needs to connect to servers, If your wallet connects to the network via malicious severs, your money get lost! For these that are new in this, you can find on the internet many attempts and successful attacks against Electrum, and many funds and many funds were stolen. In my opinion, Electrum was and is, the most attacked Bitcoin wallet. You should not understanding me wrong ( I'm using Electrum) but Electrum attracts the hackers (advantages and disadvantages), therfore increased vigilance is always necessary when you use a lite wallet ( and not only! ). Also the most attacks occured  after an update (this is well known thing)

Back in the past, around 2015, my entire system was hacked including the work station, six mining rigs, router, mail account and also Cryptsy account.
The  attackers had full control for several days, until I realized what was happening. They withdrew all the funds on the same day. In that hack I lost around 110k WhiteCoin, 334k DGB, 1300 Dash ( former DarkCoin), 1002 LTC and many other alts .. My BTC was stored on BTC-e exchange ( this account wasn't compromised because on this one the log credentials were stored offline - it was my first exchange which I used).
On Cryptsy exchange were stored around  7 mil Doge and some other alts. All of these were converted in BTC and all of them have been retreated on the attacker BTC address.

Many of you are new in this cryptoworld, even if you are active here on forum for few years...that doesn't mean anything! You should know that everyone is susceptible to being hacked, no matter what's your rank, name, theoretical knowledge etc.. Of course  we must to ensure the maximum security measures but even that it could happen. This is not the gamming world!!  THIS IS CRYPTO!

One mistake and you lose everything without hope for a second chance!
I saw many of you blaming Julerz because o his mistake!! OK! you could do that but It's not OK. Humans make mistakes. It's saddly of course but we can tolerate this. Are we HUMANS?!

I saw many of you with same bussiness like Julerz, blaming him for this mistake.. It's not OK!
Competition is good, but not when someone is knocked down! That fact reveals how weak "we" are.
On this forum, people should help each other especially when such problems arise!
There is room for everyone ( if they are honest of course).

Yesterday was hacked Julerz tomorrow it could be one of you.. You are not a super human!! Nor even Dashjr was a super human! And he is not a "nobody" !! A Bitcoin Core Developer it can be hacked even his funds were stored on a cold wallet!!  According to the judgment of some, Luke should not be anymore a Bitcoin Developer ( even he lost his own funds) right?

Accepting that it was a hack, and also Julerz will manage how to return the stolen funds back to the owners,  I'll not support any red tag !!!

It seems like you are implying that the Electrum wallet software may have some security issues, however there are no such indications at this time. There are probably millions of Electrum users worldwide, and if there were any security issue with any version of the software, it would have likely garnered significant attention and be widely talked about on the internet by now. Moreover, Electrum's open-source nature allows for many independent developers to rigorously inspect each new version after its release, ensuring the software's security.

Even assuming the OP's story is true, there are many possible ways someone could steal his coins. For example, the OP could have left his computer unlocked while he was gone. He could have been infected with malware at any point over the course of many months and even years before he created his new wallet, or the thief could have used a keylogger or clipboard malware to steal the seed phrase. The OP also said that he doesn't use any AV other than the standard windows defender, which is also a big security risk and a lapse in judgment.

It's not Electrum's fault. It's the way you use your wallet and computer.
There are many ways to be hacked and you have to be aware of all of them. And try to protect yourself as best you can.

It's just now that I saw this from the thread by Woodie - Campaign managers acting as Escrow

It is unfortunate what happened to you, julerz12. It's careless to use a hot wallet for storing significant funds, and I hope you can recover from this setback and repay what is needed.

---

I know someone who got hacked automatically transferred the balance in his MetaMask to another wallet. With what happened to you OP, I'm now aware that it could happen with Electrum as well. It would be better to wipe your devices. It might not be the only one infected.

For me, everything will depend on how events unfold from now on, if he collaborates and starts a repayment plan I'll give him the benefit of the doubt. If not, I'll support the flag and change the tag.

Most times in these cases we have seen people hide and yet we are seeing him all the time responding and showing his face.

I believe it is crucial to base our decisions on whether someone deserves a negative tag on his profile on verifiable facts, rather than allowing personal emotions to play a role. These emotions or personal beliefs can be validly discussed, but should not be the basis for our judgment. This approach is the only way to ensure that the Trust system is fair and impartial to all members, rather than allowing personal affection to create a double standard in our decision making.

Given that there is at least one party who has been damaged (financially) and holds the OP responsible for the missing funds (which, in my view, is a reasonable position), it would be callous not to side with them, as they are the clear victims in this situation. Whether the missing funds were the result of hacking or the OP's deliberate actions, we don't have enough evidence to conclude either point at this time, these facts remain unchanged.



Now, I don't think that julerz12 had any intentions of stealing the funds for personal gain (it's just my personal opinion though and I could be wrong), and I feel really bad that he's in this tough spot. Nevertheless, regardless of his intent, he still bears a personal responsibility as a bounty manager and an escrow and, in my opinion, must accept the consequences of his negligence. The only path for redemption and vindication for him is to collaborate with the companies that entrusted him with their funds, in order to repay the debts. In doing so, he can demonstrate accountability, and eventually earn back the trust of the community.

Totally agree!

One thing is our money, if we lose it we can only regret it. But when it's other people's money, care must be 10x greater, because there's a lot at stake. It's our reputation and our money.

Losing someone's money is something very serious. And it makes us lose double money, other people's money and our money. You have to be very careful.





Although I think it is a bit exaggerated, at this moment, when the situation is still being addressed.

But I understand icopress. He is defending his working class. As a campaign manager, this type of situation can denigrate everyone's work, and make it difficult to attract new advertisers.

Now it's a matter of time, for things to normalize, if the OP keeps his word to refund all the money.

Feedback is bit harsh but it serves as a warning to others and lesson for him to learn from.

And if he's willing to repay back the money which lost from his hand then there are so many ways to do it aside from earning it back on the forum. Maybe one thing he needs right now is to show how serious he is on resolving this big issue.

Although this is unfortunate for julerz but he need to grow up with this and we don't want the same issue to happen on other company so I guess the feedback is fine, icopress will provably erase that feedback once julerz will find way to solve this.

This looks unbelievable but is the reality of what is ongoing right away, being a campaign manager I don't think giving an excuse for weakness or negligence to secure the means which you handles your employers fund is appropriate and from this, the responsibility lies on the manager's hands to bear or face the consequences to his actions by taking responsibility for a repay except he companies wish to extend linient during the process by lifting off the burden on him after which he might have paid part of it, this is a thing of commitment, if you're not capable of being a campaign manager don't just dabble into it, as far as i know they need to have working experience while being under a manager that they might have learnt managing a campaign from, this is just a pity that a campa got paused even right before starting.

I'd feel very uncomfortable keeping it in a hot wallet. That's what I would do. It's not just hypothetical, I've handled a similar value in a certain Forkcoin, and the only thing that worked at the time was using a hot (Android) wallet. I only used it after sharing my concerns and the owner told me it's okay and he wouldn't blame me, but still I felt very uncomfortable with it. It took the guy a few days to tell me where to send his coins, and it was a huge relieve when I could finally get rid of them.

Using a hot wallet when there you have safer options is negligence (at best).

One of them didn't:


As a campaign manager, you're being paid to deal with that little inconvenience. You could easily setup a system with offline signing: create the transaction in a watch-only hot wallet, copy the raw transaction to a system that doesn't have internet (and never bring it online!), verify all addresses, sign the message, and broadcast it from your other system.

---

---

Allow me to copy the Trust system descriptions:
Negative feedback:
I don't think OP, who actually posted the problem by himself, deserves a harsher treatment than the other guy.

This sounds doable, although it's a bit of a loophole. A loan still doesn't mean it really gets paid back, so there's still a chance they've lost their money.

Those are all reasons to Support the Type 1 Newbie Warning Flag. It doesn't matter that it's not fraud. You call it an accident, I call using hot wallets for large funds an accident waiting to happen.

Op sorry for your loss, geez $5000 gone into thin air that's so heart breaking. My guess is that your system has been compromised in some ways.
Since both parties involved are not willing to open a scam accusation thread against Op I think julerz12 should look for a way to convince them (yomix & coinomize.bix) or go into an agreement with them on how he's going to pay back if it's to find a real life job to pay back or if he's going to join signature campaign to payback the said money.
He should try as much as possible to sort this out if he wishes to keep his reputation because I have seen so many of Op bounty where he has escrowed altcoins that worth more than $5000 and he still did his work diligently.



I think you should try as much as possible to make payout of bounties and signature that has been completed so that you can have more time to face the issue in ground. Please do well to complete other work so that others won't start to think that you plan on doing something with the funds.

I don't think any kind of flag is appropriate for now to give to: @julerz12 against or support it, although one day it will be needed.

If it's true what happened and experienced by @julerz12 ended in an accident and disaster, not fraud, and he said it happened because of his own carelessness in placing the campaign funds he manages.

Besides both campaign owners have mentioned something in light of @julerz12.

---

The campaign owner just wants to rectify the lost funds and what happened is certain what actually happened, there is no engineering later on or if it is known that the funds were not hacked or something that made the company owner angry.

I think in the case of @julerz12, the consequences and resolution are more to the point between @julerz12, YoMix and @[banned mixer], if they pardon or refund during the campaign contract, Of course we can all understand here and whatever decision the community takes regarding Julerz12 in the future, I think it is rational and reasonable, Flags, warnings and the like.

Because as far as I know hacking incidents can happen unexpectedly and at any time and that can happen to A and B, what is certain is that my hacking case has also experienced it, actually bitter, but bitterness must be swallowed by yourself, be it careless nature or the like.