Author

Topic: I've been hacked, seeds on paper (Read 328 times)

legendary
Activity: 2730
Merit: 7065
December 26, 2020, 03:55:51 AM
#12
Sadly OP hasn't been active since the day he created this thread and we don't know what exactly happened. I don't remember ever reading a case in which a user got hacked and the evidence pointed to a bug in the Electrum software, bad coding, or some other kind of malpractice by the software/development team. It's always the user who unfortunately makes a bad step somewhere.

OP said his seed was extended, but how and where was the seed kept? Who knew or could have found out where he stored the paper? Was the additional passphrase kept alongside the seed or were they in separate places?

OP said that nobody had access to his computer. But can he say with absolute certainty there wasn't an old girlfriend with a grudge, friend, construction worker, or another person or group at his place who could have known or found out that he has bitcoin and keeps a seed hidden inside a book on his dresser?!   
member
Activity: 462
Merit: 19
December 26, 2020, 01:48:10 AM
#11
The fault isn't from electrum wallet, I've kept over 2BTC in Electrum wallet before moving them to Copay wallet years ago, Electrum wallet can't be hacked, the mistake must be from your end, you claimed you write down the seed but are you leaving alone? How many people knew you are into Bitcoin?
HCP
legendary
Activity: 2086
Merit: 4361
December 18, 2020, 02:34:59 PM
#10
... and I'll be sure not to repeat the same mistakes, for sure.
The tricky part will be identifying exactly where it went wrong and how your wallet was compromised so that you don't repeat the same mistakes...

Unless you figure out the "how" part of this unfortunate incident, and then take the necessary steps to prevent that from happening, you could well lose more coins in the future Undecided
newbie
Activity: 8
Merit: 0
December 17, 2020, 11:02:12 AM
#9

I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.



Low chance if he will swap  it to private coin like Monero  on the  freshy exchange with no KYC. All your story is very sad but you need to take lesson from it.  When  fiddling with crypto the fist things in the morning is the safety securance  of you computer,  SEED, passwords, accounts etc. Everything else needs to be second-guessed.

I know man, chances are slim, but this is a crime regardless of my security. I will move forward with the steps needed, and I'll be sure not to repeat the same mistakes, for sure.
newbie
Activity: 8
Merit: 0
December 17, 2020, 10:48:57 AM
#8
Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

It is important now to discover how did the hacker hacked you. He didn't hack electrum, he hacked you.

How did you store your seeds, was it in a gmail draft or something like that?

In paper, never on internet

Your secret words should be kept offline, the best way is to just note down in a piece of paper (which cannot be hacked)

Your computer is probably compromised (or your email, cloud storage, etc if your seed was there).
 I would certainly format my computer if I were you.

I already did, everything anew


This is all the tx the guy did:

My original wallet:

https://vivigle.com/BitWallet/wallet?address=bc1q7g7923ewsy6lssrmpejq46c0ljdd5n84ppt6pe

The following ''masking'' transactions:

- https://vivigle.com/BitWallet/wallet?address=18Y8B6CJFEMS93zgSPycySNkBNbFwhvE2S

- https://vivigle.com/BitWallet/wallet?address=1KgiSi5wrVYumSskG3GPaaE2MSRdFKyzj7

- https://vivigle.com/BitWallet/wallet?address=1Fhn2mcHQhSkaLFAA5WmgSV7oW3f7D5wR2

- https://vivigle.com/BitWallet/wallet?address=1GdPhnXH3RWf3iedYjTAY5qoNtnQqmG3iF

- https://vivigle.com/BitWallet/wallet?address=14kZSuC6zjvnsjHi5piEw75tNzUr6er966

- https://vivigle.com/BitWallet/wallet?address=1MP9iVYizD4rb3WFQZtjY9Kx9fjNV8Wcca

- EXCHANGE WALLET

https://vivigle.com/BitWallet/wallet?address=bc1ql72syjwvm4m9lwajpaylaxvj9lxc2tzn706ruj

Seems Kucoin is the owner, I'm already in contact and filling police report asap
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
December 17, 2020, 10:40:31 AM
#7
Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

It is important now to discover how did the hacker hacked you. He didn't hack electrum, he hacked you.

How did you store your seeds, was it in a gmail draft or something like that?

Your secret words should be kept offline, the best way is to just note down in a piece of paper (which cannot be hacked)

Your computer is probably compromised (or your email, cloud storage, etc if your seed was there).
 I would certainly format my computer if I were you.
newbie
Activity: 8
Merit: 0
December 17, 2020, 10:30:35 AM
#6
I was using Electrum 4.0.6, official download.
Did you download it from Electrum.org?

Yes, always checking url includes https

Did you verify its signature?

No

Were you storing your backup seed/private keys on the cloud, your computer desktop, your email, etc...?

No, only on paper

Were you downloading unknown/shady/random software from the internet, as you may have been infected?

No

There isn't much we can do, like it was already said. Reporting it to the police is probably your only option, but I don't see much they can do either. =/

You are the only one who can probably find out what happened. Examine your setup, run an AV like Malwarebytes, etc...

edit: I just saw your other topic. Sounds weird that this happened while the device has never been connected to the internet. Did anyone other than you had access to that device?

No

edit 2: The hacker may have sent your coins to Kucoin. Try to contact them? https://vivigle.com/BitWallet/wallet?address=bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r


I'm already contacting Kucoin and filling a police report
sr. member
Activity: 1572
Merit: 267
December 17, 2020, 10:12:35 AM
#5
Go get em. I will come and step on them when they are caught.
legendary
Activity: 2758
Merit: 6830
December 17, 2020, 09:59:20 AM
#4
I was using Electrum 4.0.6, official download.
Did you download it from Electrum.org? Did you verify its signature? Were you storing your backup seed/private keys on the cloud, your computer desktop, your email, etc...? Were you downloading unknown/shady/random software from the internet, as you may have been infected?

There isn't much we can do, like it was already said. Reporting it to the police is probably your only option, but I don't see much they can do either. =/

You are the only one who can probably find out what happened. Examine your setup, run an AV like Malwarebytes, etc...

edit: I just saw your other topic. Sounds weird that this happened while the device has never been connected to the internet. Did anyone other than you had access to that device?

edit 2: The hacker may have sent your coins to Kucoin. Try to contact them? https://vivigle.com/BitWallet/wallet?address=bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r
newbie
Activity: 8
Merit: 0
December 17, 2020, 09:39:33 AM
#3
There's a chance the funds have been sent somewhere that pays clients as small amounts seem to be taken off but it does get reconstructed back to 0.91 at some point so that might be unlikely.

I don't understand what you are describing here


I'm not sure what they're is uou can do now, transactions are irreversible and unless you can trace them ending up in an exchange you probably won't have an argument and it has already taken a lot of hops to get where it is now.

Were you running an old version of electrum as I think there's an ongoing phishing attack?

I was using Electrum 4.0.6, official download.

- It seems the receiving addres is bc1qx65xcxz6dfsge2g4eaerercslh83y66wrpm79r
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 17, 2020, 09:30:12 AM
#2
There's a chance the funds have been sent somewhere that pays clients as small amounts seem to be taken off but it does get reconstructed back to 0.91 at some point so that might be unlikely.

I'm not sure what they're is uou can do now, transactions are irreversible and unless you can trace them ending up in an exchange you probably won't have an argument and it has already taken a lot of hops to get where it is now.

Were you running an old version of electrum as I think there's an ongoing phishing attack?
newbie
Activity: 8
Merit: 0
December 17, 2020, 09:24:55 AM
#1
Guys, please help:

On the 30th of November my electrum wallet was hacked:

Tx ID: 89abc9415125c304773b68bad4dd37456b2f459d035a73c19eea722ab78acc0b

No one knew the seeds, no one got access to my computer.

It seems many other addresses were ''scrapped'', but my seeds were extended.

Question, how should I proceed? Can anyone help me figure out the hackers addresses?
I'd like to finally, recover the funds if the hackers are stupid enough to sell them on exchanges.

Ps. It was 0.91 Bitcoin, not a very large sum, but I'm willing to share the funds if recovered!

Ps. Editing the title to clarify
Jump to: