Topic: Lost my bitcoin after I have installe electrum 4.0.0 (Read 522 times)

Or simply switch to linux 
Much better security- and privacy-wise without any cosmetic restrictions at all. And it is for free.

There are quite a lot distributions out there which are suited for beginner (a.k.a. almost no command line necessary). Ubuntu / Mint being the best examples for such a distro.

I keep writing this now ant then: instead of cracked Windows, now there's the option to simply use Win10 not activated basically forever. The few restrictions are mostly cosmetic. Much better than an old cracked Windows imho.

You and some other users are saved by antivirus, which just shows us that most of those who took the wrong step and install fake wallet had no protection whatsoever, which is so stupid that it's almost unthinkable. When we add to that cryptocurrency and lack of knowledge, it's easy money for those who are playing dirty games in background.

I think you shoud be safe, Norton is prevented that fake wallet to even install on your device. But you can try to make scan in safe mode with Norton and free version of Malwarebytes, this is much better way to remove all bad things from your OS. However, only 100% safe way is disc formating and installing of fresh OS.

There are most probably multiple different entities spreading their malware. No one here can answer that question.

The only way to be (amost) sure that your computer is clean is to reinstall your OS, as TryNinja pointed out.
Anything else will still have a remaining risk of your computer still being infected.


Oh.. and don't use some sort of cracked windows. All of them are infected with backdoors. Always.

No one can really say as anyone can create their own malicious server and try to make people download their files.

I personally would recommend you doing a clean reinstall of your OS as you can't know if the fake wallet only steals your coins or also infect your PC with a trojan or keylogger. Better to be safe than sorry.

Had the same thing today
I had the popup and installed version 4.0. Norton warned me and quarantined the file, but I read on internet that anti-virus software tag these files because they look for wallet files. As Electrum software had to work with the wallet file, it is normal that it has to be installed. So I removed it from quarantine and installed it.
When I restarted the software, Norton locked it again, so I got suspicious and went to the Electrum site and installed version 3.3.8.
I then made my payment and everything went correct, payment arrived at correct address. So I was lucky.
I then did a fast system scan with Norton, and nothing was found.
But then Norton alerted me that there was suspisious large outgoing mail activity and that I need to run Norton Power Eraser. Also Norton blocked suspisious incomming brake-ins.
I disconnected my PC from the internet...

Does anyone know what the 4.0 software does besides the changement of the payment address and servers??

Thx

True mate and I used to work in IT! The Electrum site needs a HUGE WARNING with pics etc.!!! I lost a LOT but you know what, fuck them! An old school friends mother died of cancer today  and I only lost some money so puts it into perspective. I'm due some good luck cause been shit comin my way of late except for the price of bitcoin rising but they're gone now too so fuck it all!!! Gonna do the lotto, wish me luck!

Sorry to hear that.

It's a shame you didn't find Bitcointalk earlier... otherwise you would have seen all the threads about the phishing attack and how to avoid losing coins.

I'm really not sure how some 8-9 months after the initial attack and all of the countless threads, reddits, twitter, blog posts etc that people have not heard about this?

I just lost my huge amount of savings in the same way. I was using Electrum 3.0.6 or 3.0.8 and had nothing but trouble sending bitcoins so learned how to do it by reading different forums and then this evening tried to send bitcoins again and had trouble sending them followed by a message being thrown up saying I needed version 4 which I upgraded to and all of a sudden my balance is 0. All my money, gone.

This is a big problem to users who don't know about the recent Electrum attacks even me can be a victim of this attack if I don't know what happen recently to Electrum I'm sure I will click the update button the same as what you did. But since I always care about my wallet I follow Electrum twitter and always visit this section just to be aware of the new update of this wallet because I don't want to be another victim of hackers.

It's not your fault, it's not my fault and it's not a devs fault. Hackers are always there and we can not do anything for them to gone or vanished. What we need to do is to keep our wallet safe and protect and keep updated about the wallet so that we can reduce the risk.

Anyway, sorry for your lose next time if you want to make your wallet safer make Electrum cold wallet instead and never connect it to the internet. The cold wallet doesn't need to update if there is a new release then make a watch only wallet where you can make unsign transaction. This is my wallet and never had any problem using it I'm just broadcasting them in coinb.in or in the blockchain if I want to send or transfer a BTC.

Sorry for your loss but don't blame the software developer for this.

Electrum is not the guilty party. Malicious servers were able to send fake messages instructing users to download fake wallets resulting in the loss of their bitcoins. This is what happened to you.

When Electrum became aware of this they made all versions older than 3.3.3 obsolete and they could no longer connect to Electrum servers. This was now changed to 3.3.4 as it seems.
https://electrum.org/#download

If you had checked the official site or asked here before the problems occurred you could have saved your Bitcoins.

Unfortunately you followed the URL in the message to a github repo which does not have any source code published, but just a single executable file.

And obviously you have downloaded and run this executable.


You might want to increase your level of awareness.
It is always recommended to verify the signature of the file you download. Only trust files signed by the developer of electrum.

Except that there is no Electrum 4.0

You got scammed because you downloaded a fake version of Electrum. That was an exploit that let some servers send fake messages to clients connected to them. You should ONLY download electrum from ELECTRUM.ORG (the ONLY legit website) and always verify the electrum files to make sure they are legit.

That was basically a social engineering attack. With Bitcoin, we don't trust. We verify.

I had electrum 3.0.6 and try to send bitcoin and there was no response.
I had to restart my wallet a few times. Finally, I was able to but after I clicked send, a message pop up says my vision is a bit old I need to upgrade to newer vision.
I trusted the links because it comes from electrum wallet (3.0.6).  I wasn't any other website to download anything.

But after I upgrade to 4.0 all my bitcoin was gone.


Electrum wallet is a con

That's the problem with these fake versions... they aren't your typical malware in that they don't do anything out of the ordinary as far as internet enabled apps go. Most of the malware/antivirus software relies on using heuristics to identify apps that do "dodgy" things, such as trying to access system directories/files or setting up rootkits or installing unwanted browser extensions etc.

However, these fake versions of Electrum simply send information (your seed) or auto create a transaction that sends all your coins to a specified address on startup. Neither of these things is able to be distinguished from "normal" internet activity for a "normal" internet-enabled application.

At most, they can identify the file hashes of the installers and blacklist those, but any minor modification to the installer will change the hash and render that method of identification useless.

Relying on antimalware or antivirus to identify "fake" versions of apps is not a great strategy. It requires that the devs of those apps 1. Know about the issue and 2. Have updated their app to look for it.

Meanwhile, you have a fairly robust system in verifying digital signatures that will guarantee that the file you downloaded is the official Electrum downloader. Learn how it works and do it EVERY time you download an Electrum update.

Why would risk to download the fake version? Detected or not by your AV it would be still risky to try it out.

---

Just for some information,my Eset do have false detection with it and it do deletes the entire electrum wallet(Legit one) showing Coinhive (not sure) Miner stuff? 

I have never installed a fake version, so i don't know wether malwarebytes will pick it up, however they are well aware of the problem and even know the hashes of some of the fake binaries... So i'd be supprised if they didn't scan for them...

https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/

This being said, since electrum is completely open sourse, a malicious person can spin up hundreds of variants in no-time, so i wouln't rely on malwarebytes completely

Does anyone with the worng electrum version tryied to run malwarebytes? did it found the malware?

thanks

It is sad that such things are still happening, but it only show that a good part of the Electrum users are still using outdated wallets, and they are completely unaware of the danger which comes from them. We can only assume that the number of such cases will increase because of bitcoin price is go up, and there is many users of bitcoin who open their wallets only in times when they see opportunity for profit. Unfortunately this is what the hackers are just waiting for.

it is not 7 months, it has been years. and it is not just Electrum, this is a well known way of spreading malware by disguising it as a well known application that people use. and this method only affects people when they are lazy about verifying what they download which includes creating a web of trust and finding the right PGP public key to include in it and verifying the downloaded binaries. but since these steps aren't easy specially for the windows users, they tend to skip it altogether and end up infecting themselves like this.