Author

Topic: Lost my bitcoin after I have installe electrum 4.0.0 (Read 522 times)

legendary
Activity: 1624
Merit: 2481
The few restrictions are mostly cosmetic. Much better than an old cracked Windows imho.

Or simply switch to linux  Tongue
Much better security- and privacy-wise without any cosmetic restrictions at all. And it is for free.

There are quite a lot distributions out there which are suited for beginner (a.k.a. almost no command line necessary). Ubuntu / Mint being the best examples for such a distro.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Oh.. and don't use some sort of cracked windows. All of them are infected with backdoors. Always.

I keep writing this now ant then: instead of cracked Windows, now there's the option to simply use Win10 not activated basically forever. The few restrictions are mostly cosmetic. Much better than an old cracked Windows imho.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I had the popup and installed version 4.0. Norton warned me and quarantined the file...

You and some other users are saved by antivirus, which just shows us that most of those who took the wrong step and install fake wallet had no protection whatsoever, which is so stupid that it's almost unthinkable. When we add to that cryptocurrency and lack of knowledge, it's easy money for those who are playing dirty games in background.

I think you shoud be safe, Norton is prevented that fake wallet to even install on your device. But you can try to make scan in safe mode with Norton and free version of Malwarebytes, this is much better way to remove all bad things from your OS. However, only 100% safe way is disc formating and installing of fresh OS.
legendary
Activity: 1624
Merit: 2481
Does anyone know what the 4.0 software does besides the changement of the payment address and servers??

There are most probably multiple different entities spreading their malware. No one here can answer that question.

The only way to be (amost) sure that your computer is clean is to reinstall your OS, as TryNinja pointed out.
Anything else will still have a remaining risk of your computer still being infected.


Oh.. and don't use some sort of cracked windows. All of them are infected with backdoors. Always.
legendary
Activity: 2758
Merit: 6830
Does anyone know what the 4.0 software does besides the changement of the payment address and servers??
No one can really say as anyone can create their own malicious server and try to make people download their files.

I personally would recommend you doing a clean reinstall of your OS as you can't know if the fake wallet only steals your coins or also infect your PC with a trojan or keylogger. Better to be safe than sorry.
newbie
Activity: 1
Merit: 0
Had the same thing today
I had the popup and installed version 4.0. Norton warned me and quarantined the file, but I read on internet that anti-virus software tag these files because they look for wallet files. As Electrum software had to work with the wallet file, it is normal that it has to be installed. So I removed it from quarantine and installed it.
When I restarted the software, Norton locked it again, so I got suspicious and went to the Electrum site and installed version 3.3.8.
I then made my payment and everything went correct, payment arrived at correct address. So I was lucky.
I then did a fast system scan with Norton, and nothing was found.
But then Norton alerted me that there was suspisious large outgoing mail activity and that I need to run Norton Power Eraser. Also Norton blocked suspisious incomming brake-ins.
I disconnected my PC from the internet...

Does anyone know what the 4.0 software does besides the changement of the payment address and servers??

Thx

newbie
Activity: 2
Merit: 0
All my money, gone.
Sorry to hear that.

I just lost my huge amount of savings in the same way. I was using Electrum 3.0.6 or 3.0.8 and had nothing but trouble sending bitcoins so learned how to do it by reading different forums
It's a shame you didn't find Bitcointalk earlier... otherwise you would have seen all the threads about the phishing attack and how to avoid losing coins.

I'm really not sure how some 8-9 months after the initial attack and all of the countless threads, reddits, twitter, blog posts etc that people have not heard about this? Undecided

True mate and I used to work in IT! The Electrum site needs a HUGE WARNING with pics etc.!!! I lost a LOT but you know what, fuck them! An old school friends mother died of cancer today  and I only lost some money so puts it into perspective. I'm due some good luck cause been shit comin my way of late except for the price of bitcoin rising but they're gone now too so fuck it all!!! Cheesy Gonna do the lotto, wish me luck!
HCP
legendary
Activity: 2086
Merit: 4363
All my money, gone.
Sorry to hear that.

I just lost my huge amount of savings in the same way. I was using Electrum 3.0.6 or 3.0.8 and had nothing but trouble sending bitcoins so learned how to do it by reading different forums
It's a shame you didn't find Bitcointalk earlier... otherwise you would have seen all the threads about the phishing attack and how to avoid losing coins.

I'm really not sure how some 8-9 months after the initial attack and all of the countless threads, reddits, twitter, blog posts etc that people have not heard about this? Undecided
newbie
Activity: 2
Merit: 0
I just lost my huge amount of savings in the same way. I was using Electrum 3.0.6 or 3.0.8 and had nothing but trouble sending bitcoins so learned how to do it by reading different forums and then this evening tried to send bitcoins again and had trouble sending them followed by a message being thrown up saying I needed version 4 which I upgraded to and all of a sudden my balance is 0. All my money, gone.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
~snip~

This is a big problem to users who don't know about the recent Electrum attacks even me can be a victim of this attack if I don't know what happen recently to Electrum I'm sure I will click the update button the same as what you did. But since I always care about my wallet I follow Electrum twitter and always visit this section just to be aware of the new update of this wallet because I don't want to be another victim of hackers.

It's not your fault, it's not my fault and it's not a devs fault. Hackers are always there and we can not do anything for them to gone or vanished. What we need to do is to keep our wallet safe and protect and keep updated about the wallet so that we can reduce the risk.

Anyway, sorry for your lose next time if you want to make your wallet safer make Electrum cold wallet instead and never connect it to the internet. The cold wallet doesn't need to update if there is a new release then make a watch only wallet where you can make unsign transaction. This is my wallet and never had any problem using it I'm just broadcasting them in coinb.in or in the blockchain if I want to send or transfer a BTC.
legendary
Activity: 2730
Merit: 7065
Electrum wallet is a con
Sorry for your loss but don't blame the software developer for this.

Electrum is not the guilty party. Malicious servers were able to send fake messages instructing users to download fake wallets resulting in the loss of their bitcoins. This is what happened to you.

When Electrum became aware of this they made all versions older than 3.3.3 obsolete and they could no longer connect to Electrum servers. This was now changed to 3.3.4 as it seems.
Quote
Warning: Electrum versions older than 3.3.4 are susceptible to phishing. Do not download Electrum from another source than electrum.org, and learn to verify GPG signatures.
https://electrum.org/#download

If you had checked the official site or asked here before the problems occurred you could have saved your Bitcoins.
legendary
Activity: 1624
Merit: 2481
I wasn't any other website to download anything.

Unfortunately you followed the URL in the message to a github repo which does not have any source code published, but just a single executable file.

And obviously you have downloaded and run this executable.


You might want to increase your level of awareness.
It is always recommended to verify the signature of the file you download. Only trust files signed by the developer of electrum.
legendary
Activity: 2758
Merit: 6830
I had electrum 3.0.6 and try to send bitcoin and there was no response.
I had to restart my wallet a few times. Finally, I was able to but after I clicked send, a message pop up says my vision is a bit old I need to upgrade to newer vision.
I trusted the links because it comes from electrum wallet (3.0.6).  I wasn't any other website to download anything.

But after I upgrade to 4.0 all my bitcoin was gone. Shocked
Except that there is no Electrum 4.0

You got scammed because you downloaded a fake version of Electrum. That was an exploit that let some servers send fake messages to clients connected to them. You should ONLY download electrum from ELECTRUM.ORG (the ONLY legit website) and always verify the electrum files to make sure they are legit.

That was basically a social engineering attack. With Bitcoin, we don't trust. We verify.
newbie
Activity: 1
Merit: 0
Hi.Yesterday I installed version 4 of electrum and made 2 transactions, the first one was successful but the second one I find the address of the recipient changed and the transaction performed. I have uninstalled version 4. Can anyone please tell me if it is possible to recover my bitcoins and if I run risks for other files in general on my pc. Thanks


I had electrum 3.0.6 and try to send bitcoin and there was no response.
I had to restart my wallet a few times. Finally, I was able to but after I clicked send, a message pop up says my vision is a bit old I need to upgrade to newer vision.
I trusted the links because it comes from electrum wallet (3.0.6).  I wasn't any other website to download anything.

But after I upgrade to 4.0 all my bitcoin was gone. Shocked


Electrum wallet is a con

HCP
legendary
Activity: 2086
Merit: 4363
Does anyone with the worng electrum version tryied to run malwarebytes? did it found the malware?
That's the problem with these fake versions... they aren't your typical malware in that they don't do anything out of the ordinary as far as internet enabled apps go. Most of the malware/antivirus software relies on using heuristics to identify apps that do "dodgy" things, such as trying to access system directories/files or setting up rootkits or installing unwanted browser extensions etc.

However, these fake versions of Electrum simply send information (your seed) or auto create a transaction that sends all your coins to a specified address on startup. Neither of these things is able to be distinguished from "normal" internet activity for a "normal" internet-enabled application.

At most, they can identify the file hashes of the installers and blacklist those, but any minor modification to the installer will change the hash and render that method of identification useless.

Relying on antimalware or antivirus to identify "fake" versions of apps is not a great strategy. It requires that the devs of those apps 1. Know about the issue and 2. Have updated their app to look for it.

Meanwhile, you have a fairly robust system in verifying digital signatures that will guarantee that the file you downloaded is the official Electrum downloader. Learn how it works and do it EVERY time you download an Electrum update.
hero member
Activity: 3010
Merit: 794
Does anyone with the worng electrum version tryied to run malwarebytes? did it found the malware?

thanks
Why would risk to download the fake version? Detected or not by your AV it would be still risky to try it out.


Just for some information,my Eset do have false detection with it and it do deletes the entire electrum wallet(Legit one) showing Coinhive (not sure) Miner stuff?  Huh
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
Does anyone with the worng electrum version tryied to run malwarebytes? did it found the malware?

thanks

I have never installed a fake version, so i don't know wether malwarebytes will pick it up, however they are well aware of the problem and even know the hashes of some of the fake binaries... So i'd be supprised if they didn't scan for them...

https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/

This being said, since electrum is completely open sourse, a malicious person can spin up hundreds of variants in no-time, so i wouln't rely on malwarebytes completely
newbie
Activity: 10
Merit: 0
Does anyone with the worng electrum version tryied to run malwarebytes? did it found the malware?

thanks
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
It is sad that such things are still happening, but it only show that a good part of the Electrum users are still using outdated wallets, and they are completely unaware of the danger which comes from them. We can only assume that the number of such cases will increase because of bitcoin price is go up, and there is many users of bitcoin who open their wallets only in times when they see opportunity for profit. Unfortunately this is what the hackers are just waiting for.
legendary
Activity: 3472
Merit: 10611
After 7 months this malware is still around stealing money!

it is not 7 months, it has been years. and it is not just Electrum, this is a well known way of spreading malware by disguising it as a well known application that people use. and this method only affects people when they are lazy about verifying what they download which includes creating a web of trust and finding the right PGP public key to include in it and verifying the downloaded binaries. but since these steps aren't easy specially for the windows users, they tend to skip it altogether and end up infecting themselves like this.
HCP
legendary
Activity: 2086
Merit: 4363
You're not an idiot... you've just been tricked by nasty thieves using a very convincing social engineering attack Sad

At this stage, it appears that the malware was simply designed to modify transactions to send all funds to the thieves... and doesn't appear to be installing any other malware like keyloggers or RATs etc... but there is no guarantee that this has not occurred. You can try running scanners like MalwareBytes or Spybot Search n Destroy etc...

If you want to be 100% sure, you're need to backup your data, then wipe/format the computer and reinstall your OS.
newbie
Activity: 2
Merit: 0
Same sad story here.
be careful!!
I am not expert, I got the same security update message and after few minutes my coins were gone.
The amount of the transaction and the address changed.  Lips sealed Lips sealed Lips sealed

The download site was electrumsky.com

Don't waste your time saying I am an idiot. I just want to help other people to avoid this phishing and to spread the alarm.
After 7 months this malware is still around stealing money!

As far as you know, is it enough to delete the app to be safe? (no need for a wallet anymore:( )

A.
HCP
legendary
Activity: 2086
Merit: 4363
I had version 3.3.4 and at the end of the transaction it gave me a negative result with the error that we wanted the new version 4.0.0. then I downloaded it but I don't remember if I copied the message link or if I looked for it on google. Unfortunately I took a fake server
If you got that error message... then you certainly did NOT have version 3.3.4 installed. The vulnerability whereby a malicious server could create those fake update popup messages was patched in version v3.3.3. It had previously been patched to make the link non-clickable in version v3.3.2. Unfortunately, you must have been using an older version that still allowed the popup Undecided

Sadly, as others have mentioned, your coins are gone Sad

newbie
Activity: 3
Merit: 0

I had version 3.3.4 and at the end of the transaction it gave me a negative result with the error that we wanted the new version 4.0.0. then I downloaded it but I don't remember if I copied the message link or if I looked for it on google. Unfortunately I took a fake server
legendary
Activity: 2520
Merit: 1496
To prevent others from same mistake, could you please write, where did you get this electrum 4.0.0 installation file?
Hope not by clicking a link from e-mail ?
legendary
Activity: 2170
Merit: 1789
ok I have just reinstalled this version. Can I do anything to recover my bitcoin?

You can't do anything, period. The only thing that you can do from this point is to ensure your computer is not infected with other viruses/malware which could potentially steal/hijack your clipboard. Do a clean install or wipe your hard disk if you can't be sure that there is no other malicious file except that Electrum file that you've just downloaded.

I feel sorry for your loss, please be careful next time and always verify the signature of every file that you downloaded from the internet.
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
ok I have just reinstalled this version. Can I do anything to recover my bitcoin?

Confirmed transaction cannot be reverted, unconfirmed transaction can potentially be cancelled by doublespending the inputs of the unconfirmed transaction and broadcasting the doublespending transaction to as many nodes as humanly possible. This is something that's really hard to perform for a non-technical person, and even if you succeed in creating a double spending transaction, the odds of getting your tx in a mining nodes' mempool are really, really, really small (so the odds of success are really low).
Even if the transaction is unconfirmed, most of the time it isn't even worth the effort to try to create a double spending transaction... Only if we're talking about a thefth of several thousands of USD worth of BTC it becomes something you can try as long as the tx wasn't confirmed.

I guess you should focus on what went wrong... When you say you reinstalled "this" version, which version do you mean? Where did you download it from? Did you check the signature?

Also, addresses that "magically" change are never a good sign... Is your pc clean? do you install software from unknown sources? Do you have a virusscanner running? Is your OS patched?
newbie
Activity: 3
Merit: 0
ok I have just reinstalled this version. Can I do anything to recover my bitcoin?
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
Directly from https://electrum.org/#download:

Quote
Latest release: Electrum-3.3.4

Version 4 does not exist, so if you have installed version 4, you either misread the version number or you installed a fake version!

If you say that the address you were funding changed, and you funded an address you were not trying to fund, those funds are lost, the odds are pretty big you have a copy/paste virus installed on your pc, or you have a fake electrum version (as said before).
newbie
Activity: 3
Merit: 0
Hi.Yesterday I installed version 4 of electrum and made 2 transactions, the first one was successful but the second one I find the address of the recipient changed and the transaction performed. I have uninstalled version 4. Can anyone please tell me if it is possible to recover my bitcoins and if I run risks for other files in general on my pc. Thanks
Jump to: