Author

Topic: Missing receiving address in my bitcoin wallet (Read 777 times)

HCP
legendary
Activity: 2086
Merit: 4363
November 12, 2019, 02:15:44 PM
#49
Yes, but if you look at OPs 2nd post in this thread... he states he copy/pasted several addresses just fine... This was well before any mention of downloading/installing/running any AV/anti-malware software:
- I did copy-paste a few of the addresses from the list, by your advice, and everything looks fine. I got the same addresses in the txt

For the clipboardjacker to simply stop working is not something I've encountered before... not saying it isn't possible. Perhaps some malware author got clever and created a version that tries to avoid detection by only changing every "1 in X" addresses... Huh
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
The super confusing part in all this is that the OP said he already tried copy/pasting multiple bitcoin addresses since this incident and they all copy and paste just fine... I've never seen a clipboard hijacker that only works "once" and then stops working??!? Huh
The clipboard virus might have been flagged and deleted by his Malwarebytes AV in the meantime that is why he was able to copy/paste the correct address when instructed to try it out.

If you follow the OP's timeline this seems like the most plausible scenario.  It's hard to point to any one thing that caused this, the proper trouble shooting steps were taken out of sequence, in my opinion.  It's unfortunate because it would have been nice to help the OP figure out exactly what caused his issue so he can avoid it in the future.  As it is, this might happen to him again if he continues downloading and installing software the way he's been.
legendary
Activity: 2730
Merit: 7065
The super confusing part in all this is that the OP said he already tried copy/pasting multiple bitcoin addresses since this incident and they all copy and paste just fine... I've never seen a clipboard hijacker that only works "once" and then stops working??!? Huh
The clipboard virus might have been flagged and deleted by his Malwarebytes AV in the meantime that is why he was able to copy/paste the correct address when instructed to try it out.
HCP
legendary
Activity: 2086
Merit: 4363
I didn't notice that he posted this image except the one that shows the file infected.
It looks like the Malwarebytes detected 26 infected file which I think the reason why he is suffering from this clipboard virus.
No... it is showing a bunch of "Potentially Unwanted Programs" aka PUPs... these are NOT necessarily viruses or trojans or malware... but annoying things that you may or may not want on your PC... vast number of these tend to be "Browser Helpers" or toolbars etc.

The super confusing part in all this is that the OP said he already tried copy/pasting multiple bitcoin addresses since this incident and they all copy and paste just fine... I've never seen a clipboard hijacker that only works "once" and then stops working??!? Huh
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
He did scan more than just Electrum folder, and he posts the link on the first page: https://prnt.sc/ptqd3s

But since he himself admits he has limited knowledge about all this (including formating disc), finding the cause of this incident is quite uncertain and very likely difficult to solve. My advice would be to backup everything you need from your computer (pictures, videos, documents) and take it to someone who will do the disk formatting and installation of the new operating system.

Then the computer should be protected with antivirus/antimalware/firewall, and used in a manner appropriate to the computer on which cryptocurrency is used. This means that such a computer is your personal bank, no torrent or porn should be mixed with very sensitive information such as private keys, coins address/s or seeds.

I didn't notice that he posted this image except the one that shows the file infected.
It looks like the Malwarebytes detected 26 infected file which I think the reason why he is suffering from this clipboard virus.


@GerGys
If you don't know how to format your PC I can help you but first, follow what Lucius suggested above backup all important files first including wallet files before you PM me.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
You said previously that all the addresses in your electrum wallet begin with 1 yet this address begins with 3. Did you not notice this difference when pasting the address into your email? It's a pretty big difference.

edit: also could this address be from some website or exchange you were using at the time?

I wonder if he actually meant this address: 1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG.

According to blockchain that address received a payment, and instantly broadcast this transaction:
0ddca07771e20587b00a1685702f1be13c2748832fa8c835040cdc2c3001ab33

According to blockchair the the same transaction was confirmed about an hour and half after the payment:
0ddca07771e20587b00a1685702f1be13c2748832fa8c835040cdc2c3001ab33

also could this address be from some website or exchange you were using at the time?

I was thinking the same thing, maybe the OP was trying to multi-task and succeeding about as well I do when I try.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Have you just scanned the folder of Electrum and detected this exploit?
You need to scan the whole PC to find the infected file.

He did scan more than just Electrum folder, and he posts the link on the first page: https://prnt.sc/ptqd3s

But since he himself admits he has limited knowledge about all this (including formating disc), finding the cause of this incident is quite uncertain and very likely difficult to solve. My advice would be to backup everything you need from your computer (pictures, videos, documents) and take it to someone who will do the disk formatting and installation of the new operating system.

Then the computer should be protected with antivirus/antimalware/firewall, and used in a manner appropriate to the computer on which cryptocurrency is used. This means that such a computer is your personal bank, no torrent or porn should be mixed with very sensitive information such as private keys, coins address/s or seeds.
legendary
Activity: 3710
Merit: 1586
Abdussamad, yes, the address is the same.

That's the blockchain transaction link :  https://www.blockchain.com/btc/tx/0ddca07771e20587b00a1685702f1be13c2748832fa8c835040cdc2c3001ab33

When I check the address later, I saw that the payment left the address 2 sec after it's received: https://bitref.com/1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG

If I understand the blockchain correct, the payment is sent to address : 3Ksti3jfX7Vb6FUZW4mWZbazyFcAeyjkCy   and that address isn't my address. Actually, I didn't see the payment in my wallet at all.

You said previously that all the addresses in your electrum wallet begin with 1 yet this address begins with 3. Did you not notice this difference when pasting the address into your email? It's a pretty big difference.

edit: also could this address be from some website or exchange you were using at the time?
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
Malwarebytes just detected a threat and the file again is the Electrum wallet

That's the threat : https://prnt.sc/pumzht

Have you just scanned the folder of Electrum and detected this exploit?
You need to scan the whole PC to find the infected file.

Can you try to scan the whole PC with Kaspersky Total Security maybe this one will detect more than Malwarebytes they have a 1-month free trial and make sure to update the database first before you scan the whole PC?

Let's see if it can detect more suspicious files if they detect they will automatically quarantine the infected file.
legendary
Activity: 2268
Merit: 18771
As I said before, the legitimate version of Electrum often gets flagged as a false positive by malwarebytes and other anti-virus software

You can see a response to this issue on the Electrum github here: Electrum binaries flagged by some antivirus (false positive) #3198

You can also search this forum or reddit and see plenty of posts describing that exact issue.

That's not to say you should just ignore it, as you may have actually downloaded a fake version of Electrum. What you should do is to ensure you only ever download from electrum.org and nowhere else, and verify your download by following these steps (https://bitcoinelectrum.com/how-to-verify-your-electrum-download/) prior to installing it. If you do both these things, then you can safely ignore any threats detected by malwarebytes.
newbie
Activity: 35
Merit: 0
Malwarebytes just detected a threat and the file again is the Electrum wallet

That's the threat : https://prnt.sc/pumzht
legendary
Activity: 2268
Merit: 18771
So at some point between your wallet and sending the email, the address has changed to a different one. As far as I can see there are three possibilities here, provided you are using a genuine version of Electrum (which you say you are):

You previously had the incorrect address on your clipboard, didn't actually copy your own address (just think you did), and then pasted the incorrect address in to the email.
You have malware which meant that although you copied the correct address, you pasted the incorrect address in to the email. I would repeat the exact same steps you performed before to see if this is reproducible. Copy the same address you did before, and paste it in to the same email provider.
Your email is compromised. What email provider are you using? It's possible if someone else has access they could edit any emails you try to send, or even recall emails you have already sent and replace them with their own.

I would think the second is by far the most likely, especially considering malwarebytes is giving you 25 potential positives on a scan. It's just a bit strange that it isn't reproducible (although it might never be now if malwarebytes as quarantined the offending malware).

As always, before hitting send on any transaction or communication, you should be double checking your address against the source (in this case, your Electrum wallet).

This topic would be worth a read: How to lose your Bitcoins with CTRL-C CTRL-V
hero member
Activity: 1358
Merit: 851
If I understand the blockchain correct, the payment is sent to address : 3Ksti3jfX7Vb6FUZW4mWZbazyFcAeyjkCy   and that address isn't my address. Actually, I didn't see the payment in my wallet at all.
You have sent the address through email? Right? Now check the email if you have sent this address or not. If you have sent this one (which isn't own by you), then you have been infected with copy/paste malware which have changed your actual address into this one.
Or, if you have sent a correct address which is from your wallet, there's two possible case may happen-
1. The sender device have been infected with copy/paste malware.
2. The sender intentionally sent on his address. (which is unlikely since you had some previous deals).


Check your mail and confirm if it's the mistake from your side.
newbie
Activity: 35
Merit: 0
Abdussamad, yes, the address is the same.

That's the blockchain transaction link :  https://www.blockchain.com/btc/tx/0ddca07771e20587b00a1685702f1be13c2748832fa8c835040cdc2c3001ab33

When I check the address later, I saw that the payment left the address 2 sec after it's received: https://bitref.com/1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG

If I understand the blockchain correct, the payment is sent to address : 3Ksti3jfX7Vb6FUZW4mWZbazyFcAeyjkCy   and that address isn't my address. Actually, I didn't see the payment in my wallet at all.
legendary
Activity: 3710
Merit: 1586
emails you sent are stored in the send folder of your email client/website. so do confirm that the address was the one where the coins were sent.
newbie
Activity: 35
Merit: 0
Lucius, no, I didn't scan the PC in safe mode, but I will do it. Thanks for the advice!

DireWolfM14, I sent the receiving address via email. This person always doing a direct btc payments to me and I always email him the address. Today I received a btc payment through my website and everything was fine. I also sent a btc payment about 20 min ago and everything was fine again.
Hope it was just a onetime problem!
But, of course, it doesn't mean that I should not protect my PC. I am thinking to format the disc, but will need time to find an info how to do that. I think also I should update the Electrum wallet, but also will need time to read how to do that.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
But I just checked the Remote Settings and saw, that "Allow Remote Assistance connections to this computer" option was enabled (I don't know why).

That option is enabled on Windows by default.  It doesn't matter, because you would have to manually start a "Remote Assistance" session to grant anyone access to your computer.  If you haven't used that feature then that's not your issue.

HCP, yes, I copy-pasted (in txt) a few addresses from my Addresses list and everything was fine.
But I didn't try yet to test a direct payment to my btc wallet (to be honest, I'm afraid to do that). Maybe I should test with a small amount. But today I got a btc payment through my website and everything is fine.

In your original post you said that you copy and pasted your receiving address, how did you share it with the person who was to send you the payment?  Did you email it to him, use a messaging app, social media..?

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
GerGys, did you scan your PC in safe mode with Malwarebytes and that antivirus which I have recommended to you in a previous post? I am asking this because some malware is much easier to be removed from the system if you scan in safe mode.

Since you say that your Remote Settings was enabled, there is a possibility that you have something very malicious on your computer, maybe some type of remote access trojan, and these things are most effectively resolved by formatting the disk. If you are not ready to format the disc, do you have a smartphone (Android 5+) on which you can install Electrum? There is a direct link on Electrum site for mobile version.
newbie
Activity: 35
Merit: 0
Abdussamad, I don't have teamviewer type program and didn't use teamviewer. But I just checked the Remote Settings and saw, that "Allow Remote Assistance connections to this computer" option was enabled (I don't know why). I disabled it. Thanks for the advice!


HCP, yes, I copy-pasted (in txt) a few addresses from my Addresses list and everything was fine.
But I didn't try yet to test a direct payment to my btc wallet (to be honest, I'm afraid to do that). Maybe I should test with a small amount. But today I got a btc payment through my website and everything is fine.
legendary
Activity: 3710
Merit: 1586
There was another user who had a similar problem and he discovered that it was due to remote desktop protocol (RDP) or teamviewer type programs. These let a remote computer modify his clipboard and so he was only affected when that RDP/teamviewer software was running and he copy pasted addresses. Do you use software like that?
HCP
legendary
Activity: 2086
Merit: 4363
HCP , no, I don't have any address that begins with ""1P24x". The sender always paying with a direct payment to my btc wallet and I always doing the same : open my wallet - go to Receive tab - copy the btc address there - paste it at the email.
I don't have problems when I receive btc payments through my website.
Perhaps you just have one of the "original" clipboard malwares that didn't try and use "similar" replacement addresses and simply just pasted a completely different BTC address.

Although, the fact that you said that it doesn't seem to be doing it any more (copy/pasting is currently transferring the correct address right?) might indicate that this isn't even the reason why you ended up with an incorrect address. Huh

Perhaps you didn't actually copy the address from Electrum correctly and, for whatever reason, already had that address on your clipboard (from a different app/website? Huh)


Quote
About "moving your crypto/wallet stuff to a completely separate (offline) system" - I don't know how to do that and some advice will be helpful.
Essentially, you use a completely separate computer that is not connected to the internet or ANY network. You install Electrum on it... and create your wallet with seed/private keys.

You would then use another computer that is connected to the internet... and install what is known as a "Watching only" version of your wallet on it. This enables you to see addresses/transactions/balance etc... but you are not able to spend/sign transactions as it doesn't contain any private keys. Refer: https://electrum.readthedocs.io/en/latest/coldstorage.html

The workflow is then... create unsigned transaction on ONLINE computer... transfer unsigned transaction (via USB) to OFFLINE computer... sign the transaction with the private keys (after checking it is all correct!)... then transfer signed transaction back to the ONLINE computer and broadcast it.

It's obviously a lot more work, but is also a lot more secure. However, it wouldn't necessarily prevent your particular scenario unless you take the time to double check and confirm all the transaction details (amounts+addresses etc) BEFORE you sign/broadcast.

What it does do is reduce the chances of any malware on your online computer from being able to access your wallet/private keys/seed etc.


Hardware wallets essentially make this setup redundant, as they achieve the same goal but in an arguably more streamlined, easy to use manner.
newbie
Activity: 35
Merit: 0
HCP , no, I don't have any address that begins with ""1P24x". The sender always paying with a direct payment to my btc wallet and I always doing the same : open my wallet - go to Receive tab - copy the btc address there - paste it at the email.
I don't have problems when I receive btc payments through my website.

I didn't visit any porn/torrents websites.

About "moving your crypto/wallet stuff to a completely separate (offline) system" - I don't know how to do that and some advice will be helpful.

HCP
legendary
Activity: 2086
Merit: 4363
I didn't use Malwarebytes before and if I understand the info correct (because English isn't my native language), when I add a certain file or program to MalwareBytes quarantine, I will be the only one person with an access to them, correct?
Generally, once a file is "quarantined"... even YOU won't be able to access them. That's the entire point of quarantine. The antimalware/antivirus software attempts to prevent ANY access to try and prevent any payload from being executed.

To access the files after quarantining them, you would need to "restore" them first.


When you look at all the addresses displayed in your Electrum "Addresses" tab, do you see ANY address that begins with the same 4 or 5 characters as the address you pasted: "1P24x..."? Huh

If so, try copy/pasting THAT address again and see if it gives you the same or different address.


But now the most important is to keep my wallet safe.
Part of that would be trying to identify how you got infected in the first place... and perhaps modifying your computer behaviour. No dodgy websites (porn/torrents etc)... be careful what you download/install...

Consider moving your crypto/wallet stuff to a completely separate (offline) system etc... or investing in a hardware wallet.
newbie
Activity: 35
Merit: 0
Thank you all for the help and advice! I really, really appreciate it.

I understand, that I lost that transaction (with the problem). But now the most important is to keep my wallet safe.
hero member
Activity: 1358
Merit: 851
Locate your wallet files (usually they are in //appdata/roaming/electrum/wallets/) and back them up on a clean thumb drive.
This is one of the way you can update.
Unless you have something important on the wallet like an labels of addresses, you can just store the seed key and uninstall the electrum and download it as DireWolfM14 showed. Then, instead of creating new seed, restore this one. This is more simple however, if your metadata is important, then back up of the wallet file is mandatory.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Locate your wallet files (usually they are in //appdata/roaming/electrum/wallets/) and back them up on a clean thumb drive.
Go to https://electrum.org/#download and download the latest version for your OS, and corresponding signature file.
Follow these instructions to verify the download: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/
Uninstall your old version of electrum.
Install the new version of electrum.
Restore your wallet files to the directory where you found them.

If you are concerned that your current wallet might have been compromised, you should create a new seed, and move all your funds to the new wallet.

If you're suspicious that your system has been compromised, I recommend you reinstall your OS on a freshly partitioned hard drive.  Relying on anti-virus and anti-malware programs is a risk, in my opinion.  A risk I would not be willing to accept. 
newbie
Activity: 35
Merit: 0
o_e_l_e_o, how to update the Electrum wallet?

I receive fund there and don't have problem, because the payments are not direct. Only this one (the missing one, with the problem) was a direct payment.
I know, that the formatting is the best solution, but will need time to find info how to do that. Until then I think to use Malwarebytes running and will update the wallet. Is that a solution for now?
legendary
Activity: 2268
Merit: 18771
As an aside, Electrum versions before 3.3.4 no longer sync as a security precaution, so even if you had used the correct address, you still wouldn't see the funds in your wallet until you updated Electrum.

My mistake. It's versions before 3.3.0 which wont sync, but versions before 3.3.4 which are vulnerable to a fake phishing message.

To upgrade, simply back up your wallet files, uninstall your current version of Electrum, download and verify the most recent version (3.3.8) from electrum.org, and then install.
newbie
Activity: 35
Merit: 0
Lucius, yes, I am using Electrum version 3.3.3. It seems I have "non-genuine version" of what? I downloaded the Electrum wallet from the official website a long time ago and because some problems with my previous laptop, I restored the wallet on new laptop, with the seeds.

I understand, that removing threats isn't the best solution, but just trying to find the best decision for now. Because I am worried not to lose all my btc in the wallet.
I understand, that formatting of the disk and clean install of OS is the best option, but I will need time to see how to do that, because I am not familiar with that.
That's why I am asking if the MB quarantine is a solution, until I find info about the formatting.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
GerGys, do you use Electrum version 3.3.3? I also use Malwarebytes (Premium version), but I don't remember MB ever detecting Electrum as something dangerous (in your case GenericMalware). In this case, you seem to have a non-genuine version, but such false versions usually empty the entire wallet the moment they are installed.

You should consider proactive security measures for your PC, which means that the emphasis is on prevention, not as it is now with you in removing threats. I agree that the safest option at this point is formatting of your disk and clean install of OS.

I recommend you do at least two more things, try to make a full scan with MB in safe mode (check how to enter a safe mode for your PC), and also try to scan with good antivirus. My recommendation is Norton Security: https://in.norton.com/downloads

Regarding MB quarantine, only you have access to those files, and you can restore them at any time.
legendary
Activity: 2268
Merit: 18771
Malwarebytes does sometimes have false positives (as with Electrum), but if you don't recognize the software it is flagging up as suspicious, then yes, I would quarantine it.
newbie
Activity: 35
Merit: 0
Thanks for the reply, o_e_l_e_o !

Yes, the wallet is downloaded from the official website.
Thanks for the advice about the reformat. I will do that for sure later in the time.

So, should I add the other 25 detections to the MalwareBytes quarantine ?

I didn't use Malwarebytes before and if I understand the info correct (because English isn't my native language), when I add a certain file or program to MalwareBytes quarantine, I will be the only one person with an access to them, correct?
brand new
Activity: 0
Merit: 0
@ElectrumSupport, read the post just above yours, it is clear that his problem is not caused by the clipboard hijacker malware.
Either his device is compromized or someone else has access to his wallet (private keys)


Okay Sir i understand !
legendary
Activity: 2268
Merit: 18771
Electrum gets flagged as a false positive by malwarebytes. As long as you only downloaded from the official site - electrum.org - and verified the download by following these instructions (https://bitcoinelectrum.com/how-to-verify-your-electrum-download/), then that is nothing to worry about.

25 other detections is a massive issue, though, although the ones visible on your screenshot all seem to be from the same piece of malware. Honestly, if I was that infected I would just reformat.
newbie
Activity: 35
Merit: 0
Here is the image:

https://prnt.sc/ptqd3s
newbie
Activity: 35
Merit: 0
Sorry, I don't know how to add an image here
newbie
Activity: 35
Merit: 0
I just installed the free trial version of Malwarebytes and run it.  I got 26 detections. Check the image here. Should I click on "Quarantine" button? I am asking that, because I see there also the Electrum wallet setup exe

As I said, that's the first time when I got that kind of problem. I often receive btc payments, but not as a direct payment (like this one with the problem), but through my websites and don't have any problems. That make me think, that it's a Clipboard malware.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
@ElectrumSupport, read the post just above yours, it is clear that his problem is not caused by the clipboard hijacker malware.
Either his device is compromized or someone else has access to his wallet (private keys)
TGD
hero member
Activity: 1288
Merit: 620
Wen Rolex?
Is there a free version of Malwarebytes?

Free version has a limited feature. It's better to avail premium license. There is some crack version of it but I suggest to buy the official license to support the developer.

Malwarebytes didn't guarantee 100% protection and no anti virus can do that. It's better to reformat your hard disk same as the advice of @oeleo then install malwarebytrs after reformat to make sure that your computer is totally free from malware.

Maybe you download too much file on the internet without antivirus installed or you click porn ads that automatically download a malware file.  Roll Eyes
brand new
Activity: 0
Merit: 0
Hello,

yesterday I had to give my electrum bitcoin wallet receiving address to a guy to send me a certain amount in btc.
I copy-paste the receiving address from my btc wallet.
Today that guy sent me the blockchain link, where I see, that he sent the payment and that transaction is confirmed.
But I don't have it my wallet balance and the problem is, that I don't see the receiving address in my addresses list.
What could be the reason for that?
Yesterday I just copy-paste the address from the wallet, today that address isn't there and of course, the transaction isn't in my balance there also.
Please, help me with some advice what could be the reason for that and what should I do about it?
I did that before - copy-paste a receiving address - but didn't have that kind of problem before.
Thank you in advance!

Your computer is infected with a virus that replaces the addresses copied in the clipboard and paste its own addresses.  the virus is called Bitcoin Stealer and you need to install an antivirus to fix the problem otherwise it's good for you. thank you !
legendary
Activity: 2268
Merit: 18771
What operating system are you using? You should be running a full antivirus scan with the software of your choice, as well as installing and scanning with malwarebytes as a minimum, but the only way to be sure you are completely safe would be to format your hard drive and reinstall your OS.

Does it mean, that all my btc addresses in my btc wallet can get the same problem?
Clipboard malware cannot steal your bitcoins on its own. All it can do is change the address you copy and paste, meaning you either send the wrong receiving address to someone else (as you did here), or you enter the wrong address when you are trying to send bitcoin. As long as you double and triple check the address against the source (i.e. your wallet or the person giving you an address, not something else you've copy and pasted), you will not fall victim to it.

Having said that, if you are infected with this malware, you could also very well be infected with more serious malware which could steal your coins in other ways. You might want to look in to hardware wallets as a safer method of storing and sending your coins.

Is there a free version of Malwarebytes?
https://www.malwarebytes.com/mwb-download/
newbie
Activity: 35
Merit: 0
Is there a free version of Malwarebytes?
TGD
hero member
Activity: 1288
Merit: 620
Wen Rolex?
Which one to use to remove the virus : Reimage, SpyHunter 5, or Malwarebytes?
What do you recommend?

Malwarebytes is my personal recommendation. It's good to remove malware in your computer which is the main reason why many crypto user are being hacked. That's also my company security application for our computer. That's better than mcafee anti virus.
newbie
Activity: 35
Merit: 0
Which one to use to remove the virus : Reimage, SpyHunter 5, or Malwarebytes?
What do you recommend?
newbie
Activity: 35
Merit: 0
Thanks for the reply, nc50lc!

Yes, 1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG is the address, which I copy-paste.
Yes, as I can see when I checked the address, the btc is spend 2 sec after it's received.

1. What can I do about that clipboard hijacking? I mean, should I check my computer for some virus? If yes, how to do that?
Does it mean, that all my btc addresses in my btc wallet can get the same problem? Or it happened only when I copy-paste the address?

Yes, I think that the sender isn't the culprit.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
So 1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG is supposed to be the address in your receive tab? Yes?
But the fact that the UTXO was already spent strongly indicates that there's someone else who's in control of that address.

What do you mean with "clipboard hijacking"?
-snip-
Btw. I just checked the address on Google and check what I see about the address :  https://bitref.com/1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG    What does it mean? How the money came there and 2 min later are gone?
1. It's a virus or program that can alter your machine's clipboard (where the copied files were stored) to change the paste result,
it usually looks for possible bitcoin addresses and change it to his address, the most latest ones even generates the same few first and last characters of the original address to fool the victim.

2. With enough programming skills, anyone can program a "forwarder" that can send bitcoins right after the specified addresses received bitcoins.
And the way that the destination address 3Ksti3jfX7Vb6FUZW4mWZbazyFcAeyjkCy had been receiving funds from different addresses looks similar to a hacker's forwarding address.

Based from your reply, the sender can't be the culprit.
newbie
Activity: 35
Merit: 0
What do you mean with "clipboard hijacking"? I am sorry for asking, but I don't know what is that.

About your question - I compared the address in the email (I provided the receiving address by email yesterday) and the address in the blockchain link, and they are the same.

Here is the blockchain link : https://www.blockchain.com/btc/tx/0ddca07771e20587b00a1685702f1be13c2748832fa8c835040cdc2c3001ab33

Btw. I just checked the address on Google and check what I see about the address :  https://bitref.com/1P24xfd96qvMzLN81qxNhgPn2pm8Efa5AG    What does it mean? How the money came there and 2 min later are gone?

Sorry if I am asking a stupid questions!
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Today, when I saw, that I don't have the transaction in my balance, I checked all addresses in my list very, very careful and didn't find that address at all there. That's very weird...
Is it possible the receiving address to expire? If it's possible a certain btc receiving address to expire at all?
There's no some sort of expiration date of addresses (not exclusive to Electrum),
in fact, Electrum is (HD) Hierarchical Deterministic and will produce the same set of addresses even if you deleted the wallet file and restore from seed given the right derivation path.

There are some cases of clipboard hijacking that is a direct attack or platform-specific and maybe this was the case.

Also, about my question above, how sure are you that the sender sent it to the same address that you've sent him?
Did you checked the 1st and last few characters of the address that you pasted?
there's a possibility that the sender is lying.
newbie
Activity: 35
Merit: 0
Thanks for the reply, nc50lc!

- I did copy-paste a few of the addresses from the list, by your advice, and everything looks fine. I got the same addresses in the txt

- I did check the directory and see only one wallet.

As I said, I didn't have that kind of problem before. The guy, who sent me the btc, did that before and I was doing exact the same action like yesterday - open my wallet, go to "Receive" and copy the address there.
Today, when I saw, that I don't have the transaction in my balance, I checked all addresses in my list very, very careful and didn't find that address at all there. That's very weird...
Is it possible the receiving address to expire? If it's possible a certain btc receiving address to expire at all?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
There's no way to remove an address from an Electrum wallet.
Some may be invisible due to gap limit but if it was already displayed in the "receive" tab, it should also be available in the "address" tab.

I'll just list two possible scenarios on what might have happened:
  • Case1: There might be a clipboard-hijacking malware/virus that changed the copied address.
    To try if this was the case, copy one of your address and paste it in any text box;
    if the result is the same, this might not be the case. (try to copy-paste 10 different addresses)
  • Case2: There may be two or more Electrum wallet in your wallet directory and you copied an address from the other wallet;
    Try to check using Electrum menu File->Open if there's another wallet file in the list.

Are you sure that it was the same address that you've sent him?
newbie
Activity: 35
Merit: 0
Hello,

yesterday I had to give my electrum bitcoin wallet receiving address to a guy to send me a certain amount in btc.
I copy-paste the receiving address from my btc wallet.
Today that guy sent me the blockchain link, where I see, that he sent the payment and that transaction is confirmed.
But I don't have it my wallet balance and the problem is, that I don't see the receiving address in my addresses list.
What could be the reason for that?
Yesterday I just copy-paste the address from the wallet, today that address isn't there and of course, the transaction isn't in my balance there also.
Please, help me with some advice what could be the reason for that and what should I do about it?
I did that before - copy-paste a receiving address - but didn't have that kind of problem before.
Thank you in advance!
Jump to: