Topic: My BTC was stolen. Can someone clarify how it happened? (Read 151 times)

Yeah, report it to the authorities and let us hope they take it up, however, like i already said, i am not too sure if the scammer will be 'stupid' to deposit the funds into a custodial kyc service, they will probably mix the coins and move it around so many times that it becomes impossible to trace. Sorry for your loss, it is really sad to lose this kind of money, i pray something good happens for you that will help you sleep better at night.

That is a good guess I think, because I can also see that I checked on the internet what the BTC price was at the time, 40 minutes before they were stolen. So after they had seen that I didn't check any other coin prices, they maybe were certain I didn't have anything other than that.

Yes, I can see the hardware wallet would have been the way to go, and that is fully on me for not doing it in time. (Almost had 10 years to do it, so I don't really have an excuse). And the seed phrase was as secure as it could get. (was literally only written on a piece of paper I had secure in my house, only used it once, longer than 5+ years ago when I transferred from Multibit too Electrum)

That is also a reason I now think going to law enforcements maybe has a little change, they will do something with it. I can not get them back, but if I can obstruct them for cashing them in, I already sleep a little better. Thanks for the extra info!

i think it's more likely that his device was infected with a crypto sweeper. if his seed phrase or private keys were compromised, the coins would have left his wallet before he updated his electrum wallet.

this is just a guess, but i think they waited to see if they could get their hands on any other crypto you have.
if they steal all the coins on day one, they would lose that chance.

I also begin to believe it is a malware or virus of some sort, I only think it is strange that this is the only thing they would steal or do (like nothing strange with emails, passwords, or banking transactions). And yes it also would be strange that if it was the fake version they would risk it and wait 6 days? Either way, thanks for your answer!

Your lesson:

Create your wallet on an airgapped device and never import your seed phrase (or your private keys) on a non-air-gapped device or go for a hardware wallet.
Keep your seed phrase somewhere secure.

Thanks for the clarification, I already thought the accounts looked kind of new when there were no other transactions done on it. I already accept the loss, but it still stings because I don't know for 100% sure how they did it.  And thanks for the Kudos! I probably got way too comfortable when everything went smooth for so long. You are right, a hardware wallet would have been the right move when they got to a certain amount…

Thanks for your answer! And yeah, I'm sure I downloaded from the correct site (because I always go to it from within, the app itself) So I also start to think that it is some kind of virus, I only find it strange that this is the only thing they stole or did (and did it 6 days later?). And thanks for the clarification, I already thought the accounts looked kind of new when there were no other transactions done on it. It is also extra painful because I can clearly see where they are, but can do nothing to get to them. And yes, after some consideration I will report it to the police, I can't do any more harm than is already done.

Yeah, I made somewhere a mistake, but as I said: I just want to know people's opinions or thoughts on how they could have gotten in. I already accept I won't get them back, and the only other thing I can do is learn from it. But the learning is a lot harder when you don't get the whole picture. Still, thanks for your answer. I appreciate all the answers that are given on this post.

Are you sure, i don't think any centralized exchange will freeze coins because they got an email from a random person. I believe for this to happen, the exchange has to receive the request from law enforcement or government authority. However, the scammer might not even be so stupid to deposit the stolen coins into a kyc exchange.

It was probably the latter.

I highly doubt OP downloaded a fake version of electrum. Either someone had access to the seed phrase (or the private keys) or OP's device was infected with a malware.
If OP had downloaded a fake version of electrum, the thief wouldn't wait 6 days to steal the fund.

The address where the hackers sent the funds was just newly generated. It might be a personal wallet, as there's no way it can be identified as from exchange, so there's nothing you can do now but accept your loss.
It's too expensive lesson, although you bought these coins way back in 2015 when it was just a couple of hundred in value, kudos to your patience but you need to make more careful and instead invest in hardware wallets like trezor to make your bitcoin assets more secured and safe.

I think this is the problem - because no matter how sure you are that you downloaded the original Electrum, it seems that you somehow managed to download a fake wallet or you have some sophisticated virus on your computer that your AV failed to detect. It is possible that it is a RAT (Remote Access Trojan) that allows the attacker full access to your computer, including all files.

It is possible that the attacker only needed the password for your wallet, and he got it at the moment when you last updated the wallet in case you typed the same password to check the wallet. As for the addresses, both are without any other transactions, which may mean that the hacker is cautious and still has no intention of doing anything with those coins.

If I were you, I would still report the case to the police because the amount involved is large - and any help would be welcome. In addition, send an e-mail to all crypto exchanges that come to your mind with all the relevant information, in case a hacker ever sends coins to any of them, they will be immediately frozen.

This is the whole essence of why you shouldn't Hodl your bitcoins in shot wallet.  Now firstly I read through your story and explanation and from what I could deduce you actually claim that your seed phrase was safe via your paper wallet backup and based on your explanation it simply means that the issue came from an online source. They are endless possibilities to how the currency eventually got in the hands of hackers or theives.

Humans can make silly mistakes sometimes and in my opinion you have made a mistake somewhere that you just can't figure out and that was how they got to access your keys. There is no need trying to recover those coins if they were really stolen. You should focus on your flaws and improving your security. Sorry for the loss!!!.

I'm sure it was from the original site. I can still see the download links in my history, and they are the same as the ones you get from the original website now (I also went to the website through the Electrum application itself, like I always did). But sadly, I didn't verify it with the signatures, because I downloaded it from the original website.

---

I get that it wasn't the safest space to store them (a hardware wallet is always safer). When I bought them, they were worth much less, and after 10 years without a hitch, I think I became ignorant and really never thought enough about the safety (because I never opened the wallet that much). I exported the Multibit wallet and imported it into Electrum, but I am now 100% sure (I did need to create a new seed phrase and password, etc.).  

---

I never shared my password of seed phrase anywhere, so I don't really know how someone got a hold of them (I only store them on a piece of paper). I only sold 2 BTC to the website (a legit verified website) where I got my others from. (Bought 2 in 2015, bought 3 extra in 2020, sold Original 2 back to the website in 2020, and now my 3 that I bought in 2020 are gone.). Thanks for understanding. My plan was to finally buy a house with it this year, hence why I checked it today...

---

If anyone is interested, here are the addresses it got sent to:

It first got sent to this one on the 19th of November: 114VSNPuYvHAgt5qFToSw32MQXo9NSieJK

On the 3rd of January, it got sent to this one, where they still are today: bc1qxy0q3d60cw0yf7j9avqqzqywpy5xzfxkyt5078

It's obvious that someone got access yo your wallet either through your password or your seed phrase which you were not aware of. Sinve you said that you downloaded electrum wallet from the offical site, did you verify the authenticity of the wallet?. This is a sad experience. Sorry for your loss. Did you try sending bitcoin from this wallet since you kept your 3btc in it?

Yes, I went to the site from the Electrum application itself to update. And yes, my Electrum (and PC) have a password, and I'm 100% sure no one has fiscally done this from my computer (I was home at the time the transfer happened, probably on the computer itself). I live in The Netherlands, where the law enforcement sadly don't do shit about a lot of cybercrime and especially untraceable BTC...

I don't know what exactly happend, but you made very big mistake.
Take note that any online device is prone to hacking and your private keys should never connect to the internet, especially if you hold such big amount of bitcoin.


What exactly did you do?
Did you import your wallet into electrum or you generated a new wallet in electrum? If you did the former, you increased the probability of your wallet getting hacked.

Although it's too late, but you can only verify the downloaded electrum if it's officially from the legit source, but this only works if you downloaded the associated signature file of the version you downloaded. Again are you sure it came from the legit website electrum.org?
Thus, we can only assume that the main cause of the hack was your last update of the electrum as you mentioned.

TBH, i don't usually update my electrum if it's not necessary, i mean if it's not that really required due to recent hack attacks or similar, i'm currently using version 4.0.3.