My coins were stolen after updating the Electrum Wallet.

khaled0111

legendary

Activity: 2744

Merit: 3096

Top Crypto Casino

Quote from: Stalker22 on Today at 03:31:16 PM

Unfortunately, getting access to Electrum's server logs is highly unlikely (if such data even exists). Perhaps it would be possible if you were running your own Electrum server, but Im not sure, as Ive never done it myself.

Even if such thing was possible, I don’t see how these data can help him figure out what happened!

OP, did you open/use your wallet since the last time you make that big deposit in 2022 and was your wallet file encrypted with a password?
The most likely scenario is that your device was infected with a keylogger or some other malware and you exposed your seed / wallet file password when you imported your wallet into the new potable version.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: ? on Today at 03:47:52 AM

Is it possible to obtain logs from the ELECTRUM servers to understand what happened? Was the recovery phrase guessed (restoring the wallet), or was the wallet file itself stolen? Can such logs be provided, or is it impossible?

Unfortunately, getting access to Electrum's server logs is highly unlikely (if such data even exists). Perhaps it would be possible if you were running your own Electrum server, but Im not sure, as Ive never done it myself.

BitMaxz

legendary

Activity: 3472

Merit: 3217

Playbet.io - Crypto Casino and Sportsbook

Quote from: ? on Today at 03:47:52 AM

Yes, I’m using the "portable" version. The wallet file is correct, and all transactions are visible.

Can you clarify this since you said that you installed the latest version of the portable wallet? How about your old wallet? Is it the portable one or the installer?

If the old wallet is not a portable one, then how did you import your old wallet to a latest electrum portable wallet?

Or maybe you did update it from old electrum wallet because the older version of electrum Electrum older than 3.3.4 is vulnerable to phishing attacks; it might redirect you to the phishing site that looks like the original Electrum site.
If that's what you did, your coins are totally lost.

This is the bad practice of recovering an old Electrum wallet next time. The best thing you need to do is to do it always on an offline PC and only take the master public key and import it to another device with Electrum wallet. Because online devices are always vulnerable to online attacks that do not require your permission or without consent.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: ? on December 20, 2024, 04:22:53 PM

Let’s assume the phrase was stolen, but why specifically after the wallet update?

P.S. It's a pity about my funds; I was confident this was a secure place to store them.

Can you check the funds went through your wallet is in the same time frame of you installed the new version?

You might have used the device for browsing other stuffs and that's likely possible when it got stolen so you just assumed that the funds were stolen due to the upgrading. There is no security vulnerabilities found in the version so there's nothing wrong with the wallet file since you mentioned it's downloaded from the official site.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

The course of events suggests that the main culprit for what happened should be the wallet update - but if you are 100% sure that you downloaded the files from a legitimate website and you have also verified the files, then such a scenario makes no sense.

As for someone guessing your seed, the chances are really small or nonexistent - because although many people think it's not difficult to guess 12 words, things are much more complicated than they seem at first glance. There is a much higher chance that someone managed to get hold of your backup, especially if you saved it anywhere online, or maybe on a computer as a plain text document without encryption.

Also, if you haven't saved a backup of your wallet file somewhere where it would be easily accessible, if someone manages to steal it, it means that you have something on your computer that allows a hacker to take complete control over your device (RAT).

?

Activity: -

Merit: -

Quote from: Stalker22 on December 20, 2024, 04:56:15 PM

There is still a possibility that your computer has been compromised by malware. But are you sure the transaction occurred after the wallet upgrade? You might have only noticed it after the wallet synced with the network. Have you checked the transaction details on a public blockchain explorers?

It can be assumed that this is an unknown type of malware, as a possibility. I checked the transaction, and it is recent. Is it possible to obtain logs from the ELECTRUM servers to understand what happened? Was the recovery phrase guessed (restoring the wallet), or was the wallet file itself stolen? Can such logs be provided, or is it impossible?

Quote from: Stalker22 on December 20, 2024, 04:56:15 PM

The Electrum software is safe and secure, but that doesnt mean you are invincible. There is always a risk, whether its a sneaky malware attack or a simple mistake on your part. This is why serious long-term holders prefer cold storage methods over hot wallets.

Thank you for the advice.

Quote from: nc50lc on Today at 12:30:10 AM

Have you used the "portable" version previously?

Yes, I’m using the "portable" version. The wallet file is correct, and all transactions are visible.

nc50lc

legendary

Activity: 2618

Merit: 6452

Self-proclaimed Genius

Quote from: ? on December 20, 2024, 03:39:07 PM

-snip- Yesterday, I downloaded the latest portable version of the wallet (electrum-4.5.8-portable.exe) from the official website. Here's the link: https[Suspicious link removed]

Today, I was robbed, and the entire amount was transferred from my wallet. What can I do in this situation?

Is there a displayed transaction that sent the entire amount or just a blank transaction history?
Have you used the "portable" version previously?

Because if there no history and you've used it before but had been using the stand-alone or installed version,
you could be looking at a different wallet stored in "electrum_data/wallets" folder where 'electrum-4.5.8-portable.exe' binary is located.

Otherwise (if not), don't mind this post and refer to others' replies.
My best guess is; a rogue server might have logged your IP and transactions and found that it has a "significant amount",
With those info (specially the IP address), they've attempted to hack your computer for vulnerabilities through other means
since they can't do it through Electrum but it's possible on a vulnerable device connected to the internet.

hd49728

legendary

Activity: 2044

Merit: 1018

Not your keys, not your coins!

Quote from: Stalker22 on December 20, 2024, 04:56:15 PM

This is why serious long-term holders prefer cold storage methods over hot wallets.

Cold storage wallet is best choice but if can not have it, a multisig wallet with some co-signers on different devices is a good alternative option.

Risk that all devices of cosigners are compromised is not too high.

Assume the fund is lost forever, it's time to clean up that computer, and consider of better alternatives: cold wallet or multisig wallet.
Creating a multisig wallet with Electrum.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: ? on December 20, 2024, 04:22:53 PM

Let’s assume the phrase was stolen, but why specifically after the wallet update?

There is still a possibility that your computer has been compromised by malware. But are you sure the transaction occurred after the wallet upgrade? You might have only noticed it after the wallet synced with the network. Have you checked the transaction details on a public blockchain explorers?

Quote from: ? on December 20, 2024, 04:22:53 PM

P.S. It's a pity about my funds; I was confident this was a secure place to store them.

The Electrum software is safe and secure, but that doesnt mean you are invincible. There is always a risk, whether its a sneaky malware attack or a simple mistake on your part. This is why serious long-term holders prefer cold storage methods over hot wallets.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: ? on December 20, 2024, 04:22:53 PM

Let’s assume the phrase was stolen, but why specifically after the wallet update?

P.S. It's a pity about my funds; I was confident this was a secure place to store them.

Yes that's very surprising. But do you remember if you 've made something with your seed on your computer recently? Have you copied it or displayed it in whatever way? How have you imported it in your new Electrum wallet? Is it by just using your old wallet file or you've created a new wallet and entered it manually? What Operating System are you using? Have you performed a virus scan on your system, in order to see if it finds something wrong?
Yes, I'm sorry for your funds, it's always very unfair to be a victim of theft, even when there is no physical assault.

?

Activity: -

Merit: -

Let’s assume the phrase was stolen, but why specifically after the wallet update?

P.S. It's a pity about my funds; I was confident this was a secure place to store them.

?

Activity: -

Merit: -

I checked the signatures, and everything is indeed correct.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: Saint-loup on December 20, 2024, 03:53:21 PM

It seems to be the legit website. Have you tried to check its PGP signature in order to see if it's a legit file or if the website has been hacked somehow? Are you able to see the transaction and the recipient address where your funds have been sent? You can see that in a blockchain explorer.

The website is not hacked. Probably his wallet was compromised at his end and not a generally problem.

Quote from: Stalker22 on December 20, 2024, 04:01:17 PM

If there is an outgoing transaction from your wallet that you did not initiate, it means someone else has gained access to your wallet. It sounds like you either downloaded a fake wallet, thinking it was the real deal but did not verify it, or your computer has been compromised by some malware. Either way, its not good news.

It is the legit wallet if truly he downloaded it from the official website. Another means the wallet can be compromised is if he kept the seed phrase where it is vulnerable to offline attack in a way that the attacker will see the seed phrase and use it to compromised the wallet.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: ? on December 20, 2024, 03:39:07 PM

Today, I was robbed, and the entire amount was transferred from my wallet. What can I do in this situation?

I doubt that there is much you can do at this point. You probably lost your coins for good.

If there is an outgoing transaction from your wallet that you did not initiate, it means someone else has gained access to your wallet. It sounds like you either downloaded a fake wallet, thinking it was the real deal but did not verify it, or your computer has been compromised by some malware. Either way, its not good news.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: ? on December 20, 2024, 03:51:47 PM

The site is original, here’s the link.

https:// download. electrum. org/ 4.5.8/ electrum-4.5.8-portable.exe

It seems to be the legit website. Have you tried to check the PGP signature in order to see if it's a legit file or if the website has been hacked somehow? Are you able to see the transaction and the recipient address where your funds have been sent? You can see that in a blockchain explorer.
How have you entered your seed on your new wallet or you have used your old wallet file? Have you manipulated your seed recently on this computer, disclosing it in a way or another? Your computer could have been infected by a malware spying your activity and able to catch your seed once displayed.

?

Activity: -

Merit: -

The site is original, here’s the link.

https:// download. electrum. org/ 4.5.8/ electrum-4.5.8-portable.exe

TryNinja

legendary

Activity: 2758

Merit: 6830

The link has been removed by the forum. Could you post again with a space in the middle? Cheesy

But if it wasn't ELECTRUM.ORG, then it's fake.

?

Activity: -

Merit: -

Could you advise me on my case? In 2015, I created a wallet and used it irregularly. In 2022, I deposited a significant amount into this wallet. Yesterday, I downloaded the latest portable version of the wallet (electrum-4.5.8-portable.exe) from the official website. Here's the link: https[Suspicious link removed]

Today, I was robbed, and the entire amount was transferred from my wallet. What can I do in this situation?

Topic: My coins were stolen after updating the Electrum Wallet. (Read 126 times)