Author

Topic: PLEASE HELP!!! Did I lose my BTC? (Coinbase-Electrum transfer 72h wait) (Read 278 times)

legendary
Activity: 2268
Merit: 18771
I encrypted my file a few years ago on my linux debian computer, I do not use this comp now.
Was the computer permanently airgapped when you did it? Did you delete the temporary files and over write the relevant sectors of your hard disk, or destroy the hard drive?

I have only this encrypted file in my phone and in two usb sticks that are in a metal safe, and I have learnt my seed by heart.
Why is it on your phone at all? Do you ever decrypt it on your phone? Can you vouch for every single app, download, piece of software, etc., on your phone that none of them have any malicious code in them whatsoever?

Everything else is paranoia...
Maybe. But keeping a digital back up secure is exponentially harder than keeping a paper back up secure. The number of people who have thought their digital back was secure and ended up being compromised and having all their coins stolen is orders of magnitudes higher than people who have had a paper back up compromised and had all their coins stolen.

When there are two options of achieving the same outcome (backing up your seed phrase), why would you ever choose the riskier of the two?
legendary
Activity: 2730
Merit: 7065
When exactly did you create your wallet?
Myrnyi is not the OP. Kittn2 is and your question should be directed to him.

I store my seed in txt flle as well, and this file is in my phone, and noone can read it (except me). It's very easy... I have packed the file in 7zip with a password, the password is more than 20 characters long.
Besides the things that o_e_l_e_o mentioned, I assume you are aware of keyloggers and fake keyboard software that can record every touch you make on your phone which also includes the decryption password. You are also giving permissions to all kinds of software to access your memory, pictures, messages, camera... Can you trust all of that?

I encrypted my file a few years ago on my linux debian computer, I do not use this comp now. I have only this encrypted file in my phone and in two usb sticks that are in a metal safe, and I have learnt my seed by heart. Everything else is paranoia...
In that case, why do you also need a digital copy of your seed (even if its password-protected) on your phone. Your memory will weaken with age, sickness, or due to an accident. USB drives can fail and corrupt data with time. Have you ever checked if the USBs still hold what they once did?
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
I encrypted my file a few years ago on my linux debian computer, I do not use this comp now. I have only this encrypted file in my phone and in two usb sticks that are in a metal safe, and I have learnt my seed by heart. Everything else is paranoia...

When exactly did you create your wallet?

Based on your Electrum wallet the Bitcoin went to your wallet and sent right away after it confirms there is a 15 minutes gap before it's sent to another wallet which I think I believe someone already has control of your wallet. They created a script to automate sending BTC if the wallet receives any amount of BTC. That script was spreading before I think last 2019.

So when was the first time you created your wallet?
If your wallet was created before 2019 and installed Electrum lower than 3.4.4 before then maybe you accidentally updated it with the fake version of Electrum and you can't just remember because it was long ago and now you send BTC from Coinbase to Electrum and you think that you didn't receive the BTC that Coinbase sent you. So you decided to reinstall the wallet and use the latest one?

Actually, a PC/laptop that is always connected online has always vulnerable to any attacks without any protection your Pc/Laptop can be infected with malware and viruses.
Also, don't use the free antivirus from Microsoft they actually useless if your pc doesn't have any security protection then your wallet is already compromised.

Would you mind trying the NeuroticFish suggestion, scan your PC and let us know if it detects anything? Use Malwarebytes and Kaspersky you can use the trial to fully scan your PC.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I encrypted my file a few years ago on my linux debian computer, I do not use this comp now. I have only this encrypted file in my phone and in two usb sticks that are in a metal safe, and I have learnt my seed by heart. Everything else is paranoia...

3 or 4 backups are definitely better than one, but when you already have a backup on two usb sticks, maybe your smartphone isn't the best choice for another backup, even if that file is encrypted, you need to consider everything posted by @ o_e_l_e_o.

Remembering your seed may be interesting as a challenge, but be careful not to reveal your secret at a time when you are unaware of what you are saying. Of course I don’t imply that you consume alcohol or drugs, but keep that in mind if it ever occurs to you to relax a bit in the company of friends or acquaintances some of whom may have bad intentions Wink
newbie
Activity: 18
Merit: 0
I store my seed in txt flle as well, and this file is in my phone, and noone can read it (except me). It's very easy... I have packed the file in 7zip with a password, the password is more than 20 characters long.
Have you personally reviewed the code of 7zip to ensure there are no flaws in its encryption algorithms?
Did you take steps to mitigate against known vulnerabilities such as this one: https://twitter.com/3lbios/status/1087848040583626753?
Did you make sure to build the app yourself from the source code you reviewed to ensure you haven't downloaded a fake or malicious one?
Did you make sure to delete all the temporary files it creates in the archiving process, and then write over those sections of your phone's memory with junk data?
Did you make sure to delete the unencrypted text file you would have first loaded on to your phone before encrypting it, and then write over that section of your phone's memory with junk data?
Do you never unencrypt it unless your phone is offline, and then again delete and over write the temporary files it creates?

There is a reason that everyone tells you to write down your seed phrase on paper and keep it offline.
I encrypted my file a few years ago on my linux debian computer, I do not use this comp now. I have only this encrypted file in my phone and in two usb sticks that are in a metal safe, and I have learnt my seed by heart. Everything else is paranoia...
legendary
Activity: 2268
Merit: 18771
I store my seed in txt flle as well, and this file is in my phone, and noone can read it (except me). It's very easy... I have packed the file in 7zip with a password, the password is more than 20 characters long.
Have you personally reviewed the code of 7zip to ensure there are no flaws in its encryption algorithms?
Did you take steps to mitigate against known vulnerabilities such as this one: https://twitter.com/3lbios/status/1087848040583626753?
Did you make sure to build the app yourself from the source code you reviewed to ensure you haven't downloaded a fake or malicious one?
Did you make sure to delete all the temporary files it creates in the archiving process, and then write over those sections of your phone's memory with junk data?
Did you make sure to delete the unencrypted text file you would have first loaded on to your phone before encrypting it, and then write over that section of your phone's memory with junk data?
Do you never unencrypt it unless your phone is offline, and then again delete and over write the temporary files it creates?

There is a reason that everyone tells you to write down your seed phrase on paper and keep it offline.
newbie
Activity: 18
Merit: 0
Unfortunately I stored my seed in .txt file, because I was fucking dumb, and that's probably my issue.
I store my seed in txt flle as well, and this file is in my phone, and noone can read it (except me). It's very easy... I have packed the file in 7zip with a password, the password is more than 20 characters long.
HCP
legendary
Activity: 2086
Merit: 4361
Yeah... I was equally confused by the whole "they converted my BTC to SEK and then transfered the BTC the next morning"... That seems very very odd, so I'm not sure we're getting the complete picture of exactly what happened there, but it isn't really of great importance as it would appear that the OPs Electrum wallet was compromised and the BTC is gone.

Another "seed stored digitally" scenario Undecided
legendary
Activity: 2730
Merit: 7065
>> I get a text with a confirmation number, but I'm not anywhere near my computer so I can't check what that's about
>> As soon as I get home, I check, and my BTC on CB were converted back to my local currency (SEK)
>> Couldn't convert it to BTC tho
>> Next morning, email says my transaction went through
>> I look in Electrum, no BTC
No one said anything about this part of OP's post. If I understood him properly, Coinbase converted the deposited bitcoin into fiat (Swedish Krona), and he says he couldn't convert it back to BTC. But the next morning, Coinbase sent out his bitcoin. What bitcoin if it was previously converted into fiat? Maybe they converted it back to BTC and than sent it out. Not that it matters because we are obliviously dealing with another issue here, but I just find this weird. 

@Kittn2
Reinstalling Electrum or installing some other wallet on that computer until it gets reformatted isn't going to do much good unless you find out what exactly happened. How would you rate your overall concern with internet security? Do you have pirated software, pirated OS and antiviruses/antimalware apps installed? Do you download torrents, watch porn, and open unknown email attachments and scripts that promise great fortunes?   
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
CB is trash, LBC sucks as well but it's faster. Got any other suggestions on what to use that allows sending to sedwig addresses and is also nice and easy and fast and streamlined? Maybe I'm asking for unicorns here but it's worth a try.
You can opt in for "Nested SegWit" addresses instead of "Native Segwit".
That way, you'll get the benefit of SegWit while keep using those services that doesn't support bech32 addresses.
The downside the total size of your transactions will be slightly higher than Native Segwit's but still lower than legacy (in vBytes).

You can make a Nested-SegWit Electrum wallet by manually generating a BIP39 seed and importing it to Electrum using the "Option" below the text box where you type the seed phrase,
and by selecting BIP39. You'll get an option to select "p2sh-segwit" in the next window.
If you decided to go for it, use a reputable BIP39 tool or use iancoleman's BIP39 tool (offline from source) to generate a BIP39 seed.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Unfortunately I stored my seed in .txt file, because I was fucking dumb, and that's probably my issue.

Probably, but the question is where did you save that text file, on your computer, as a backup to an email or somewhere else? If you saved that file on your computer, there is a possibility that it was opened by someone who has access to your computer (if such a thing is possible), or a much worse option for you, that someone had access to your computer remotely (in which case he still has it).

Try to figure out exactly what happened, and as a precaution, I would personally format the disk and install a new OS - then think carefully about whether you can provide a secure environment for Electrum as a hot wallet on that computer, or is it time to start thinking about investing in a hardware wallet? But even in that case, be careful where you keep the backup and always verify the addresses you use - clipboard malware is a nasty little bastard who made a lot of money to his owners.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Side note, but important to look at. The transaction came IN with block 709132 if was sent in block 709134. A lot of the compromised wallets see the in and out on the same block since the bad guys are running scripts to move the coins as they come in. This looks a bit more manual. If you look at the address it went TO you can see the in and out were in the same block. Almost like someone was watching saw the BTC come in and then sent it to themselves and then sent it elsewhere.

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Unfortunately I stored my seed in .txt file


I'm gonna create a new wallet with Electrum, give it a much better password, store the seed on one of ye old pen & paper devices, like a notebook.

While storing the seed on actual paper is much better than a text file, I recommend to keep 2 copies of that in different places.
But the main reason for my answer is that since you don't know how the hacker got to access your txt file, especially if that file was only on your computer, I recommend you do a proper scan/disinfection first.
And yeah, please verify properly the downloaded Electrum.
legendary
Activity: 2268
Merit: 18771
I downloaded it years ago from electrum.org (aware of possible phishing), and updated it every time I needed to. I reinstalled it now.
Best practice is to verify the installer every time you download it, even for updates. Using the official site is obviously a good idea, but it is not foolproof since web hosting can be hacked and redirect you to malicious sites, websites themselves can be hacked and have their download links replace with malicious ones, malicious software can replace the real software on download servers, and so on.

Unfortunately I stored my seed in .txt file, because I was fucking dumb, and that's probably my issue.
I agree that this is the most likely culprit.

I have no idea if my wallet is duplicated. I don't have it on any other device.
Yeah, that's what I meant. If you duplicate the same wallet across multiple devices, then you increase the attack surface.

Do you think it might have something to do with changing the "Expires by" from 1 hour to 1 week.
No, absolutely not. This is simply an internal feature of Electrum to let you keep track of incoming payments. It has no impact on the security of your coins.

Got any other suggestions on what to use that allows sending to sedwig addresses and is also nice and easy and fast and streamlined?
Maybe someone else can answer this for you. I only trade peer-to-peer on decentralized exchanges, so my suggestions are probably not what you are looking for.
newbie
Activity: 3
Merit: 9
>> LB don't allow sending to Electrum
It's not Electrum - LocalBitcoins have no way of identifying which wallet generated a specific address - but rather they do not support segwit addresses. (I had no idea there were still services out there which do not support segwit addresses. This is ridiculous, and another reason people should avoid LBCs.)

>> HOWEVER after the CB deposit, there is a withdrawal of the same amount appearing in my Electrum history
Either your Electrum is malicious, your computer has malware, or your seed phrase is compromised. (Or, less likely, you have duplicated your wallet via your seed phrase to another device and that has been compromised.)

It's definitely not a fake version. I updated, installed, uninstalled.
Did you every verify the download? If not, it could be malicious. I would suggest that you verify the installer you have downloaded now to see if that is the culprit.

Is your wallet duplicated to anywhere else? How do you store your seed phrase?

I downloaded it years ago from electrum.org (aware of possible phishing), and updated it every time I needed to. I reinstalled it now. Unfortunately I stored my seed in .txt file, because I was fucking dumb, and that's probably my issue. I'm gonna create a new wallet with Electrum, give it a much better password, store the seed on one of ye old pen & paper devices, like a notebook. I have no idea if my wallet is duplicated. I don't have it on any other device. Sorry for being a bit of a noob.

I HAVE left it open for extended periods of time though, including during this incident. Do you think it might have something to do with changing the "Expires by" from 1 hour to 1 week. I don't know why I did that, let's call it fucking dumb moment nr 2. That was the only change I made.

CB is trash, LBC sucks as well but it's faster. Got any other suggestions on what to use that allows sending to sedwig addresses and is also nice and easy and fast and streamlined? Maybe I'm asking for unicorns here but it's worth a try.
legendary
Activity: 2268
Merit: 18771
>> LB don't allow sending to Electrum
It's not Electrum - LocalBitcoins have no way of identifying which wallet generated a specific address - but rather they do not support segwit addresses. (I had no idea there were still services out there which do not support segwit addresses. This is ridiculous, and another reason people should avoid LBCs.)

>> HOWEVER after the CB deposit, there is a withdrawal of the same amount appearing in my Electrum history
Either your Electrum is malicious, your computer has malware, or your seed phrase is compromised. (Or, less likely, you have duplicated your wallet via your seed phrase to another device and that has been compromised.)

It's definitely not a fake version. I updated, installed, uninstalled.
Did you every verify the download? If not, it could be malicious. I would suggest that you verify the installer you have downloaded now to see if that is the culprit.

Is your wallet duplicated to anywhere else? How do you store your seed phrase?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It's definitely not a fake version. I updated, installed, uninstalled. What factors could be involved? I'd like to know if it is indeed compromised and how that could happen. I've had it installed from the official source for years now and this has never happened. I update it frequently. It's unlikely it was Electrum, in my opinion. It just boggles my mind.

If you are sure you've downloaded it from electrum.org and verified the download ( https://bitcoinelectrum.com/how-to-verify-your-electrum-download/ ) then it's not fake.
It has happened that people got tricked into installing fake Electrum as (fake) update, but that was long ago.
But if you didn't verify the version, you simply don't know for sure.

However, if your money got stolen, most probably the wallet is compromised, hence you should no longer use it. There's also the possibility that your computer is compromised.
If it's not a fake Electrum, give it a thought how did somebody got to get a copy of your seed.
Then, after cleanup/you know the computer is safe, generate a new wallet. Maybe consider acquiring a hardware wallet.
newbie
Activity: 3
Merit: 9
-snip-
>> Did I lose my coins? How did it happen?
>> I read about people who had similar problems with CB and Electrum transfers when asked to wait 72h but got their coins eventually
Seems like it, just a few minutes after you received the funds from CB, this transaction occurred: 587645349fb0e5ceb23498d4ae9862e3d157765539e14cb988fe626e8e868ae8
If you did not initiated that transfer, It's highly likely that your Electrum is compromised via a couple of factors or you're using a fake version.

Unfortunately, Bitcoin transactions are irreversible.
All you can do is to check the reason of the hack and learn from it.

It's definitely not a fake version. I updated, installed, uninstalled. What factors could be involved? I'd like to know if it is indeed compromised and how that could happen. I've had it installed from the official source for years now and this has never happened. I update it frequently. It's unlikely it was Electrum, in my opinion. It just boggles my mind.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
>> Did I lose my coins? How did it happen?
>> I read about people who had similar problems with CB and Electrum transfers when asked to wait 72h but got their coins eventually
Seems like it, just a few minutes after you received the funds from CB, this transaction occurred: 587645349fb0e5ceb23498d4ae9862e3d157765539e14cb988fe626e8e868ae8
If you did not initiated that transfer, It's highly likely that your Electrum is compromised via a couple of factors or you're using a fake version.

Unfortunately, Bitcoin transactions are irreversible.
All you can do is to check the reason of the hack and learn from it.
newbie
Activity: 3
Merit: 9
Apologies for the desperate title, but I'm sure you can understand how I feel right now.

My situation is as follows:

>> I have an account with Coinbase I have been using for a while as a wallet
>> Recently lost faith in them because they suck.
>> I am switching to Electrum
>> I buy my bitcoins from LocalBitcoins, as it's safer
>> Some days ago I bought BTC from LB
>> LB don't allow sending to Electrum
>> I thought what the hell, I'll send to CB first and then move it all at once
>> Transaction from LB to CB goes smoothly
>> Transaction from CB to Electrum is delayed for 72h
>> This is because they wanted extra info and I didn't wanna do it, since I am leaving them anyway
>> 72h is no biggie, so I wait
>> Transfer was gonna go out (according to CB) at 2:11 PM
>> I get a text with a confirmation number, but I'm not anywhere near my computer so I can't check what that's about
>> As soon as I get home, I check, and my BTC on CB were converted back to my local currency (SEK)
>> Couldn't convert it to BTC tho
>> Next morning, email says my transaction went through
>> I look in Electrum, no BTC
>> The transfer from CB to Electrum DID happen
>> HOWEVER after the CB deposit, there is a withdrawal of the same amount appearing in my Electrum history
>> WTF just happened, my Electrum is up to date and everything.
>> Blockchains shows my coins bounced from Electrum to another address
>> Did I lose my coins? How did it happen?
>> I read about people who had similar problems with CB and Electrum transfers when asked to wait 72h but got their coins eventually
>> HELP

Relevant info:

CB address:  3DbKSoRVUGPC5YryCQu68CSNp8phyugTaa
Electrum address:  bc1q99v9gq7ev4qunk60a3u2ckdl79tjjrgf8z7zw3

Sorry for the long post! If you need more info, just ask.

Sincerely shitting bricks,
Me
Jump to: