Author

Topic: So I got scammed with the electrum wallet scam (Read 259 times)

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
The thing is in the wrong approach, first you need to know how things works and then use something. In case of Electrum many people trust blindly to that message displayed by Electrum, and they download fake wallet. They also avoid to verify signature, and from what can be read in some posts most of them do not use any AV protection - good antivirus will stop such download as it was in the case of The Pharmacist.

Ignorance, using a computer without any protection, failure to inform about what is happening in crypto world + ingenious hackers = somebody's loss and someone's easy money.

I say before that many still use vulnerable versions and they are not even aware of the dangers, and in time of new ATH (when users usually check wallets) there will be many new questions about lost coins in Electrum.
legendary
Activity: 2492
Merit: 1164
Telegram: @julerz12
In addition, it has been publicised on their website, twitter, it was in the "News" section at the very top of EVERY Bitcointalk page for a number of days/weeks including a link to a thread about it... and it's been all over BCT and Reddit and other crypto news sites since it all started back in Dec/Jan. It's been around 8 months!!?! How do people not know about this? Huh

Looking at the post history of OP it seems he is not that active on this forum.
Lots of gaps in his post history.
He might have missed the announcement made by theymos for this phishing attempt.
Lesson learned OP, when dealing with cryptocurrency wallets, take extra precautions to avoid these types of problem.
BTW, you can download the new version of Electrum [ 3.3.8 ] here: https://electrum.org/#download (Bookmark it for future references)
HCP
legendary
Activity: 2086
Merit: 4361
Yeah this is literally insane to have a malicious window pop inside the wallet and nothing is done to prevent it.If you are not experienced enough to have the reflex to verify the GDP signature or your anti-virus doesn't detect it you're basically screwed.Hell,at this point I don't trust desktop wallets anymore.
You can't prevent something you don't know about. There are latent flaws in pretty much all software. No one knows about them until someone exploits it. Look at Wannacry and all the other big name exploits.

As soon as it was discovered, the Devs did do something to try and mitigate it... they immediately released patches to try and mitigate the effects of the vulnerability and even went so far as to effectively "DoS" older versions so they couldn't connect to servers to try and force users to update to newer versions.

In addition, it has been publicised on their website, twitter, it was in the "News" section at the very top of EVERY Bitcointalk page for a number of days/weeks including a link to a thread about it... and it's been all over BCT and Reddit and other crypto news sites since it all started back in Dec/Jan. It's been around 8 months!!?! How do people not know about this? Huh

I'm not sure what else people expect the devs to do at this point? They've patched the flaw and it's been widely publicised. Anyone that doesn't follow the advice that the Electrum devs have ALWAYS states of only downloading from electrum.org and ALWAYS checking the digital signatures is risking their funds.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Sorry for your loss, there was lot of post about that scam just couple of month ago. There was an attack electrum and lot of user got scam. Most likely everyone will believe that popups because it will show when open electrum wallet, so basically we might thought this update from electrum. Your fund has been gone forever and it would not possible recover again.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
 
What kind of scam is this and how the hell did it happen?  

It is old scam, and it was detected at the end of last year. If you look history of this board for last 7 months, probably there are dozens of threads identical as this one. They all have same thing in common, users download fake version of Electrum via official Electrum app pop-up window and after install of such file they lost coins. In your case AV is stop download, which is only show us that most users who download this fake wallet do not have any protection for their devices.

theymos is post about this vulnerability on 27 December 2018 in Important Announcements.

https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097


legendary
Activity: 3472
Merit: 10611
Does electrum writes logs which may contain the IP of the rogue electrumx server?

not exactly but there is a file called "recent_servers" where it stores 10-20 servers that you recently connected to. note that connection is for receiving block headers (from multiple servers) and sending transactions. you have to go through that list to see if you can find the malicious server.
this file is located in same place as your wallet files. under windows it is:
Code:
C:\Users\{username}\AppData\Roaming\Electrum
open it with a text editor like notepad. and try not to edit/change anything in the files you see in these directories!
sr. member
Activity: 840
Merit: 375
I don't have a screen shot, but directed me to electrumbay dot com
That's a phishing website
I'm sorry for your loss.If only you had used a hardware wallet for this significant amount you had

What kind of scam is this and how the hell did it happen?  

Electrum versions older than 3.3.4 are susceptible to phishing - https://electrum.org
[...]
Don't know how you missed this as this information was already spread out in the entire community for a quite a long time now.

Yeah this is literally insane to have a malicious window pop inside the wallet and nothing is done to prevent it.If you are not experienced enough to have the reflex to verify the GDP signature or your anti-virus doesn't detect it you're basically screwed.Hell,at this point I don't trust desktop wallets anymore.

legendary
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game

Electrum versions older than 3.3.4 are susceptible to phishing - https://electrum.org

Since you already executed the upgrade and you see that your coins are now gone out of your hands, it's already a loss. Even posting the transaction details won't help unless someone can able to recognize the address where your coins landed although chances are slim.

Don't know how you missed this as this information was already spread out in the entire community for a quite a long time now. Sorry for the loss.
sr. member
Activity: 340
Merit: 250
Please,if you want people to help you should give some more details.

-From where did you download your "old" Electrum wallet?
-Can you show us a screenshot of the "upgrade" window popping when you try to spend your coins?

What can I do apart from report it?
Look if the coins are still in the address where you deposited your coins using an explorer,if you've been scammed, they won't be there (moved by the hacker) or give us the address so we can check it.

Ok.
I downloaded the old wallet from the github as far as I remember.
I don't have a screen shot, but directed me to electrumbay dot com

Here is the transaction out of my wallet. https://www.blockchain.com/btc/address/1Jvk1ofKnuxX2ZdZiigrGEFpxgi9vSWWSu
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
I got that popup as well, a couple of weeks ago if I'm not mistaken.  I started to download the update and McAfee flagged it as malware or as containing some sort of virus, and I aborted the installation.  

What kind of scam is this and how the hell did it happen?  

I opened an old electrum wallet I have deposited BTC in and was unable to send them.
As I said, I got the popup too, but I didn't have any trouble using Electrum otherwise.  That's strange.
sr. member
Activity: 840
Merit: 375
Please,if you want people to help you should give some more details.

-From where did you download your "old" Electrum wallet?
-Can you show us a screenshot of the "upgrade" window popping when you try to spend your coins?

What can I do apart from report it?
Look if the coins are still in the address where you deposited your coins using an explorer,if you've been scammed, they won't be there (moved by the hacker) or give us the address so we can check it.
legendary
Activity: 2758
Merit: 6830
What can I do apart from report it?
Unfortunately nothing. Your coins are gone and the chances of getting tem back are pretty much nil.
sr. member
Activity: 340
Merit: 250
I opened an old electrum wallet I have deposited BTC in and was unable to send them. A pop up appeared telling me I needed to upgrade. I was dumb enough to fall for it. I didn't realise the scam didn't seem to allow me to use my electrum wallet. \
What can I do apart from report it?
Does electrum writes logs which may contain the IP of the rogue electrumx server?
Jump to: