Topic: Thought one of my online wallets was hacked and robbed (Read 331 times)

If you mind, what version of electrum did you installed on your device? This is because there are compromised version of electrum that were used for phishing. Anyway, seems the timeline doesn't match, so its unlikely that it is the case, but not impossible to happen. On the other hand, it is probably you used a compromised device that a hacker did get access your funds OR you accidentally save the seed then someone got an access to it and lastly, it's an inside job which is little to zero chance that might happen.

You can forget about blockchain because you are not the only one with a bad experience using it, it could be an inside job or there is a security loophole in your computer that has been tracing all your activities, the hackers will target wallets with a huge amount of money on it what AV are you using and are they premium AV, hackers are very active now because of the popularity of Cryptocurrency where the holder is the only one responsible on how he secures his funds, without proper knowledge he is an easy target.

First of all its kind of confusing after reading the OP that whether he is talking about butcoin or ETH but at some place he mentioned he tried to import the seeds to Electrum but not happy with the user experience do he moved back to blockchain and used it for storing but at the end he said ETH left in that wallet increasing in Fiat value.

Electrum doesn't have a wallet for ETH so make it clear what sre we talking about and next thing why do you still kept the €65 or whatever left in that wallet because you know its already in control of someone so pull everything out to new non custodial wallet as soon as possible.

I think it is fair to assume that all of your wallets are compromised if at some point you accessed them from the same device. Better move all of your funds to a new wallet asap, better to be safe than sorry. Make sure you use a secure device or at least reinstall your system. We probably won't be able to find out how exactly they got your wallet, just make sure you don't rely on centralized service in the future and improve your security practices even if you feel you're doing it pretty well already.

Thanks

And all possibly true, but the one really odd thing is that I have four Blockchain.com wallets, three of them had small sums in and I just used them to play about with a few things without risking my main wallet which I do not go near, none of them are linked in anyway I might add.

Funny how they went straight to the one and only well paying Blockchain wallet without even touching the other three which I never gave a shit about and had little security.

Was talking to a pretty clued up programmer this weekend in Cambridge who plays about with crypto, his money is someone working at or connected with blockchain.com

You definitely have a huge security hole!
I advise you to reinstall Windows, after saving all the data.
Install a new clean Legal version.
Install Kaspersky Anti-virus on it.
Check all the extensions in google chrome. Malicious ones are sometimes found among them.
Store passwords on a USB flash drive and not on a computer.
Get new wallets and change passwords everywhere.
I think your whole system is compromised.

Too bad, another negative point added to web wallets, at the same time proves the fact that "Not Your Keys, Not Your Coins".

However, we can clearly see from these instructions in the link above that in order to disable 2FA you must have a "wallet identifier and the email address associated with your wallet". This means:

The person who managed to disable 2FA has this information, so it is either a hacker who managed to hack your device and access your data or someone very close to you who can access this data.

I don't think that's how it work with their private key wallets because that would be against what they claim:


This is the case with them, see: https://support.blockchain.com/hc/en-us/articles/360000286426-How-do-I-disable-two-step-verification-2FA-

There is one way to stop 2fa as far as I know, is by contacting wallet support where you tell them that you have lost access to 2fa and they do some questions including information from your account to know that you are the actual account holder, such as the amount of assets you have in your wallet and also the date of the last deposit or withdrawal and such Things, if you pass the questions successfully they will deactivate your 2fa so you can activate it again.

Some platforms are less strict about 2fa as they only ask for an email or phone number to verify.

In any case, the person who hacked your account must have sufficient information about your account as well as your email and phone, so it is likely that your device is hacked and the hacker has all the information required to cancel 2fa.

I never had any issues using Electrum for many years and yes it is secure but it depends on how you protect your wallet if you can learn how to make an Electrum cold wallet this is safer than installing Electrum on an online PC.

Or you can buy a hardware wallet like Ledger nano if you don't feel safe using Electrum but I use Electrum for almost 9 years and no one yet could steal my Bitcoin even if it's always connected to the internet. Just always make sure your PC is clean and I use Kaspersky to protect my PC from malware, keylogger, and viruses I use Kaspersky since 2011 and until now it save me from any attacks.

And about your 2FA on blockchain, you can reset/disable 2FA if you know your Email and wallet identifier. What I guess is that someone knows about your wallet identifier and someone has access to your email because you will receive an email from blockchain if you want to approve the reset/disable or not.
What I think is if you sell a personal phone or laptop to someone where your email still login? if not, then possible your PC is infected with keyloggers or you have been phished before and use the same password for your email.

If you did it during 2021 and you literally copied your seed from the blockchain wallet to Electrum and protected the same wallet with a strong password, then it is unlikely that someone hacked you with the help of a seed. The only thing that comes to mind is that maybe you did a malicious Electrum upgrade, although you didn't mention it.

---

The very fact that you had 2 wallets with the same seed means that you were exposed to a double risk, although an online wallet is always a much higher risk due to phishing, hot desktop/mobile are also not immune to a malicious wallet upgrade that gives the hacker complete control over your coins.

We have all been warned about such things, the only question is who received this information and how seriously they took it.

Electrum vulnerability allows arbitrary messages, phishing
Reminder: do not keep your money in online accounts

Electrum itself is secure enough. Your wallet is now as secure as your device. It's possible that your device will be infected with a malware and you lose your bitcoin.
As I said in my previous post, if you want your wallet to be 100% secure, it's recommended to create the wallet on an air-gapped device. This means that you should generate your wallet on a device which has been always offline and will be never online.

I think I get what you are saying, and I did create a wallet with electrum, I am looking at it right now and it the password to get into it is encrypted and it is called a default wallet(standard).

So are you saying that was not secure enough?, at the time everyone highly recommended it to me for safety

With importing your seed phrase into electrum, you created the same wallet in electrum, but the fund was still in the wallet generated by blockchain.com and you didn't increase your security.
The right thing to do was to create a new wallet in electrum and send all the fund to that.

If you want your fund to be completely secure in the future, you should create your wallet on an air-gapped device or use a hardware wallet. Take note that any online wallet is prone to hacking.

The 2fa is only on your blockchain.com account which means if someone sweeps/import your seed using a compatible wallet like electrum, they don't need the 2fa anymore. Also, worth nothing that your 2fa should remain intact even if the hacker used this method to drain your funds. This is why I think the perp had to disable your 2fa to access your wallet which means they didn't have your seed at that time.

I fully am conscious of that happening and it was a text that contacted me and I never replied to it anyway, it just prompted me to log on with a different laptop to see what was going on, but the text was genuine regardless and anyway the money had left my wallet as a slept 6 hours earlier.

---

No, that is not right, my 2fa was always turned on for extra security, this is one of my main points if you read my posts fully is how was it switched off because it was not me, that was my trigger when  I found out

---

I am just wondering if the 2fa would automatically be switched off if someone used the seed phrase because then it would not really matter, when you have the seed phrase all the security  no longer matters

---

Interesting points and at least someone who is asking the same questions as me.

You have to just trust me in that nobody gets anything out of me in anyway when it comes to Bitcoin, I am that bad that I am reluctant  to even tell people I have it.
The only information(not shared though) was when I attempted to use my seed phrase in Electrum to import my Bitcoin which was then classed as a very secure wallet and the only place ever I attempted to use it because back in 2021 thousands of us panicked when we thought blockchain had screwed up.

But I never typed it in anywhere except my electrum wallet


[moderator's note: consecutive posts merged]

If you search a bit online you will very easily find a lot of information on how to hack/bypass 2FA, so although I'm not claiming that it happened to you, you have to admit that someone managed to find a way to disable your 2FA protection - here's an example of how it can be done, and keep in mind that the article is from 2018.


Very easily possible, because I also used that service in the past and I encountered all kinds of situations, even with incorrect balances.


From your introductory post, we can conclude that you had certain problems with blockchain.com around 2021 and then you decided to install Electrum - and then I assume you used the option to enter your seed from blockchain (or maybe you just import your BTC addresses and created a watch-only wallet)  - do you remember if you did that? This would explain the fact that you see identical outgoing transactions in Electrum and blockchain.com - because they both share the same seed, that is, the same addresses/private keys.

If what I wrote is correct, then the only question is whether you left that seed unprotected in any form and someone managed to get hold of it - or are you a victim of some other exploit that exists on blockchain.com.

It probably has nothing to do with your case - but it reminded me of something from the past -> Blockchain.com scam - lost funds

Are you sure the email was sent from blockchain.com? Are you sure the fund was stolen before opening the email? Maybe, that was a phishing email. (This is just a guess)
How did you login to your blockchain.com account after seeing that email? Did you go to blockchain.com as before or you clicked on a link sent via email?

For the first 4 days that was the biggest one with me and maybe still is as to how my 2fa could be switched off, they would first need to get around my 2fa to switch 2fa off if you get my meaning.

The reason I mentioned the £23, £46 and £65 sums is that it could have been a sign that blockchain.com's software had screwed up.

But I have to admit now the biggest clue is the Electrum thing, only 6 items logged in it's entire 2 year history and they happened within minutes of my money vanish in blockchain, but what is the connection, nobody can give me an answer

Also don't think op's seed was exposed/or it came from electrum because there would be no need for the hacker to disable blockchain.com's 2fa... As pointed above, it's pretty easy if you have access to the email account: you just need to approve the email request and your 2fa is gone. I think you can try to request account logs to blockchain.com, it's likely that they deleted corresponding emails.

Whatever the case, you should drop blockchain.com. Even for small amounts, there are better ones out there.

yeah blockchain.com is a c- rating at best


without an address we can't see what happened.

so give a viable address that the coins were in.


they are gone so the address has no meaning.


very likely there is a key logger on your pc.


lastly buy a trezor from trezor.io

it is a good hardware wallet.

You explained yourself very well but don't be surprised at unrelated responses because many people do not read posts, especially when it appears to be somewhat long. What they do is to base their response from the response of the last person that commented on the post.
Where I am confused is how 2fa verification was cancelled even before logging in. Because it will require 2fa verification to login.
I am not sure you use your laptop/phone only you. What happens is a sign that someone gained an ample access to your wallet.
For the remnant moving from £23 to £43 and £65. Could that not be volatility? I am surprised that the market has not moved to make such a huge profit

Look, lets start from scratch in a clear set of sequences as to what happened to me but because as helpful as so many people are many just do not read opening posts and just blurt out anything that is not relevant to my question, and bare in mind as clear as I have made it that it is probably something dumb that I have done, hands up. But I am still  eager to know and as a learning curve want to know where it was that I was compromised.

This is it more clearly.

1. Opened a blockchain wallet in 2018

2. fine for 3 years and then in 2021 many blockchain users were shut out of their wallets for a few months, some(including myself) were advised to import to a better wallet using the seed phrase and I created a spectrum wallet to do that.

3. I attempted to do this on my new spectrum wallet and this would of been my first ever use of it, I was struggling with it so left it a few days and in the mean time Blockchain.com fixed their issues(sever problem is I remember correctly) and problem was solved.

4.  So I now had a spectrum wallet and no use for it though I still kept it on hand and password etc hidden way, it sat there unused and not touched until yesterday(2 years), we will come onto that in a minute.

5.last Friday I had a text from blockchain 2fa had been turned off(though could not of been me)  5 minutes later and first time in a month or two I checked blockchain wallet to see that it had been robbed(probably)

6. Since last Friday all I have really wanted to do was know from what area/angle or source they had got to me with no thought of spectrum, as far as I was concerned it was a f*** up by me or blockchain but for the life of me I cannot see how anyone got through the blockchain security that was well hidden away and protected.

7. Still unclear how and what happened and I can see the record in blockchain of my crypto leaving my wallet in six stages at 1 am on the 17th Feb, I just thought I would check my spectrum wallet for the first time in two years and went to history and the only events in all that time that happened were the day I  created a spectrum wallet in early 2021 and six events that happen(precisely the same time as my blockchain departing) at 1 am on the 17th Feb, odds are that this is nearly an impossible coincidence.

8. So for the record I have never had any crypto in my spectrum wallet and it has only been looked  a couple of times in 2 years in the early days it was created. The 6 events that make no sense to me are not wallets or sums of Btc, they make no sense at all to me and are just numbers, but they are events that happened that I am sure are connected somehow.
Yes someone could have somehow got my seed phrases but all the information would have been on blockchain.com(which it is) and spectrum does not even come into the equation as it should not even be relevant.

Maybe you forgot that you also received a 2fa reset request before this notification? A thief can easily remove 2fa if he has access to your email.


Last I remember, opening a blockchain wallet requires a registered wallet ID or email. So if you don't think you've ever exposed the seed phrase, then what about email?

According to your story, my friend, it's obvious that a hacker got into your blockchain.com account, that's because your 2FA is disabled on this platform, that's why you should be surprised. And you don't seem to be aware of this matter because you don't know. There is a lack of experience here in the crypto industry.

           And you're right, this is a lesson learned from you, my friend, and you did the right thing now that you're using Electrum, as long as you always update electrum when you see my new version because if you don't update it, the electrum wallet can be compromised when the hacker sees or peeks at it.

It's clear that the OP is an inexperienced user and had or still has a virus on his computer that grants full access. OP, what system are you using, are you the only user of your computer? In fact, the whole history of the OP is so vague that there are literally errors at every turn. OP, you are talking about ETH, in which wallet did you store it, since it simply cannot be in Electrum.

It's possible the copy of that wallet was infected with malware.

It's possible you have other malware, unrelated to bitcoin and bitcoin wallet, like a keylogger trojan.

I've never used a "spectrum walet". Do you mean that DEX exchange https://spectrum.fi ?

I'll be honest with you. Online wallets and exchanges aren't a good way to hold coins. You should at the very least have an Electrum wallet for that and learning to use it would be worth every minute spent on it.

It is only safe when you can use it in a safe way. Everything on the internet in vulnerable. So if you choose to keep your assets safe, keep them in personal hardware wallet. The way you expressed your story, I think given the reputation of what blockchain.com have, it is more likely the hacker got the access to your wallet from that. And they can get your seed if they have access over your wallet. No big deal. I am not defending electrum, as it is an online wallet, it could get hacked too.
Lesson learned. Now I think you know what to do and how to keep your assets safe.

Could you at least provide the address of the wallet that you're referring to? At least that could help us understand more of what you're trying to explain in Op

We have so many wallets out there that have good reviews but still yet you chose to use blockchain.com, I once created an account back then in blockchain.com but had to abandon it due to some red flag I saw and migrated to Electrum.


The only thing I can think that could possibly have caused this is that maybe the price of some of your coin rose to some certain amount and that lead to your wallet balance increasing.

In all probability it is something I have done, the only thing is I cannot work out what I have done wrong.

In 2021 I could not get access to my bitcoin in Blockchain so I  opened a spectrum account/wallet and tried to import my bitcoin to spectrum which never worked at the time and I tried to use my seed phrase to do this.

I am not sure what I have done wrong here and the only place that my seed phrase was exposed to was my spectrum wallet which at the time I thought I must have been doing wrong, it's only now two years later something seems to have happened, maybe my bitcoin is in spectrum?, all I know is that something happened in spectrum on Friday six times where nothing at all has happened in two years and that is the same night my bitcoin left blockchain.

I am probably wrong here as usual but my seed phrase being in my spectrum wallet I cannot see how that is a problem, from what I have heard it is safer, that is the only time ever I tried to use it.

Keep track on what you did for the past years if you can that relates to these wallet of yours. It's likely that you've been phished and you've entered a fake website where it has required you to do some verification requiring your seeds. Is it only you that know these wallets and not one in your family or relatives where possibly you've mentioned about owning them or entrusting them your seeds?

Electrum was actually one of the best and I don't know why you found it difficult to use. I have also used blockchain.com when it was still .info but after knowing the difference of custodial and non-custodial through the efforts of other forum members, I've started using the right ones.

You are a newbie and I won't blame your carelessness of using a centralized system to safe your coins. I guess maybe,you must have imported your seed phrase of your blockchain wallet to your wallet. Laziness is what has caused your lost because spectrum wallet is very easy to understand and use.

Online wallets are not safe due to their vulnerability to attacks,you have learnt a hard lesson and I feel for your lost. You use learn how to use electrum wallet to keep your investment  safe, try and learn more on the forum,to broaden your knowledge. Not your keys,not your bitcoin.

It's a shame you don't know the difference  between custodial wallet and non custodial wallet, this is why you belittle Electrum wallet, if the Electrum wallet is what you have been using there is a probability of having your asset intact right now. You took things into your hand that's why you lose your assets, blockchain dot com sucks to the core, I have used it in the past and it's easier to get hacked, anyway.

Electrum wallet is fully open source, and it gives you your keys 🔑, all you have to do is keep the recovery seeds safe.

What was so difficult to use in Electrum?
It's a simple wallet, you have your addresses and your balance, you type the address and the amount you want to send and that's it!
I understand importing addresses and seeds would be more complicated for the new user but overall I don't see how it's harder to use that and think of a web-based wallet.


Did you import your seed from blockchain into electrum?
If it's the same wallet of course it will show the same transactions.


Do you have any other coins in your wallet?
Since the value is shown in £ it might just be that you have some coins that have gained 200% in the last few days.

Sorry about your hack mate but I am just curious how they could scale through four stages of your wallet security to do away with your assets. This is worrisome mate, If I am not mistaken, you talked about using  Electrum wallet and of lately, there has been series of hack in this same wallet possible their must be some breach somewhere. As at last month a high ranked member here suffered a hack too and funds meant for campaign all stolen. No wallet is safe but it takes extra measures to properly keep your funds safe in your own wallet. Keep your pass phrase safe and secured where only you have access to. If i may ask did you update your wallet to the current version? If no then I will recommend you do that for your next wallet so as not to loose your funds.but I am still curious about your case.

Actually there is still a good chance that it  has been and I have lost a few £1000, at least that is what I have 100% thought for the last 4 days and now I have a little hope and it's a weird one

But just for starters and I know someone will give me stick here as I partly use a blockchain.com among others and I have spread my risk around, I am not very clued up on crypto and just HODL and leave my wallets alone apart from a little trading on Binance.

Last week I had a text from blockchain notifying me that my 2fa security had been removed around 1 am in the morning while I slept and I saw it at 7am, I went straight onto my blockchain.com wallet but the first thing I wondered was how could someone remove my 2fa security when they first needed 2fa to get into the wallet to then remove it, I tried to explain that to Blockchain.com.

But anyway I could see my wallet was empty and thought shit, I then could see 6 transaction were sent early in the morning  and it wasn't me so I have basically just thought lesson learnt. And just for the record I am super security conscious and there is no chance that I would tell anyone anything about seeds, passwords or wallet ID. But there was just this one case way back in 2021 where loads of us could not access our wallets and customer service was totally crap so what I was a advised was open another wallet and use my seed phrases. I used Electrum as they had a good name but found it difficult to use and could not get my head around it so just gave up in the end and trusted it to God and thankfully it all got sorted out and I just left the wallet for years and left some funds in it and just checked once in a while.

So I have had the Electrum account set up for years and never looked at it since and for the first time opened it up today grasping at straws and what did I see but 6 events only in my history all happening on the same day and within an hour of all my transactions in Blockchain.com, coincidence or connected but how?
I am still sure if it is my Btc and Eth there because all the jargon makes no sense and in all my years I have never sent Btc wallet to wallet, like I said I just mostly HODL.

But there is also one other thing, when I checked my blockchain wallet a few times this last few days it was left with only £29 and I thought why have the thieving shits done that, but a few days later it went to £43 and today it is £65, I cannot work any of this out.

But for the last 4 days the only thought in my head was how could this be hacked, there are 4 stages to the security and it just did not make sense.