Author

Topic: Understand how electrum wallets work (Read 281 times)

legendary
Activity: 2730
Merit: 7065
November 04, 2023, 07:27:53 AM
#21
If you are still here and reading this thread OP, let's start at the beginning.

Where and how did you buy this Coldcard HW? Post the exact website from your browser history or tell us if you bought it in a physical shop or from someone in a face-to-face meeting?
Did you (and how) generate the seed to the Coldcard where you deposited your coins?
Did you do anything (and what) with the wallet during the time that transaction happened?

Maybe you can post a picture here and show us how your Coldcard looks. You can upload the picture on https://www.talkimg.com/ and share the the link here.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
November 03, 2023, 03:12:59 AM
#20
You are referring to this transaction. Right?
OP said that the fund was sent to an address which belongs to the same master public key. That means that the receiving address belongs to the same wallet.

No, I did not refer to that transaction. That transaction is referred to by OP which he claims belongs to the same public key. If it's in the same public key, it's possible that the previous wallet also belongs to a hacker as well. OP did not own the address he was watching. Or, the new wallet does not belong to the same public key as OP claims.

I was referring to this transaction where hacker sent 3.399 BTC to a wallet and looked at the inputs. It's strange for someone who is the original owner. An average joe won't do these things. It's typical hacker patters to send Bitcoins to different addresses to avoid tracing.

I don't think OP understands very well how it works. Either the next address does not belong to the same master public key, or OP do now own any of the wallet he mentioned.
hero member
Activity: 714
Merit: 1298
November 02, 2023, 07:26:43 AM
#19
I received deposits on my electrum wallet which was in watch only mode.  Looks like the electrum wallet created a new address and send my coins there.

However its unclear how do I spend now given those funds were transferred to another address for privacy.Can someone guide?



If that "another address" is solely under control of your ColdCard HW you can create unsigned transaction by using Electrum and transfer it to ColdCard for signing  via joson file, sign it and transfer back to Electrum for broadcasting. Otherwise, in the case you were hacked, you can do nothing, sorry to say this.
legendary
Activity: 2380
Merit: 5213
November 02, 2023, 04:33:12 AM
#18
I guess you did not check what happened then. The hacker hacked 3.73 Bitcoin and received it in one address.
You are referring to this transaction. Right?
OP said that the fund was sent to an address which belongs to the same master public key. That means that the receiving address belongs to the same wallet.

The hacker tried to split all the amount into different addresses, so it became tough to trace the Bitcoin.
You are right that the person who made those transactions tried to make tracing the fund difficult, but I still doubt OP's wallet was hacked.

If OP lost bitcoin, that could be due to using a fake coldcard that gives pre-generated keys. There are other possibilities as well, but I don't think the wallet was hacked and of course I can be wrong.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
November 02, 2023, 03:57:05 AM
#17
Indeed, you misunderstood his entire text and did not notice others' comments. I assume his wallet was hacked about three months ago, and more than 3.73 Bitcoins were stolen from his wallet by a hacker.
I don't think the wallet was hacked. I think OP doesn't own that wallet at all and is only watching someone else wallet.

The 3.73 BTC was sent in this transaction. The transaction contains 2 outputs. The address which received 3.23 BTC seems to be the change address. OP also said that it belongs to the same master public key.

If the wallet was owned by OP and it had been hacked, the hacker would move the entire balance in a single transaction.

I guess you did not check what happened then. The hacker hacked 3.73 Bitcoin and received it in one address. Then, he transferred 3.5 Bitcoins in seven transactions to seven different wallet addresses, and each transaction was 0.5 BTC. The rest of the 0.23 Bitcoin was transferred to another address. All eight wallet addresses belong to the same private key.

Look at this transaction: https://blockchair.com/bitcoin/transaction/4fc3bbd287a12ecd4fce67b76c779cb15362d87dfab35d5eb57fd33b6ec5f1f0

The hacker tried to split all the amount into different addresses, so it became tough to trace the Bitcoin.

3.399 Bitcoin ended up in this wallet bc1qvhpnpce5hxwf4gc0q6jm7zw0la3tv0lp5vk7rg which belongs to either an exchange or a mixer. The rest amount was transferred to some other wallet address. I can investigate further if you want. But I guess it's not necessary at this moment.
legendary
Activity: 2380
Merit: 5213
November 02, 2023, 03:35:34 AM
#16
Indeed, you misunderstood his entire text and did not notice others' comments. I assume his wallet was hacked about three months ago, and more than 3.73 Bitcoins were stolen from his wallet by a hacker.
I don't think the wallet was hacked. I think OP doesn't own that wallet at all and is only watching someone else wallet.

The 3.73 BTC was sent in this transaction. The transaction contains 2 outputs. The address which received 3.23 BTC seems to be the change address. OP also said that it belongs to the same master public key.

If the wallet was owned by OP and it had been hacked, the hacker would move the entire balance in a single transaction.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
November 01, 2023, 07:22:52 PM
#15
There is manual way to do this is in Electrum which I need to learn or else Electrum does that for you due to privacy concerns.
You can use the coin control to send a specific address, or you can use an unspecific address by freezing in Choose. All the detail has explained here : https://bitcoinelectrum.com/how-to-spend-specific-utxos-in-electrum/


Indeed, you misunderstood his entire text and did not notice others' comments. I assume his wallet was hacked about three months ago, and more than 3.73 Bitcoins were stolen from his wallet by a hacker. But he thinks Electrum consolidated his UTXOs for privacy reasons. As we all know, Electrum cannot do anything on its own. Even if someone has access to your computer, they won't be able to do anything because he said his wallet was in watch-only mode.

He did not come back after my further explanation. So, I assume OP gave up after realizing he was hacked. I don't know why it takes three months to notice those transactions. It seems he does not monitor his wallet regularly.
legendary
Activity: 1526
Merit: 1032
Up to 300% + 200 FS deposit bonuses
November 01, 2023, 07:10:46 PM
#14
There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.
You can use the coin control to send a specific address, or you can use an unspecific address by freezing in Choose. All the detail has explained here : https://bitcoinelectrum.com/how-to-spend-specific-utxos-in-electrum/
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
November 01, 2023, 02:44:07 PM
#13
I looked at this link to understand: https://oxt.me/transaction/596802d0b3f99149b6c7b4250ce52894938d252aa3ad4fdbf125336bb0c80553

Looks like Electrum consolidated my UTXO and created one UTXO and sent that UTXO to a change address. There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.

Also the privacy address is part of the same public key.

Electrum is just a wallet and it won't able to perform any actions without someone accessing it manually or via scripts. You consolidate your inputs or its just happened on its own?

If you mean the funds from xUTXO and Y UTXO were combined while sending an amount that exceeds both x and y individually then electrum will look for the UTXO to be combined as default which can be x+y => desitnation + change address and send the excess funds to a change address which you can see in the address tab as well. It means you should see the balance if your wallet is online.

If you don't see your balance and the wallet is online it sums it up, your wallet has been compromised.
legendary
Activity: 2380
Merit: 5213
October 31, 2023, 08:14:58 AM
#12
Also the second receiving address is part of the x pub key so the wallet did it
If that's the case, that address should be the change address.
I think the wallet is owned by someone else and all you have is a master public key.

If you were the owner of the wallet and the wallet had been hacked, the hacker would steal all the fund.



You can not create a new receiving address with watch only wallet because no private key there.
If your watch-only wallet has been generated using a maser public key and not a single address, you can generate as many addresses as you want.
hero member
Activity: 2366
Merit: 838
October 31, 2023, 06:44:25 AM
#11
I received deposits on my electrum wallet which was in watch only mode.  Looks like the electrum wallet created a new address and send my coins there.
Watch only wallet is for watch, watch your wallet balance, transaction history and nothing more. You can not send your bitcoin from a watch only wallet.

You can not create a new receiving address with watch only wallet because no private key there. You can import another receiving address but again, it is watch only.

Quote
However its unclear how do I spend now given those funds were transferred to another address for privacy.Can someone guide?
You will have many points to improve privacy for your Bitcoin transactions
https://blockchair.com/bitcoin/privacy-o-meter
Quote
General guidelines for sending BTC transactions

Blockchair can not help you improve the privacy of your transactions but here are some basic recommendations on how to stay anonymous on the Bitcoin network
Don't send round numbers
Don't send round amounts. Instead of sending 0.1 BTC, send 0.10125

Use Bitcoin Mixers
Mixers add an additional layer of privacy to a transaction to avoid exposing user identities.

Avoid reusing wallets
Don't send your Bitcoin change to the same address you use for sending bitcoins.

Avoid including many of your addresses in one transaction
Any time you can, try not to send BTC from your various Bitcoin addresses.

Avoid using "send everything" option
If you are withdrawing funds from an exchange, it is okay.
If you're moving funds to another wallet, do not transfer the whole amount to another address. It greatly compromises your privacy.
sr. member
Activity: 616
Merit: 442
Forum Only For Fun
October 31, 2023, 03:11:32 AM
#10
I received deposits on my electrum wallet which was in watch only mode.  Looks like the electrum wallet created a new address and send my coins there.

Electrum is not a robot that can operate transactions itself. Transactions can occur if there is an action taken by the wallet owner.
It doesn't make sense for Electrum to carry out transactions like you claim that Electrum combines UTXO and sends your coins to a new address if you don't do it yourself.


However its unclear how do I spend now given those funds were transferred to another address for privacy.Can someone guide?

This is what makes it unclear for you to make incorrect assumptions about using the Electrum wallet. I think, the error lies in the way you use Electrum.
Before using a wallet, learn how to operate it properly and correctly.

I just went ahead and reinforced as already explained that they were right.

Don't defend a principle if it is wrong. In learning, when an explanation has stronger truth, acknowledge it and take it.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
October 30, 2023, 12:16:43 PM
#9
After reading the whole thread, your replies I can say that your account was compromised and your Bitcoin have been hacked by a hacker. I'm sorry about your loss but it's not possible for you to access your Bitcoin anymore as they aren't in your wallet anymore.


Looks like Electrum consolidated my UTXO and created one UTXO and sent that UTXO to a change address. There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.


Electrum doesn't do anything on its own as the user is the one who controls transactions and it's the user who cares for the privacy not Electrum. If your Bitcoin are gone then it isn't something that has been done automatically via Electrum's side but someone else got access to your wallet and manually moved the funds to their wallets.

Like other members I also think that it happened because of the hardware wallet Cold card that you used. I really don't like hardware wallets at all because they can be manipulated easily by the hackers and can sell those online which users buy blindly. It's always better to have a software wallet in an air-gapped system as that's the best way to secure your Bitcoin, and that one can't be hacked unless you connect it to internet or share your seed phrase and private keys to someone.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
October 30, 2023, 03:55:01 AM
#8
I looked at this link to understand: https://oxt.me/transaction/596802d0b3f99149b6c7b4250ce52894938d252aa3ad4fdbf125336bb0c80553

Looks like Electrum consolidated my UTXO and created one UTXO and sent that UTXO to a change address. There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.

Also the privacy address is part of the same public key.

The electrum wallet did nothing. It cannot do anything on itself. According to the tx link you have provided, Address bc1qa4hrzegkrrq5fmyelma2y3lcs2papk5ee7suns received a transaction from your bc1qra4dcsj34f4nu00ywxhc9986j62t00l2ksza9y and bc1q484x0pjz5g0ghs92zq89yearhlatamng2akpv2 address and you said bc1qa4hrzegkrrq5fmyelma2y3lcs2papk5ee7suns is part of the the same public key. No matter where it belongs because the money is not in this wallet anymore.

All your Bitcoin ended up in this address bc1qvhpnpce5hxwf4gc0q6jm7zw0la3tv0lp5vk7rg and then it went either in some exchange or in some mixer. So, I am sure that your wallet was hacked. It seems you have bought a fake wallet as nc50lc speculated already.

Is there any connection between cold key scam with Coldcard?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
October 30, 2023, 12:48:07 AM
#7
Looks like Electrum consolidated my UTXO and created one UTXO and sent that UTXO to a change address. There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.
Electrum cannot do that by itself, specially in "watching-only" wallets where it cannot even sign transactions to consolidate.
Your watching-only wallet cannot create fully-signed transactions that can be sent to the network.

The thread isn't proceeding with the given information and assumptions, please describe the issue:
  • Is your wallet showing the correct balance? (even so, it may be fake if the hardware wallet is fake)
  • Did you bought you Coldcard from a reputable distributor?
  • Did it came with a pre-generated seed phrase?
  • Did those "consolidation" and "privacy" transactions, occur without your intervention?
  • Have you sent any other transaction aside from those mentioned two?
newbie
Activity: 3
Merit: 0
October 29, 2023, 11:24:41 PM
#6
I looked at this link to understand: https://oxt.me/transaction/596802d0b3f99149b6c7b4250ce52894938d252aa3ad4fdbf125336bb0c80553

Looks like Electrum consolidated my UTXO and created one UTXO and sent that UTXO to a change address. There is manual way to do this is in electrum which I need to learn or else electrum does that for you due to privacy concerns.

Also the privacy address is part of the same public key.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
October 29, 2023, 08:43:06 PM
#5
Also the second receiving address is part of the x pub key so the wallet did it

I haven't used the Coldcard hardware wallet, and I do not know about it. If the 2nd receiving address is part of the x pub key, that could be the change address. We don't know if you do not share more info. What forbids you from accessing your wallet and checking if it is okay or not? How much Bitcoin was transferred? I don't want to know the amount, but was it partial or the full amount? I don't think any wallet can generate a new address on its own and send Bitcoin between addresses for privacy reasons. It's only possible if someone has access to the wallet. You should check it yourself. Or you can share your Bitcoin address if you don't mind.
newbie
Activity: 3
Merit: 0
October 29, 2023, 08:31:10 PM
#4
I looked up the xpub key online and it shows the correct balance of bitcoins. The cold-card wallet setup is brand new and the wallet was exported as JSON from cold-card. Seed was written on paper only not uploaded online anywhere.

Also the second receiving address is part of the x pub key so the wallet did it
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 29, 2023, 08:25:30 PM
#3
It seems his wallet is hacked based on his words, as he said his coins were transferred to another address.
You are correct, I made a mistake. Someone knows his seed phrase or his private key and use it to steal his coins.

@rparpani0
With watch-only wallet, your coin can not be stolen, but likely where you backup the wallet seed phrase or private key was known to someone and it is used to compromise your wallet. Know that it is not from the watch-only wallet that the attack occured from. Do not use the wallet again.

For a better offline backup, you can use a passphrase next time. This will generate you different keys and addresses and makes your backup secure. You can backup the seed phrase and passphrase differently in different locations. Know that if you lose the passphrase, it is like you lose the seed phrase because your coins will also be lost.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
October 29, 2023, 08:17:39 PM
#2
I received deposits on my electrum wallet which was in watch only mode.  Looks like the electrum wallet created a new address and send my coins there.

However its unclear how do I spend now given those funds were transferred to another address for privacy.Can someone guide?

Damn! Based on your explanation, it does not look good at all. Electrum does not do anything on its own. It seems your wallet was hacked, and the hacker managed to wipe it. As a result, your funds are lost, and you cannot access them anymore. Do you have access to your wallet? How many confirmations does the transaction receive? If it's not too late (I guess it's too late already), you can change the destination. Try to access your wallet and check if you see its balance.

You can not use watch-only wallet to spend because it only has the bitcoin address or the master public key. If you want to spend the coin, you will need to import the seed phrase or the private key of the wallet into Electrum (for you to be able to spend the coin).

It seems his wallet is hacked based on his words, as he said his coins were transferred to another address.
newbie
Activity: 3
Merit: 0
October 29, 2023, 08:12:58 PM
#1
I received deposits on my electrum wallet which was in watch only mode.  Looks like the electrum wallet created a new address and send my coins there.

However its unclear how do I spend now given those funds were transferred to another address for privacy.Can someone guide?

Jump to: