Pages:
Author

Topic: Wallet hacked :-( Not much but slighly upset! (Read 417 times)

member
Activity: 189
Merit: 52
In a world of coins, use them.
November 03, 2021, 01:25:21 PM
#22
I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.

Bitcoin Mainnet transaction 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2

From my wallet
0.01229382 BTC to  3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

https://explorer.bitquery.io/bitcoin/address/3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID

Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s  (that was also reported here on this forum)


https://www.bitcoinwhoswho.com/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s - Scam Alert: This address has been reported as fraudulent (78 times) 


Thank you Smiley


I know you probably don't read this thread anymore, but do you think you could have accidentally installed some sort of malware that stole your wallet?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code.
It's not just the checking and the verification of the legitimacy of the code. You shouldn't forget; since it's open-source, the other applications' developers can read its code and update their apps in a way that they interact with the open-source one.

You have to ensure that your machine is clean. If it has caught anything weird, it's recommended to not move/sign anything. Even if you've downloaded from the correct website and verified the developer's signature.
legendary
Activity: 2730
Merit: 7065
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.
You wouldn't unless you know how to inspect the code and look for backdoors and things in the codebase that shouldn't be there. That's why it's recommended to use open-source wallets. But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code. But at least it's possible to do so, and you are trusting that others have done it properly. If a wallet has been around as long as Electrum has, you can be sure that it has been thoroughly checked by numerous security experts. 
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This is what makes a simple transaction take an hour sometimes Cheesy Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe.

I’ll always choose the “slow but safe” option, rather than “fast but risky,” because it’s something that definitely worked all these years since I’ve been interested in Bitcoin. When I look at all this from a distance, it paid off to apply the advice of those who were experienced members of the forum 6-7 years ago.

I think we can all agree that cryptocurrencies are an area that requires everyone to be extremely careful in everything they do, otherwise what happened to the OP will happen to everyone sooner or later.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys?
It's not only the wallet itself, but any software you install increases the risk of compromising your wallet. That's why I prefer to install as few apps as possible on my phone.
On my PC I use a VM whenever I install anything new. I keep a freshly installed VM for this, and clone it each time before I use it. I typically name it something like: "wallet X, delete when done".

When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad.
This is what makes a simple transaction take an hour sometimes Cheesy Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

Therefore, we should always strive for proven solutions, but again with an exceptional dose of caution and verification of downloaded files before we start using them. No matter if millions of people may say that Electrum is a legal crypto wallet, that doesn't mean that there aren't countless fake copies just waiting for the next sucker who has no idea what awaits him.

When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad.
sr. member
Activity: 1190
Merit: 469

Even if you fully trust Mycelium (which had few controversy), there are some security concern (which mentioned earlier by @mocacinno) if you simply use their seed phrase. For example, malicious virtual keyboard and outdated android version.

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

the reason for that is apps that are obtained from the play store for the most part are not audited and are not open source so you don't know really what's running on your phone. you just trust the wallet's reputation. whether thats good enough for someone depends on how much money they have at risk. and what it would mean to lose it. Smiley

sr. member
Activity: 1190
Merit: 469

Mycelium can be used as a watch-only wallet for just the addresses.

In an ideal world people would use that feature but in a non-ideal world they just use their seed phrase.  Grin But if you really thought you could trust something then there should be no problem doing that.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.
So you put your 12 word seed phrase into Mycelium? Huh Shocked Shocked
Mycelium can be used as a watch-only wallet for just the addresses.
sr. member
Activity: 1190
Merit: 469
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.
So you put your 12 word seed phrase into Mycelium? Huh Shocked Shocked

If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. Undecided

Especially if that device is a phone. Most andoid apps you don't know what you are really running.
HCP
legendary
Activity: 2086
Merit: 4363
I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.
So you put your 12 word seed phrase into Mycelium? Huh Shocked Shocked

If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. Undecided
newbie
Activity: 2
Merit: 0
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.

The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.



the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? Huh you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. Sad

One of my very first BTC transaction . The one from Dec 25 2017 was from a faucet. took me days to get to the payout. I was purely holding....now I can hold a candle.🕯️

I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.

Thanks to all for the support and hopefully there are no more user loosing cryptos.



sr. member
Activity: 1190
Merit: 469
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.


That's an unfortunate thing but people can decide for themself if the risk is worth the benefit. On the other hand, the scammer address is receiving this type of transactions into it regularly which indicates an ongoing scamming process, not just a one-off thing.
HCP
legendary
Activity: 2086
Merit: 4363
Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined. I'm not sure if Exodus wallet encryption was or is as bad as other wallets (like Jaxx etc) that have done stupid things like use a 4 digit PIN for encryption or store the phrase in plaintext etc.

However, it is also impossible to know for sure what the user has or hasn't done either. It's possible they used the same recovery phrase in another (compromised) wallet/website... it's possible they stored their seed in an email or on a cloud drive or as a screenshot... it's possible their computer was compromised etc.

sr. member
Activity: 1190
Merit: 469
The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.



-Dave

the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? Huh you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. Sad
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.

It's easy to think that they got access only minutes before the tx occurred, but if really looked to be a stagnant wallet a thief could have waited for while to see if more BTC was coming in before they took it all.

-Dave
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.



How does this happen though? That's what I want to know.

Only the OP can answer this question... This being said, the most common attack vectors are:
  • The seed phrase: if a hacker gets his/her hands on this seed phrase, your btc is gone... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
  • The wallet file itself: if a hacker gets his/her hands on the wallet file, your btc is gone if it isn't properly encrypted (and even if it IS properly encrypted, it can be only a matter of time before your funds are gone)... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
  • The victim's computer: if a hacker gains access to your system, the odds of your funds dissapearing increase dramatically
  • A vulnerability in the wallet software... IDK if there are vulnerability's in OP's version... but it has happened for other wallets in the past
sr. member
Activity: 1190
Merit: 469
I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.



How does this happen though? That's what I want to know.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID
Were you looking for the TXID of the transaction that spent 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2?
If so, here it is: 4c31735ea4d497459b6e2dea4e59195c39c10f11ae999e92cf36887b5670914d
Bitcoins was sent to 13DCkgkHea1kgihtEY8uuveUtdn67nv2pM and 3G3Tq629nZ5HkybHQ1Uoofb3rLgzSBJLir (change)
It is the change, because it was used as input together with 3EHvCce1Ke6fypBpjJatqiFXUY8Wj8USbr which was also used with 3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm.

Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s  (that was also reported here on this forum)
I can't see any strong correlation since both aren't used as inputs in a single transaction.
And it belongs to Binance.

The address in question has received some withdrawals from binance. -snip-
Most likely that those are from compromised Binance accounts, hacked by the same hacker(s).
legendary
Activity: 2380
Merit: 5213
This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID
The address in question has received some withdrawals from binance. Click here to see one of them.
I don't know how this can help you. Unfortunately, your fund has gone. Bitcoin transactions are irreversible.


https://www.bitcoinwhoswho.com/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s - Scam Alert: This address has been reported as fraudulent (78 times)  
This is binance hot wallet address and has over 1 million transactions. Note that it's not true to say any address that has connection with this address belongs to a scammer.
Pages:
Jump to: