Wallet hacked :-( Not much but slighly upset!

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: wir3man on October 12, 2021, 12:06:28 AM

I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.

Bitcoin Mainnet transaction 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2

From my wallet
0.01229382 BTC to 3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

https://explorer.bitquery.io/bitcoin/address/3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm

This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID

Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s (that was also reported here on this forum)

https://www.bitcoinwhoswho.com/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s - Scam Alert: This address has been reported as fraudulent (78 times)

Thank you

I know you probably don't read this thread anymore, but do you think you could have accidentally installed some sort of malware that stole your wallet?

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: Pmalek on October 19, 2021, 12:31:17 PM

But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code.

It's not just the checking and the verification of the legitimacy of the code. You shouldn't forget; since it's open-source, the other applications' developers can read its code and update their apps in a way that they interact with the open-source one.

You have to ensure that your machine is clean. If it has caught anything weird, it's recommended to not move/sign anything. Even if you've downloaded from the correct website and verified the developer's signature.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: larry_vw_1955 on October 18, 2021, 02:43:14 AM

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

You wouldn't unless you know how to inspect the code and look for backdoors and things in the codebase that shouldn't be there. That's why it's recommended to use open-source wallets. But even if they are open-source, I reckon that 90% of users don't know how to check and verify the legitimacy of the code. But at least it's possible to do so, and you are trusting that others have done it properly. If a wallet has been around as long as Electrum has, you can be sure that it has been thoroughly checked by numerous security experts.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: LoyceV on October 18, 2021, 11:40:35 AM

This is what makes a simple transaction take an hour sometimes Cheesy

Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe.

I’ll always choose the “slow but safe” option, rather than “fast but risky,” because it’s something that definitely worked all these years since I’ve been interested in Bitcoin. When I look at all this from a distance, it paid off to apply the advice of those who were experienced members of the forum 6-7 years ago.

I think we can all agree that cryptocurrencies are an area that requires everyone to be extremely careful in everything they do, otherwise what happened to the OP will happen to everyone sooner or later.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: larry_vw_1955 on October 18, 2021, 02:43:14 AM

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys?

It's not only the wallet itself, but any software you install increases the risk of compromising your wallet. That's why I prefer to install as few apps as possible on my phone.
On my PC I use a VM whenever I install anything new. I keep a freshly installed VM for this, and clone it each time before I use it. I typically name it something like: "wallet X, delete when done".

Quote from: Lucius on October 18, 2021, 09:31:11 AM

When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad.

This is what makes a simple transaction take an hour sometimes Cheesy

Especially offline signing is a lot of work, but it gives peace of mind knowing it's safe.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: larry_vw_1955 on October 18, 2021, 02:43:14 AM

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

Therefore, we should always strive for proven solutions, but again with an exceptional dose of caution and verification of downloaded files before we start using them. No matter if millions of people may say that Electrum is a legal crypto wallet, that doesn't mean that there aren't countless fake copies just waiting for the next sucker who has no idea what awaits him.

When it comes to Bitcoin, it's not hard for me to check everything 10 times before I'm sure something is good or bad.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: ?? on ??

Even if you fully trust Mycelium (which had few controversy), there are some security concern (which mentioned earlier by @mocacinno) if you simply use their seed phrase. For example, malicious virtual keyboard and outdated android version.

Here's a question: how would you know if some crypto wallet you got off the google play was stealing your private keys? the answer is in most cases you would not know until other people started complaining they got their funds stolen or it happened to you! enough said.

the reason for that is apps that are obtained from the play store for the most part are not audited and are not open source so you don't know really what's running on your phone. you just trust the wallet's reputation. whether thats good enough for someone depends on how much money they have at risk. and what it would mean to lose it.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: LoyceV on October 13, 2021, 06:54:02 AM

Mycelium can be used as a watch-only wallet for just the addresses.

In an ideal world people would use that feature but in a non-ideal world they just use their seed phrase. Grin

But if you really thought you could trust something then there should be no problem doing that.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: HCP on October 13, 2021, 12:58:32 AM

Quote from: wir3man on October 12, 2021, 11:16:37 PM

I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.

So you put your 12 word seed phrase into Mycelium? Huh

Mycelium can be used as a watch-only wallet for just the addresses.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: HCP on October 13, 2021, 12:58:32 AM

Quote from: wir3man on October 12, 2021, 11:16:37 PM

I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.

So you put your 12 word seed phrase into Mycelium? Huh

If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. Undecided

Especially if that device is a phone. Most andoid apps you don't know what you are really running.

HCP

legendary

Activity: 2086

Merit: 4316

Quote from: wir3man on October 12, 2021, 11:16:37 PM

I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.

So you put your 12 word seed phrase into Mycelium? Huh

If so, this is precisely what I was talking about... there are so many ways for a wallet to get compromised. Using your seed on multiple devices/wallets is one way to unintentionally expose your seed and therefore lose all your coins. Undecided

wir3man

newbie

Activity: 2

Merit: 0

Quote from: larry_vw_1955 on October 12, 2021, 10:49:08 PM

Quote from: HCP on October 12, 2021, 10:44:11 PM

Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.

Quote from: larry_vw_1955 on October 12, 2021, 10:13:04 PM

Quote from: DaveF on October 12, 2021, 07:24:48 AM

The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.

the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? Huh

you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. Sad

One of my very first BTC transaction . The one from Dec 25 2017 was from a faucet. took me days to get to the payout. I was purely holding....now I can hold a candle.🕯️

I wasn't running the very latest Exodus version on my pc. At the same time I was using Mycelium to periodically checking the balance.

Thanks to all for the support and hopefully there are no more user loosing cryptos.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: HCP on October 12, 2021, 10:44:11 PM

Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined.

That's an unfortunate thing but people can decide for themself if the risk is worth the benefit. On the other hand, the scammer address is receiving this type of transactions into it regularly which indicates an ongoing scamming process, not just a one-off thing.

HCP

legendary

Activity: 2086

Merit: 4316

Indeed... but it's impossible to say one way or the other. The code is closed source and cannot be examined. I'm not sure if Exodus wallet encryption was or is as bad as other wallets (like Jaxx etc) that have done stupid things like use a 4 digit PIN for encryption or store the phrase in plaintext etc.

However, it is also impossible to know for sure what the user has or hasn't done either. It's possible they used the same recovery phrase in another (compromised) wallet/website... it's possible they stored their seed in an email or on a cloud drive or as a screenshot... it's possible their computer was compromised etc.

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: DaveF on October 12, 2021, 07:24:48 AM

The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.

-Dave

the fact that they lifted money out of 3 different addresses in his wallet suggests that his seed phrase was compromised. probably through some type of spyware. the address his funds got sent to has alot of cash like that coming in suggesting they may be doing it to other people too. maybe there's a weakness in this particular wallet?? Huh

you hate to think like that but exodus is not exactly fully open source. so anytime some type of exploit seems to be a possible explanation and the full wallet source code can't be scrutinized then that's a real big problem i would think. Sad

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

The other issue for the OP is when it happened.
There were 3 inputs for that TX (which was sent 2 weeks ago):

1ARyY8RnWD8MisKpCDkHEnwY9CkNknkbm4 Last seen 12-25-2017
1D9cFqGAh15UEQt5ELS4c86iq4AoCmBQzo Last seen 1-29-2021
1B4ETRQbCifX33EVXG4ZxasRN3wp7Wuo52 Last seen 6-1-2018

So that means that someone or something got access to his wallet / PC sometime between the end of January and 2 weeks ago.

It's easy to think that they got access only minutes before the tx occurred, but if really looked to be a stagnant wallet a thief could have waited for while to see if more BTC was coming in before they took it all.

-Dave

mocacinno

legendary

Activity: 3402

Merit: 5004

https://merel.mobi => buy facemasks with BTC/LTC

Quote from: larry_vw_1955 on October 12, 2021, 03:49:45 AM

Quote from: wir3man on October 12, 2021, 12:06:28 AM

I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.

How does this happen though? That's what I want to know.

Only the OP can answer this question... This being said, the most common attack vectors are:

The seed phrase: if a hacker gets his/her hands on this seed phrase, your btc is gone... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
The wallet file itself: if a hacker gets his/her hands on the wallet file, your btc is gone if it isn't properly encrypted (and even if it IS properly encrypted, it can be only a matter of time before your funds are gone)... Hackers use different methods, including but not limited to phishing, virusses and other malware, social engineering, saving seeds on the cloud,...
The victim's computer: if a hacker gains access to your system, the odds of your funds dissapearing increase dramatically
A vulnerability in the wallet software... IDK if there are vulnerability's in OP's version... but it has happened for other wallets in the past

larry_vw_1955

sr. member

Activity: 1106

Merit: 430

Quote from: wir3man on October 12, 2021, 12:06:28 AM

I had an exodus wallet on my pc and just yesterday I realized that the wallet was hacked.

How does this happen though? That's what I want to know.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: wir3man on October 12, 2021, 12:06:28 AM

-snip-
This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID

Were you looking for the TXID of the transaction that spent 6f69c1436788460d52bb896b4be25985aea3b84e6eeaa02310512106c6f4d7e2?
If so, here it is: 4c31735ea4d497459b6e2dea4e59195c39c10f11ae999e92cf36887b5670914d
Bitcoins was sent to 13DCkgkHea1kgihtEY8uuveUtdn67nv2pM and 3G3Tq629nZ5HkybHQ1Uoofb3rLgzSBJLir (change)
It is the change, because it was used as input together with 3EHvCce1Ke6fypBpjJatqiFXUY8Wj8USbr which was also used with 3EJE2vq6mcza3QN4jstN1SDiZMqAbFghAm.

Quote from: wir3man on October 12, 2021, 12:06:28 AM

Seems that this address is linked with 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s (that was also reported here on this forum)

I can't see any strong correlation since both aren't used as inputs in a single transaction.
And it belongs to Binance.

Quote from: hosseinimr93 on October 12, 2021, 03:10:11 AM

The address in question has received some withdrawals from binance. -snip-

Most likely that those are from compromised Binance accounts, hacked by the same hacker(s).

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: wir3man on October 12, 2021, 12:06:28 AM

This wallet made some transactions with Binance. Any clue or any suggestion in finding the TX ID

The address in question has received some withdrawals from binance. Click here to see one of them.
I don't know how this can help you. Unfortunately, your fund has gone. Bitcoin transactions are irreversible.

Quote from: wir3man on October 12, 2021, 12:06:28 AM

https://www.bitcoinwhoswho.com/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s - Scam Alert: This address has been reported as fraudulent (78 times)

This is binance hot wallet address and has over 1 million transactions. Note that it's not true to say any address that has connection with this address belongs to a scammer.

Topic: Wallet hacked :-( Not much but slighly upset! (Read 377 times)