-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BTC Stolen #5072
Comments
Is a fucking action, since they had no password, etc. |
Delete everything and reinstall it. |
We are sorry for this, but this message is confusing and too alarming and causes panic among users. Electrum doesn't have a bug that can be exploited, it cannot be controlled remotely, it has no open vulnerability that can cause loss without user's action. Electrum was no more "hacked" or "exploited" than gmail, yahoo, outlook and all financial institutions (banks, etc.) as well as various other online services are every day. Because of how peer discovery works in Electrum, there is not much we can do for old versions, since we can't prevent them with 100% success rate to run into a malicious server. This is because, unlike other lightweight wallets, Electrum decided to not have only few harcoded servers that will be responsible for the privacy of all users, and act as single point of failure, but instead allow users to run their own servers or use servers that they trust. Electrum takes user privacy very seriously, which is why proper peer to peer discovery without central authority arbitration was adopted, instead of anything else. This way an attacker cannot keep an Electrum user offline, or isolate him, or pull various attacks. While the entire Electrum team is doing absolutely everything possible to protect the users, such as:
...the sad truth is that nothing can be truly done to protect an user from its own actions. If you are willing to install Electrum from a different source, when the official is electrum.org, and you don't verify signatures, even with the latest patch that does not display rich text you are still vulnerable as you can receive an email or text message with the same phishing message, and install a backdoored Electrum. After all, when you install and use security software and finances software such as Electrum the first rule is to make sure you are running a version that has no discovered vulnerabilities and your build is signed and genuine. I know this is not pleasant to read after loss of funds, and we are sorry, but this is the sad truth. This is not a vulnerability in Electrum, so we are going to respectfully close such issues / tickets on github because we are already doing everything possible to limit the effects of phishing attacks, and such issues do not provide any new information. |
A nice excuse from Electrum. Have the wallet displayed, update as it is synonymous with many other programs that |
It is not an excuse from Electrum. it is a simple explanation from me, personally. Where did you download the first Electrum from? electrum.org The second one was downloaded from a different source. Electrum.org clearly states do not download from other sources. Your protection program cannot recognize the fake side, because the attack is simple and is not related to a security exploit, it just sends a message that QT parses as rich text. You can receive such messages by any other channel, like email, phone, sms, etc. - if you follow the malicious link the effect is still the same, so yes I sincerely think it's the responsibility of the users. Running out of date software is not recommended especially security software or finance software. Installing unverified binaries from untrusted sources is even worse, and there's absolutely nothing that those app developers can do to protect you against this. Electrum does not earn any money from it. If Electrum was malicious, I assure you funds would have been taken in a smarter way and not via the oldest scam in the history of the internet: phishing, which happens every day to ALL online services... |
bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny stole me 0.00796663 BTC |
Lines 14 to 20 in 9c45472
|
I just lost 1,400 BTC via the same method described above. |
bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny is the receivers address. |
Could you provide more details about how it happened? |
I had 1,400 BTC in a wallet that I had not accessed since 2017. I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update which immediately triggered the transfer of my entire balance to a scammers address. |
They may not have stolen your BCH and BSV yet. I recommend moving those to another wallet using ANOTHER COMPUTER. Yours is possibly compromised. |
@1400BitcoinStolen If you need quick help to do that, contact me |
@1400BitcoinStolen I would recommend you install: Then import your seed, and sweep the BCH/BSV somewhere else and dump them for BTC to reclaim some value. The value of your fork coins are currently worth just over $500k. I can't comment on the code quality of those Electrum forks but I had a quick look and they appear to be genuine. I'd say it's worth the risk considering the situation. |
I accessed the BCH back in 2017 when I moved the BTC into the new electrum wallet. I appreciate the productive thoughts guys. Cheers |
@1400BitcoinStolen Please join #electrum on freenode to discuss this further |
Furthermore BSV and BCH, you can extract more forks, if you need help I can advice you |
Care to explain? I thought that Bitcoin SV was a fork from Bitcoin Cash. You can still claim the coins with your Bitcoin seed? |
If you haven't touched your BCH UTXOs since the fork then yes, you'll also have the same UTXOs on BSV and the same seed can be used to spend the funds on both chains. |
Ah, check. I claimed my BCH and sold them already. :-) So, nothing left there for me. |
Hacker changed the code of new Electrum version or update link.. i remember long time ago Electrum notify about this bug! |
can you plese give me a link to the site? |
I'm having the same issue |
@1400BitcoinStolen I’m so so sorry man, this is so disheartening, $17 million gone. you still have some unclaimed forked coins. If you need any help with that, I could help you. |
Just here to pay respects. |
Sickening sorry bro |
@1400BitcoinStolen I really wish the best for you! Good luck with recovering your bitcoin. |
@rbrooklyn I agree.. Lock it down.. For the record.. @1400BitcoinStolen |
@1400BitcoinStolen there is a police investigation going on in Germany and in the UK. |
Hello Now stolen Bitcoin are at addresses: Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return. |
How so? How do you know an investigation has kicked off? |
Working with Electrum wallet is not easy. |
The HEX snapshot was on December 2nd 2019, you have until November 19th to claim with your electrum wallet. These people are not being helpful, your Bitcoin is gone forever join t.me/HEXCrypto and we'll help you with claiming HEX. |
Whoever is deleting HEX comments is a scammer, you can claim it free just like any other hard fork. |
Alternatively DM @RichardHeartWin and discuss it. |
We (electrum developers) have reported the phishing attack to the police about a year ago. |
That hurts mate 😩 |
The lesson for others? Use a hardware wallet if your BTC(others apply as well) holdings worth more than you afford to lose. Probably anything more than 1k$ should be stored on a hardware wallet. There are plenty of them. |
Might be a stupid question here. It is possible for the software that's connected to the Hardware Wallet (Ledger Live, electrum etc) to be hacked? Even though the hardware wallet is saying it is going to a certain address is is actually going to a hacker address. |
2FA wallet or Hardware wallet helps of course - you still need to verify where you send your coins, there is clipboard changing malware which will replace the recipient address... Most importantly: Don't click on links in popups in Electrum (new versions won't have popups). Don't download updates from sites other than the offical site (electrum.org) and verify your release. There are youtube videos and tutorials how to do so. |
Came here to pay respects, too. F |
1400 BTC and using electrum. Stop Drama. Stop Lie ! |
(Off-topic and will remove this post on 6 Sep:) @1400BitcoinStolen please email me, on the topic of making a difference for others and the future. |
Indeed. Locked for now. Not much more can be said here. |
They stole 0,09 btc from me
Why Electrum shows me that I have to update software ?
I was using it for 1 year and this fucking message came from Electrum server
Adress:
bc1qvr93mxj5ep58wlchdducthe89hcmk3a4uqpw3c
The text was updated successfully, but these errors were encountered: