BTC Stolen

[KallEYE]

They stole 0,09 btc from me
Why Electrum shows me that I have to update software ?
I was using it for 1 year and this fucking message came from Electrum server

Adress:
bc1qvr93mxj5ep58wlchdducthe89hcmk3a4uqpw3c

[KallEYE]

Is a fucking action, since they had no password, etc.

[KallEYE]

Delete everything and reinstall it.

[gits7r]

We are sorry for this, but this message is confusing and too alarming and causes panic among users.

Electrum doesn't have a bug that can be exploited, it cannot be controlled remotely, it has no open vulnerability that can cause loss without user's action. Electrum was no more "hacked" or "exploited" than gmail, yahoo, outlook and all financial institutions (banks, etc.) as well as various other online services are every day.

Because of how peer discovery works in Electrum, there is not much we can do for old versions, since we can't prevent them with 100% success rate to run into a malicious server. This is because, unlike other lightweight wallets, Electrum decided to not have only few harcoded servers that will be responsible for the privacy of all users, and act as single point of failure, but instead allow users to run their own servers or use servers that they trust. Electrum takes user privacy very seriously, which is why proper peer to peer discovery without central authority arbitration was adopted, instead of anything else. This way an attacker cannot keep an Electrum user offline, or isolate him, or pull various attacks.

While the entire Electrum team is doing absolutely everything possible to protect the users, such as:

• patch Electrum wallet to not display rich text, and don't allow arbitrary messages, only strict codes;

• patch ElectrumX server implementation to detect sybil (malicious servers that send the phishing message) and not further broadcast them to clients;

• implement blacklist logic to maintain malicious servers outside the view of the clients;

• heavily advertise on social, website and all communication forms existent with the users that they should always run the latest version and always only install from the official source (electrum.org), accessed over secure protocol (https) with prior verifications of the PGP signature;

...the sad truth is that nothing can be truly done to protect an user from its own actions. If you are willing to install Electrum from a different source, when the official is electrum.org, and you don't verify signatures, even with the latest patch that does not display rich text you are still vulnerable as you can receive an email or text message with the same phishing message, and install a backdoored Electrum.

After all, when you install and use security software and finances software such as Electrum the first rule is to make sure you are running a version that has no discovered vulnerabilities and your build is signed and genuine.

I know this is not pleasant to read after loss of funds, and we are sorry, but this is the sad truth. This is not a vulnerability in Electrum, so we are going to respectfully close such issues / tickets on github because we are already doing everything possible to limit the effects of phishing attacks, and such issues do not provide any new information.

[KallEYE]

A nice excuse from Electrum. Have the wallet displayed, update as it is synonymous with many other programs that
was led directly from the wallet to the homepage. This deportation of responsibility to users is an insolence. Even my protection program did not recognize the fake side. Choose another provider, since the comment page Electrum is a naughtiness !!!!!
Ciao Electrum
Fuckup Electrum - Electrum still earns money from it!!!!

[gits7r]

It is not an excuse from Electrum. it is a simple explanation from me, personally.

Where did you download the first Electrum from? electrum.org

The second one was downloaded from a different source. Electrum.org clearly states do not download from other sources.

Your protection program cannot recognize the fake side, because the attack is simple and is not related to a security exploit, it just sends a message that QT parses as rich text.

You can receive such messages by any other channel, like email, phone, sms, etc. - if you follow the malicious link the effect is still the same, so yes I sincerely think it's the responsibility of the users. Running out of date software is not recommended especially security software or finance software. Installing unverified binaries from untrusted sources is even worse, and there's absolutely nothing that those app developers can do to protect you against this.

Electrum does not earn any money from it. If Electrum was malicious, I assure you funds would have been taken in a smarter way and not via the oldest scam in the history of the internet: phishing, which happens every day to ALL online services...

[riniguez]

bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny stole me 0.00796663 BTC

[4oo4]

@KallEYE

electrum/LICENCE

Lines 14 to 20 in 9c45472

	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
	LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
	OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
	WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

[1400BitcoinStolen]

I just lost 1,400 BTC via the same method described above.

[1400BitcoinStolen]

bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny is the receivers address.

[verretor]

I just lost 1,400 BTC via the same method described above.

Could you provide more details about how it happened?

[1400BitcoinStolen]

I had 1,400 BTC in a wallet that I had not accessed since 2017. I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds.

I installed the update which immediately triggered the transfer of my entire balance to a scammers address.

[verretor]

They may not have stolen your BCH and BSV yet.

I recommend moving those to another wallet using ANOTHER COMPUTER. Yours is possibly compromised.

[mrbianchi]

They may not have stolen your BCH and BSV yet.

I recommend moving those to another wallet using ANOTHER COMPUTER. Yours is possibly compromised.

@1400BitcoinStolen If you need quick help to do that, contact me

[lukechilds]

@1400BitcoinStolen I would recommend you install:

• https://github.com/Electron-Cash/Electron-Cash
• https://github.com/electrumsv/electrumsv

Then import your seed, and sweep the BCH/BSV somewhere else and dump them for BTC to reclaim some value. The value of your fork coins are currently worth just over $500k.

I can't comment on the code quality of those Electrum forks but I had a quick look and they appear to be genuine. I'd say it's worth the risk considering the situation.

[1400BitcoinStolen]

I accessed the BCH back in 2017 when I moved the BTC into the new electrum wallet.

I appreciate the productive thoughts guys.

Cheers

[EagleTM]

@1400BitcoinStolen Please join #electrum on freenode to discuss this further

[mrbianchi]

Furthermore BSV and BCH, you can extract more forks, if you need help I can advice you

[Smiggel]

@1400BitcoinStolen I would recommend you install:

• https://github.com/Electron-Cash/Electron-Cash
• https://github.com/electrumsv/electrumsv

Then import your seed, and sweep the BCH/BSV somewhere else and dump them for BTC to reclaim some value. The value of your fork coins are currently worth just over $500k.

I can't comment on the code quality of those Electrum forks but I had a quick look and they appear to be genuine. I'd say it's worth the risk considering the situation.

Care to explain? I thought that Bitcoin SV was a fork from Bitcoin Cash. You can still claim the coins with your Bitcoin seed?

[lukechilds]

Care to explain? I thought that Bitcoin SV was a fork from Bitcoin Cash. You can still claim the coins with your Bitcoin seed?

If you haven't touched your BCH UTXOs since the fork then yes, you'll also have the same UTXOs on BSV and the same seed can be used to spend the funds on both chains.

[Smiggel]

Care to explain? I thought that Bitcoin SV was a fork from Bitcoin Cash. You can still claim the coins with your Bitcoin seed?

If you haven't touched your BCH UTXOs since the fork then yes, you'll also have the same UTXOs on BSV and the same seed can be used to spend the funds on both chains.

Ah, check. I claimed my BCH and sold them already. :-) So, nothing left there for me.

[volyxixi]

Hacker changed the code of new Electrum version or update link.. i remember long time ago Electrum notify about this bug!

[1400BitcoinStolen]

@1400BitcoinStolen Please join #electrum on freenode to discuss this further

can you plese give me a link to the site?

[Steven4294]

I'm having the same issue

[drnick30]

@1400BitcoinStolen I’m so so sorry man, this is so disheartening, $17 million gone. you still have some unclaimed forked coins. If you need any help with that, I could help you.

[Hey]

Just here to pay respects.

[WIS3B33]

Sickening sorry bro

[john--]

@1400BitcoinStolen I really wish the best for you! Good luck with recovering your bitcoin.

[rbrooklyn]

@spesmilo time to lock the comments on this I think. Scammers have found this thread and are exploiting it. The hex scam, someone posting a fake recovery service, and now @fiubit begging for money.

[kenerik]

@rbrooklyn I agree.. Lock it down..

For the record.. @1400BitcoinStolen
As of yesterday..Out of what i read.. Binance and other exchanges are now Black listing the TxId, and address that touch them.
Nothing much more to do about this tragic story.

[ecdsa]

@1400BitcoinStolen there is a police investigation going on in Germany and in the UK.
we will report your loss, but it will have more weight if you report it too.

[Cryptbtcaly]

Hello
I had a similar situation 2 months ago.
36.5 Bitcoin was stolen from my address 36xej1oQw82Jz51kjBhcmV3Eb8a8vkwtrw to bc1qy303ar4jjy2x0efn00aqdlfvn48a0gddj355fv - https://blockchair.com/bitcoin/transaction/34ce7a78c6379d3176200deffd26798901dba1c726663e177d6ca9c1cf18643e

Now stolen Bitcoin are at addresses:
bc1qpk0w9pvhqrxn29vzpxpjl87w4g9hlvmv0jkmv0 (9.8181 BTC)
bc1qwtanse4pk26v0kvxcpxrfnzmnjgcxl9vkkw05t (5.4984 BTC)
bc1qstdm72hj07fxwn30j3cecxrfxnzh6ssx02thqa (4.93063517 BTC)
bc1q9wt8rfmk473nz7nh7hpgl7euhrem3n8kmag0e8 (7.83 BTC)
bc1qxn4xt0sfev5snxdgr0anrjtt5346att0gedaxz (5.55171966 BTC)

Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return.
Cover up fraudsters.

[1400BitcoinStolen]

@1400BitcoinStolen there is a police investigation going on in Germany and in the UK.
we will report your loss, but it will have more weight if you report it too.

How so? How do you know an investigation has kicked off?

[stroydat]

Working with Electrum wallet is not easy.
I have been using it since 2014. I managed to save assets. There is a safe work algorithm.
Interesting to b2b-buy coins. // t.me finist4x

[hexhivist]

The HEX snapshot was on December 2nd 2019, you have until November 19th to claim with your electrum wallet. These people are not being helpful, your Bitcoin is gone forever join t.me/HEXCrypto and we'll help you with claiming HEX.

[hexhivist]

Whoever is deleting HEX comments is a scammer, you can claim it free just like any other hard fork.

[hexhivist]

Alternatively DM @RichardHeartWin and discuss it.

[ecdsa]

@1400BitcoinStolen there is a police investigation going on in Germany and in the UK.
we will report your loss, but it will have more weight if you report it too.

How so? How do you know an investigation has kicked off?

We (electrum developers) have reported the phishing attack to the police about a year ago.
I cannot make any comments about the progress of the investigation, but it helps if victims report it independently.
If you live in Germany you should contact the cybercrime unit of the LKA Berlin

[asher-lab]

That hurts mate 😩

[dmytroleonenko]

The lesson for others? Use a hardware wallet if your BTC(others apply as well) holdings worth more than you afford to lose. Probably anything more than 1k$ should be stored on a hardware wallet. There are plenty of them.

[yadakhov]

The lesson for others? Use a hardware wallet if your BTC(others apply as well) holdings worth more than you afford to lose. Probably anything more than 1k$ should be stored on a hardware wallet. There are plenty of them.

Might be a stupid question here. It is possible for the software that's connected to the Hardware Wallet (Ledger Live, electrum etc) to be hacked? Even though the hardware wallet is saying it is going to a certain address is is actually going to a hacker address.

[EagleTM]

2FA wallet or Hardware wallet helps of course - you still need to verify where you send your coins, there is clipboard changing malware which will replace the recipient address...

Most importantly: Don't click on links in popups in Electrum (new versions won't have popups). Don't download updates from sites other than the offical site (electrum.org) and verify your release. There are youtube videos and tutorials how to do so.

[JeDaYoshi]

Came here to pay respects, too. F

[ip-config]

1400 BTC and using electrum. Stop Drama. Stop Lie !
buy u a Leger Nano cost 0.0014BTC

[7mikael]

(Off-topic and will remove this post on 6 Sep:) @1400BitcoinStolen please email me, on the topic of making a difference for others and the future.

[SomberNight]

the ads are starting

Indeed.

Locked for now. Not much more can be said here.