Ninjastic
PostEdited versionsQuotes to this post
Next scheduled rescrape ... never
22/07/2025, 19:24:59 UTC POST DELETED
Version 1
Scraped on 15/07/2025, 19:54:36 UTC
Quote from: BitMaxz on July 14, 2025, 10:50:13 PM
I don't think Electrum servers can able to do that since Electrum only request for these data like address history and balances, block headers, UTXOs, etc.
There's no way that they can do or control your wallet.

How exactly did you create your wallet? Did you create your wallet somewhere else? I mean outside the Electrum wallet from that PC/Laptop?

If not, and you created your wallet on the same device, there's a possibility there's something in your PC that you don't know leaks your wallet private keys.

I'd like to know how you installed this Linux and where you downloaded it. Are you sure that you downloaded the Linux OS from a legit source?
Because if you downloaded it from somewhere other than the trusted source, there's a possibility it's already infected with malware. Scanning it with any antivirus won't work; that's why I don't download an OS randomly.

There are lots of free OS mods out there, but all of them are already infected with malware that can't be easily scanned by any antivirus.

If I want to use a wallet on a Linux-based OS, I am more comfortable using Tails, which has built-in Electrum. Electrum already provided a guide for this. If you are interested in the future, check their guide below.

- https://github.com/spesmilo/electrum-docs/blob/master/tails.rst


I have created the wallet on a Windows system years ago - see my post above.

The Debian OS (iso install. file) I have downloaded of course from the original Debian developer site debian.org - also signature-verified.

I now use offline signing and only one wallet per address - so fuck the seed :-) Tails is also a good option, I agree.

But what really is driving me nuts is that I don't know how the hack worked and why only once at this time coincidenceand coincidentally with a TX of myself? My old wallet seed and btcBTC addresses and even the electrumElectrum password never changed in 5 years and any attacker could have stolen much more if he had known the seed/keys/password... I really think it is a combination of a glitch / vulnerability in Electrum together with a malicious server... Any server can send wrong confirmations, tricking you into downloading an update, but I am pretty sure I didn't fall for that. Maybe anything else? There was this JSON-RPC hack, you remember, not so long ago...
Original archived Re: New Electrum vulnerability? Unknown transaction (Fraud, Theft) 4.3.4 AppImage
Scraped on 15/07/2025, 19:25:09 UTC
Quote from: BitMaxz on July 14, 2025, 10:50:13 PM
I don't think Electrum servers can able to do that since Electrum only request for these data like address history and balances, block headers, UTXOs, etc.
There's no way that they can do or control your wallet.

How exactly did you create your wallet? Did you create your wallet somewhere else? I mean outside the Electrum wallet from that PC/Laptop?

If not, and you created your wallet on the same device, there's a possibility there's something in your PC that you don't know leaks your wallet private keys.

I'd like to know how you installed this Linux and where you downloaded it. Are you sure that you downloaded the Linux OS from a legit source?
Because if you downloaded it from somewhere other than the trusted source, there's a possibility it's already infected with malware. Scanning it with any antivirus won't work; that's why I don't download an OS randomly.

There are lots of free OS mods out there, but all of them are already infected with malware that can't be easily scanned by any antivirus.

If I want to use a wallet on a Linux-based OS, I am more comfortable using Tails, which has built-in Electrum. Electrum already provided a guide for this. If you are interested in the future, check their guide below.

- https://github.com/spesmilo/electrum-docs/blob/master/tails.rst


I have created the wallet on a Windows system years ago - see my post above.

The Debian OS (iso install. file) I have downloaded of course from the original Debian developer site debian.org - also signature-verified.

I now use offline signing and one wallet per address - so fuck the seed :-) Tails is also a good option I agree.

But what really driving me nuts is how the hack worked and why only once at this time coincidence? My old wallet seed and btc addresses and even the electrum password never changed in 5 years and any attacker could have stolen much more... I really think it is a combination of a glitch / vulnerability in Electrum together with a malicious server...