Search content
Sort by
Showing 4 of 4 results by btcfreak123
Re: New Electrum vulnerability? Unknown transaction (Fraud, Theft) 4.3.4 AppImage
B.t.w. I have contacted Binance - where my stolen BTC ended up on one of their addresses - and after proving (with screenshots, videos from wallet opening and wallet/TX history) that I am the owner of the address from which the BTC got stolen, they offered to refund me - but only if I open a Binance account (they will send it to my Binance address)! They said the owner of this Binance BTC address (obviously their customer=the hacker!) agreed to send it back!!! WTF 
Has anyone had this experience? The don't want to give me his identity nor the type of attack how the BTCs got removed! This looks very dodgy and supports my theory of a malicious server attack / vulnerability in Electrum which they maybe want to hide... Also I think a criminal/police investigation over several jurisdictions (me, Binance HQ, Binance server locations, TX server locations / mining pool, location of Binance customer) would lead to nothing.
Has anyone had this experience? The don't want to give me his identity nor the type of attack how the BTCs got removed! This looks very dodgy and supports my theory of a malicious server attack / vulnerability in Electrum which they maybe want to hide... Also I think a criminal/police investigation over several jurisdictions (me, Binance HQ, Binance server locations, TX server locations / mining pool, location of Binance customer) would lead to nothing.Re: New Electrum vulnerability? Unknown transaction (Fraud, Theft) 4.3.4 AppImage
I don't think Electrum servers can able to do that since Electrum only request for these data like address history and balances, block headers, UTXOs, etc.
There's no way that they can do or control your wallet.
How exactly did you create your wallet? Did you create your wallet somewhere else? I mean outside the Electrum wallet from that PC/Laptop?
If not, and you created your wallet on the same device, there's a possibility there's something in your PC that you don't know leaks your wallet private keys.
I'd like to know how you installed this Linux and where you downloaded it. Are you sure that you downloaded the Linux OS from a legit source?
Because if you downloaded it from somewhere other than the trusted source, there's a possibility it's already infected with malware. Scanning it with any antivirus won't work; that's why I don't download an OS randomly.
There are lots of free OS mods out there, but all of them are already infected with malware that can't be easily scanned by any antivirus.
If I want to use a wallet on a Linux-based OS, I am more comfortable using Tails, which has built-in Electrum. Electrum already provided a guide for this. If you are interested in the future, check their guide below.
- https://github.com/spesmilo/electrum-docs/blob/master/tails.rst
There's no way that they can do or control your wallet.
How exactly did you create your wallet? Did you create your wallet somewhere else? I mean outside the Electrum wallet from that PC/Laptop?
If not, and you created your wallet on the same device, there's a possibility there's something in your PC that you don't know leaks your wallet private keys.
I'd like to know how you installed this Linux and where you downloaded it. Are you sure that you downloaded the Linux OS from a legit source?
Because if you downloaded it from somewhere other than the trusted source, there's a possibility it's already infected with malware. Scanning it with any antivirus won't work; that's why I don't download an OS randomly.
There are lots of free OS mods out there, but all of them are already infected with malware that can't be easily scanned by any antivirus.
If I want to use a wallet on a Linux-based OS, I am more comfortable using Tails, which has built-in Electrum. Electrum already provided a guide for this. If you are interested in the future, check their guide below.
- https://github.com/spesmilo/electrum-docs/blob/master/tails.rst
I have created the wallet on a Windows system years ago - see my post above.
The Debian OS (iso install. file) I have downloaded of course from the original Debian developer site debian.org - also signature-verified.
I now use offline signing and one wallet per address - so fuck the seed :-) Tails is also a good option I agree.
But what really driving me nuts is how the hack worked and why only once at this time coincidence? My old wallet seed and btc addresses and even the electrum password never changed in 5 years and any attacker could have stolen much more... I really think it is a combination of a glitch / vulnerability in Electrum together with a malicious server...
Re: New Electrum vulnerability? Unknown transaction (Fraud, Theft) 4.3.4 AppImage
Since you scanned for malware/viruses, I am guessing that your device is clean so it's probably nothing to do with that.
But it does sound suspiciously like a private key leak or a malicious server (man-in-the-middle attack).
Check Electrum's log file, if you had logging enabled: ~/.electrum/logs/ or \AppData\Roaming\Electrum\logs (hidden folder)
Was auto-connect to server on?
Check the tx data on blockchain explorer - were they broadcast from the same IP / node?
[/quote]
Unfortunately I had logging not enabled but yes, it was auto-connected to (several) servers.
Blockchain explorers also show no IP addresses, so how would I check where both TX came from or if they initiated both on my PC/wallet or not? This would already help me. If the second TX was initiated outside my wallet (e.g. by a stolen seed or private key) this would rule out malware on my current system, since I have used the same wallet years ago on a Windows system - where I also had only signature-verified Electrum progs installed, but I am not so sure (as on my Linux system now) that I was 99% free of malware. But then again, why would someone with my wallet seed had not drained all the addresses but only one and coincidentally at the exact same time when I broadcasted a TX and never before or after?
B.t.w. I discovered that at the time of the attack - shortly (seconds/minutes) before - 3 files were created in the /.electrum directory:
/.electrum/certs/guichet.centure.cc
/.electrum/certs/blackie.c3-soft.com
/.electrum/certs/btc.aftrek.org
Idk if this is normal (e.g. new servers connected) or could that have been the malicious servers?
New Electrum vulnerability? Unknown transaction (Fraud, Theft) 4.3.4 AppImage
I had a strange issue with a BTC transfer. When i broadcasted a (small) transaction from my address/coin (which I marked as "spend" in the coins tab) - at the same time - another transaction initiated with a very large amount from my other coin address in the same wallet to an unknown address and the funds were moved 1h later from there to a Binance address.
I am 99% sure I don't have any malware / viruses / keyloggers etc. (all checked multiple times, even rootkit scanners) on my (Debian/Linux) system and also the AppImage I have used many times before and after (!) that "hack" without problems and is originally from Electrum.org and GPG-verified! I also never downloaded or updated (by phishing messages etc.) any other version.
The weired thing is something just drained my second BTC address but not the other ones in the same wallet (with the same password!)
My fear is that there is a new (unkonwn) vulnerability of Electrum out that allows malicious servers to inject code as in the old JSON-RPC port vulnerability (prior to 3.0.4). A malware on my PC also would have drained all BTC addresses entirely and not just picked a single one or at least would have repeatedly tried to initiate transactions, but I have used the same electrum program and wallet and addresses after this attack without issues.
The second transaction was initiated at the same time I have entered my wallet password (to sign my TX) and hit "broadcast".
Has anoybody had a similar case?
If it was a "electrum stealer program" - how do they work exactly and what programs are known/discovered? Is the above described behaviour typical for such a software or a malicious Electrum server?
I am 99% sure I don't have any malware / viruses / keyloggers etc. (all checked multiple times, even rootkit scanners) on my (Debian/Linux) system and also the AppImage I have used many times before and after (!) that "hack" without problems and is originally from Electrum.org and GPG-verified! I also never downloaded or updated (by phishing messages etc.) any other version.
The weired thing is something just drained my second BTC address but not the other ones in the same wallet (with the same password!)
My fear is that there is a new (unkonwn) vulnerability of Electrum out that allows malicious servers to inject code as in the old JSON-RPC port vulnerability (prior to 3.0.4). A malware on my PC also would have drained all BTC addresses entirely and not just picked a single one or at least would have repeatedly tried to initiate transactions, but I have used the same electrum program and wallet and addresses after this attack without issues.
The second transaction was initiated at the same time I have entered my wallet password (to sign my TX) and hit "broadcast".
Has anoybody had a similar case?
If it was a "electrum stealer program" - how do they work exactly and what programs are known/discovered? Is the above described behaviour typical for such a software or a malicious Electrum server?