All my money has been stolen from Electrum

[iberotecno]

I was never robbed before. I have never had virus problems.

I installed Electrum at 2022/12/14, created a Wallet using the program. Added a secret password. And transferred all my BTC from Binance to Electrum. All the process went fine.

Today 2024/08/29 I opened Electrum. All my BTC are gone. I can see a transaction made at 2023/01/03 that stolen all my BTC.

• Transaction: https://blockstream.info/tx/1a4f40b9d3e6d739dffe6ba5eda3a4b8d18e7e99cf9cae7ee0a9a9268b6a7128
• Destination (thief) account: 1Khuwa5uHycsDvugKMkMaY5zFNZ9V2mMR2

If I search in Google the destination account I can find this link:

https://103.165.193.201/address/1Khuwa5uHycsDvugKMkMaY5zFNZ9V2mMR2

That shows me that the thief was steal over 0.6 BTC. The thief stole 0.6 BTC and then took the money little by little to other accounts. During the withdrawal process he stole about 0.2 BTC from me, which is equivalent to about a thousand euros.

The first explanation that comes to mind is that a virus was able to scan my files one by one, read their contents and find one on my hard drive on which the seed words were written.

However, it seems strange to me for the following reasons:

• I am an advanced PC user. I know what I download, I know what I do.
• I always have Windows updated to its latest version.
• I use firewall, I use antivirus, I use Malwarebytes.
• It took 1 month from when I installed Electrum until I was robbed. Did the virus downloaded and installed in that specific period? Or are we talking about a virus that remains "latent" on the PC and is subsequently activated when it detects that I am using Electrum?

All of this makes me very suspicious about a possible security flaw in the Electrum program. A single user account has allegedly stolen around 330 thousand euros. How many other accounts will there be that receive stolen money with the same system?

What I can't understand is that if I really have a virus that is capable of reading all my files, why has it stolen an insignificant amount of BTC that I had in Electrum? When it could have stolen my bank passwords and other more interesting things.

If I can provide more information or collaborate in any way with you to discover any security flaws, please ask me. Thank you.

[lionkmp]

Hi, just another user here, trying to help. I would think about these too:

Did you verify the Electrum installer according to the website? GPG signature, GPG key from trusted source, GPG key's fingerprint verified? (If you still have the files, you can still do, that would be interesting to see.)

Did you store your seed phrase offline only? No any text file copy, no photo, anything that might have been stolen on other way than you are evaluating?

And when you transferred your money from the exchange, that might have been a critical step too. Did you make that simply generating a payment request in Electrum and sending the money to that address? I.e. no help from anybody or any extra software?

Security flaw in the genuine Electrum is less likely.

If virus infection, if they have installed a key logger plus steal the files, I guess they can open the wallet file. But if your virus scanner didn't report a virus ever, to me this also seems unlikely. But I'm no "expert" on this.

To your bank-info question: Bitcoin is preferred target to bank logins, because most bank logins are protected by App 2FA or SMS 2FA, and layers of security.

Too late to say, but HW wallet protects against this and very simple to use with Electrum too. Sorry about your case. (0.02, not 0.2, there is a $9k "typo" in your text)