BTC Stolen from Tails Electrum

Purchased BTC from Circle, then transferred them to a brand new Electrum Wallet I created on Tails>Electrum 1.9.8. When I regenerate the wallet from seed the wallet shows no history at all and will not produce receiving addresses. 0 BTC balance, of course, and take a long time to sych.

I can PM the Electrum address I sent my coins to from Circle. $120, not a huge deal, but don't really enjoy watching it disappear for nothing in return.

What could have done wrong? I generated my Electrum wallet over Tor while on Tails. Is this persistent tails USB infected maybe?


Comments


[3 Points] BurbankJoe:

on the bottom right of electrum, what color is the status, Green or Red?

the electrum bundled with tails is whack so you will need to update it. Do that and use the same seed and see if it works

https://www.reddit.com/r/tails/comments/34ex0d/need_help_updating_electrum_198_on_tails_132/cqtz37w


[1 Points] cryptocreepo:

This seems to be a common problem with some wallet apps.

Usually an app restart and/or upgrade will fix it.

Always try to run the latest version of your wallet software, just like your security/privacy/anonymity software.


[1 Points] TotesMessenger:

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)


[1 Points] tehsushichef:

I swept a modest sum into the 2.5.4 Electrum wallet via the in-program private key sweep function, and Electrum did not display any tx history or change of values for any addresses until I restarted the program the next morning. It was a very disconcerting night. Checking the block chain the following day revealed that the transaction had been validated quite quickly. There must be some strange behavior going on in the Electrum interface. In my client, on the addresses tab, the three tree branches that I expand to get a full picture of the wallet collapse back down every time I perform an action. At this time the GUI isn't highly configurable, but I am looking forward to seeing where it goes from here. The wallet seems to work well enough, and having a seed is great. There are/will be more other options available that can generate deterministic wallets. I personally am going to shop around for a bit to test the waters. I only just moved to Electrum from Core, which just wasn't for me.

If you inspect the transaction(s) in the block chain, and they are confirmed, and they were sent to addresses that are not in your wallet or under your control, then the money is effectively lost. I would imagine that if this is the case, given the nature of your setup, it would have been accomplished by some sort of cleverly disguised social engineering.

On the other hand, I have read that it is theoretically possible to install a rootkit in device-side USB controller firmware, or even in UEFI BIOS. MBR infections are documented, but this (MBR) probably couldn't apply to USB devices and certainly not disc-bootable system images (unless some sort of hidden data was included when the image was burned to a CD on an infected host). The cracked USB firmware was accomplished by a team of researchers, and I haven't read anything else about it since the article. I don't know whether physical access to the device would be necessary, but my uninformed guess is that it would be required.

The safest thing to do would be to install to a brand-new USB device on a brand-new, never-networked computer. It could probably be done on an environment installed on an inexpensive microcontroller kit-like device. Of course, then there is the consideration of whether it is possible that there is a hardware back door, or pre-loaded bad firmware with hard-coded master keys or something of that nature. It is a borderline-paranoid arms race that is eventually compounded to the point where single users, or most groups of users, have no control over their own security or privacy... It is interesting to imagine, but will probably raise your blood pressure in the process.

If someone were to be skilled and resourceful enough to carry out such an attack, I would imagine they would tailor it to infect the maximum number of devices by targeting Windows users, and would presumably dedicate their resources to implementing more advanced obfuscation and better countermeasures into their kit.

Whether such a package could penetrate Tails is a mystery. I can't claim to be close to academically knowledgeable enough to even make an opinion. I would imagine that most motivation to crack Tails and/or Tor would come from the nation state level, and I would question whether they would care to spend the effort to bypass your wallets' passphrase(s) and/or other defenses.

You can search out some interesting reading on methods of connecting entry points and exit nodes in the Tor network by massive statistical analysis.

Other interesting reading:

https://www.blackhat.com/docs/us-15/materials/us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf

http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf