2,399 LTC stolen seconds after Electrum-ltc was installed

[danbel79]

Electrum-ltc,

Today I found out Two thousand three hundred ninety nine Litecoins were stolen from my wallet on April 12, 2018.

Here is what I did that day:

1- On the morning of April 12, I decided to reset Windows 10 using the recovery option. and wipe out all files, which I had already backed-up on another drive. 2- After installing Windows office, Chrome and Adobe Reader, I then decided to download the Electrum Litecoin wallet from https://electrum-ltc.org/. 3- I downloaded the "Windows installer" version, typed in my seed during the setup and next a message indicating an error popped-up. The message said something about not being able to connect to the server. 4- I tried once again and the same thing happened. I quickly goggle for an answer but couldn't find a simple one.
5- I then downloaded the "Standalone Executable" version, typed my seed during the setup and the wallet opened. I don't remember checking the balance, but I do remember deciding to give it a few minutes to update. So, I then went to install other wallets and programs, etc. and totally forgot about the wallet.
6- Then, I restarted my computer after some windows updates or something, got carried away with work, and didn't check my Litecoin wallet. 7- Today, April 17, 2018, I decided to check my wallet and I found out my wallet had been emptied. 8- After trying to figure out how I had been hacked I found out that my wallet was emptied seconds after I installed the wallet on April 12. The hack didn't just stop there, my seed was also used to claim and take my Litecoin Cash.

Because the hack happened exactly at the moment of the Electrum Litecoin wallet was installed and seems like it was an automatic process, I suspect the hack came through the wallet downloaded from https://electrum-ltc.org/.

Here are the transaction IDs and screenshots: 69e3611d5bb503e5d32831c5dc2b03caa53f3104ee3073677b816131e812360b d2bdd3aa1c31102ddd08120e6c4bd6864aabdafb7cb8100feef5ea5ff312f892

I'm posting on this forum hoping someone can help me recover my Litecoins and to alert the community. Thank you for your attention.

[pooler]

3- I downloaded the "Windows installer" version, typed in my seed during the setup and next a message indicating an error popped-up. The message said something about not being able to connect to the server.

Do you still have this file by any chance? If so, could you post its full name (assuming you didn't rename it), its exact size in bytes and, if you know how to compute it, a hash?

[danbel79]

I deleted the file since it wasn't working and emptied my recycle bin a while after. I have the "Standalone Executable" file. Here are the size and hash:

[pooler]

The standalone executable that you have is the official one (hashes match), so I don't think this is what caused your issue. (This file is built deterministically, so anybody can verify that it corresponds to the code in this repo by using the official build scripts.)

What does seem suspect to me is the error message that you got from the installer right after you entered your seed, the one about "not being able to connect to the server". Did you verify the signature of the installer before running it? Did you notice anything strange when you ran this file? Did it actually start an installer, or did it start the Electrum wizard directly?

[Fiat2LTC]

This sounds like you might have some malware that was proxying your connection and packet sniffing. Have you ever installed anything related to Litecoin Cash?

[danbel79]

To Pooler, I’ve spent the whole week going back and forth, trying to understand what happened. You can imagine how I feel. I’ve held Litecoin for a long time, but suddenly everything is gone. I checked my Chrome History, the time the LTC were taken and the time I installed the wallet…..it took about 10 seconds for the hackers to steel the LTC and LCC. Before, I had checked my wallet hundreds of times to check my balance. I never suspected I was being hacked. The only difference I see is that there is a new electrum-LTC … Could you help me with some questions:

1. Is there a way to find the ip from which my seed/wallet was accessed? As soon as I had introduced the 12 seed words, the LTC were gone 10 seconds after
2. Is there a way to find the IP from which the transactions were made? One transaction of 2399 LTC and the other of 50 LTC.
3. Sorry If this question may sound impolite, may anyone of the eletrum-ltc developer team be involved? Can they be trusted?
4. Is there a way you can monitor my wallet, or the wallets to which my LTC were sent to? Is there a way to get more information?
5. The time the LTC were taken and the time the wallet was installed are practically at the same moment. Any ideas of why? I keep thinking about the moment I typed in my seed, the LTC were taken instantly.
6. Can you determine if the LTC were moved using an eletrum-ltc wallet?
7. Do you think there may be some bug or problem with the blockchain or with the wallet? What happened to me can happen to more people. Do you know anyone or team that can help solve this? Thank you…

[pieman64]

@danbel79 you obviously know your way around PC's. From my profile can you please make contact with me as there are some issues regarding your plight that I would like to discuss.

[pieman64]

@danbel79 after the Windows 10 install did you install any antivirus software?

[Fiat2LTC]

"To Fiat2LTC, Yes, I installed the Litecoin Cash wallet a few day after it was made available, in March I think. But I never claimed my LCC. Is there any news about their wallet?" Yes I'm afraid the LCC fork was a known scam and various sources notices extra java packages in their LCC wallet binaries that were not present on GitHub. They appeared to be sneaky and only included this extra unknown code in a few LCC wallets, not all. Unfortunately it sounds like you were one of the unlucky ones

[pieman64]

@danbel79 published an article about your lost coins https://cryptodisrupt.com/how-did-litecoin-owner-lose-350000-worth-of-coins/

@pooler maybe software developers should put a fixed limit of say $10K on software wallets unless 2FA is included and a total maximum of $100K. Who really needs to walk around with a wallet with more than $10K in it?

[l0x]

Hi @danbel79 and @Fiat2LTC - Litecoin Cash dev here. Firstly, I just want to say how horrible this sounds, and I really empathise with your plight - we are planning on shortly releasing our own electrum fork (thanks to @pooler for his great work) so will be watching the development of this issue closely.

I'll keep this short as it's kind of OT and I don't want to mess up this ticket or get in the way of any potential resolution. Just to say that I think the characterisation of our fork as a known scam is a little unfair and might muddy the water a bit. The specific issue you are referring to (extra .jar files) was reported by a single reddit user, and was never able to be reproduced by any of us in the dev team, or any of our community members. I suspect that may be a red herring. Nevertheless, there were people out there trying to take advantage of the confusion and releasing malware wallets - we have taken every precaution possible to warn about these on our twitter and website, and our advice remains to check the checksums of any downloads with those on our website, and only use official software linked from there.

@danbel79 if by any chance you still have your original (Litecoin Cash) download file hanging around, perhaps you could provide or check the checksums, just to confirm what we are dealing with.

[pieman64]

@l0x have you thought about limits on the wallet you are developing? I know individuals have to take responsibility for their own actions but as a developer I would feel really bad if someone lost a small fortune by using some of my code.

[l0x]

@pieman64 It's something we've thought about, though don't necessarily think is the best way forward. Not wanting to muddle this thread with O.T. discussion, I won't say much more on the matter here, but have made an issue on our tracker (https://github.com/litecoincash-project/litecoincash/issues/14) if you would like to discuss further.

[pooler]

Is there a way to find the ip from which my seed/wallet was accessed?

I'm afraid not, but it may depend on how exactly it was stolen.

Is there a way to find the IP from which the transactions were made?

This kind of information is not stored in the blockchain, so one would have to actively monitor the network to find out from what IP a transaction was initially broadcast. There certainly are entities doing this kind of monitoring, but I'm not aware of public services providing IP data for Litecoin transactions. Also consider that the transactions may well have been broadcast from your own computer.

Sorry If this question may sound impolite, may anyone of the eletrum-ltc developer team be involved? Can they be trusted?

I am the only person maintaining Electrum-LTC.

Is there a way you can monitor my wallet, or the wallets to which my LTC were sent to? Is there a way to get more information?

Electrum is an SPV wallet. Communication with the Litecoin network happens via Electrum servers. To these servers the client sends its wallet addresses (to obtain transactions and balance information) and newly created transactions (so that they can be broadcast). There are several public servers, but one can also set up and use a private server. Some servers log IPs and/or activity, some don't. All these servers are independent and are not centrally controlled or monitored.

The time the LTC were taken and the time the wallet was installed are practically at the same moment. Any ideas of why? I keep thinking about the moment I typed in my seed, the LTC were taken instantly.

From the moment malware gained access to your computer, anything could have happened. Software running in the background could have used the Electrum API to move your coins, or maybe a keylogger simply harvested your seed and sent it to a remote server for further processing.

By the way, let me note that the timestamp displayed by Electrum for a confirmed transaction is that of the block in which the transaction was included. This is usually within a minute of when a block is actually found, and of course any included transactions must have been broadcast before that.

Can you determine if the LTC were moved using an eletrum-ltc wallet?

No.

Do you think there may be some bug or problem with the blockchain or with the wallet?

I don't think this was caused by a bug, but the code is freely available for anyone to review.

Do you know anyone or team that can help solve this?

I am sorry for your loss, but to be honest I don't think there is much that can be done at this point to get your coins back. Forensic analysis may help reconstruct what happened, but unless whoever is behind this made a serious blunder the chances of identifying them seem very slim.

[danbel79]

@l0x and @pooler Thank for your responding. I hope that by trying to figure out what happened, I don't stir up negative sentiment. Please understand I'm not a programmer, just an average PC user. I'm going to report the theft to the FBI. I don't know what they will ask, but I guess I need to present my suspicions. Besides my computers, routers, and LTC and LCC blockchain, etc. as evidence, is there any other information you may be able to obtain from the LTC and LCC blockchain, electrum-ltc wallet, LCC wallet, that could help?

[Fiat2LTC]

When I followed the transactions through the blockchain explorer briefly, whoever stole it sent hundreds of transactions in 110/120 ltc increments to hundreds of different addresses but they seem to potentially go back into the same wallet at the very end - potentially an exchange wallet.

I suggest you follow a few of these 110/120 transactions as far as you can go, and if it's all one exchange then the authorities can potentially subpoena the exchange for the identity of who took them. Thats why the blockchain is great, can follow everything to the endpoints.

[danbel79]

@Pooler Dear Pooler, first of all I want to apologize if at some point I was offensive with my arguments, but I beg you to understand my desperation to understand and recover my coins. I also want to thank you for your attention and development with the electrum-ltc portfolio. After doing several investigations, I think there is a high chance that the wallet was downloaded from the website electrumltc.org. I had the windows wallets from that site analysed by a programmer. We discovered that it sends the seeds 12 words to this address ip 111.90.149.131. I beg the community for any help . We will be very attentive .. We have been studying how the Litecoins have moved in the Blockchain, and we notice that they were sent to some wallets that, according to Chainz's explorer. belong to Bitfinex and Binance. In the end, the coins arrived to Wallet LTU2cds4aSdXFip9sV4gXphnhxGQjgfjmg. I would like to ask you from my heart to help from the whole community, to publish this information, in hopes that Binance and Bitfinex, recognize the Litecoins as stolen and take actions. From our wallet the coin passed through their systems. I remember when I started in the world of cryptocurrencies, Bitfinex was hacked for an amount of 60million dollars equivalent in Bitcoin, at that moment ...time flies. We are following the Litecoin and organizing all the information to let the cryptocurrency community know about the stolen 2,449 LTC (first 2,399 LTC and then 50 LTC). Between 2.29pm and 2.34pm on April 12, 2018, I may have installed a fake wallet and I entered the 12 seed words to setup my wallet. The malicious hacker then received the information and in 6 minutes executed the theft. I have added images of the tests that were made to the fake wallet.

LTC_Stolen_way.pdf

[pieman64]

@danbel79 have you contacted Bitfinex and Binance?

[danbel79]

@pieman64 Thanks, they take a long time to respond. However I just did it from my accounts of bitfinex and binance..If we managed to publish it in several media .. I hope that they are pronounced ..

[pooler]

@danbel79, no need to apologize. I'm sorry that there's not much I can do to help, but I'm glad that your investigation is progressing. Unfortunately exchanges are often not very helpful with these matters. If you really want to get to the bottom of it, you might have to get a lawyer involved. Also, if you haven't already, you should probably file a complaint with the police and/or the IC3.

[danbel79]

I always use Google Chrome for internet. So, I only searched my history in that explorer to look for evidence. Today, I just suddenly had the idea of checking my Mircosoft Edge history even though I never use it. And there it was... I found out that I had downloaded the electrum wallet from electrumltc.org. Looking back, it's obvious. When you recover Windows 10, the only explorer on the taskbar is Microsoft Edge. Of course, I used Microsoft Edge to start downloading the programs and the rest is history.

I also noticed that a Bing search of "Electreum LTC" returns electrumltc.org as the first option. I will report this to Bing to avoid other people falling in this trap!

I think this solves the question of "How the Litecoin were stolen?"

[pieman64]

Crypto Disrupt has posted a further article regarding the stolen coins. https://cryptodisrupt.com/google-and-bing-help-hackers-to-steal-your-crypto/

[davilez]

It's a matter of fact that there are still some people being stolen by this web site. I have a question for developer. Why don't you have doing anything? At least post a banner on the website avoiding people about pishing (it's not enough Hashing the file) because normal people (the most) don't understand that, PLEASE DO as myetherwallet did. In my opinion you have a good wallet but a bad website that make the people feel insecurity using your wallet and allow to foment a bad reputation of criptocurrencies. THERE IS A CLONE OF YOUR WEBSITE!!!

[pieman64]

@davilez I agree wallet developers need to do a LOT more to protect coin holders but adding a banner about the phishing site is only part of the answer. For some people a web browser search will bring up the fake site and they will never get to see the banner on the real site. Even MEW had problems this week with the DNS attack. That's why I think a hard limit should be set for all digital wallets as most of them have lost funds at some point.

[pooler]

It's a matter of fact that there are still some people being stolen by this web site. I have a question for developer. Why don't you have doing anything?

I've already reported the malicious website to the registrar and the hosting provider, as well as to search engines. The registrar responded that it is not their place to determine if the website is engaging in illegal activities, and suggested contacting law enforcement. No response from the hosting provider so far.

At least post a banner on the website avoiding people about pishing (it's not enough Hashing the file) because normal people (the most) don't understand that

A notice on the website would be ineffective, as has already been remarked, and in particular it wouldn't have prevented what happened to danbel79. Moreover, keep in mind that the official website can be hacked too (in fact, it has already happened in the past, due to an attacker exploiting a vulnerability in the virtualization software used by the hosting provider), so downloading from there is not a sufficient guarantee of safety.

This is why it is so important to verify digital signatures. If you're going to trust your money to an application, verifying the authenticity of the application should be a rather important step of the process. I agree that most people probably don't understand signatures, but this doesn't change the fact that it's the only way to ensure that a file comes from a trusted source. Developers have been trying to educate users on this point for quite some time.

[pingram3541]

This is why it is so important to verify digital signatures.

Yeah but one major problem here is that if they are already on the wrong website, via search engine, dns hack or whatever, the checksums are not a safe bet because they too can be changed to match the malware and otherwise seem legit.

Personally I've made a choice to never be in a hurry. If I download a wallet, I try my best to verify the source was legit and check sigs/shas and if possible verify those also match any git or other dev sources where it may also be posted publicly AND then I sit on the download for a few days at least before moving forward just to ensure I am safe from bugs (my initial reason) but also any security flaws/vulnerabilities that would almost immediately be reported by the community. Yes, I let others taste the food first to see if it's been poisoned =)

I realize this is probably overkill but as a developer myself, I know all too well that the bad guys are often much more motivated to than the good guys...or often go completely around the "good" guys via the help of the "dumb" guys that have too much power, ie registrars/hosts/indexers/dns providers using customer service agents that know zero about how this stuff works not to mention often easily tricked. Most websites can have their DNS hijacked via a simple convincing phone call to a provider or a hacked email account and happens more frequently than most people know.

Lastly, by simply making things difficult you can protect yourself also because there is always a fresh crop of unsuspecting victims, i.e. low hanging fruit. If you ensure don't fall into this group, you add some security through obfuscation, ie. 2fa, requiring multi-sigs, hardware wallets, using a non-production/desktop environment that doesn't get user software installed on it or used for browsing on the internet.

[pieman64]

@pingram3541 how would you feel about a hard cap $10K limit per coin on a software wallet?

[pooler]

This is why it is so important to verify digital signatures.

Yeah but one major problem here is that if they are already on the wrong website, via search engine, dns hack or whatever, the checksums are not a safe bet because they too can be changed to match the malware and otherwise seem legit.

Do not confuse checksums with digital signatures. Checksums can only be used to verify integrity, not authenticity, so basically they only protect you against accidental transmission errors. To produce a valid signature of a modified file, on the other hand, a malicious actor would have to somehow gain access to my private signing key, which needless to say is not stored online.

[pinternetz]

how would you feel about a hard cap $10K limit per coin on a software wallet?

Why would you need this? This is also not possible to implement.

[pingram3541]

@pingram3541 how would you feel about a hard cap $10K limit per coin on a software wallet?

Nah. Not a big fan of restrictions.

@pooler - Many people aren't that intimate with the project to recognize the signature links removed from the cloned site or maybe even serve up their own rendition of the key check how-to page and using a similar registered email address, and like Andre says, the only way to know if a key that one is checking with is legit is by meeting the dev in person, again unless they already know what is proper and what isn't, and of course many won't.

[pooler]

Many people aren't that intimate with the project to recognize the signature links removed from the cloned site or maybe even serve up their own rendition of the key check how-to page and using a similar registered email address

It is clear that one should not trust notices and instructions from a single website, not even if it's an "official" website. Users should be aware of the risks and know what to do before arriving at the website. As idealistic as this may sound, I don't really see a way around it.

the only way to know if a key that one is checking with is legit is by meeting the dev in person, again unless they already know what is proper and what isn't, and of course many won't.

I have to disagree with that. Things are not quite black and white, and everything depends on one's level of paranoia. Even meeting in person may not be sufficient to establish authenticity with absolute certainty (how would you know it's really me, and not some impersonator?). But I do believe that it is possible for users to establish, with a reasonable level of confidence, whether a given signed file really comes from the entity that the Litecoin community calls "pooler". First of all, new users should take care to verify that this entity is really supposed to be in charge of maintaining Electrum-LTC (clues can be found on forums, on Reddit, on cryptocurrency-related websites, etc.). Then, one must make sure that the signing key in question is authentic. You could verify, for instance, that it is the same public key present in the git repo of the project. And of course you could leverage the web of trust.

I'm not claiming that this process is easy or user-friendly (it is not), but it seems more than reasonable to me considering that Electrum is free open-source software, and you're about to trust it with your money.

[pingram3541]

@pooler thanks for such a detailed explanation and yes I agree, the only way to know for sure, even the in-person part, is to have already established a account of what/who is legit. Knowing your name and your proper email address is required otherwise one is just following whatever steps said web site provides to an unsuspecting victim. I've since taken a screenshot of the key-check page hoping that information doesn't ever change through the life of the project otherwise it'll raise a flag to check deeper before moving forward, ie dev changed hands or some other legitimate reason.

[raymondcarl]

This story sucks. Tried to find the issue, but there was a previous issue that sounded very similar and the guy thought he downloaded from the official website or repo. 1 root problem is that verifying signatures and checksums is not straightforward for the average user. It has been on my list for a long time, but I really want to add the instructions on the front page MD file so that users can see how to check signatures and checksums everytime. OTOH, that wouldn't have helped in this case because he went to a malicious site......

I like the concept of MyEtherWallet, but I thought it was bad juju. So many people have gotten burned by going to malicious lookalike sites. For this specified attack, I really don't see anything you could do other than take down the Electrum webpage and force people to come to github? Even then, I*m sure malicious repo's will emerge, but should be at least a reduction in these cases.

@danbel79 deepest sympathies for what happened to you. Makes my stomach hurt reading your story. Hope you get your coins or recover from this....

[GrimFandango92]

Marvellous. Just great. Seems I got screwed too; I'm the 5.06831644 on the same address:

https://chain.so/address/LTC/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG

The explanation makes sense. After reading this I checked my history and no record of it. Then I recalled that in an attempt to be overly paranoid, I recently installed a Hyper-V VM from scratch, downloaded the appropriate wallet clients (or so I thought), checked checksums, disconnected it from the internet, presumably not bothering to change the default Edge & Bing it threw at me, generating wallets backing up the private keys and then reverted a snapshot back to the initial install and then moved on with my day.

Besides the initial internet access, I thought I was safe and being careful, at the time I thought overly so, but seems there was a fundamental flaw in my plan.

Thanks a ton Bing.

Perhaps I should have cross-referenced the official website across 5 different independent sites, Tracked back DNS records against multiple servers and check historic data to make sure they hadn't changed IPs in recent history (DNS hijacking), downloaded the source code, read through and understood every single line of code contained within before compiling within a perfectly contained, clean and disconnected environment before transferring, but unfortunately, I didn't.

At 5LTC, it doesn't break the bank and it's not a massive deal, but it does hurt. Did you ever end up making any progress on this danbel? I understand how crypto works, and it's for this very reason that I understand I made a mistake and I've likely got to pay the price for it and nothing can be done. If I fell into this trap, woe on average starry eyed non-IT Joe with idealistic beliefs about how the technology will change the world.

Guess it's time to format and reinstall, get my money out of the rest of my wallets and either throw in the towel or stop being a cheapskate and invest in a Ledger and trust whatever closed-source code they put on that... How paranoid have you got to be?

[pieman64]

To wallet developers: if you seriously think limits can't be applied to a wallet you perhaps shouldn't be developing wallets at all.

All you have to do is receive all funds to the wallet, check total wallet value and siphon off the excess funds to a hard coded address.

Suggest you use a lookup table of average salary in users location and set at a maximum of 3 months salary. User can overwrite hard cap if they go through hoops and acknowledge it's probably only a matter of time before a hacker empties the wallet.

[GrimFandango92]

To wallet developers: if you seriously think limits can't be applied to a wallet you perhaps shouldn't be developing wallets at all.

In this scenario, it involves someone taking open-sourced software, modifying the source code, compiling and registering under a fake domain name similar to the original, and then employing advanced SEO to get it listed above the real site on Microsoft's crappy search engine.

Let's say the devs implemented your proposed changes; considering the above scenario, how does that stop this person in question from taking that clause out of the source code (he obviously has some coding background for the changes made) and removing that chunk of code? I don't blame the Electrum-LTC devs for this; as much of a sour taste for Electrum-LTC as this leaves in my mouth, it's not their fault.

There's little protecting against this short of blacklisting domains and taking them down at the registrar level or proactive work from Microsoft and/or Bing to get them delisted.

[GrimFandango92]

Or good old fashioned tracking of the domain registration to nail this bastard to a cross.

[pieman64]

@GrimFandango92 the "$10K hard cap" is to prevent life changing hacks. No offence but your 5 LTC is not on the same scale as 2399 LTC. Software wallets don't need to have more than $10K in them, period. Presently hackers know that some wallets contain millions of dollars and therefore spend a lot of time and resources gaining access to them. Software wallets are not safe, simple as that. With $10K limits hackers would return to hacking fiat accounts.

[GrimFandango92]

Oh, I couldn't agree more. No disrespect taken, and I'll be the first to admit my life is not fundamentally changed by this other than a little more distrust, so I'm not belittling the OP's experience with my comparitively minimal loss. My heart goes out to him - I can only imagine how he must feel; his is just awful.

I understand your reasoning and that argument may have its place for other cases of breaches or vulnerabilities within the Electrum-LTC code, but for the purposes of this discussion and for the attack vector used, the argument is academic. The original Dev's code wasn't run, or this wouldn't have happened in the first place.

For what little result it's likely to produce, I've reported this to Action Fraud (https://actionfraud.police.uk/) in the slim hopes I can at least contribute to it not happening to anyone else.

[GrimFandango92]

Basic further investigations done. I will chronicle further updates on https://www.reddit.com/r/litecoin/comments/8jfe0e/scam_alert_httpelectrumltcorg_is_a_scam_version/

[danbel79]

The hacker moved the money ... and I use the exchanges bitfinex and binance of 100 ltc in 100 ltc .. To then be changed to BTC ... I am an idealist of cryptocurrencies ... But illegal actions should not go unpunished, as long as that is the case .. Regretting the fiat money a lot .. has better support ...

Binance and bitfinex, allow any person to move, good amounts of money .. without anyone demanding money laundering ... Poloniex only lets withdraw 2500 usd a day, for new accounts .. But there is a verification process .. .. Thanks for helping me .. I handed the case to the authorities, but I still have no answer ... Bitfinex replied that he is waiting for an official email ... But he confesses that the money is no longer with them ...

The page electrumltc.org .. now redirects to the official website ... of electrum-ltc curiously

[pieman64]

@GrimFandango92 just trying a new URL for your Reddit post as the other one fails. https://www.reddit.com/r/litecoin/comments/8jfe0e/scam_alert_httpelectrumltcorg_is_a_scam_version/

[GrimFandango92]

You're a star - thanks mate! :)

Wow... You're absolutely correct... With that being said, it looks like www.electrumltc.org is CNAMED to electrumltc.org and electrumltc.org is still pointing to the same IP you mentioned, 111.90.149.13. Yet if visiting from a web-browser, it redirects you to www.electrum-ltc.org. While still pointing at their webserver, it seems it has a redirect on Apache; must have done this to take the heat off them when the article broke.

Good to hear from you and I'll let you know if I hear anything from my end - just had an automated response that I'd get a reply back within 28 days today - nothing terribly promising.

[raymondcarl]

@danbel79 Any updates on your attempts to contact the exchanges?

[GrimFandango92]

Upon my last contact from Danbel by PM after tracking down an e-mail for him, he'd gotten responses from both BitFinex and Binance that they were happy to co-operate with Law enforcement but he'd not had much luck from the FBI on this. This was a month ago.

I found my experiences of contact with the Exchanges to be similar; BitFinex seemed much friendlier and happy to help, but naturally, they'll only supply information/work with Law Enforcement.

My relatively minor loss has resulted in no effort from Action Fraud as of yet; just a generic "We're continuing to look into this." e-mail received today.

With that being said, BitFinex were kind enough to elaborate that while most funds had been drained, the accounts in question still containing minor funds had been frozen upon "other reports" (danbel, I presume) of fraud on the account.

Not holding my breath and I've come to terms with it as a hard lesson to swallow. Was sorely tempted to pop on my black hat, but I ended up deciding to (in hindsight, perhaps a tad optimistically) leave it in law enforcement's hands and avoid it coming back to bite me in the backside.

[pluv242]

A bit out of topic. Where should we report this sort of thing? FBI? Local law enforcement in the place we live? I too got hacked in poloniex and polo doesn't share any info to me.

[pluv242]

I noticed that http://www.electrumltc.org////////////////// (the fake site) does not have secure logo. That is the main different. I added a bunch of //// so the guy don't get link. I reported to google too.

[pluv242]

Google still list the fake site

[pluv242]

Who is the hosting provider? It seems that the hosting is very defensive in defending the scammer. What is it?

[GrimFandango92]

Interesting... It did get taken down, but sounds like they're at it again.

Guess that depends primarily where you live and the extent of the damage.

Personal experience was a "couldn't give a damn" attitude from the local police, Action Fraud, BitFinex & Binance.

Judging from your question, I'm guessing US, so FBI may be a good shout it it's a substantial amount of money, but others may be better qualified to answer.

If your experiences are anything like mine have been this end, law enforcement won't give a rat's ass over small amounts of money. Good luck, and sorry to hear about the misfortunes!

[GrimFandango92]

I did my homework at the time to hand over on a golden platter (not that it got read or made the slightest difference) but details should be above.

I contemplated initiating an attack, but probably more trouble than it's worth and it's a shared webhosting platform from an outside glance with a litany of complaints and blacklists for scam websites.