I set up a multi-sig wallet with Electrum back in 2023. It was a 2 of 3 setup, so I needed signatures from 2 different wallets to make any Bitcoin transactions happen.
But on February 12, my computer got compromised. Some Bitcoin from a couple of my wallets ended up getting moved, and I have no clue how that happened.
The three wallets that had the signing authority were untouched, so no crypto was lost from those.
Here's my Bitcoin address:
bc1qcuevd4xqrqdhxwde83m6tp4hn25lsedq27vk43l7ycklnk2lhytq56mr3t
And the transaction ID:
717707e28521e352e02b91c86701442dabdea53920b2cabc5e2127fa3b441254
Is it really possible for a multi-sig wallet to be hacked without touching the three wallets that were used to sign?
Oh, and just so you know, one of those wallets is a Ledger.
No if the script is correctly generated and each cosigner Electrum wallet only contains one master extended private key and two master extended public keys.
But your MultiSig only requires two signatures based from that address' witness script so the hacker only needed two wallets (either already contains the extended public key of the third):
(there seem to be nothing wrong with the script so it's hacked through the private keys or seed phrases)
Is one of the MultiSig wallet cosigner in that hacked computer?
How many master private keys/seed that the MultiSig wallet contains (remember when you created it), excluding the Ledger wallet cosigner?
If you can't remember, you can see by removing the wallet's password and by opening the wallet file 'as text', check if it has two master private keys or seeds under "x1", "x2" and "x3".
Also, where do you store the cosigners' seed phrases?
But how about the cosigner keys/seed phrase when you setup the MultiSig wallet?
How did you set the cosigner 2 and 3 during wallet creation, there are options there to either put a master (private/public) key or seed:
If "Cosigner seed", and you pasted your Exodus and Trust Wallet's seed, then the hacker can just use that MultiSig wallet to spend without needing your Ledger device to cosign.
If "Cosigner key": Did you pasted your Exodus and Trust Wallet's (master) extended public key or (master) extended private key?
If the latter, then it's the same as putting the cosigner seed, the MultiSig wallet isn't properly setup, it's a MultiSig wallet already capable of providing two of the required signatures.
If the former, then it's something else, probably compromised backup seed phrases.
Let me get this straight: did you use existing funded wallets to create a multisig, and those wallets still have funds while the multisig got emptied? In that case you'd better move your funds to a new secure wallet before the attacker realizes he left something behind!
I'm quoting your post from another topic here:
It sounds like you even had paper wallets on an online system, instead of using cold storage for them.
So those wallets were on different devices? Any chance you stored the seed words on your computer? If multiple wallets on different devices "get hacked", you must have had more than one device compromised. Could someone have gained physical access to your devices?
I can not help you to figure out why you lost your bitcoin and can not help you recovering it. Remember Bitcoin transactions ar3 irreversible.
I only can warn you about Exodus wallet and Trust wallet, they are close source wallets and you know, with Bitcoin users close source wallets are not recommended.
Exodus wallet was compromised months ago but let me check.
https://www.publish0x.com/crypto-champion/metamask-and-exodus-hack-shock-the-crypto-world-xyqvopr
I'm guessing this is the answer, thanks
Yes, i thought paper wallets were cold wallets. As long as you protect the private keys, then they were bullet proof. The Bitaddress.org wallets were as they were not hacked. That the segwit ones were not bullet proof. The ETH paper wallets were from Metamask i think and as old as the 7 year old bitaddress wallets.
So moving everything with value to Ledger and Tangem
Mod note: Consecutive posts merged
That was an unsatisfying response IMO.
Please at least indicate which is the case so this thread's issue can be sorted-out for reference and warning to others who may have created the same unsecure setup.
But based from "guessing" word,
I'll just assume that you can't remember how you created the wallet and you either used the "seed" or "extended private keys" to setup the cosigners.
BTW, that assumption can be confirmed by manually checking the wallet file's keystore (instructions in my first reply).