We had a user yesterday report sweeping a private key in ElectrumSV and the coins being stolen and mixed within 10 minutes. The only problem is they were using the latest version of ElectrumSV (1.3.7) and there is no known fake/malware version of that release yet. So this implies that they must have been hacked by some really proactive hacker or malware lurking on their computer.
However, one thing you may not be aware of is that I removed the ability to sweep coins in the move from ElectrumSV 1.2 to 1.3, so if they swept these coins they didn't do it in ElectrumSV. The user did not answer questions investigating this. While we can rarely prove any given statement is true or false that our users make when they report stolen coins, I often find there are red flags like this. The most likely explanation is that this user did lose coins but they did so by using some other dodgy software they shouldn't have entered the private key in (there is an issue for Electrum Core where a user did this too). Knowing that the malware author is not an avenue for help, they seem to have identified the latest release of ElectrumSV and claimed they lost the coins in it in order to get some assistance.
However, we have to take the user at their word and assume that they have been hacked. But if they did contrive their report to gain assistance this undermines our understanding of real issues with ElectrumSV and leads us to believe things might be happening that are not. It makes it harder for us to take the real users who lose coins at their word. If you use software you download from a random web site and it steals your coins, please just come to us and tell us through our github issues page. We can document it and collect cases like this, and help others work out the range of possible scams they might encounter.
-- rt12
We had a user yesterday report sweeping a private key in ElectrumSV and the coins being stolen and mixed within 10 minutes. The only problem is they were using the latest version of ElectrumSV (1.3.7) and there is no known fake/malware version of that release yet. So this implies that they must have been hacked by some really proactive hacker or malware lurking on their computer.
However, one thing you may not be aware of is that I removed the ability to sweep coins in the move from ElectrumSV 1.2 to 1.3, so if they swept these coins they didn't do it in ElectrumSV. The user did not answer questions investigating this. While we can rarely prove any given statement is true or false that our users make when they report stolen coins, I often find there are red flags like this. The most likely explanation is that this user did lose coins but they did so by using some other dodgy software they shouldn't have entered the private key in (there is an issue for Electrum Core where a user did this too). Knowing that the malware author is not an avenue for help, they seem to have identified the latest release of ElectrumSV and claimed they lost the coins in it in order to get some assistance.
However, we have to take the user at their word and assume that they have been hacked. But if they did contrive their report to gain assistance this undermines our understanding of real issues with ElectrumSV and leads us to believe things might be happening that are not. It makes it harder for us to take the real users who lose coins at their word. If you use software you download from a random web site and it steals your coins, please just come to us and tell us through our github issues page. We can document it and collect cases like this, and help others work out the range of possible scams they might encounter.
-- rt12