I see, so it was a daily driver.
1. Did you use Sparrow to create the hot wallet?
2. Were you running against your own node?
Discussion
I used sparrow to create the seed. I am running my own node. And yes. Basically a daily driver.
Before you reformat you might consider running clamav, rkhunter, and chkrootkit to sniff out the exploit. I'll zap you for 10,000 if you can manage to surface it.
I will do my best but like I said, I’m not a computer person. I ran clam and it didn’t pick up any threats. I’m work on the other two now.
I could find anything. I ran clam through the entire disk and it came up with nothing. TBH I could figure hunter after install. And I ran chrootkit and it came up with nothing. Thank you so much for your time and help.
#[7] when a user creates a hot wallet using Sparrow, it calls out to #Bitcoin Core, correct?
Even if the user moves their wallet sparrow file to a microsd, doesn't the #Bitcoin Core wallet remain residing within #Bitcoin Core's system storage unencrypted?
Now that it is all guarded with a HHW air gapped. Should I still wipe the wallet off the new machine?
Did you create a brand new wallet offline using a cold device? Be sure that devIce never gets connected to the internet. I recommend reformatting the compromised machine. Install Sparrow again after and only use that machine for managing your savings.
I have a dedicated machine for my wallet now. Yes, the wallet was created offline and will NEVER be online. I’m going to reformat the compromises machine anyways just in case who ever it is can’t attack anything else.
On all your Linux machines:
1. Enable firewall.
2. Install, run, and learn Opensnitch (it's easy).
3. Periodically run clamav, rkhunter, and chkrootkit.
Desktop operating systems by default trust the network too much; the above will help you verify, instead.