And here is the thief's address: https://blockchain.info/address/1GRHnZddSkHdgGenKFYgH4fUc6JoomRuCN

How did you find those websites?

I've filed reports as a user of namecheap.com to have these domains shutdown:
electrumdesktop.org
electrumbitcoin.org

thanks @cluelessperson
@EagleTM can you have a look?

The binaries don't match the PGP signature and are very likely malicious (either immediately sending all coins to the attacker address, or just always replacing the recipient address as the attacker's when coins are sent). Alternatively, it could be that some malware is included, but that'd be less reliable hack really. I've reported the URLs and binaries as malicious to google and f-secure.

Here is a prime example why verifying the PGP signatures is so important. If you're going to trust that much money to an application, verifying the authenticity of the application should be rather important step in the process.

I have also notified namecheap of the abuse and asked them to block the domains. I have done this for mis-typed domains two weeks ago and it took them a week to respond, I hope they are quicker this time.

The scam website was coming from Google Ad service. It list on the top instead of original ‘electrum.org’
Could I ask google ad to take responsibility for my lost?
By the way. Could u guys give me advices how to take my stolen btc back. We know the scam malware website. Is there any way to find the publisher?
I called police already

@hlissnake not sure if you can ask google to take responsibility.
if you try, I am pretty sure you need to file a police report first.
in any case, let us know.

That is the Google Ad show here. Really bad luck yesterday.
I got police report first, will try let lawyer contact Google Ad team then.

Is there any way to find the publisher of those scam website? So I know who I will let police to follow

Thank you, guys.

Is there any way to find the publisher of those scam website?

Not for you but maybe for the police. They can try to get user data from namecheap, qhoster.com or Google AdWords. I think only Google will have any details though, namecheap and qhoster.com both allow payments through Bitcoin which was probably used in this case.

@piru @bauerj thank you very much
Could I ask if there is some advice for me to do to chase back my lost?
Police sometimes is not so fast

Thank you!

@hlissnake
I'm afraid there's very little hope for getting your money back.

But if we know the scam website, so there is a way to find the publisher right?

@hlissnake
No doubt the website has been paid with a stolen or prepaid credit card and a fake identity. So even if you would get past the whois guard I doubt you'd be any smarter. Even if you'd find out the true identity of the scammer, they could well be in a different country (russia or somewhere around that area would be my guess)... so, frankly, you've lost your coins.

An interested thing here:
I've followed the thief's transaction flow. And finally found my balance has been flowed into this three address:

https://blockchain.info/address/1BvTQTP5PJVCEz7dCU2YxgMskMxxikSruM
https://blockchain.info/address/12cgpFdJViXbwHbhrA3TuW1EGnL25Zqc3P
https://blockchain.info/address/1NoHmhqw9oTh7nNKsa5Dprjt3dva3kF1ZG

https://blockchain.info/address/17A16QmavnUfCW11DAApiJxp7ARnxN5pGX

They are all such a huge amount bitcoins address. Is that possible that they are exchange service account?

Namecheap has disabled the domains in question now

NQX-949-24320

----- snip ------
Hello,

Please be informed that the following domains have been suspended:

electrumdesktop.org
electrumbitcoin.org

Thank you for the report.
----- snip ------

Nice! That was quick.

@EagleTM
Could u please forward me the whole message or email from Namecheap?
As I need police or lawyer to get envidence for my scam case.
These sites has been closed so Quickly doesn’t benefit for get envidence
Thank u

@hlissnake : Sure, I believe we're in communication via [email protected] if not please mail there and i will send it

This is terrible, I hope you get your coins back!