Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade alerts. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
Electrum is a popular software wallet that works by connecting to a dedicated server. These servers receive a hash of the Bitcoin address in the wallet and reply with transaction information. Electrum wallets are fast and have few resources, but by default, it connects to these servers and can easily monitor users. In addition to Electrum, some other software uses public Electrum servers. By 2019, it is a faster and better alternative to BIP37.
Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to The Devi Security Lab. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the client carrying the backdoor. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.
Star Daily News Bitcoin Wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python. (Cointelegraph)
Electrum to Web Wallet.
In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack. This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials said they would adopt some security mechanisms to prevent this kind of "update fishing", such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the older version (less than 3.3.4), and the older version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. Finally, identify electrum's official web address.
Electrum Bitcoin Wallet is the safest wallet available today. Let's talk about it.
Bitcoin wallet Electrum now supports Lightning online payments, according to Coindesk on July 11. It has previously been reported that Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, adding support for the Bitcoin Lightning Network.
Qtum Electrum is a Qtum desktop light wallet modified from the well-known Bitcoin wallet Electrum. Compared to the current Qtum Core full-node wallet, Qtum Electrum takes up less disk space and takes less time to synchronize chunks, supports multi-signature and hardware wallets, supports cold wallet mode, supports the import of mnomes into mobile wallets, and uses SPV authentication to ensure security.
Malicious wallet software: A wallet software that sends a private key to a central server to steal the victim's coins. "Electrum Pro" is a notorious example, however.
Wallet Qtum Electrum
Users of Bitcoin wallet Electrum are currently facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install the backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade alerts. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, which supports the Lightning Network.
You can download electrum Bitcoin Wallet on the official website "electrum.org". Electrum is also available to users of Ledger Nano S, KeepKey, and TREZOR hardware wallets.
In addition, small partners who have used Electrum wallets should be aware that with Thecret phrase generated by Electrum, we can recover bitcoin keys on any browser using the Bitcoin Wallet web tool. And Electrum is so secure that there is no evidence that the distributed attack prevention system designed by Dark Wallet will be due to Electrum.
Now, a lot of people are looking for alternatives to ElectrumX (original version), so we think this is a great opportunity to introduce some new options for running Electrum servers. Of course, we'll focus on Blockstream's Esplora, an open source blockchain browser bundled with a highly scalable Electrum server.
Run your own Electrum server.
The cryptocurrencies wallet Electrum was hacked and lost 250 bitcoins.