Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have a message flaw that allows an attacker to send update prompts through a malicious ElectrumX server. This update prompt is very confusing for the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more. This captured currency theft attack is not stealing the private key (electrum's private key is generally stored with two-factor encryption), but replaces the transfer destination address when the user initiates the transfer. Slow fog reminds users that when transferring money, special attention needs to be paid to whether the destination address is replaced, which is a very popular method of currency theft recently. It is also recommended that users use hardware wallets such as Ledger, and if you pair it with Electrum, although the private key does not have any security issues, you should also be alert to the replacement of the destination address.
electrum payment alert
According to Bleeping Computer, the BTC wallet app Electrom accused a phishing product called Electrum Pro of stealing a user's seed key on May 9 on GitHub and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from BTC URLs managed by Eletrum Pro.
Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.
Electrum uses less storage space and less bandwidth, but it also relies on other servers to process payment information, making it vulnerable to hackers.
According to Reddit user u/normal_rc, electrum's wallet was hacked and nearly 250 bitcoins (243.6 BTCs, nearly $1 million) were maliciously stolen, according to coinelegraph. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
According to the dimensionality reduction security laboratory (johnwick.io), hackers launched a denial of service (DoS) attack on the well-known wallet Electrum server. The hackers used a botnet of more than 140,000 computers to attack Electrum nodes and deployed malicious nodes at the same time . When users connect to these malicious nodes and use the old version of Electrum to send transactions
Earlier this month, Electrum detected a DoS attack on its network, allegedly launched by a malicious botnet with more than 140,000 machines, designed to provide Electrum to users.
Poloniex launches trading pairs for USDCs in XRP, LTC, ZEC and other currencies.
According to Bleeping Computer, the Bitcoin wallet app Electrom was on GitHub on May 9th, accusing a phishing product called Electrum Pro of stealing a user's seed key and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from Bitcoin URLs managed by Eletrum Pro.
According to news on Reddit on December 27th, Electrum's wallet was hacked and nearly 250 bitcoins ($937,000) were maliciously stolen, coinelegraph reported. Electrum later confirmed that the attack included creating a fake version of the wallet and tricking users into providing password information. Reddit user u/ normal_rc that hackers set up a large number of malicious servers. Electrum responded on Twitter today that "this is a persistent phishing attack against Electrum users" and implored users to check the effectiveness of the resources they log on to.