Security: mobile phone verification, real-name authentication, Google two-factor authentication security, Bitcoin asset storage multi-signature cold wallet, to maximize the security of user funds.
two-factor authentication or multi-sginature electrum
In August-September, Bitcoin wallet Electrum was hacked twice, and according to multiple sources, at least 1,450 BTCs worth $11.6 million were stolen from phishing attacks that faked Electrum upgrade tips.
Secure protected accounts, two-factor authentication. Prevent DDoS and TLS encryption attacks.
Klee uses the Electrum system to store more than 1,170 bitcoins. There is no cold storage, no two-step verification (2FA) set up, and no Bitcoin Trezor-like devices. All bitcoins and future coins were stolen because security was not done well. He stores all his passwords in a plain text file and then in the Dropbox folder on his iMac. There is no encryption. And the password was not changed after the Heartbleed security vulnerability issue occurred.
At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Electrum upgrade tips, with a total value of approximately $11.6 million.
Electrum is a software wallet, which means that Bitcoin is stored in an encrypted file on our laptop or computer.
Reddit user u/normal_rc: 'The attacker set up a lot of malicious servers. Once a user's Electrum wallet is connected to these servers, they see what appears to be an official message when sending bitcoin transactions, telling them to upgrade the Electrum wallet, which actually contains a fraudulent URL.
Send the coin to another wallet for long-term bitcoin storage. There should be a full node behind the wallet, such as the Electrum node pointing to your own Electrum server.
Electrum used to be a development team that was responsible for driving early Sandworm activities, but in the CrashOverride event, it also held development and operational roles. According to the data, electrum caused a major power outage in Ukraine in 2016 with the ICS malware CrashOverride, however, because Electrum is also described as an organization that "can develop malware and ICS protocols that can modify the processes of electrical devices", the organization does not rely on exploiting vulnerabilities or zero-day vulnerabilities, but exploits common exploits and methods to launch attacks. For example, the organization used Microsoft's database server as a gateway to commercial and industrial control networks, successfully breaking industrial control systems and using stolen credentials to execute code. As a result, Dragos believes that Electrum is one of the most capable and complex threat groups in the ICS industry today, and in its report, it highlights that "North American power companies should view Electrum as a serious threat." "
The problem was not fixed. So he had to contact Electrum to highlight the urgency of the issue, and Electrum released Emergency Response Version 3.0.4 a few hours later.