The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extensions. This leads to an attack on Electrum, and Trezor is affected.
electrum yellow triangle
On December 27, Reddit user u/normal_rc reported that Electrum's wallet had been hacked and that nearly 250 bitcoins (243.6 BTCs, nearly $1 million) had been maliciously stolen, coinelegraph reported. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
Electrum is a well-known light wallet for Bitcoin that adds new features such as server authentication using SSL to prevent MITM attacks. So unlike other Bitcoin light wallets, Electrum cannot communicate directly with different versions of Bitcoin full nodes, and each startup connects to electrumserver to communicate, and electrum.
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.
Bitcoin Wallet Electrum releases Selectrum 4.0 beta support for the Lightning Network.
Click to get the Electrum Personal Server source code and the Electrum Wallet source code.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 184.108.40.206. If you are running an earlier version, update your software.
January 19 (Xinhua) -- Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni), according to the Slow Fog Security team. Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
In fact, the fact that users don't end up using the same Bitcoin address is the "best experience" of using Bitcoin safely, which is one of the reasons why Electrum and other clients provide multiple Bitcoin addresses to send or receive utxos (meaning unspent bitcoins).
Click Next." "Your Electrum Bitcoin wallet is now available!"