As of press time, phishing attacks that forged Electrum upgrade notifications have stolen at least 1,450 BTC (the number stolen is officially counted by a user, anti-malware companies Malwarebytes and Electrum), with a total value of approximately $11.6 million. It is worth mentioning that Electrum versions lower than 3.3.4 are vulnerable to such phishing attacks. Users who use Electrum wallets should update to the latest version Electrum 3.3.8 through the official website (electrum.org). At present, v4.0.0 has not been officially released. Version, please do not use the link in the prompt message to update, so as to avoid loss of assets
electrum multisig transaction
(Optional) Check multisig status.
The general server is configured as a minimum of 2-core cpu4G memory 50G ssd hard drive, the system recommends 64-bit ubuntu 16.04 operating system.
The ID of the transaction is generated offline and can be obtained as soon as the transaction is constructed and signed;
Thomas Voegtlin, founder of electrum, a cryptocurrencies wallet service, said he plans to increase support for Bitcoin Lightning online trading technology by the end of July. He said the transaction would be conducted by electrum servers interacting with the Bitcoin network, rather than integrating with other Lightning network clients. Lightning Network is a Layer 2 expansion technology under development with the goal of faster payments, lower fees, and higher transaction throughput than bitcoin networks, and several Lightning network projects are currently developing iterations.
The collaboration of several miners to complete the transaction confirms that the miner's capacity is extremely weak and may only affect the double-spend ruling and the time of confirmation of the transaction, and there are no other substantive rights.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
According to Bleeping Computer, the BTC wallet app Electrom accused a phishing product called Electrum Pro of stealing a user's seed key on May 9 on GitHub and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from BTC URLs managed by Eletrum Pro.
Chain News, lightweight Bitcoin Wallet Electrum announced that the next version will support Lightning network payment, implemented using Python, Electrum as a Lightning network node, wallet users do not need to run lightning network nodes to make payments, electrum lightning network nodes have been merged into the Electrum master branch.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.