The text also explains that the implementation "relies on the Electrum server to query the channel state." In this regard, he added, "users must use servers they trust" because the server throws error messages about the state of the channel.
can you trust electrum server
Left: Ben El-Baz, right: Dmitry Kalichkin.
In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client to force an update prompt to pop up when a user transfers money, inducing users to update and download malware to carry out a currency theft attack. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qc... p2kny has stolen more than 30 BTCs for six months and has been active recently. Slow Fog alerts Electrum users to update prompts, the new version of Electrum in this update prompt is likely to be false, if installed, please promptly transfer Bitcoin out in another security environment. At the same time, slow fog called on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. This update tip is a phishing attack by an attacker who exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and according to incomplete statistics, hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials have said they want to adopt some security mechanisms to prevent this kind of update fishing, such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the old version (less than 3.3.4), the old version is still under threat, but slow fog does not rule out that the new version will have a similar threat.
Ledger Nano S Out of The Box Test 2 -- Add digital assets.
It's not hard to run your own Electrum server and point your wallet to just use it. This restores Electrum to the point where it has the same privacy and security attributes as the full node, where no one else can see the address or transaction that the wallet is interested in. Electrum then becomes an all-node wallet.
When the request is approved, a specified number of tokens are written off from the built-in Ethereum wallet. Sell tokens at the current exchange rate and withdraw funds to the company's bank account. Transfer funds from your BCharity bank account to the bank account details you provide.
According to ZDNet, Google has removed 49 Chrome extensions from its online store, disguised as legitimate cryptocurrency wallet apps such as Ledger, MyEtherWallet, Trezor, electrum, but containing malicious code designed to steal encrypted wallet private keys, monemone phrases and other original passwords.
The Healthy Security Lab is concerned that Nearly 250 bitcoins have been stolen in a recent hacking attack on an Electrum wallet. This attack, confirmed by Electrum, involves creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is an ongoing phishing attack on Electrum users and advised users to download wallet apps from the official website" and that The Healthy Security Lab advised users not to install an unknown source of Electrum wallets to avoid being tricked.
In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum personal server.
The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extension. This led to an attack on electrum, and Trezor was affected.