The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extensions. This leads to an attack on Electrum, and Trezor is affected.
metal called electrum
In August-September, Bitcoin wallet Electrum was hacked twice, and according to multiple sources, at least 1,450 BTCs worth $11.6 million were stolen from phishing attacks that faked Electrum upgrade tips.
Slow fog alert: Bitcoin wallet Electrum "updates phishing" currency theft continues.
The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extension. This led to an attack on electrum, and Trezor was affected.
This isn't the first time electrum has appeared in a fake version. In December, nearly $1 million of BTC was stolen when hackers developed a fake encrypted wallet, Electrum. 1 this year.
Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-sign wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more. This captured currency theft attack is not stealing the private key (electrum's private key is generally stored with two-factor encryption), but replaces the transfer destination address when the user initiates the transfer. Here we remind users that when transferring money, special attention needs to be paid to whether the destination address has been replaced, which is a very popular method of currency theft recently. It is also recommended that users use hardware wallets such as Ledger, and if you pair it with Electrum, although the private key does not have any security issues, you should also be alert to the replacement of the destination address.
Cryptocurrencies bank card is a key move to communicate the real economy, in the future the official also intends to combine credit credit to the ecology of kcash, how specific, depending on how the official planning, can not see.
Bitcoin wallet Electrum suffered a phishing attack, at least 1,450 BTC stolen
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.
In addition, small partners who have used Electrum wallets should be aware that with Thecret phrase generated by Electrum, we can recover bitcoin keys on any browser using the Bitcoin Wallet web tool. And Electrum is so secure that there is no evidence that the distributed attack prevention system designed by Dark Wallet will be due to Electrum.