In August-September, Bitcoin wallet Electrum was hacked twice, and according to multiple sources, at least 1,450 BTCs worth $11.6 million were stolen from phishing attacks that faked Electrum upgrade tips.
btcp electrum can't send index out of range
In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack. This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials said they would adopt some security mechanisms to prevent this kind of "update fishing", such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the older version (less than 3.3.4), and the older version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. Finally, identify electrum's official web address.
Examples of online wallets: Breadwallet (BRD), Mycelium, Electrum, Out of Egypt.
Bitcoin wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python.
Lesson 1: Third-party Electrum servers can link your two transactions together. This can be avoided by running your own Electrum server, supported by your own full node.
Gratitude accompanies you along the way as ONO grows and witnesss the ONO dApp 2.5.1 update go online.
qtum-electrum adds support for offline staking.
This is a reasonable reminiscent of a generation ago, when economic state-controlists claimed that the credit crump that triggered the Great Depression was largely to blame for the gold standard. They argue that without the gold-based gold-based system, Britain's abandonment of gold cashing in 1931 would not have led to a wave of bank failures around the world. Ironically, since 1913, we have not been based on the gold standard, but on the so-called "mixed gold standard" (the gold exchange standard);
The Small Zero Coin item has an official wallet with a graphical interface, which is the best choice because it has built-in coin and fee features. There's also a lightweight Electrum wallet.
This "update prompt" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as much as 71% of the total, and the show did not fully count that hundreds of bitcoins had been stolen in this phishing attack over the past year or so.