According to Reddit user u/normal_rc, electrum's wallet was hacked and nearly 250 bitcoins (243.6 BTCs, nearly $1 million) were maliciously stolen, according to coinelegraph. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
Bitcoin desktop wallet client Electrum has released a 4.0 beta version, adding several important updates, including support for the Lightning network, nearly a year after the previous version of Electrum, 3.3.8 (last July). In the 4.0 beta version, Electrum mainly added features such as PSBT (partially signed Bitcoin transactions), Lightning Network, watchtowers (暸 watchtowers) and Submarineswaps (subliminal switching). (Github)
This isn't the first time Thatectrum has appeared in a fake version, with hackers developing a fake encrypted wallet, Electrum, in December, resulting in the theft of nearly 250 bitcoins worth about $1 million. In January, GitHub discovered a fake Electrum wallet called "Electrvm" designed to steal users' money. In February, users of encrypted wallets Electrum and MyEtherWallet reported that they were facing phishing attacks.
In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client to force an update prompt to pop up when a user transfers money, inducing users to update and download malware to carry out a currency theft attack. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qc... p2kny has stolen more than 30 BTCs for six months and has been active recently. Slow Fog alerts Electrum users to update prompts, the new version of Electrum in this update prompt is likely to be false, if installed, please promptly transfer Bitcoin out in another security environment. At the same time, slow fog called on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. This update tip is a phishing attack by an attacker who exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and according to incomplete statistics, hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials have said they want to adopt some security mechanisms to prevent this kind of update fishing, such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the old version (less than 3.3.4), the old version is still under threat, but slow fog does not rule out that the new version will have a similar threat.
Previously, most of these attacks were directed at Windows systems, but as Windows system security has improved, they have not been easy for users who install system updates on time.
According to Johnwick.io, we will continue to monitor and track the further flow of funds after a recent user submitted a coin-losing incident claiming that the download used an Electrum wallet had been phishing and that more than 700 bitcoins had been lost, and that the stolen address had been added to the Devi AML system. It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Devi Security Labs is here to remind users not to install unknown sources of Electrum wallets, to avoid asset losses. Electrum Official Website: electrum.org Electrum Phishing Website: electrumsecure.
Now I need to create an app file for Android in SharedCode/hide/androidMain/kotlin/actu.kt.
In addition, The main flash drive and flash memory application products of Langko Technology, has also revealed that it has obtained two digital currency-related patents, one for the design patent "flash drive (cold wallet) and the other for the invention patent "digital currency wallet, trading methods, trading systems and computer storage media", in the digital currency wallet has been explored accordingly.
Click to get the Electrum Personal Server source code and the Electrum Wallet source code.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.