Author

Topic: 2-12-18. I tried to send 6 bitcoins and then received a popup message. (Read 253 times)

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
@nc50lc there is a way if someone hits enter an accidentally selects the text or the text is selected for some other reason.

@DarkStar_ it states on their website that they're posting the message.

Quote

In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
I've just tested it: my Electrum 3.0.6* gives this popup after sending a transaction:
-snip-
But the weird thing in OP's statement is:
Quote from: BitcoinHolder11
So i downloaded but it never even opened a url . i just pressed update now and it loaded 3 bars. and the app crashed.
After hitting "OK" or enter, it "downloaded 3 bars" and update by itself (not from a link); after it, Electrum always crash on start.

So I'm thinking that it's possible for the hacker to generate the same message as "Good Servers" are displaying (vulnerable versions) and use the button for a new way of indirect downloading from their link (ie. Internet Explorer Hooking).

But he already wiped the PC now and sent his Bitcoins to a new wallet, let's consider this solved  Smiley
(@OP You write the date wrong in the title)
legendary
Activity: 2772
Merit: 3284
I've just tested it: my Electrum 3.0.6* gives this popup after sending a transaction:
Image loading...
It didn't disappear on it's own, and didn't stop the transaction.

*I still have this old version with low balance in a VM, and didn't bother to upgrade yet because of the low balance.

Can confirm, ran into the same "error" when sending ChipMixer payments a few days ago
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
@loyce, I was thinking this might be a case of trigger happiness...

The normal payment message goes, he hits enter and OK is clicked automatically.

Also the advanced user is able to happily keep the old version, I'd advocate in favour of it if you know EXACTLY what you're doing. Of course updating is suggested for everyone but if you're not a novice, there's no rush...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I've just tested it: my Electrum 3.0.6* gives this popup after sending a transaction:
Image loading...
It didn't disappear on it's own, and didn't stop the transaction.

*I still have this old version with low balance in a VM, and didn't bother to upgrade yet because of the low balance.
legendary
Activity: 2030
Merit: 1573
CLEAN non GPL infringing code made in Rust lang
This is the message on their web page.

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

So again, what happened was i received a popup window that it is mandortory to install the latest update due to the hack. I pressed install update link on their page. and after 30 sconds eletrum shut down. and wouldnt open again. i tried to reinstall it and wont work.

now.. i went to my phone. installed it just now on android. restored my seed. and my bitcoins are still there... yet i installed the update just now? gonna send my bitcoins out to another wallet to be safe.

im just worried my pc  now has a key logger? or maybe i am ok. because my coins are still there.
You said “Electrum auto-updated”, so what does that mean?
Are you saying that you went to Electrum.org, downloaded the new update and installed it? If that’s the case, then it’s ok.
Where exactly did you press this “install update link”? AFAIK, there is no such option in Electrum.org?

a pop up window and i cant remember what it said. but it said "due to a major malice in versions of eletrum older than 3.3 we are forcing users to install the latest update  to send coins out. Press here to update now " And I pressed the link. and then 6 bars loaded as if the updates were being installed and then it crashed.

it never opened up a new internet explorer page that i downloaded.  i pressed the "update now" button and it started updating , then after 30 seconds it crashed or shut down... and i couldnt open it again.

but all my coins are still here...
 i just sent it to my local bitcoins wallet.. im afraid to login to binance in case i am key logged.  but my binance will be good because i need to confirm any coins being sent out in my wallet from my email. and i havent signed into my email since this happened. so hackers can suck my giant dick. for now i am on stand by.

You shouldn't panic. Did you not write the seed words in a physical piece of paper by hand? This is the only thing that matters. You can delete your computer, install fresh, and use the seed words to get back to your wallet.

Practice this with a linux live iso, boot a linux live iso, install electrum and use the seed words and there is your wallet and funds.

If you are paranoid consider installing that Linux in your computer. And use a password manager with a very good password. Never re-use the same password anywhere, the manager can generate random passwords for each site and keep them safe, so you might as well change all your passwords from that secured linux machine.

Why are windows users so prone to click to random spam? Even if it "comes from Electrum", spam is spam. No you don't need reminders to scare you, (twice) sigh.

Electrum is not vulnerable, a true vulnerability would install malware without your interaction. This fake message is meaningless if you don't pay attention to it, close the window and change the server. Unfortunately you fell for it and clicked... Why? Do you click suspicious links from email too?

Well it doesn't matter, switch to Linux today, and hopefully you'll learn better habits from now on.

5 Reasons You Should Switch From Windows To Linux Right Now
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I'm running a multisig between my laptop and my phone. I think you could benefit from the same OP. Write the seeds down preferably in separate places and you're good to start spending the two. Alternatively you could get a hardware wallet but I wouldn't trust that on it's own... A multisig option is still preferable.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
a pop up window and i cant remember what it said. but it said "due to a major malice in versions of eletrum older than 3.3 we are forcing users to install the latest update  to send coins out. Press here to update now " And I pressed the link. and then 6 bars loaded as if the updates were being installed and then it crashed.

it never opened up a new internet explorer page that i downloaded.  i pressed the "update now" button and it started updating , then after 30 seconds it crashed or shut down... and i couldnt open it again.

but all my coins are still here...
 i just sent it to my local bitcoins wallet.. im afraid to login to binance in case i am key logged.  but my binance will be good because i need to confirm any coins being sent out in my wallet from my email. and i havent signed into my email since this happened. so hackers can suck my giant dick. for now i am on stand by.

I'm glad you didn't lose your funds, that's a relief.  I'm in agreement with TryNinja, Electrum won't auto-update, nor will it force you to accept an update.  The new version (3.3.3) has an option which will inform you when an update is available, but you have to activate that option.  I don't think any old versions included that option.

If you're concerned that you've been infected by any malicious software, it's probably time to nuke your OS and reinstall.
legendary
Activity: 2758
Merit: 6830
Good. I’m glad you managed to secure your coins before anything happened with them. As far as I know, Electrum doesn’t have any kind of auto-update. All it did was show a warning saying that the users were vulnerability and that they should go to Electrum.org and download the latest version. So I’m not sure what this is, but I assume it is fake.

You should do a complete reinstall of your OS, download Electrum ONLY from the original website ELECTRUM.ORG, optionally (but highly recommended) verify the files with the dev’s (ThomasV) PGP key, and then create a brand new wallet.

Here is how to verify Electrum’s signature: https://bitcointalksearch.org/topic/how-to-verify-your-electrum-windows-linux-mac-5105901

Good luck.
newbie
Activity: 6
Merit: 5
This is the message on their web page.

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

So again, what happened was i received a popup window that it is mandortory to install the latest update due to the hack. I pressed install update link on their page. and after 30 sconds eletrum shut down. and wouldnt open again. i tried to reinstall it and wont work.


now.. i went to my phone. installed it just now on android. restored my seed. and my bitcoins are still there... yet i installed the update just now? gonna send my bitcoins out to another wallet to be safe.

im just worried my pc  now has a key logger? or maybe i am ok. because my coins are still there.
You said “Electrum auto-updated”, so what does that mean?

Are you saying that you went to Electrum.org, downloaded the new update and installed it? If that’s the case, then it’s ok.

Where exactly did you press this “install update link”? AFAIK, there is no such option in Electrum.org?


a pop up window and i cant remember what it said. but it said "due to a major malice in versions of eletrum older than 3.3 we are forcing users to install the latest update  to send coins out. Press here to update now " And I pressed the link. and then 6 bars loaded as if the updates were being installed and then it crashed.

it never opened up a new internet explorer page that i downloaded.  i pressed the "update now" button and it started updating , then after 30 seconds it crashed or shut down... and i couldnt open it again.

but all my coins are still here...
 i just sent it to my local bitcoins wallet.. im afraid to login to binance in case i am key logged.  but my binance will be good because i need to confirm any coins being sent out in my wallet from my email. and i havent signed into my email since this happened. so hackers can suck my giant dick. for now i am on stand by.
legendary
Activity: 2758
Merit: 6830
This is the message on their web page.

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

So again, what happened was i received a popup window that it is mandortory to install the latest update due to the hack. I pressed install update link on their page. and after 30 sconds eletrum shut down. and wouldnt open again. i tried to reinstall it and wont work.


now.. i went to my phone. installed it just now on android. restored my seed. and my bitcoins are still there... yet i installed the update just now? gonna send my bitcoins out to another wallet to be safe.

im just worried my pc  now has a key logger? or maybe i am ok. because my coins are still there.
You said “Electrum auto-updated”, so what does that mean?

Are you saying that you went to Electrum.org, downloaded the new update and installed it? If that’s the case, then it’s ok.

Where exactly did you press this “install update link”? AFAIK, there is no such option in Electrum.org?
newbie
Activity: 6
Merit: 5
i didnt download nothing! , computer is for bitcoin electrum only!!!I opened electrum.  then sent the coins and then got a popup window i must install to a newer version. it auto updated then electrum shut down and wont reopen... i just sent coins a few days ago there was a warning to update but i never did. but now it forced me to update....


What? Electrum never auto-updates. Are you sure that’s what happened? All that the vulnerability can do is show the fake update message, but this is only a phishing attempt to make you go to the fake URL by yourself and download a fake wallet.

Can you check your Bitcoin address in a block explorer to see if the funds are still there?
This is the message on their web page.


Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

So again, what happened was i received a popup window that it is mandortory to install the latest update due to the hack. I pressed install update link on their page. and after 30 sconds eletrum shut down. and wouldnt open again. i tried to reinstall it and wont work.


now.. i went to my phone. installed it just now on android. restored my seed. and my bitcoins are still there... yet i installed the update just now? gonna send my bitcoins out to another wallet to be safe.

im just worried my pc  now has a key logger? or maybe i am ok. because my coins are still there.

legendary
Activity: 2758
Merit: 6830
It looks like you experience the same thing as other electrum users who tried to update their electrum because of popup notice from the electrum wallet?

Take a look at this news about electrum https://bitcointalksearch.org/topic/warning-there-is-an-ongoing-phishing-attack-against-electrum-users-5095856

Can you share your bitcoin address from the electrum so that we can check if your bitcoin still there.

If you have a backup seed or wallet.dat take them to the safe place and you need to reformat the PC to make sure your PC is clean and install the latest electrum from their official website from here https://electrum.org/#download
Then restore your electrum backup to new electrum wallet.
I just downloaded Electrum on my  android. The new version does not work on my windows 10. i installed it on a different user. and i open it and nothing pops up.


i just installed electrum on my android and restored my seed. and ITS A FUCKING MIRACLE. MY 6.1582 BITCOINS ARE STILL IN MY WALLET. THANK YOU ...
should i send out my bitcoins asap to another wallet? i dont understand, i received a popup window  and tried to send out and it shut down after i updated it from the pop up. and yet my coins are still there?HuhHuh?

im also reading on electrum website they used their own vulnerable that the hackers used to fix the issue to force the user to update to a new  version on their website.

do i still need to reformat if my coins are still there. maybe the popup window i got was really from electrum?HuhHuh??
That’s not true. All that the vulnerability does is show a fake update message, then if, AND ONLY IF, you believe on it and manually go to the link provided by the hacker and download the fake wallet, you risk your coins. If you just get the message and ignore it, nothing happens.

I just want to know what do you mean with “Electrum auto-updated” since that’s impossible. Considering that we are talking about 6 BTC here, I would safeguard the coins by sending them to a trusted new wallet and then do a clean reinstall of the OS.
newbie
Activity: 6
Merit: 5
It looks like you experience the same thing as other electrum users who tried to update their electrum because of popup notice from the electrum wallet?

Take a look at this news about electrum https://bitcointalksearch.org/topic/warning-there-is-an-ongoing-phishing-attack-against-electrum-users-5095856

Can you share your bitcoin address from the electrum so that we can check if your bitcoin still there.

If you have a backup seed or wallet.dat take them to the safe place and you need to reformat the PC to make sure your PC is clean and install the latest electrum from their official website from here https://electrum.org/#download
Then restore your electrum backup to new electrum wallet.
I just downloaded Electrum on my  android. The new version does not work on my windows 10. i installed it on a different user. and i open it and nothing pops up.


i just installed electrum on my android and restored my seed. and ITS A FUCKING MIRACLE. MY 6.1582 BITCOINS ARE STILL IN MY WALLET. THANK YOU ...
should i send out my bitcoins asap to another wallet? i dont understand, i received a popup window  and tried to send out and it shut down after i updated it from the pop up. and yet my coins are still there?HuhHuh?

im also reading on electrum website they used their own vulnerable that the hackers used to fix the issue to force the user to update to a new  version on their website.

do i still need to reformat if my coins are still there. maybe the popup window i got was really from electrum?HuhHuh??






legendary
Activity: 2758
Merit: 6830
i didnt download nothing! , computer is for bitcoin electrum only!!!I opened electrum.  then sent the coins and then got a popup window i must install to a newer version. it auto updated then electrum shut down and wont reopen... i just sent coins a few days ago there was a warning to update but i never did. but now it forced me to update....


What? Electrum never auto-updates. That’s simple impossible. Are you sure that’s what happened? All that the vulnerability can do is show the fake update message, but this is only a phishing attempt to make you go to the fake URL by yourself and download a fake wallet.

Can you check your Bitcoin address in a block explorer to see if the funds are still there?
newbie
Activity: 6
Merit: 5
i didnt download nothing! , computer is for bitcoin electrum only!!!I opened electrum.  then sent the coins and then got a popup window i must install to a newer version. it auto updated then electrum shut down and wont reopen... i just sent coins a few days ago there was a warning to update but i never did. but now it forced me to update....

legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
It looks like you experience the same thing as other electrum users who tried to update their electrum because of popup notice from the electrum wallet?
It is a phishing attacks and it's not from electrum developer.

Take a look at this news about electrum https://bitcointalksearch.org/topic/warning-there-is-an-ongoing-phishing-attack-against-electrum-users-5095856

Can you share your bitcoin address from the electrum so that we can check if your bitcoin still there.

If you have a backup seed or wallet.dat take them to the safe place and you need to reformat the PC to make sure your PC is clean and install the latest electrum from their official website from here https://electrum.org/#download
Then restore your electrum backup to new electrum wallet.
newbie
Activity: 6
Merit: 5
having really bad panic attack.  heart rate is up . anyone? not a troll post.
i checked the blockchain to my bitcoin wallet and it didnt show any funds being sent out.

not sure if my computer is even key logged if i should reformat asap and change my email passwords.  freaking out

i am a local bitcoin buyer and seller. this is not a joke.  6 bitcoins is a fucking ton! i really hope i did not just lose this and have my computer with a key logger on it now
newbie
Activity: 6
Merit: 5
Looking for advice. Because Now electrum does not even work on my PC. Please advise. Is there a key logger on my computer now? I received an update with electrum when i tried to send from my wallet. So i downloaded but it never even opened a url . i just pressed update now and it loaded 3 bars. and the app crashed. and wouldnt start up. i tried to reinstall through the website and now it wont even work on my computer.


do i need to reformat? is there a spyware on my computer?


received a popup message. It had a small window that dissappeared in 4 seconds.

an now electrum doesnt work. i was sending our 6 bitcoins.

 freaking out.

because i cant even tell if my coins are gone. electrum doesnt work anymore.
Jump to: