Topic: 2 weird happening now in ELECTRUM WALLET. (calling all devs from electrum) (Read 515 times)

You meant try each known electrum server until you found server which don't send malicious/unknown error message

But there are few websites which have list of electrum server such as https://1209k.com/bitcoin-eye/ele.php and https://uasf.saltylemon.org/electrum

Or just connect to a non-malicious server.

I guess you could wait for the malicious server attacks to stop before trying to send.
Or if you need the funds sooner just import seed into another HD wallet.
Hope you can sort it all out successfuly.

If you didn't follow any links and/or download and install anything... then there is a very good probability that you are OK and there is nothing to worry about. Your transaction is probably just stuck for some reason (lots of unconfirmed transactions, low fee etc).

I had a look and there was a big spike in unconfirmed transactions (and fees) around the time you posted your message, so it is most likely related to that. Since then the mempool has cleared, so I would assume that your transaction has most probably confirmed now.

However, if your transaction has still not confirmed, can you post the transaction ID or the address that you were trying to send to? I realise that you're attempting to send to a mixer... and posting the TXID or Address will compromise the privacy, but without this, there is no way to understand what is happening with your transaction. You can PM me if you would like to post the TXID/address privately.

Don’t worry. That’s most likely just a false positive. Electrum shows as a trojan to a few AVs out there. If you downloaded from electrum.org then you are safe. But, make sure to verify the file signatures before running it.

Here is an tutorial on how to verify the file signature: https://bitcointalksearch.org/topic/how-to-verify-your-electrum-windows-linux-mac-5105901

I made a post talking about this yesterday:

I received the same error on my electrum wallet 3.3.2, but instead of downloading from the link, I went to download the new .exe installer for windows on electrum.org website.

As soon as I downloaded it, windows defender showed me an error of a trojan on the file.

Not sure what to do, if I leave the previous version Im exposed to phishing, but if I download the new version from the electrum.org website I get a trojan warning message from windows defender.

Any updates on this?

ThomasV, you should post here in sticky thread HASH of .exe file - to do 2step verification of software.

Help PLEASE, just made sending bitcoins through a mixer, clicked send a window appeared where update was written and so on, there were no versions download links, I clicked ok. I clicked send bitcoin to the address, after which the window clicked ok, I started updating version , I look and the translation has already gone, after which I started watching the transfer transaction, sending has already taken place, but bitcoins have not yet arrived at the address I have already received 3 hours and not one confirmed transaction please help the guys, I don’t understand me or what? I didn’t follow the links by any means, a small window popped up and I clicked ok and that's it!
At the moment, the transaction did not reach 0 confirmations hung as if, but I didn’t download anything, I just went into the electronic version as usual. The version was 3.3.2. A window pops up. I clicked ok, then I noticed that the transaction began to transfer. it has come, BUT I HAVE NOTHING HAVINGED ANYTHING AND DIDN'T UPDATE 100%

Electrum has a signed update announcement mechanism since v3.3.3. It was introduced in this commit: https://github.com/spesmilo/electrum/commit/0bfda7c8c74757d261bbc7e24eee44fa09965e85

You should still verify downloaded binaries using GPG, of course. And only get your binaries from electrum.org. Type it yourself, do not copy-paste, do not click links.

Don't know if this is trap or a stupid suggestion.

If this will solve these problems, tell me:
How can you trust something that you don't know if you can trust to verify itself if you can really trust it?

yeah i have heard of all these things happen and I guess you always think you've done the right thing and couldn'thave been compromised.


So i have restored OS, used anti malware and virus protection, and I use cc cleaner to clear out cookies etc .then made new seperate wallets with new paswords/seeds stored not electronically.

I hope it doesn't happen again, but obviously it's my fault. I haven't done something right along the way.

Malware sucks. It's the worst nightmare for a crypto holder. Have you heard about the newest malware that can steal your username/password and session cookies in your browser? If they can steal them, they can access your exchange account and emails.

Were you actually trying to send the 0.0215437 BTC to a different address when this transaction happened?

It is also possible that you have fallen victim to clipboard malware that changes the BTC address when you use copy/paste.

Quote: Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)




----

I keep my seed on paper in secure place offline. very confused as to whats happened. Will accept that its gone and try a different wallet and make sure my OS isnt compromised before getting more.

Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)

Have you attempted to claim any fork coins by putting your electrum wallet seed mnemonic into other wallets?


Unfortunately, No. As with all Bitcoin transactions, once the coins have been sent and confirmed, there is no way to cancel or reverse a transaction.

Today I had 0.0215437 BTC stolen before i could send it to the address I wanted to.

I have had no messages saying "install a new version before sending out money" or anything like that and I have definitely downloaded the electrum from electrum.org, the newest verson.


from what I can see on the block chain the transaction ID was 387a2ecb74fecfa8329b976c23032ef7f21adabdd15fe1923a54575f1697ba8e

and the receiving address was 14kuUTfXM1MLzmDidMZPEFrU7Z9hR6tX1q


Is there a way to recover the funds?



Thanks in advance

No. There can be many compatibility issues when updating a software to a new version. Many big updates from Electrum - like when they went to python 3 - stopped working for many users who were in older versions of Windows or in specific linux distoros. Also, this may become an extra attack surface.

A warning is more than enough.

As I said in the other thread you also replied, prove your identity when using an unknown account. In this case, as an Electrum dev.

I am surprised that you claim to have this affiliation but have not once mentioned anything about "verifying the signature of the downloaded files" which is the most important part, even more important than downloading from the official website (electrum.org). in fact it doesn't matter where you download them from as long as you verify them with the real PGP public key of the real developer.

as for the server, i think it is a bad move specially since there is no guarantee people are connecting to that server anyways since there are quite a lot of them available.

Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:

1. there is a new version of ElectrumX that makes it harder to start malicious servers and have them relayed. The new ElectrumX will warn users that have an old version of Electrum that shows error messages as rich text, which makes the phishing attack so convincing.
2. as previously mentioned, there are new versions of Electrum (v3.3.2, which disallows rich text in error messages, and v3.3.3 which has a Bitcoin Core error whitelist). To get the newest version of Electrum, always use electrum.org, never any other domain. There are new phishing attempts from all kinds of lookalike URLs every month. Never get Electrum from anything but electrum.org.
3. since so many users were on old versions, we have started our own ElectrumX servers that notify outdated users to update, but using the genuine URL (electrum.org). We are aware that this might be confusing for users, as it legitimizes this way of spreading update notifications, which we never meant to include in the first place. But since the attack has started, and this will potentially prevent users from getting scammed, we decided to do it.

If you didn't update Electrum from malicious sources, your coins are safe and you don't have to worry. If you suspect that you might have installed malicious software, take your computer offline immediately and follow typical procedures to restore from seed on a trusted machine.

As long as users do not understand the essence of the problem in this specific case, they will be exposed to the possibility of hack or at best confusion and panic that some bad servers will steal their coins. That bad servers are just tool which hackers use to scam naive users, and since many are still not update to latest version of Electrum, we will see more threads like this in future.

This attack will continue to run because it is not possible to prevent anyone to set up server, so simply ignore any message in Electrum, pick another server manually, and download new version only from official site with the addition of a signature check.