Author

Topic: 2 weird happening now in ELECTRUM WALLET. (calling all devs from electrum) (Read 526 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I guess you could wait for the malicious server attacks to stop before trying to send.
Or if you need the funds sooner just import seed into another HD wallet.
Hope you can sort it all out successfuly.
Or just connect to a non-malicious server. Smiley

You meant try each known electrum server until you found server which don't send malicious/unknown error message Tongue

But there are few websites which have list of electrum server such as https://1209k.com/bitcoin-eye/ele.php and https://uasf.saltylemon.org/electrum
legendary
Activity: 2758
Merit: 6830
I guess you could wait for the malicious server attacks to stop before trying to send.
Or if you need the funds sooner just import seed into another HD wallet.
Hope you can sort it all out successfuly.
Or just connect to a non-malicious server. Smiley
member
Activity: 120
Merit: 10
I guess you could wait for the malicious server attacks to stop before trying to send.
Or if you need the funds sooner just import seed into another HD wallet.
Hope you can sort it all out successfuly.
HCP
legendary
Activity: 2086
Merit: 4363
Help PLEASE, just made sending bitcoins through a mixer, clicked send a window appeared where update was written and so on, there were no versions download links, I clicked ok. I clicked send bitcoin to the address, after which the window clicked ok, I started updating version , I look and the translation has already gone, after which I started watching the transfer transaction, sending has already taken place, but bitcoins have not yet arrived at the address I have already received 3 hours and not one confirmed transaction please help the guys, I don’t understand me or what?
If you didn't follow any links and/or download and install anything... then there is a very good probability that you are OK and there is nothing to worry about. Your transaction is probably just stuck for some reason (lots of unconfirmed transactions, low fee etc).

I had a look and there was a big spike in unconfirmed transactions (and fees) around the time you posted your message, so it is most likely related to that. Since then the mempool has cleared, so I would assume that your transaction has most probably confirmed now.

However, if your transaction has still not confirmed, can you post the transaction ID or the address that you were trying to send to? I realise that you're attempting to send to a mixer... and posting the TXID or Address will compromise the privacy, but without this, there is no way to understand what is happening with your transaction. You can PM me if you would like to post the TXID/address privately.
legendary
Activity: 2758
Merit: 6830
I received the same error on my electrum wallet 3.3.2, but instead of downloading from the link, I went to download the new .exe installer for windows on electrum.org website.

As soon as I downloaded it, windows defender showed me an error of a trojan on the file.

Not sure what to do, if I leave the previous version Im exposed to phishing, but if I download the new version from the electrum.org website I get a trojan warning message from windows defender.

Any updates on this?
Don’t worry. That’s most likely just a false positive. Electrum shows as a trojan to a few AVs out there. If you downloaded from electrum.org then you are safe. But, make sure to verify the file signatures before running it.

Here is an tutorial on how to verify the file signature: https://bitcointalksearch.org/topic/how-to-verify-your-electrum-windows-linux-mac-5105901

I made a post talking about this yesterday:

Lucius, yeah, just seen that thread.

ThomasV, could you, please, write here in sticky thread MD5 / SHA-1 / signature of real Electrum 3.3.3 ?
Just verify the signatures.

Electrum is commonly acussed as a trojan by a few random AV’s. But that’s just a false-positive. It happens all the time.

Here is Electrum’s “official” explanation:
Quote
"Anti-virus" software uses shitty heuristics to detect malware. PyInstaller is a convenient tool to package python apps. We use PyInstaller. Malware authors use PyInstaller. Everything that uses PyInstaller is detected as malware.
Quote
Anti-virus software have (and always had) false positives, and some of them tag Electrum as malware. This is out of our control. This does not mean that Electrum is or contains malware.

The Windows binaries are signed using the native Windows signing scheme by an entity named Electrum Technologies GmbH. They are also signed using GPG by @ecdsa (ThomasV). The GPG key fingerprint is 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6.

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.
More: https://github.com/spesmilo/electrum/issues/3198#issuecomment-458949319
CJR
newbie
Activity: 2
Merit: 0
I received the same error on my electrum wallet 3.3.2, but instead of downloading from the link, I went to download the new .exe installer for windows on electrum.org website.

As soon as I downloaded it, windows defender showed me an error of a trojan on the file.

Not sure what to do, if I leave the previous version Im exposed to phishing, but if I download the new version from the electrum.org website I get a trojan warning message from windows defender.

Any updates on this?
newbie
Activity: 11
Merit: 0
ThomasV, you should post here in sticky thread HASH of .exe file - to do 2step verification of software.
newbie
Activity: 3
Merit: 0

Help PLEASE, just made sending bitcoins through a mixer, clicked send a window appeared where update was written and so on, there were no versions download links, I clicked ok. I clicked send bitcoin to the address, after which the window clicked ok, I started updating version , I look and the translation has already gone, after which I started watching the transfer transaction, sending has already taken place, but bitcoins have not yet arrived at the address I have already received 3 hours and not one confirmed transaction please help the guys, I don’t understand me or what? I didn’t follow the links by any means, a small window popped up and I clicked ok and that's it!
At the moment, the transaction did not reach 0 confirmations hung as if, but I didn’t download anything, I just went into the electronic version as usual. The version was 3.3.2. A window pops up. I clicked ok, then I noticed that the transaction began to transfer. it has come, BUT I HAVE NOTHING HAVINGED ANYTHING AND DIDN'T UPDATE 100%

newbie
Activity: 10
Merit: 3
electrum must verify itself. If do that from the first version we dont have these problems


Electrum has a signed update announcement mechanism since v3.3.3. It was introduced in this commit: https://github.com/spesmilo/electrum/commit/0bfda7c8c74757d261bbc7e24eee44fa09965e85

You should still verify downloaded binaries using GPG, of course. And only get your binaries from electrum.org. Type it yourself, do not copy-paste, do not click links.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
electrum must verify itself. If do that from the first version we dont have these problems
Don't know if this is trap or a stupid suggestion.

If this will solve these problems, tell me:
How can you trust something that you don't know if you can trust to verify itself if you can really trust it?
newbie
Activity: 5
Merit: 0
yeah i have heard of all these things happen and I guess you always think you've done the right thing and couldn'thave been compromised.


So i have restored OS, used anti malware and virus protection, and I use cc cleaner to clear out cookies etc .then made new seperate wallets with new paswords/seeds stored not electronically.

I hope it doesn't happen again, but obviously it's my fault. I haven't done something right along the way.

legendary
Activity: 1652
Merit: 1007
Were you actually trying to send the 0.0215437 BTC to a different address when this transaction happened? Huh

It is also possible that you have fallen victim to clipboard malware that changes the BTC address when you use copy/paste.

Malware sucks. It's the worst nightmare for a crypto holder. Have you heard about the newest malware that can steal your username/password and session cookies in your browser? If they can steal them, they can access your exchange account and emails.
HCP
legendary
Activity: 2086
Merit: 4363
Were you actually trying to send the 0.0215437 BTC to a different address when this transaction happened? Huh

It is also possible that you have fallen victim to clipboard malware that changes the BTC address when you use copy/paste.
newbie
Activity: 5
Merit: 0
Quote: Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)




----

I keep my seed on paper in secure place offline. very confused as to whats happened. Will accept that its gone and try a different wallet and make sure my OS isnt compromised before getting more.
HCP
legendary
Activity: 2086
Merit: 4363
Today I had 0.0215437 BTC stolen before i could send it to the address I wanted to.

I have had no messages saying "install a new version before sending out money" or anything like that and I have definitely downloaded the electrum from electrum.org, the newest verson.
Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)

Have you attempted to claim any fork coins by putting your electrum wallet seed mnemonic into other wallets?


Is there a way to recover the funds?
Unfortunately, No. As with all Bitcoin transactions, once the coins have been sent and confirmed, there is no way to cancel or reverse a transaction.
newbie
Activity: 5
Merit: 0
Today I had 0.0215437 BTC stolen before i could send it to the address I wanted to.

I have had no messages saying "install a new version before sending out money" or anything like that and I have definitely downloaded the electrum from electrum.org, the newest verson.


from what I can see on the block chain the transaction ID was 387a2ecb74fecfa8329b976c23032ef7f21adabdd15fe1923a54575f1697ba8e

and the receiving address was 14kuUTfXM1MLzmDidMZPEFrU7Z9hR6tX1q


Is there a way to recover the funds?



Thanks in advance
legendary
Activity: 2758
Merit: 6830
electrum developers have to force users to upgrade new versions if old versions have problems. Just check its version from startup
No. There can be many compatibility issues when updating a software to a new version. Many big updates from Electrum - like when they went to python 3 - stopped working for many users who were in older versions of Windows or in specific linux distoros. Also, this may become an extra attack surface.

A warning is more than enough.

Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:
As I said in the other thread you also replied, prove your identity when using an unknown account. In this case, as an Electrum dev.
legendary
Activity: 3472
Merit: 10611
Hi, I work for Electrum Technologies GmbH. ~

I am surprised that you claim to have this affiliation but have not once mentioned anything about "verifying the signature of the downloaded files" which is the most important part, even more important than downloading from the official website (electrum.org). in fact it doesn't matter where you download them from as long as you verify them with the real PGP public key of the real developer.

as for the server, i think it is a bad move specially since there is no guarantee people are connecting to that server anyways since there are quite a lot of them available.
newbie
Activity: 10
Merit: 3
first of all, Electrum is AGAIN, under attack. As what they said the last time, the pishing wont happen again. and it does. As of now, yes mine is being attacked/pished by someone. BUT due that i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

1. Receive this notification said to update the wallet how many times today. https://prnt.sc/mfkul1 so i cant even send any transactions out of the wallet right now.

2. Kept calmed, i deleted that wallet, and download an updated one FROM https://electrum.org/#download and after updating the wallet still can't sent my funds out https://prnt.sc/mfky6f .

PS: I have expirience this kind of attack before as i created a topic for it https://bitcointalksearch.org/topic/m.48903952 . And yet, still using it. Becausei believe that Electrum wallet is the most secured bitcoin wallet. Please in also behalf of all users who expirienced this, help us know what's happening. What to do and how to do avoid it.

Calling all developers from Electrum, please response below how to fix this and why this is happening.

Thanks.
 

Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:

1. there is a new version of ElectrumX that makes it harder to start malicious servers and have them relayed. The new ElectrumX will warn users that have an old version of Electrum that shows error messages as rich text, which makes the phishing attack so convincing.
2. as previously mentioned, there are new versions of Electrum (v3.3.2, which disallows rich text in error messages, and v3.3.3 which has a Bitcoin Core error whitelist). To get the newest version of Electrum, always use electrum.org, never any other domain. There are new phishing attempts from all kinds of lookalike URLs every month. Never get Electrum from anything but electrum.org.
3. since so many users were on old versions, we have started our own ElectrumX servers that notify outdated users to update, but using the genuine URL (electrum.org). We are aware that this might be confusing for users, as it legitimizes this way of spreading update notifications, which we never meant to include in the first place. But since the attack has started, and this will potentially prevent users from getting scammed, we decided to do it.

If you didn't update Electrum from malicious sources, your coins are safe and you don't have to worry. If you suspect that you might have installed malicious software, take your computer offline immediately and follow typical procedures to restore from seed on a trusted machine.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
As long as users do not understand the essence of the problem in this specific case, they will be exposed to the possibility of hack or at best confusion and panic that some bad servers will steal their coins. That bad servers are just tool which hackers use to scam naive users, and since many are still not update to latest version of Electrum, we will see more threads like this in future.

This attack will continue to run because it is not possible to prevent anyone to set up server, so simply ignore any message in Electrum, pick another server manually, and download new version only from official site with the addition of a signature check.
HCP
legendary
Activity: 2086
Merit: 4363
I have followed this instructions and everything went fine. Hope this server will not get that attack.
The servers are not "attacked" per se... "Bad" servers are deliberately setup as part of the scam. When it first happened, the scammers seemed to be spinning up large numbers of "Bad" servers on AWS instances. I'm not sure if that is still the case.

In any case, the vast majority of servers are OK... and if you run only the latest official Electrum, you have nothing to worry about from this particular attack. It'll just be inconvenient if your Electrum connects to a bad server, you'll get "unknown error".

As already mentioned, you simply need to connect to a different server, and continue trying different ones, until you no longer get the error.
jr. member
Activity: 66
Merit: 2
Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.

I have followed this instructions and everything went fine. Hope this server will not get that attack.
copper member
Activity: 236
Merit: 17
what was server name you connected to?
jr. member
Activity: 66
Merit: 2
Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.

THANKS!
legendary
Activity: 3710
Merit: 1586
Try not to use the wallet file that the Fake Electrum has generated.

Try reading what he wrote. He never installed fake electrum.

OP just change servers like HCP said.
legendary
Activity: 2758
Merit: 6830
If I understand it correctly, -snip-
For me, he clearly stated that he deleted the executable, the fact that he said "that wallet" and "downloaded an updated one" means it's the fake Electrum version.

Aside from that, I'm pretty sure that Electrum always changes the server in every relaunch if your wallet is configured to "choose automatically" (default) and the chance that it will select the "bad server" is pretty slim. So I'd say, there's something fishy going on his side.
Plus, aside from him, there's no one else here who experienced unsendable bitcoins due to a "bad server", pretty much an isolated case.

If changing server didn't work, he can try my advice.
He literally said “downloaded an updated one FROM electrum.org”; you just cut that part off for some reason.

He also said:

Quote
i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

Sounds pretty obvious that he didn’t download the fake wallet.

Also, chances of getting two infected servers in a row aren’t “pretty slim”, I actually got the same server two times in a row once and had to change it manually.

OP: do like the other users said and try selecting a trusted server manually.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
If I understand it correctly, -snip-
For me, he clearly stated that he deleted the executable, the fact that he said "that wallet" and "downloaded an updated one" means it's the fake Electrum version.

Aside from that, I'm pretty sure that Electrum always changes the server in every relaunch if your wallet is configured to "choose automatically" (default) and the chance that it will select the "bad server" is pretty slim. So I'd say, there's something fishy going on his side.
Plus, aside from him, there's no one else here who experienced unsendable bitcoins due to a "bad server", pretty much an isolated case.

If changing server didn't work, he can try my advice.
legendary
Activity: 2170
Merit: 1789
Try not to use the wallet file that the Fake Electrum has generated.
Instead, restore it to the Original version via SEED. You may also needed to scan the whole computer for possible malware installed by the fake version if there's any.

If I understand it correctly, OP already did delete the old wallet and start from the beginning but when he tried to make a transaction the error comes out because he's connected to a bad server. So here's what happens: he used an old version of Electrum which connected to a bad server and failed to make a transaction. After that, he downloaded a new Electrum (the legit one) and tried to use it but it fails again because he's still connected to a bad server.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Try not to use the wallet file that the Fake Electrum has generated.
Instead, restore it to the Original version via SEED. You may also needed to scan the whole computer for possible malware installed by the fake version if there's any.

The reason for this is: even the real Electrum does a small backward-incompatibility issue to the wallet file after changing the version (like v3.3.3 to older versions). The Fake version also has write access to your files and must have tinkered your wallet file somehow.
HCP
legendary
Activity: 2086
Merit: 4363
Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.
jr. member
Activity: 66
Merit: 2
first of all, Electrum is AGAIN, under attack. As what they said the last time, the pishing wont happen again. and it does. As of now, yes mine is being attacked/pished by someone. BUT due that i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

1. Receive this notification said to update the wallet how many times today. https://prnt.sc/mfkul1 so i cant even send any transactions out of the wallet right now.

2. Kept calmed, i deleted that wallet, and download an updated one FROM https://electrum.org/#download and after updating the wallet still can't sent my funds out https://prnt.sc/mfky6f .

PS: I have expirience this kind of attack before as i created a topic for it https://bitcointalksearch.org/topic/m.48903952 . And yet, still using it. Becausei believe that Electrum wallet is the most secured bitcoin wallet. Please in also behalf of all users who expirienced this, help us know what's happening. What to do and how to do avoid it.

Calling all developers from Electrum, please response below how to fix this and why this is happening.

Thanks.
 
Jump to: