As horrible as it is for those who lost funds in the process, these things need to happen in order to have people wake up and realize that they are a walking target, regardless of what client/software/mobile/desktop they use. I'm glad that I am extremely paranoid by nature, so I always ignore pop ups from whatever piece of software that I have installed.
If there is an update ready, I'll head to the main site, scan the file, sign keys (where possible) and then upgrade.
I love Bitcoin, but it requires so much extra attention and care in terms of security, that I perfectly understand why certain parties aren't digging in yet. This isn't the banking system where you can claim that your funds have been stolen and the odds of being refunded are pretty high. In this case lost is lost.
Topic: [2018-12-19] Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin! - page 2. (Read 359 times)
December 28, 2018, 06:09:24 PM
December 28, 2018, 06:06:13 PM
You wouldn't use a PC-based wallet -- what does that mean? The reference client is a PC-based wallet. Are you saying you'd only use a hardware wallet, or a paper wallet (generated on offline PC)?
The most important distinction to make is where your private keys are held -- online or offline. I figure any online desktop wallet is a target for theft, but I don't particularly like hardware wallets either. They have fairly large and untested attack surfaces, multiple theoretical attack vectors, centralized firmware updates, etc. Major vulnerabilities have been found (and quickly patched) as well, just like Electrum.
Electrum can be used such that private keys are kept offline on an airgapped device. That's why I use it. It's also got great UI, is lightweight, Segwit-compatible and can be used in conjunction with your own full node. Lots of selling points!
The most important distinction to make is where your private keys are held -- online or offline. I figure any online desktop wallet is a target for theft, but I don't particularly like hardware wallets either. They have fairly large and untested attack surfaces, multiple theoretical attack vectors, centralized firmware updates, etc. Major vulnerabilities have been found (and quickly patched) as well, just like Electrum.
Electrum can be used such that private keys are kept offline on an airgapped device. That's why I use it. It's also got great UI, is lightweight, Segwit-compatible and can be used in conjunction with your own full node. Lots of selling points!
Paper and hardware indeed. Phones for piddling amounts.
Obviously any wallet is fine on an offline machine. The fact these people got ravaged means they were using it online with a PC.
I'm increasingly less enamoured with hardware wallets too. I think people have been too rapid to embrace them as the ultimate answer when that looks like it's starting to unravel a bit.
December 28, 2018, 05:59:40 PM
I may well have fallen for this if I was an Electrum user, but I would never use a PC-based wallet in the first place. I've never really understood why Electrum is rated when many use it on an inherently insecure platform.
You wouldn't use a PC-based wallet -- what does that mean? The reference client is a PC-based wallet. Are you saying you'd only use a hardware wallet, or a paper wallet (generated on offline PC)?
The most important distinction to make is where your private keys are held -- online or offline. I figure any online desktop wallet is a target for theft, but I don't particularly like hardware wallets either. They have fairly large and untested attack surfaces, multiple theoretical attack vectors, centralized firmware updates, etc. Major vulnerabilities have been found (and quickly patched) as well, just like Electrum.
Electrum can be used such that private keys are kept offline on an airgapped device. That's why I use it. It's also got great UI, is lightweight, Segwit-compatible and can be used in conjunction with your own full node. Lots of selling points!
December 28, 2018, 12:29:57 PM
this is really terrible! so inhuman. I cannot fathom such criminal minds. how can they even sleep peacefully knowing that they stole something they did not work hard for? may God deal with them.
If something is possible then someone somewhere is going to do it. It only takes one wrong 'un.
People need to account for that and act accordingly.
I may well have fallen for this if I was an Electrum user, but I would never use a PC-based wallet in the first place. I've never really understood why Electrum is rated when many use it on an inherently insecure platform.
December 28, 2018, 09:48:29 AM
this is really terrible! so inhuman. I cannot fathom such criminal minds. how can they even sleep peacefully knowing that they stole something they did not work hard for? may God deal with them.
December 28, 2018, 07:16:46 AM
Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin
A phishing attack on the Electrum wallet network has possibly managed to steal around 245 bitcoins, worth over $880,000 at today’s prices.
Warning of the attack on Thursday, the firm tweeted: “There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source.”
The bad actor set up the attack by creating multiple fake servers on the Electrum wallet network. As a result, when wallet users that connected to those servers attempted to broadcast a bitcoin transaction, they received an error message providing a malicious link to malware disguised as an updated wallet, the firm explained on its Github page.
https://www.coindesk.com/electrum-wallet-attack-may-have-stolen-as-much-as-245-bitcoin
Now we know it is much more then 245 BTC stolen in this attack which is still in progress, and will probably eventually result with thousands of stolen BTC.
More info and the development of the situation in Electrum board : https://bitcointalk.org/index.php?board=98.0
A phishing attack on the Electrum wallet network has possibly managed to steal around 245 bitcoins, worth over $880,000 at today’s prices.
Warning of the attack on Thursday, the firm tweeted: “There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source.”
The bad actor set up the attack by creating multiple fake servers on the Electrum wallet network. As a result, when wallet users that connected to those servers attempted to broadcast a bitcoin transaction, they received an error message providing a malicious link to malware disguised as an updated wallet, the firm explained on its Github page.
https://www.coindesk.com/electrum-wallet-attack-may-have-stolen-as-much-as-245-bitcoin
Now we know it is much more then 245 BTC stolen in this attack which is still in progress, and will probably eventually result with thousands of stolen BTC.
More info and the development of the situation in Electrum board : https://bitcointalk.org/index.php?board=98.0
Jump to: