Author

Topic: [Beware] Ongoing Electrum Phishing Attempt (Read 223 times)

legendary
Activity: 2702
Merit: 4002
February 19, 2019, 02:18:36 PM
#4
the good thing is Electrum is quick to act and I know see on their website that they have announced the current situation.
Not only that, but the fame of this wallet makes any hack under the radar is easy to identify and reveal, especially in this forum or reddit.com/r/Bitcoin.
I have read about this attack a few days ago so I do not expect the impact of many users.
generally, thanks to everyone who contributed to the warning others.

Also, traditional tips help to avoid a lot of stuff.
hero member
Activity: 1680
Merit: 655
February 19, 2019, 06:56:30 AM
#3
Here is the message being broadcasted to the older versions of Electrum:


I found this on the issues tab of Electrum in Github, and it looks like users using an older version of Electrum who are trying to send Bitcoin will receive this message at the same time their transaction won't be created. Electrum has been in similar attacks with their software before but this one is unique on how they try to infiltrate their users, the good thing is Electrum is quick to act and I know see on their website that they have announced the current situation.
sr. member
Activity: 2254
Merit: 258
February 19, 2019, 06:21:30 AM
#2
Metacert is now a paying subscription but for $5 or more a month, it will save you from a phishing attack, sometimes it's hard to detect the right one from the wrong one and of course, only download from official sites, some duplicate download sites are injected with redirection.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
February 18, 2019, 01:18:49 AM
#1
Several weeks ago a few users of the popular bitcoin desktop wallet Electrum reported loss of their bitcoin after downloading a malicious versions of software.

The scammers were able to infect Electrum servers to broadcast messages to users of older versions of the software.  The message would trick users into downloading the malware.  Recent releases of Electrum are able to prevent the messages from being broadcast by the compromised servers, but users who are still using versions prior to 3.3.3 are still vulnerable.  

I'm posting this here to help bring awareness to the issue.  If you are using an older version of Electrum it is recommended you upgrade to the latest version.

Only download Electrum from the official website:  https://electrum.org/
Don't forget to check the signature.  

More information can be found here: https://github.com/spesmilo/electrum/issues/4968

Originally the scammers directed victims to download the malware from the impostor's github repository, but github has since shut down the scammers account.  However it appears the scammer is still attempting to take advantage of the vulnerability by now directing his potential victims to a new site for downloading the malware.

Warning: Do not visit the site listed blow.  It is displayed only for your reference.
Code:
https://electrumdownload.com/

Jump to: