Bitcoin stolen. Electrum exploit / phishing

funchiestz

sr. member

Activity: 1134

Merit: 342

Quote from: xtraelv on December 28, 2018, 03:28:02 AM

Initially reported on Reddit it is now mainstream news:

https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/

Quote

Hackers Steal 250 BTC from Electrum Bitcoin Wallets
When ‎the user opens his wallet app, he will be redirected ‎to download a fake update created by scammers.

The official Electrum Github confirms the exploit / phishing attack.

The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.

Updates do not require a user to enter their 2FA

https://github.com/spesmilo/electrum/issues/4968

Quote

There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum

Quote

There wasn't really any extra information given, however most likely the following happened:

user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message

There has been a lot of news about Electrum recently. I guess it's expected to happen. But this time the figure is very serious.

And there is a warning on BTT News you can look at it: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097

(From BTT: Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them.)

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: DooMAD on December 29, 2018, 06:25:20 AM

It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.

It's upsetting, but unfortunately we should expect it from a rational point of view. Casual users are less likely to have strong security protocols and more likely to fall for social engineering attacks like this. For most people, malware has never carried great consequences -- Bitcoin is changing that in a big way. Finding a balance between user-friendliness and security is really hard.

Teamfearless

copper member

Activity: 118

Merit: 0

I think its time for us to make awareness of all this hacking tips and trick .. allot people are afraid to join the crypto race because all this hackers .. and every Team must strengthening their security features so that newbie and beginners cant lose the coins ..

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: SistaFista on December 30, 2018, 09:30:29 PM

On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?

the link that the attacker was pushing to clients to fool them was on github, which was reported and removed the same exact day. i haven't heard of any change or new link popping up yet so basically it was over the same day i think.
as for the update, the new versions still can show you the malicious message if the server sends you one but it won't be formatted anymore. so you won't see a "link", instead it will be a messy text with its markups.

SistaFista

sr. member

Activity: 1638

Merit: 251

Hexhash.xyz

Yeah, it was happening recently. I wonder why electrum wallet can give rich text warning to the users even from the untrusted server.
I read the article, hackers set several servers so they can catch their victim with higher chance.
On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?

thesmallgod

full member

Activity: 1498

Merit: 129

Electrum wallet is too vulnerable to hacking. Almost every year we hear bad news like this about the wallet. the team should look for reliable security means to protect users.

Maestro75

sr. member

Activity: 1960

Merit: 329

Quote from: jhenfelipe on December 28, 2018, 08:31:10 AM

theymos posted about it too yesterday to warn Electrum users. The News/announcement is still there, above the main menu bar.

Quote

News: ♦ Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them. More info

Big problem that the error message pop out inside the official electrum wallet. Probably, there are people who will be deceived.

Early this year too there was an attack on Electrum and a warning was pinned here by Theymos or some guy. It was at that point I stopped using that app. I had to be sure my little satoshi was safe than sorry. Electrum should fix this hacking problem to save it reputation.

Initscri

hero member

Activity: 1582

Merit: 759

Quote from: geminiboy on December 29, 2018, 10:09:10 PM

Electrum is free software, with many crypto users interested in using it so hackers learn hard to hack it, I think this will continue to take the toll of Electrum users who don't read the news about this, hoping that Electrum will quickly improve the security system better and unique

Be careful to say hack in the conventional term. This was basically a phishing/social engineering attack, nothing more. It's not like the attackers were able to get crypto w/o the action of the individual owning the account.

I put 50% on the users who failed to understand how to complete due diligence w/ their downloading, and 50% on Electrum devs for failing to see how allowing server admins to send messages out to Bitcoin users could have been abused.

geminiboy

full member

Activity: 574

Merit: 100

https://ammut.network/

Electrum is free software, with many crypto users interested in using it so hackers learn hard to hack it, I think this will continue to take the toll of Electrum users who don't read the news about this, hoping that Electrum will quickly improve the security system better and unique

pooya87

legendary

Activity: 3472

Merit: 10611

Quote

When ‎the user opens his wallet app, he will be redirected ‎to download a fake update created by scammers.

this has a very tricky wording!
users are NOT redirected anywhere. instead they are simply shown a message that is encouraging them to click a malicious link. since that link is inside their wallet application they don't think it is malicious and click it, then they are "redirected" to where the malicious app is which they have to download and install to steal their coins.

jjjfff

copper member

Activity: 182

Merit: 18

Crypto.BI

Quote from: xtraelv on December 29, 2018, 05:48:03 AM

Quote from: Lizzylove1 on December 28, 2018, 09:31:09 AM

I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.

Hackers wallets are monitored. There are several projects doing that.

What are the hacker addresses?

South Park

hero member

Activity: 2884

Merit: 794

I am terrible at Fantasy Football!!!

Quote from: luispitchler on December 28, 2018, 04:29:26 AM

no wonder there is a warning when i opened my account. these hackers are one of the reasons why people lose their confidence with crypto... something ought to be done about this. really sad. Sad

The only thing that you can do to protect yourself is to keep your eyes open to anything that seems suspicious because if you fall for a trick like this there is no way to recover your bitcoin, while bitcoin give to us the power of being banks this also means that you have the responsibility of securing your coins as if you were your own bank, so if possible store most of the coins that you have in cold storage so this doesn't happen to you.

xtraelv

legendary

Activity: 1288

Merit: 1926

฿ear ride on the rainbow slide

Quote from: DooMAD on December 29, 2018, 06:25:20 AM

It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.

It is terrible for those that were victims of the attacks but I do view what is currently happening as "beta testing".

If we learn lessons from it and better the code and security protocols then it wasn't lost without something being gained from it.

shamc

copper member

Activity: 336

Merit: 1

I use electrum but haven't opened it for a while, luckily i did not use it yesterday otherwise i might have been tempted to update it as instructed. Good to know about this particular scam, i'll be wary of it for future attacks

DooMAD

legendary

Activity: 3948

Merit: 3191

Leave no FUD unchallenged

It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.

xtraelv

legendary

Activity: 1288

Merit: 1926

฿ear ride on the rainbow slide

Quote from: Lizzylove1 on December 28, 2018, 09:31:09 AM

I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.

Hackers wallets are monitored. There are several projects doing that.

Lizzylove1

member

Activity: 858

Merit: 13

Christ The King

I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.

ivannalog814

jr. member

Activity: 182

Merit: 1

I think in our time it has come to the norm as such things happen very often, I personally have faced with phishing and it is unpleasant maturing. Be careful friends money losing is always very painful.

jhenfelipe

hero member

Activity: 1372

Merit: 647

theymos posted about it too yesterday to warn Electrum users. The News/announcement is still there, above the main menu bar.

Quote

News: ♦ Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them. More info

Big problem that the error message pop out inside the official electrum wallet. Probably, there are people who will be deceived.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

From the article in the original post:

" A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side."

This is bullshit, people who lost their coins were tricked into downloading and running malicious client.

"When ‎entering a login and password, the site steals funds from user ‎accounts.‎"

The site is github, it doesn't steal anything. The theft occurs after victims open their Bitcoin wallet files with their new malicious wallets.

Topic: Bitcoin stolen. Electrum exploit / phishing (Read 410 times)