Thanks for sharing it here, I definitely would have missed this news, since I barely visit Reddit any more.
Luckily I only use Electrum to receive small amounts, but it would have sucked if I'd fallen for this.
It prompted me to check out the official Electrum Github page, just so I can memorize that account.
Regardless, I think I'll just always download the binaries from their official website and update manually.
Topic: Bitcoin stolen. Electrum exploit / phishing - page 2. (Read 373 times)
no wonder there is a warning when i opened my account. these hackers are one of the reasons why people lose their confidence with crypto... something ought to be done about this. really sad. 
There's a few harsh lessons to unpack here.
When downloading a new wallet release, make sure you're on the genuine site. In this case, it was a fake Github repository. The official Github wasn't compromised, nor was electrum.org.
Next, always verify the release signature. This is how to do that for Electrum. I would also recommend using Electrum as an offline wallet for additional security.
When downloading a new wallet release, make sure you're on the genuine site. In this case, it was a fake Github repository. The official Github wasn't compromised, nor was electrum.org.
Next, always verify the release signature. This is how to do that for Electrum. I would also recommend using Electrum as an offline wallet for additional security.
Unfortunately such attacks are very common and you can't be careful enoug so it's good to use every possible protection you can implement. Hackers are very active and will always misuse any vulnerability they find.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
Yes it is unfortunate. Awareness reduces victims.
Electrum generally is a good product. There is a lot to be learned from exploits.
Where this phishing is unique is that it is prompted by a visit to the genuine site. So it is a Electrum server exploit prompting users to be phished.
Unfortunately such attacks are very common and you can't be careful enoug so it's good to use every possible protection you can implement. Hackers are very active and will always misuse any vulnerability they find.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
Initially reported on Reddit it is now mainstream news:
https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/
The official Electrum Github confirms the exploit / phishing attack.
The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.
Updates do not require a user to enter their 2FA
https://github.com/spesmilo/electrum/issues/4968
https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/
Quote
Hackers Steal 250 BTC from Electrum Bitcoin Wallets
When the user opens his wallet app, he will be redirected to download a fake update created by scammers.
When the user opens his wallet app, he will be redirected to download a fake update created by scammers.
The official Electrum Github confirms the exploit / phishing attack.
The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.
Updates do not require a user to enter their 2FA
https://github.com/spesmilo/electrum/issues/4968
Quote
There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum
Quote
There wasn't really any extra information given, however most likely the following happened:
user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message
user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message
Jump to: