Pages:
Author

Topic: Critical Security Release: Please update to Electrum 3.0.5 - page 3. (Read 956 times)

legendary
Activity: 1498
Merit: 1117
Oh shit!

I have 13.5BTC in my Electrum wallet with passwords protected but not very strong. i haven't claimed any forks yet. I use windows 10 with a licensed Kaspersky security. what are best advices for me?

if you really have 13.5 BTC then i would buy a hardware wallet.  
https://www.ledgerwallet.com or https://trezor.io.
newbie
Activity: 28
Merit: 0
Oh shit!

I have 13.5BTC in my Electrum wallet with passwords protected but not very strong. i haven't claimed any forks yet. I use windows 10 with a licensed Kaspersky security. what are best advices for me?
copper member
Activity: 1442
Merit: 529
Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.

I was in the same situation as you , I had version 2.9.3 sitting around from a lot of time so I just installed the latest version from the official electrum website and I checked my balance and my settings, everything was untouched so I guess I am safe. Still I have not a big amount in my electrum wallet as I keep majority of my coins in Ledger HW.1 hardware wallet.
hero member
Activity: 2576
Merit: 883
Freebitco.in Support https://bit.ly/2I9BVS2
Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.

Yes, that would work fine. Always make sure you have written down your seed phrase before upgrading just in case. You'll find instructions on how to split the coins on this board of the forum when you're ready to do it. If you're not using Electrum then there is also no hurry to upgrade. Just don't open the old Electrum and surf the web at the same time.
newbie
Activity: 2
Merit: 0
Apologies for basic question, but just wanted to check the following:

I have an older version (2.8.x)
I have not split my forked coins - everything has been untouched for some time.
Am I correct in thinking I can just download the latest version and it will open my current wallet by default, leaving all forked coins intact and accessible until I manage to stop being such a luddite and learn how to separate them?

Thanks in advance.
sr. member
Activity: 385
Merit: 257
Open to any CryptoBusiness idea you have for Ghana
Let me get something straight.

I simply installed v 3.0.4 to overwrite current version
Is this appropriate??

Or do i have to completely uninstall the old version, and then reinstall the new v 3.0.4  and then do a restore of the wallet
legendary
Activity: 3948
Merit: 3191
Leave no FUD unchallenged
If you update to 3.0.4., is there still a threat ?

By their very nature, vulnerabilities like this can only be patched once they're discovered.  3.0.4 fixes this threat, but there could always be others.  Always remember that there's an entire internet full of potentially dangerous people out there who would much rather see some Bitcoin in their wallet rather than yours.  It's ultimately your responsibility to secure the computers or devices that you use to store your funds.  Human nature means it's easy to get complacent about security, but that leads to breaches and potential loss of your funds.  Always be vigilant.  Keep backups, use strong passwords, be wary of browsing the internet with JavaScript fully enabled, don't allow your devices to be infected with keyloggers or other malware, don't leave large sums in a single wallet, and consider things like cold storage, multisig and paper wallets.
sr. member
Activity: 385
Merit: 257
Open to any CryptoBusiness idea you have for Ghana
I don't know about the technicalities or how they are to hack the software with all the mnemonics attached. When I saw the flash message early in the day, I upgraded immediately and my wallet is already password protected. I hope everything is safe and everyone is able to stop panicking especially those who are not on the forum to read the warning and the progress that has been made. Electrum is one wallet that to a large extent has been able to create a niche for itself and I think vulnerability at this time will tarnish the over the years reputation.
You are right.
1. I am protected by a decent wallet password
2. I only use mozilla browser
3. I have upgraded to the v3.0.4

Nevertheless, this vulnerability is getting into my head too much.
Its image has already been tarnished with me and it may be the same with other people and is likely to last for years.
I love electrum though for its light-weight feature and other features as well.

Maybe i should give electrum a second chance
newbie
Activity: 19
Merit: 0
If you update to 3.0.4., is there still a threat ?

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Should we install new version and make new seeds then transfer all old balances to new one?
Who pays the fee?

That's unnecessary, theymos states here and there is also a little insight into what would happen if you had been hacked and how to notice it. If you do want a clean wallet, you can transfer to your new wallet. Don't expect a dev to pay for your fees though as it's open source and "offered with no warranty". If you had a password set on your wallet, it should be more difficult to hack your wallet using json responses from a server.
I use 3.0.1 version. Is there a guide or video where I can see how to upload to a new version?
Providing you have your seed written down, just run through the next install and put your seed into it when asked.
member
Activity: 322
Merit: 40
“The Premier Digital Asset Management Ecosystem”
I use 3.0.1 version. Is there a guide or video where I can see how to upload to a new version?
sr. member
Activity: 1120
Merit: 255
Should we install new version and make new seeds then transfer all old balances to new one?
Who pays the fee?
hero member
Activity: 1330
Merit: 569
I don't know about the technicalities or how they are to hack the software with all the mnemonics attached. When I saw the flash message early in the day, I upgraded immediately and my wallet is already password protected. I hope everything is safe and everyone is able to stop panicking especially those who are not on the forum to read the warning and the progress that has been made. Electrum is one wallet that to a large extent has been able to create a niche for itself and I think vulnerability at this time will tarnish the over the years reputation.
sr. member
Activity: 385
Merit: 257
Open to any CryptoBusiness idea you have for Ghana
A new release was made to mitigate the impact of this bug: https://github.com/spesmilo/electrum/issues/3374

See release notes here: https://github.com/spesmilo/electrum/compare/fdd10bfb6083%5E...063ec0a758dd

Download from electrum.org/#download

one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?
kind of.
but it was just a quick fix.
They removed CORS till they release update which will protect the JSON RPC with password
legendary
Activity: 2464
Merit: 1387
All my wallets have a strong password, and I only use electrum on a Linux machine.

Am I pretty safe?

Say I didn't touch my wallet or entered the password while the computer was connected to the internet, Am I considered safe?  And If I don't touch it now untill I actually feel like I have to move some funds should I update to 3.0.4 and just use my normal wallet using the passphrase? So basically if I don't leave my electrum software on while in browser I'm basically safe?

as from the announcement by theymos if we dont use the electrum wallet without upgrading
it will be fine and if we have a strong passphrase set up we are marginally less at risk.
Lets see how this pans out but a safe bet would be to upgrade as per above advice.

**THANKS TO THEYMOS AND THE ADMINISTRATORS FOR ALL THE BACKGROUND WORK THAT GOES INTO THE WORKINGS OF THE FORUM AND FOR KEEPING EVERYONE SAFE!!
legendary
Activity: 3948
Merit: 3191
Leave no FUD unchallenged
one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?

My understanding is that since the exploit utilises CORS, 3.0.4 simply disables CORS until a more permanent solution is found.  It will make your wallet safe, but it's more of a stopgap than a solution.  I think they use the word "mitigate" because it's possible some wallets may have already been compromised if they didn't have a password.  This update obviously won't be able to undo any damage that has already been done.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Very bad news for Electrum users,there is a fix but I think in process of upgrade many may become victims of phishing sites which are shown sometimes at the top of search results like add from Google.So use only legit Electrum site : https://electrum.org/#home

I use Electrum only in combination with Ledger,is old version of Electrum can in any way compromise Ledger?I think answer is no,but I know that Electrum  v3 is not working on Windows 7&8,any info is this fixed with 3.0.4 version?

If you use ElectronCash there is also upgrade to 3.1.1 with note that old version are not safe,probably Electrum for LTC&DASH need update too and before that it is not advisable to use them.
hero member
Activity: 1666
Merit: 565
A new release was made to mitigate the impact of this bug: https://github.com/spesmilo/electrum/issues/3374

See release notes here: https://github.com/spesmilo/electrum/compare/fdd10bfb6083%5E...063ec0a758dd

Download from electrum.org/#download

one important question: you say "mitigate". So 3.0.4 version doesn't solve completely this bug?
member
Activity: 294
Merit: 29
All my wallets have a strong password, and I only use electrum on a Linux machine.

Am I pretty safe?
member
Activity: 147
Merit: 10
Say I didn't touch my wallet or entered the password while the computer was connected to the internet, Am I considered safe?  And If I don't touch it now untill I actually feel like I have to move some funds should I update to 3.0.4 and just use my normal wallet using the passphrase? So basically if I don't leave my electrum software on while in browser I'm basically safe?
Pages:
Jump to: