Author

Topic: Electrum has a backdoor in it I dont care what any of you idiots say. (Read 265 times)

hero member
Activity: 3010
Merit: 794

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.
Love that option 3 which would suit out for OP.  Grin

Ok I'm uploading proof shortly.

24 hours later, and still nothing?  What is your definition of "Shortly?"

This whole thread is a joke.  Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.

Im little bit triggered on the topic title but it seems OP doesnt have the plan to make argumentation on this thread.

He do tries to prove something but eventually failed. Sad
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
It looks like he scanned a fake one and he scanned a standalone Executable which is electrum-3.3.6.exe

I already scan the standalone executable file and other installers the result is different from the original one.

Here's the result for standalone https://www.virustotal.com/gui/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection
For installer https://www.virustotal.com/gui/file/7bc45c53a0179f5889dd68c7f023c6b27e050bf73c84bcd854a6ffe3a83bdf1d/detection
For portable https://www.virustotal.com/gui/file/f46d34e29d148c1257183f12e1a1beee2ea31677c280e006f46d57261514d13e/detection
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Ok I'm uploading proof shortly.

24 hours later, and still nothing?  What is your definition of "Shortly?"

This whole thread is a joke.  Anyone who puts "I dont care what any of you idiots say" in the subject of the thread is not playing with a full deck, and is unlikely to engage in a meaningful discussion.
legendary
Activity: 1624
Merit: 2481
The author himself or one of the contributors is infecting the shit out of people.

[...]

This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection

If you don't know how AV engines work, please stay away from posting this nonsense.
Noone needs your brainless contribution here.


All of these AV's which flagged electrum work with heuristics, NOT runtime analysis. They are false positives.
If you don't understand that, its fine.  But stop spreading your bullshit.


It is easy as hell to create malware which is NOT detected by AV's.
So.. please explain.. why should ThomasV (who is a very good developer) be stupid enough to get a potential malware flagged as malware ?  Huh  This doesn't make any sense.
It takes less than 5 minutes to get malware obfuscated enough so that it won't be detected as malware anymore.



POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.

I think you misunderstood something.. Noone wants you to upload something.
Just tell us where in the source code the backdoor is.

Source code: https://github.com/spesmilo/electrum

We are waiting.
copper member
Activity: 21
Merit: 0
Non Serviam
POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum

Ok I'm uploading proof shortly.
legendary
Activity: 2758
Merit: 6830
POINT ANYWHERE IN THE SOURCE CODE (which is open) WHERE THERE IS ANY KIND OF IMPLEMENTATION OF A VIRUS and I’ll give you my entire BTC balance.

https://github.com/spesmilo/electrum
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
The author himself or one of the contributors is infecting the shit out of people.
https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection

you can't accuse people when you don't provide any proof.
this file you posted here is 5.23 MB while the Electrum installer for windows (.exe) is 35.28 MB. so obviously you have something else that only has the same name! the runner alone is also 6.01 MB!

Quote
This copy of electrum has been on my desktop for 1 week now,
This is the copy I just downloaded.
https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection
how is it that you easily trust a closed source website with a bunch of closed source antiviruses that you don't even know what they do and you can't trust something that is open source?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
We are talking about the proper Electrum here. And yes, it is flagged, in every version, by more or less antiviruses.
An antivirus is usually looking in the file for certain sequences of bytes (virus signatures). It's a method that can easily produce false positives.
Also, yeah, it's known that the Pyhon packer also produces false positives.
The binaries are not built by the one that writes the code, exactly for double checking and to avoid surprises.
Also, OP, don't rule out that maybe something else you have installed could have already damaged something.

The following words tell it all:

If you trust the developers of the project, you can verify the GPG signature, and ignore any anti-virus warnings.

If you don't trust the developers with not backdooring the binaries, you can (1) build binaries yourself; or (2) you can run from source. Some of the binaries are built reproducibly, so you can also check that those match.

I can only add a 3rd option: you can always use another wallet, nobody is forcing you use Electrum.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Someone has been spreading malware versions of Electrum for months now.  Just this past Monday there was a newbie who posted a "plea for help" with a link to fake version of 3.3.6.  These are common phishing attempts.

The real version of Electrum gets flagged by some antivirus suites as a false positive.  This issue has been known and recognized for many years.

The only way to insure that you have the real version of the wallet software is download from (and only from) the official website, electrum.org, and check the PGP signature.

Don't be an idiot yourself and rely on what others say.  Be diligent and you'll be safe.
copper member
Activity: 21
Merit: 0
Non Serviam
The author himself or one of the contributors is infecting the shit out of people.


https://www.virustotal.com/#/file/5238c681a9b3d84fa8c47e46bf382a9543bde4c5eef1a42d768e6254be373e86/detection


This copy of electrum has been on my desktop for 1 week now,


This is the copy I just downloaded.

https://www.virustotal.com/#/file/186004db7e502426b974d4deeeac4b97b1b779cf2060f376ddaceea0954bd3bd/detection
Jump to: