Electrum update: A trader lost 1400 BTC - page 5.

TedMosby

sr. member

Activity: 1120

Merit: 438

https://bitcointalk.org/index.php?topic=5274318.0

moment of silence for that hodler Sad

Quote from: https://github.com/spesmilo/electrum/issues/5072

We are sorry for this, but this message is confusing and too alarming and causes panic among users.
Electrum doesn't have a bug that can be exploited, it cannot be controlled remotely, it has no open vulnerability that can cause loss without user's action.
-snip-

CZ said that Binance already blacklisted the addresses involved, but we all know that it won't help anything.
it can be mixed as well.

so, goodbye 1400 BTC.

bob123

legendary

Activity: 1624

Merit: 2481

I really don't feel sorry for this guy at all.
Storing that amount on an online wallet and not checking the signature when installing a wallet is more than just careless. It is extremely stupid.

And blaming anyone except himself just shows how irrational people can be.

Quote from: cryptoperkele on August 30, 2020, 11:17:22 AM

So what´s the correct method to update electrum wallet? I might have few of the old ones in my old laptops and when ever i get them working again i was planning to go trough my wallets. But i am afraid of any automatic updates now.

There are no automatic updates.
Visit the official website (https://electrum.org) and download the latest version. Then, before installing it, verify the PGP signature. There is a How-to on electrum.org.

Verifying the signature ensures that you are using the version which has been uploaded by the developer and not a malicious one (e.g. from someone who might have hijacked the web server).

mindrust

legendary

Activity: 3276

Merit: 2442

Quote from: cryptoperkele on August 30, 2020, 11:17:22 AM

So what´s the correct method to update electrum wallet? I might have few of the old ones in my old laptops and when ever i get them working again i was planning to go trough my wallets. But i am afraid of any automatic updates now.

Delete the old one. Re-download it from the official website. Check if it is a valid copy or not by comparing the signatures... Cross your fingers so you won't land on the bugged version.

cryptoperkele

member

Activity: 889

Merit: 60

So what´s the correct method to update electrum wallet? I might have few of the old ones in my old laptops and when ever i get them working again i was planning to go trough my wallets. But i am afraid of any automatic updates now.

mindrust

legendary

Activity: 3276

Merit: 2442

Quote from: tomahawk9 on August 30, 2020, 10:07:08 AM

CZ is so dumb, "Not your code, not your funds." really now? Roll Eyes

Not so long ago after binance got hacked, CZ was searching ways to rewind the bitcoin blockchain. He backpedalled after the bitcoin devs explained him how it is an impossible (or damaging, may not really be impossible because eth did it before) thing to pull. This guy is the CEO of the biggest crypto exchange.

Cryptoreflector_666

member

Activity: 728

Merit: 24

Quote from: thesmallgod on August 30, 2020, 08:56:08 AM

According to a tweet shared on the CZ Binance twitter page, a trader has lost around 1400 BTC due to electrum software updates. Some other users of electrum wallet also complained that the message about update comes directly from the electrum server.

https://github.com/spesmilo/electrum/issues/5072#issuecomment-683356052

Any news on damages? The rules of the service must specify actions in case of such emergencies. No one is protected from this, but such cases leave an unpleasant imprint on the reliability of storing their assets and savings in cryptocurrency. I hope the investor will be able to return their funds. Good luck!

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: Ayiranorea on August 30, 2020, 09:53:12 AM

A small update isn't gonna cause such a big loss in bitcoin. Every big loss will be caused by a big team or it'll be executed by the team itself.

Actually no, a "small update" can easily turn out to be a disaster if you don't take care of the security of your millions worth of BTC. I would rather look up the safest way to open a 3-year old wallet worth that much than risk losing it all and crying out loud later. Do you think the scammers only target high-value addresses? Electrum's devs aren't to blame for it. It's just stupidity at its best.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Tell me a person that isn't fool and carries 1400 bitcoins on a non verified electrum wallet. These should be on a cold wallet right now.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

This Electrum bug was first published in December 2018, and has been widely publicized and discussed on their website, on GitHub, on this forum, on Reddit, on Twitter, on Medium, on every social media platform imaginable and on every instant messaging service imaginable.

Not only has this user broken the most basic rules (only download from the official site and always verify your download before running it), and not only have they stored 1,400 BTC on a non-airgapped software wallet, but they also haven't kept even the slightest bit up to date or paid the slightest bit of attention to the security of their coins in almost 2 years.

Blaming Electrum for this is moronic. This is like clicking on a random link in an email, downloading the file it leads you to, and then being shocked when your personal data is stolen by malware.

logfiles

copper member

Activity: 2170

Merit: 1822

Top Crypto Casino

It still surprises me how someone can own 1,400 BTC but still fail to secure the Bitcoin stash using a couple of Hardware wallets that don't cost more than 100 quid each Roll Eyes

That was very dumb of him and I guess he had to pay $16 Million tuition fees to just learn that lesson.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

I was finding it hard to believe this case. After all, 1400 BTCs in 2017 had a value between 1,1M$ and 28M$ (back then), and even if the last time he used the wallet was when the value was on the lower range of the two, it does not seem plausible for a trader not to have used the wallet all the way through the ATH (and the 28M$ equivalent) and subsequent fall in price.

He does provide the BTC address of the recipient, bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny, and it does indeed receive the said amount on the 29/08/2020. What’s more, the recipient’s address is related to fake electrum updates here on this forum:

Trying to take my money
I lost my Bitcoins by fishing attack "update electrum 4"
Bitcoin 'successfully' transferred to an invalid bitcoin address
Lost Money?
What to do when i sent bitcoin and receiver states they didn't receive it?

The address is certainly related to fake updates, as the above threads point towards. The only doubt is if @1400BitcoinStolen really suffered this in person, or is piggybacking on some other person’s case, but the TX exist to the scammers address with prior cases of a kind.

tomahawk9

hero member

Activity: 2086

Merit: 994

Cats on Mars

thread title is misleading, probably bc of the wording used, i think it should be "Because of vulnerability in wallet, user lost 1400 btc" Huh

regardless, why would anyone use old software to open their wallet? let alone if there's 16 million dollars worth of btc in the wallet? no one to blame but the user...And he shoulda spread those coins to different addresses, but according to the tx, this person has been hodling those coins in the same address since 2017 :/

Quote from: sheenshane on August 30, 2020, 09:40:27 AM

So, this is the link to the CZ tweet. https://twitter.com/cz_binance/status/1300060478656274433

CZ is so dumb, "Not your code, not your funds." really now? Roll Eyes

Fundamentals Of

sr. member

Activity: 2380

Merit: 366

I doubt the victim is updating his wallet using the official Electrum website which is Electrum.org. The message about update should come directly from the Electrum server but it could happen that the user made the downloading of the latest version from an unofficial site of Electrum, a phishing site most probably.

Poker Player

legendary

Activity: 1372

Merit: 2017

I hope he didn't put all his eggs in one basket.

If I had 1400 bitcoin in an electrum wallet, I would also have at least 1000 in some other wallet and apart from that a lot of money in fiat, stocks, mutual funds etc.

Ayiranorea

sr. member

Activity: 1246

Merit: 255

Leading Crypto Sports Betting & Casino Platform

A small update isn't gonna cause such a big loss in bitcoin. Every big loss will be caused by a big team or it'll be executed by the team itself. What' has happened with Binance trader too seems to be a planned scam. 1400 BTC is a big volume, and Binance will not ruin its reputation with this volume of funds. The reserve of Binance is much high compared to the value that's been scammed. Electrum has gained trust as a best wallet, but this isn't fair play from electrum.

sheenshane

legendary

Activity: 2492

Merit: 1232

So, this is the link to the CZ tweet. https://twitter.com/cz_binance/status/1300060478656274433

Quote from: hosseinimr93 on August 30, 2020, 09:26:58 AM

What happened is probably due to the vulnerability already reported in Electrum versions older than 3.3.4.

I tend to agree and I suspected that this was also might have happened. I almost downloaded a phishing link before that popup on the app of Electrum at this version (3.3.4) but good thing I went to the official website and download the latest version. The warning on the Electrum app will not probably appear if you are currently at version 3.3.4. and the victim has used an old version.

Sad to know that the most who will fall in the trap are those who didn't know how to secure their wallet. Once you have Bitcoin, you should also know technical stuff to secure your assets. If the victim know how to verify GPG signature before downloading app, might the Bitcoin is safe.

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

So basically this guy was using a ver old version of Electrum which he would have downloaded from some unofficial source and this made the hackers able to steal his funds from his wallet. This is completely the user's fault since he should have installed the latest version of Electrum and that too from an official source.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

What happened is probably due to the vulnerability already reported in Electrum versions older than 3.3.4.
In versions older than 3.3.4, servers were able to show any message when broadcasting a transaction. The server could easily trick users by asking them to install an update (actually a malware).

Below is what stated on Electrum official website.

More details about the issue can be found in the link below.
when broadcasting transaction, error message from server is displayed as is

Pffrt

sr. member

Activity: 1372

Merit: 322

Anyone holding such amount of BTC should get updates what's going on around. The guy didn't access his wallet since 2017 and installed an old wallet. It's definitely a mistake from his side and electrum has nothing to do with it. They should have checked the website before installing an old wallet.

avikz

legendary

Activity: 3080

Merit: 1500

I doubt Electrum has anything to do with this scam! The person was probably using a compromised wallet .exe file. See what he says,

Quote

I had 1,400 BTC in a wallet that I had not accessed since 2017. I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds.

I installed the update which immediately triggered the transfer of my entire balance to a scammers address.

So I suggest you to change the subject line of your thread as it seems that Electrum itself did such scam!

Topic: Electrum update: A trader lost 1400 BTC - page 5. (Read 1101 times)