Topic: How I got hacked by Electrum Official Wallet [0.10 BTC] (Read 833 times)

Sorry for your loss.
In the future please don't repeat such mistakes and take the time to verify and double check everything you do.

Bookmark the official website and when you need to download an update, do it only from your bookmarked link. When you visit the official site, it tells you that older versions of the software are vulnerable to phishing. 
The warning message takes you here > https://github.com/spesmilo/electrum/issues/4968

Each official release includes a signature file. You need to download those and verify that the software is signed with the key of the official developer, ThomasV. Anything that isn't is fake.

Update :

This scam is still on going.

I just lost my whole wallet also 2 days ago.

I was keeping 0.42813222 BTC for more than 2 years.

Didnt touch this wallet all that time.

Wanted to transfer the funds to a stacking website, i was thinking those btc should better make babies than sleeping.

So yea, was doing many thing at the same time, went too fast.

There is no auto update in old version of electrum.

I just tried to send my funds, got the popup forcing me to update, clicked the link, open the download, login again with my seed, got directly REKT.

Please guys be really carefull! Always download lastest version of electrum from the offcial website before trying anything. Or just dont use it and take a ledger.

This is the SCAM version of electrum that the popup made me download (Only figured out the weird domain name when it was too late) :
https://imgur.com/a/mvSIn9T

This is the official version :
https://imgur.com/a/Gz3knGr

This is the adress where you can see every people getting REKT live :
https://blockstream.info/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny

There is actually 4 guys who got scammed after me
And there is one guy who lost 1405.10027055 BTC just one day before me  

I think there is nothing we can do, only thank god for still being healthy and forget about that money.

The only clever thing i found out to do was to totally format / reinstall my computer and spread the word to avoid potential future victims.

Bad vibes forever - xxx

i lost about 0.18 BTC...ignored the Browser Warning and the Windows 10 Defender warning, because i was in a hurry to transfer some Coins. Completely my fault...this will never happen again but i still cant get over it for now

I fully understand, but if an official app asks to make an update usually when we trust any application. You do not check where Skype, facebook, etc updates come from. You just click update and trust it.
I learnt a lesson, but it cost me too much.

It’s very unlikely.

What happened? If you downloaded a fake Electrum or another malware, you should definitely reinstall your OS and create a brand new wallet. Be careful with what you click and download. ELECTRUM.ORG is the ONLY legit website.

You should also always verify your Electrum file to make sure it is legit: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/

Just lost 0.505 BTC... Is there a way to do something regarding this? As I see there are a lot of people who lost their holdings. To contact e-police or something?

haha , I thought Dog was the most honest and obedient animals to humans

Some people get rich quickly like the person who hacked or is hacking electrum users, but these kinds of money does not last longer.

Sorry for your loss chap.

Fuckin hell! I don't know if he's ever going to stop getting them. He's pretty much sorted out for rest of his life. Why doesn't Electrum highlights this issue on their website and kinda promotes the use of the official wallet and not the hacked one. Always one thing to remember, in the crypto-world, don't even trust your dog. 

Yup, downloaded the fake Electrum. Thanks for the advice

It is sad to hear about Joel's loss. I am completely shattered to see how many people would have lost their significant savings because of this malware as the receiving address has total received more than 250+ BTC  https://m.btc.com/bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x

Let's not forget to verify the signature.

If you don't have software that can do so already, grab OpenGPG and do yourself a favor.

---

Even if the website appears safe, you should verify at every step.

Wait. If you got hacked, it was probably because:

A) you downloaded a fake Electrum from somewhere.
B) your PC is infected with a malware.

In any case, you SHOULD consider your PC and wallet compromised. Reinstall your whole OS, download Electrum ONLY from ELECTRUM.ORG and create a brand new wallet.

This vulnerability explained in this thread was fixed months ago, so probably it doesn’t have anything to do with your case.

Got hacked too. Is it still safe to use my Electrum account if I change the password?  Not sure exactly how the hack works and if they will still be able to access account.

Sorry for your loss. I think 98% peoples will get scam by this way if they don't know about this attack. Usually when we trust any application then if we receive update link from same application, obviously we trust it. My question is how hacker show this popup on original wallet? And this is not just single case. That means wallet server was under attack. I don't see much mistake from OP side, its just bad luck.

However, thanks for share it although I have seen a post regarding it. But bad luck is you missed it. To be honest no any system is safe.

To be honest... the "fake update message" exploit isn't really that much different to blind spamming people an email that says "There is a problem with your bank account, please log in to check your security details"-type phishing scams... or cold calling from "Microsoft Support" offering me a refund.

The only real difference is that it was a lot better targeted as it was aimed directly at Electrum users... as opposed to me getting an email that says "There is a problem with your Bank of America account"... when I don't live in America or bank there

The exploit itself did not actually affect the security of the wallet... the attackers could spam you with fake popup messages all day, every day... and your coins would be safe. You could deliberately connect to a "bad server" and your coins would still be safe. They could not hack your wallet directly using this exploit. Users only lost coins when they downloaded, installed and ran a fake version of the wallet.

Was the exploit clever? Ya damn skippy it was! It had been in the codebase for years and no-one noticed it... or figured out a way to exploit it... but that is generally how these things work. As for being "diligent", even the Heartbleed OpenSSL bug was around for a couple of years before being "discovered".

The devs patched the issue pretty quickly after it was identified... unfortunately, that doesn't stop bad actors from spooling up bad servers and trying to catch out unfortunate users who haven't seen the news. Just like there are still folks who fall for the Microsoft Support and Nigerian Prince scams.

Sadly, some humans are just scum... and use their powers for evil

I'm sure most other things have just as many holes, but this is the one attracting the most consistent heat and has lost users the most money. If they had been diligent this wouldn't have happened but not everyone is on top of things all the time.

So, Electrum isn't safe anymore now that they fixed the exploit?

Why does discovering a small exploit (yes, small) make a software unsafe forever? Even BitcoinTalk has been invaded before (remember the breach?), and both Ledger and Trezor have been exploited before.

In the whole ecosystem, Electrum is one of the safest wallets. A small exploit of unfiltered message errors from third-party servers (that's all it was) won't change that.

Its understandable to fall for something like this.  Its not the dumbest thing to fall victim to and honestly it almost got me as well if I didn't check this forum beforehand.  I never like to see the victim blamed.  I'm starting to doubt electrum myself with all the mess it has been going through and will be exploring other wallets to use.

Please don't sweat the loss too much Joel, people have lost a lot more and you can always make your money back.

If I were OP I may well have done the exact same thing if I hadn't read up about such things.

I don't understand why anyone uses a PC wallet. I don't understand why anyone uses this wallet. It might have some use on an offline machine but I don't get why it's still recommended. It's a slightly different matter if you're running your own node but even then you're still on an inherently insecure machine.



I've never heard of an exploit of this nature with any other wallet of any other nature. That says to me Electrum isn't safe. It could easily be possible with others, maybe they're not worth the effort, but there seem to be so many problems with Electrum now it's not worth touching.

I wasn't saying that to you. I was talking to the user above that said Electrum wasn't safe because of this.

I understand why many people fell for this, so I'm not blaming all of that on the users. But I've been using Electrum for over 2 years and I ALWAYS verify the signatures before using a new version. Mainly if the URL isn't "electrum.org" (I always triple check every single time).

It's modifying the response on the hacker's server. Since he is hosting it, he can do everything he can (the code is open after all). That's not a big deal. It would be a huge exploit if he could change the way other public servers behaved.