Author

Topic: How I got hacked by Electrum Official Wallet [0.10 BTC] (Read 833 times)

legendary
Activity: 2730
Merit: 7065
Sorry for your loss.
In the future please don't repeat such mistakes and take the time to verify and double check everything you do.

Bookmark the official website and when you need to download an update, do it only from your bookmarked link. When you visit the official site, it tells you that older versions of the software are vulnerable to phishing. 
The warning message takes you here > https://github.com/spesmilo/electrum/issues/4968

Each official release includes a signature file. You need to download those and verify that the software is signed with the key of the official developer, ThomasV. Anything that isn't is fake.
newbie
Activity: 1
Merit: 0
Update :

This scam is still on going.

I just lost my whole wallet also 2 days ago.

I was keeping 0.42813222 BTC for more than 2 years.

Didnt touch this wallet all that time.

Wanted to transfer the funds to a stacking website, i was thinking those btc should better make babies than sleeping.

So yea, was doing many thing at the same time, went too fast.

There is no auto update in old version of electrum.

I just tried to send my funds, got the popup forcing me to update, clicked the link, open the download, login again with my seed, got directly REKT.

Please guys be really carefull! Always download lastest version of electrum from the offcial website before trying anything. Or just dont use it and take a ledger.

This is the SCAM version of electrum that the popup made me download (Only figured out the weird domain name when it was too late) :
https://imgur.com/a/mvSIn9T

This is the official version :
https://imgur.com/a/Gz3knGr

This is the adress where you can see every people getting REKT live :
https://blockstream.info/address/bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny

There is actually 4 guys who got scammed after me
And there is one guy who lost 1405.10027055 BTC just one day before me  Shocked Shocked Shocked

I think there is nothing we can do, only thank god for still being healthy and forget about that money.

The only clever thing i found out to do was to totally format / reinstall my computer and spread the word to avoid potential future victims.

Bad vibes forever - xxx
newbie
Activity: 8
Merit: 0
i lost about 0.18 BTC...ignored the Browser Warning and the Windows 10 Defender warning, because i was in a hurry to transfer some Coins. Completely my fault...this will never happen again but i still cant get over it for now Undecided
newbie
Activity: 8
Merit: 0
Quote
Be careful with what you click and download

I fully understand, but if an official app asks to make an update usually when we trust any application. You do not check where Skype, facebook, etc updates come from. You just click update and trust it.
I learnt a lesson, but it cost me too much.
legendary
Activity: 2758
Merit: 6830
Just lost 0.505 BTC... Is there a way to do something regarding this? As I see there are a lot of people who lost their holdings. To contact e-police or something?
It’s very unlikely. Undecided

What happened? If you downloaded a fake Electrum or another malware, you should definitely reinstall your OS and create a brand new wallet. Be careful with what you click and download. ELECTRUM.ORG is the ONLY legit website.

You should also always verify your Electrum file to make sure it is legit: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/
newbie
Activity: 8
Merit: 0
Just lost 0.505 BTC... Is there a way to do something regarding this? As I see there are a lot of people who lost their holdings. To contact e-police or something?
member
Activity: 183
Merit: 30
Yup, downloaded the fake Electrum. Thanks for the advice
Sorry for your loss chap.

It is sad to hear about Joel's loss. I am completely shattered to see how many people would have lost their significant savings because of this malware as the receiving address has total received more than 250+ BTC  https://m.btc.com/bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x
Fuckin hell! I don't know if he's ever going to stop getting them. He's pretty much sorted out for rest of his life. Why doesn't Electrum highlights this issue on their website and kinda promotes the use of the official wallet and not the hacked one. Always one thing to remember, in the crypto-world, don't even trust your dog. 
haha Grin Grin, I thought Dog was the most honest and obedient animals to humans Tongue

Some people get rich quickly like the person who hacked or is hacking electrum users, but these kinds of money does not last longer.
legendary
Activity: 1988
Merit: 1317
Get your game girl
Yup, downloaded the fake Electrum. Thanks for the advice
Sorry for your loss chap.

It is sad to hear about Joel's loss. I am completely shattered to see how many people would have lost their significant savings because of this malware as the receiving address has total received more than 250+ BTC  https://m.btc.com/bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x
Fuckin hell! I don't know if he's ever going to stop getting them. He's pretty much sorted out for rest of his life. Why doesn't Electrum highlights this issue on their website and kinda promotes the use of the official wallet and not the hacked one. Always one thing to remember, in the crypto-world, don't even trust your dog. 
newbie
Activity: 2
Merit: 0
Got hacked too. Is it still safe to use my Electrum account if I change the password?  Not sure exactly how the hack works and if they will still be able to access account.
Wait. If you got hacked, it was probably because:

A) you downloaded a fake Electrum from somewhere.
B) your PC is infected with a malware.

In any case, you SHOULD consider your PC and wallet compromised. Reinstall your whole OS, download Electrum ONLY from ELECTRUM.ORG and create a brand new wallet.

This vulnerability explained in this thread was fixed months ago, so probably it doesn’t have anything to do with your case.

Yup, downloaded the fake Electrum. Thanks for the advice
member
Activity: 183
Merit: 30
It is sad to hear about Joel's loss. I am completely shattered to see how many people would have lost their significant savings because of this malware as the receiving address has total received more than 250+ BTC  https://m.btc.com/bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x
copper member
Activity: 2562
Merit: 2510
Spear the bees
Reinstall your whole OS, download Electrum ONLY from ELECTRUM.ORG and create a brand new wallet.

This vulnerability explained in this thread was fixed months ago, so probably it doesn’t have anything to do with your case.
Let's not forget to verify the signature.

If you don't have software that can do so already, grab OpenGPG and do yourself a favor.
Even if the website appears safe, you should verify at every step.
legendary
Activity: 2758
Merit: 6830
Got hacked too. Is it still safe to use my Electrum account if I change the password?  Not sure exactly how the hack works and if they will still be able to access account.
Wait. If you got hacked, it was probably because:

A) you downloaded a fake Electrum from somewhere.
B) your PC is infected with a malware.

In any case, you SHOULD consider your PC and wallet compromised. Reinstall your whole OS, download Electrum ONLY from ELECTRUM.ORG and create a brand new wallet.

This vulnerability explained in this thread was fixed months ago, so probably it doesn’t have anything to do with your case.
newbie
Activity: 2
Merit: 0
Got hacked too. Is it still safe to use my Electrum account if I change the password?  Not sure exactly how the hack works and if they will still be able to access account.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Sorry for your loss. I think 98% peoples will get scam by this way if they don't know about this attack. Usually when we trust any application then if we receive update link from same application, obviously we trust it. My question is how hacker show this popup on original wallet? And this is not just single case. That means wallet server was under attack. I don't see much mistake from OP side, its just bad luck.

However, thanks for share it although I have seen a post regarding it. But bad luck is you missed it. To be honest no any system is safe.
HCP
legendary
Activity: 2086
Merit: 4361
To be honest... the "fake update message" exploit isn't really that much different to blind spamming people an email that says "There is a problem with your bank account, please log in to check your security details"-type phishing scams... or cold calling from "Microsoft Support" offering me a refund.

The only real difference is that it was a lot better targeted as it was aimed directly at Electrum users... as opposed to me getting an email that says "There is a problem with your Bank of America account"... when I don't live in America or bank there Tongue

The exploit itself did not actually affect the security of the wallet... the attackers could spam you with fake popup messages all day, every day... and your coins would be safe. You could deliberately connect to a "bad server" and your coins would still be safe. They could not hack your wallet directly using this exploit. Users only lost coins when they downloaded, installed and ran a fake version of the wallet.

Was the exploit clever? Ya damn skippy it was! It had been in the codebase for years and no-one noticed it... or figured out a way to exploit it... but that is generally how these things work. As for being "diligent", even the Heartbleed OpenSSL bug was around for a couple of years before being "discovered".

The devs patched the issue pretty quickly after it was identified... unfortunately, that doesn't stop bad actors from spooling up bad servers and trying to catch out unfortunate users who haven't seen the news. Just like there are still folks who fall for the Microsoft Support and Nigerian Prince scams. Undecided

Sadly, some humans are just scum... and use their powers for evil Sad
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
So, Electrum isn't safe anymore now that they fixed the exploit?

I'm sure most other things have just as many holes, but this is the one attracting the most consistent heat and has lost users the most money. If they had been diligent this wouldn't have happened but not everyone is on top of things all the time.
legendary
Activity: 2758
Merit: 6830
I've never heard of an exploit of this nature with any other wallet of any other nature. That says to me Electrum isn't safe. It could easily be possible with others, maybe they're not worth the effort, but there seem to be so many problems with Electrum now it's not worth touching.
So, Electrum isn't safe anymore now that they fixed the exploit?

Why does discovering a small exploit (yes, small) make a software unsafe forever? Even BitcoinTalk has been invaded before (remember the breach?), and both Ledger and Trezor have been exploited before.

In the whole ecosystem, Electrum is one of the safest wallets. A small exploit of unfiltered message errors from third-party servers (that's all it was) won't change that.
hero member
Activity: 1120
Merit: 554
Its understandable to fall for something like this.  Its not the dumbest thing to fall victim to and honestly it almost got me as well if I didn't check this forum beforehand.  I never like to see the victim blamed.  I'm starting to doubt electrum myself with all the mess it has been going through and will be exploring other wallets to use.

Please don't sweat the loss too much Joel, people have lost a lot more and you can always make your money back.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
If I were OP I may well have done the exact same thing if I hadn't read up about such things.

I don't understand why anyone uses a PC wallet. I don't understand why anyone uses this wallet. It might have some use on an offline machine but I don't get why it's still recommended. It's a slightly different matter if you're running your own node but even then you're still on an inherently insecure machine.


It's not that Electrum isn't safe. People aren't safe.

Some guy found a small exploit on the way the client showed the error messages from the server, and they used that to make users go to a fake website and download an infected wallet. If the user has the idea on mind that only ELECTRUM.ORG is legit, he will never fall for this kind of stuff. This is more of a social engineering issue than a security issue. For now, Electrum is still pretty safe.

I've never heard of an exploit of this nature with any other wallet of any other nature. That says to me Electrum isn't safe. It could easily be possible with others, maybe they're not worth the effort, but there seem to be so many problems with Electrum now it's not worth touching.
legendary
Activity: 2758
Merit: 6830
It's not that Electrum isn't safe. People aren't safe.
How? I literally got attacked by the malware through Electrum.. You don't really verify stuff when you're using a particular application for months right? The vulnerability that was injected was part of bad coding or not enough penetration testing or whatever. It's an open source project so I don't really expect much. My point being, it's not that I wasn't safe, I just blindly trusted a pop-up that came from within an application I was using since ages.
I wasn't saying that to you. I was talking to the user above that said Electrum wasn't safe because of this.

I understand why many people fell for this, so I'm not blaming all of that on the users. But I've been using Electrum for over 2 years and I ALWAYS verify the signatures before using a new version. Mainly if the URL isn't "electrum.org" (I always triple check every single time).

It's not a small exploit if it modifies the response from the server. Verifying the domain before downloading it yes that's my fault.
It's modifying the response on the hacker's server. Since he is hosting it, he can do everything he can (the code is open after all). That's not a big deal. It would be a huge exploit if he could change the way other public servers behaved.
legendary
Activity: 1988
Merit: 1317
Get your game girl
It's not that Electrum isn't safe. People aren't safe.
How? I literally got attacked by the malware through Electrum.. You don't really verify stuff when you're using a particular application for months right? The vulnerability that was injected was part of bad coding or not enough penetration testing or whatever. It's an open source project so I don't really expect much. My point being, it's not that I wasn't safe, I just blindly trusted a pop-up that came from within an application I was using since ages.

Some guy found a small exploit on the way the client showed the error messages from the server, and they used that to make users go to a fake website and download an infected wallet. If the user has the idea on mind that only ELECTRUM.ORG is legit, he will never fall for this kind of stuff. This is more of a social engineering issue than a security issue. For now, Electrum is still pretty safe.
It's not a small exploit if it modifies the response from the server. Verifying the domain before downloading it yes that's my fault.

I am sorry for you lose Joel. Consider this as the price you paid for your lesson. We all were there.
Thanks man! As for now, I'm not using Electrum because I'm highly skeptical such exploits will not happen in the future.
legendary
Activity: 2758
Merit: 6830
After reading this I transferred all my coins to Exodus, it's not safe to use Electrum anymore, I have been reading a lot of this in the past, I just hope it will never happen to Exodus and Greenwallet, which I'm using right now, but I will remember this and only download from official source.
It's not that Electrum isn't safe. People aren't safe.

Some guy found a small exploit on the way the client showed the error messages from the server, and they used that to make users go to a fake website and download an infected wallet. If the user has the idea on mind that only ELECTRUM.ORG is legit, he will never fall for this kind of stuff. This is more of a social engineering issue than a security issue. For now, Electrum is still pretty safe.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
After reading this I transferred all my coins to Exodus, it's not safe to use Electrum anymore, I have been reading a lot of this in the past, I just hope it will never happen to Exodus and Greenwallet, which I'm using right now, but I will remember this and only download from official source.
You misinterpret those topics that electrum isn't safe anymore. By using any kind of wallet, the user itself is full responsible of anything might happen to his/er funds from downloading the wallet (of any kind) to making a transaction.
Electrum is one of the secured wallets besides from core, and HW IMO.
There are lots of tutorial how make transaction safe with electrum using an air gapped computer if you really want a secured environment.
While you have to be updated of any updates release by any wallet's official release. People can follow electrum on their twitter https://twitter.com/ElectrumWallet/ which they are active other than on github for updates.

To OP, yeah, its hard losing funds on such incident And hope you don't loss your cool as en ethical hacker and let his incident serve as a lesson for you to strive more on similar things.

Don't trust, Verify.
hero member
Activity: 2996
Merit: 598
Leading Crypto Sports Betting & Casino Platform
After reading this I transferred all my coins to Exodus, it's not safe to use Electrum anymore, I have been reading a lot of this in the past, I just hope it will never happen to Exodus and Greenwallet, which I'm using right now, but I will remember this and only download from official source.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Get rid of "Electrum Official Wallet" in the title, as it's clearly not official. Very misleading.
It's official because the malware was infected inside of the official wallet and not something I downloaded externally. Of course, the downloaded was from outside electrum but I got linked to that from inside of electrum.
Before installing Electrum in any system I always check the signature even though I always download it from the official website: https://electrum.org/#download

Please check this tutorial if you need help in verifying signature: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/

I am sorry for you lose Joel. Consider this as the price you paid for your lesson. We all were there.
legendary
Activity: 1988
Merit: 1317
Get your game girl
I will send them a message.
Thanks but they will be up again with the new servers in no time. To solve the problem from the root, old versions of electrum should throw an error message to update the wallet using the official link. The phishing error is thrown when we hit the send button, the update to wallet message must be displayed on opening electrum.

There is no malware inside your older Electrum wallet. Some malicious server replied your send message by directing you to download the fake Electrum. If you just ignore it, you won't lose any funds.
Yes, I figured that out.
legendary
Activity: 2170
Merit: 1789
Get rid of "Electrum Official Wallet" in the title, as it's clearly not official. Very misleading.
It's official because the malware was infected inside of the official wallet and not something I downloaded externally. Of course, the downloaded was from outside electrum but I got linked to that from inside of electrum.

There is no malware inside your older Electrum wallet. Some malicious server replied your send message by directing you to download the fake Electrum. If you just ignore it, you won't lose any funds. This has been discussed since months ago afaik, you can scroll up on Electrum subforum to know more details about this phishing attack.
legendary
Activity: 2758
Merit: 6830
Is there away of reporting this site so that It can be put down at least to avoid more victims from falling into the same trap?
We could report it to their web hosting. According to WhoIs, they are hosted on netengi.com servers.

And according to NetEngi's ToS:

Quote
Prohibited Content

The following is a list of content that is not accepted in our servers and network:
– Scam/Fraudulent Websites
– Spam
– Phishing websites
[...]
Source: https://netengi.com/tos.html

I will send them a message.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
This very sad. I am truly sorry for your loss especially at this time when everybody is getting prepared to ride the next bull run after a long time in the bear market.
Is there away of reporting this site so that It can be put down at least to avoid more victims from falling into the same trap?
legendary
Activity: 1988
Merit: 1317
Get your game girl
You missed the update scam?!
Yes, I missed that scam link! I should have been more updated on the issue. I'm just posting this so if there are still users who are living under the cave can benefit from it.

Everything is beautifully said when it does not concern itself. But losing money is always hard. Especially insulting on today's growth of Bitcoin. I understand OP and am very sorry for his loss. But in any case, I thank for the warning. And yes. You should always monitor important topics, but this is not always the case. OP do not lose heart, all the good you have ahead.
Thanks for the kind words man. It's only after the loses we learn so I guess I gotta be more careful next time. This is sad because I'm a developer/Ethical Hacker myself and I fell for this so easily.

Get rid of "Electrum Official Wallet" in the title, as it's clearly not official. Very misleading.
It's official because the malware was infected inside of the official wallet and not something I downloaded externally. Of course, the downloaded was from outside electrum but I got linked to that from inside of electrum.

You can't blame electrum for your own mistakes. You were careless and installed the fake wallet. That's your fault, not anybody else's.
That is the hard truth yes but again electrum was the primary source of the hack.

Older versions of electrum allows electrum servers to serve clients custom error messages that include text. The electrum server that Joel_Jantsen was connected to served him the error message saying to download the fake "electrum" wallet that contain malware.

The original wallet software that Joel_Jantsen was using was not malware.

As of now, electrum servers will not connect to older versions of electrum, so they will naturally find the *real* website to download from.   
Absolutely!

@Everybody else: Thanks for your kind words. Don't trust anything without cross verifying.
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
Feeling really sad after hearing about this incidents. Most probably its a phishing site attack which completed by using "Malware" IMO. I always try to be careful when I click on a redirecting link because most of the time those hackers use redirecting link strategy to fulfill their aim. Although amount wasn't too big where there was a chance to lose a big amount of fund.

Phishing site issues has been so common nowadays where every time those hackers forced by redirecting to another similar looking website. Thanks for making the post and let us know about the incident. I hope other Electrum user will be careful enough after seeing this.
copper member
Activity: 2996
Merit: 2374

This is pretty much clear that this was a hack. What bothers me is how I got hacked through an official Electrum wallet without having malware or anything.

That is malware.
Older versions of electrum allows electrum servers to serve clients custom error messages that include text. The electrum server that Joel_Jantsen was connected to served him the error message saying to download the fake "electrum" wallet that contain malware.

The original wallet software that Joel_Jantsen was using was not malware.

As of now, electrum servers will not connect to older versions of electrum, so they will naturally find the *real* website to download from.   
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
It really sucks that he lost his funds like that but there were things he could have done to prevent it, like verifying the installation of the wallet he was forced to download.

theymos also has warning topic posted under Important Announcements: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097

There were multiple threads opened in bitcoin technical support section of users reporting loss of funds due to the same arbitrary messages with links to phishing websites.
hero member
Activity: 1834
Merit: 566
You can't blame electrum for your own mistakes. You were careless and installed the fake wallet. That's your fault, not anybody else's.

Electrum had its own fuck ups lately but this one isn't one of them. Sorry for your loss.
Firstly, you misunderstand the OP because I don't see any mistake he made which was some sort of blame or accuse and the only mistake OP made was that he's aware of the malicious messages sent to electrum user and holding your fund in an outdated wallet is also not a good idea either. I will advice the OP to raje heart, use conc antivirus and be security conscious because Mac user are hacker target this days. Besides, OP need to remove the official wallet in this thread topic cause the wallet was not downloaded from electrum official site.
legendary
Activity: 3276
Merit: 2442
You can't blame electrum for your own mistakes. You were careless and installed the fake wallet. That's your fault, not anybody else's.

Electrum had its own fuck ups lately but this one isn't one of them. Sorry for your loss.
legendary
Activity: 2772
Merit: 3284
Get rid of "Electrum Official Wallet" in the title, as it's clearly not official. Very misleading.


This is pretty much clear that this was a hack. What bothers me is how I got hacked through an official Electrum wallet without having malware or anything.

That is malware.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
I added electrum's github into bookmarks and I check it every time before sending transaction. Everyone pays own price to learn safety.

Everything is beautifully said when it does not concern itself. But losing money is always hard. Especially insulting on today's growth of Bitcoin. I understand OP and am very sorry for his loss. But in any case, I thank for the warning. And yes. You should always monitor important topics, but this is not always the case. OP do not lose heart, all the good you have ahead.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
I added electrum's github into bookmarks and I check it every time before sending transaction. Everyone pays own price to learn safety.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
I entered the transaction details and hit send. It threw an error that the transaction cannot proceed since I'm using an outdated version of electrum which has a potential security vulnerability. It displayed a pop-up screen with links to download the updated wallet and said the links cannot be copied since I've to paste them in the browser manually.


Damn Man!!
You missed the update scam?!

It was something we talked about few months ago.

So sorry for you lose bud.

Check this: https://bitcointalksearch.org/topic/electrum-vulnerability-allows-arbitrary-messages-phishing-5090097

I think you were not regular in the forum and missed it.
legendary
Activity: 1988
Merit: 1317
Get your game girl
As usual, I opened my Electrum Wallet and tried broadcasting transaction from this address (where I had my funds)

https://www.blockchain.com/btc/address/1NJi2xFKw52PsXKBcxMwPFFVrEsJRcM5we

Now I run electrum on my Mac and have been using that address for a while. I entered the transaction details and hit send. It threw an error that the transaction cannot proceed since I'm using an outdated version of electrum which has a potential security vulnerability. It displayed a pop-up screen with links to download the updated wallet and said the links cannot be copied since I've to paste them in the browser manually. You know, when it's happening inside Electrum's official wallet, you tend to blindly trust it. I think I was wrong. I went ahead and downloaded the wallet from that link, opened it and BOOM. My money was sent to this address :

https://www.blockchain.com/btc/tx/35412ea62a34876e38f3668a6ab0259f9d0113d04006191edeb23e5fef0fa915 [TX ID]

bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x


The awkward part was this time the electrum ICO to open the app was different


Further investigating, I found the file that I downloaded was from the website: https://goelectrum.com/#home which is an absolute rip-off of https://electrum.org/#home the official website. This is pretty much clear that this was a hack. What bothers me is how I got hacked through an official Electrum wallet without having malware or anything.

I lost good $500 folks, stay safe out there.
Jump to: