Pages:
Author

Topic: just got hacked through electrum - page 2. (Read 448 times)

legendary
Activity: 3472
Merit: 10611
February 08, 2019, 12:28:40 AM
#12
What kind of software doesn’t tell you when important updates are required?

in my opinion it is mainly because there is a lot of controversy circling the wallet softwares that do alert users of new versions. so developers decide not to include such features in their software.

in any case, you are in a decentralized world using a decentralized currency with open source/free software. it is your own responsibility to follow their vulnerabilities, shortcomings,... and learn how to increase your own security as much as possible. nobody is going to take your hand and do it for you.
HCP
legendary
Activity: 2086
Merit: 4363
February 07, 2019, 03:43:30 PM
#11
It is all rather moot anyway... it looks like you got your wish... they've added (opt-in) update notifications to Electrum, and apparently have started using "good" servers (via an ElectrumX update) to broadcast update notifications to older versions of Electrum that are vulnerable to the exploit.
HCP
legendary
Activity: 2086
Merit: 4363
February 07, 2019, 06:20:18 AM
#10
electrum should protect its users. If op run electrum and it says "No. You are using old version and it has been hacked. It has been fixed in the latest version. Download the latest version from electrum.org" then we dont have topics like this
What kind of software doesn’t tell you when important updates are required?
And what happens when the centralised update server gets hacked... broadcasts a spam to all users that they need to update to new version and all the users blindly trust that because "it is the Electrum update server" and download a malware wallet and lose all their funds? You'd all be asking "why Electrum have forced update notification?"

"Be your own bank" implies "Be your own Bank's security department as well". Everyone is all about the "freedom" of Cryptocurrency... no-one seems to want the added responsibility that comes with that freedom.

There are ways and means to protect yourself... and the easiest is to ALWAYS verify the digital signature of the Electrum installer (or portable .exe). Even when I have downloaded it from Electrum.org, I will ALWAYS verify the digital signature of the downloaded file to confirm it is legit.

So, even if I had received the spam message, ignored the fact it redirected to github instead of the official website and downloaded the malware installer, I never would have installed it... because the malware installer would have FAILED the digital signature verification.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
newbie
Activity: 5
Merit: 0
February 07, 2019, 03:45:54 AM
#8
What kind of software doesn’t tell you when important updates are required?
newbie
Activity: 5
Merit: 0
February 07, 2019, 02:42:58 AM
#7
What’s happening is the equivalent of your bank letting you use a mobile app as your only way to bank, then not telling you hackers have taken it over and you won’t be able to withdraw your money. What good is updates on your website when you have no reason to go to the website in the first place. This is a complete crock of shit
newbie
Activity: 5
Merit: 0
February 07, 2019, 02:28:54 AM
#6
It happened because the software stopped me from proceeding you fucking idiot!


lol. "has been fixed in the latest version" but old users dont know about that

Well they should always verify a signature before they download and install the apps. That's the basic steps to protect yourself. Blaming everything on the software won't solve anything, help yourself by making sure you install the correct apps.
sr. member
Activity: 910
Merit: 351
February 07, 2019, 12:54:20 AM
#5
lol. "has been fixed in the latest version" but old users dont know about that

Well they should always verify a signature before they download and install the apps. That's the basic steps to protect yourself. Blaming everything on the software won't solve anything, help yourself by making sure you install the correct apps.
legendary
Activity: 2758
Merit: 6830
February 06, 2019, 10:29:02 PM
#4
I've never been phished before, its fucked up because it comes from the app. Not being mean towards you this is fucked up. they need to pull the service if they can't run it decently
It was a vulnerability. The Electrum servers (which anyone can run due to its descentralized nature) could make the Electrum wallet connected to it show a customized error message. So, the hacker deployed a bunch of malicious servers they showed the “please update” message you say.

When dealing with money, you should never put your guard down. Verifying the signatures of the binaries should be a mandatory step when downloading/updating Electrum.

Anyways, the vulnerability has been fixed in the latest version which was launched a few days ago and that you didn’t have. Unfortunately, it’s too late now. Sorry.
newbie
Activity: 5
Merit: 0
February 06, 2019, 10:21:05 PM
#3
I've never been phished before, its fucked up because it comes from the app. Not being mean towards you this is fucked up. they need to pull the service if they can't run it decently
legendary
Activity: 2758
Merit: 6830
February 06, 2019, 10:13:48 PM
#2
Which version were you previously using? Did you receive a “warning popup” - after trying to do a transaction -  telling you to update your Electrum from a github link?

If that’s the case, your fell for a phishing scam and your coins are gone. There is nothing you can do since BTC transactions are irreversible.

Do a clean reinstall of your OS and create a new wallet. Both your PC and walet are most likely compromised. Also, NEVER dowpoad Electrum from a website that isn’t electrum.org; That’s the ONLY legit place you can get it.
newbie
Activity: 5
Merit: 0
February 06, 2019, 10:09:17 PM
#1
I tried to send coins out of electrum and was stopped for upgrades, when I get back in my money is gone? I frooze the transaction and it confirmed anyway. Do they even have support to contact? I have no money now, how is this happening,
Pages:
Jump to: