Is there a (1) at the end of the file? That might be making it hash differently if so os dependent...
If the wallet apps infected with something the only thing you should do (if you have all the seeds) is completely reinstall the os on your computer.
Chances are the files aren't infected if downloaded from the website.
Topic: Multiple Qs prompted by the phishing attack re opsec/vulnerability - page 2. (Read 334 times)
April 05, 2019, 09:20:15 AM
April 05, 2019, 09:07:35 AM
I downloaded electrum-3.3.4-setup.exe from https://electrum.org/#download (address copied and pasted from the tab that is still open in my browser)
i have no reason to believe i have downloaded a compromised version at this point. I have not interacted with the wallet since install.
The sha256 hash of the download i installed the update from from matches other installers acquired from other browsers electrum-3.3.4-setup (1).exe electrum-3.3.4-setup (2).exe (can this, has this been spoofed as far as anyone knows?)
I did not feel comfortable gpg verifying the download. I thought if i was confident i was installing from a link on the actual electrum site that should be enough, but if I install the new version to a new directory and (this part did not go as planned hence me registering here and posting this) "only" restore in the newly installed client a seed from a wallet with a smaller amt of btc as a test and it didn't disappear then i could be confident the new install was legit. (the new install apparently overwrote the previous install, and populated the "recent" wallets from the previous version automatically which i did not expect. So i got paranoid and i am here trying to decide what to do next.)
If I have or will DL/install compromised updates to electrum does the attacker immediately gain access to every (seed)wallet>addresses that i can toggle between under file>recently open? (so my btc in all "recent" wallets are already gone)
If yes how can i prevent the electrum client from being a central point of failure in the future for all wallets/coins stored (hot) on that device (Passwords? moving .dat out of a directory, and zip-encrypting it...??) shy of a watch only + airgapped machine, which i will get to eventually but not now.
(If no, i am actually OK with a limited attack surface of one seed/wallet at a time, I generate a new seed for each new receive address, so if i would find out i was compromised losing the contents of one wallet and be able to protect the rest of the hot seeds/wallets it would be acceptable risk.)
If i already installed a compromised version but not all coins across all seeds/wallets listed in recent have been swept instantly (i did not broadcast any transactions), what steps can i take to protect funds in the other "recent" hot seeds/wallets?
Of course any other advice/links on general opsec could be useful, but honestly if only one wallet at a time is at risk of being compromised that is a level of risk i am fine with in perpetuity.
Thank You
i have no reason to believe i have downloaded a compromised version at this point. I have not interacted with the wallet since install.
The sha256 hash of the download i installed the update from from matches other installers acquired from other browsers electrum-3.3.4-setup (1).exe electrum-3.3.4-setup (2).exe (can this, has this been spoofed as far as anyone knows?)
I did not feel comfortable gpg verifying the download. I thought if i was confident i was installing from a link on the actual electrum site that should be enough, but if I install the new version to a new directory and (this part did not go as planned hence me registering here and posting this) "only" restore in the newly installed client a seed from a wallet with a smaller amt of btc as a test and it didn't disappear then i could be confident the new install was legit. (the new install apparently overwrote the previous install, and populated the "recent" wallets from the previous version automatically which i did not expect. So i got paranoid and i am here trying to decide what to do next.)
If I have or will DL/install compromised updates to electrum does the attacker immediately gain access to every (seed)wallet>addresses that i can toggle between under file>recently open? (so my btc in all "recent" wallets are already gone)
If yes how can i prevent the electrum client from being a central point of failure in the future for all wallets/coins stored (hot) on that device (Passwords? moving .dat out of a directory, and zip-encrypting it...??) shy of a watch only + airgapped machine, which i will get to eventually but not now.
(If no, i am actually OK with a limited attack surface of one seed/wallet at a time, I generate a new seed for each new receive address, so if i would find out i was compromised losing the contents of one wallet and be able to protect the rest of the hot seeds/wallets it would be acceptable risk.)
If i already installed a compromised version but not all coins across all seeds/wallets listed in recent have been swept instantly (i did not broadcast any transactions), what steps can i take to protect funds in the other "recent" hot seeds/wallets?
Of course any other advice/links on general opsec could be useful, but honestly if only one wallet at a time is at risk of being compromised that is a level of risk i am fine with in perpetuity.
Thank You
Jump to: