Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Pages:
Author

Topic: my electrum wallet (NEW VERSION) has been hacked (Read 979 times)

jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
my electrum wallet (NEW VERSION) has been hacked
December 31, 2018, 07:56:17 AM
#39
Quote from: HCP on December 31, 2018, 12:35:48 AM

How would you sign the message without the private key? You'd need the Electrum server code to have access to that to be able to sign the message... Shocked Shocked Shocked

The idea being that a lot of the error coded and error messages I get at least are not specific to the issue so the text could previously be signed by thomasv to determine their authority. I don't think there's ever a full fix without larger exact evaluations of the issues.
Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: my electrum wallet (NEW VERSION) has been hacked
December 31, 2018, 05:27:36 AM
#38
Quote from: BitcoinGirl.Club on December 30, 2018, 01:23:27 PM

This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.

It makes no sense to exaggerate in this situation, you can open your Electrum and receive/send transaction without fear that your wallet will be compromised. As HCP say, you can only be affected by this threat if you download fake wallet, and only thing you need to do is close that popup window if it appears on your screen.

HCP
legendary
Activity: 2086
Merit: 4361
Re: my electrum wallet (NEW VERSION) has been hacked
December 31, 2018, 12:35:48 AM
#37
Quote from: jackg on December 30, 2018, 02:19:03 PM
... I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility.
The problem with attempting to "properly fix" this issue... is that all the Electrum Servers would need to be updated so that they returned something meaningful for the client to parse.

Someone posted a link in another thread about the Electron Cash "hack" that they implemented in the client... which, while effective, is not really a "proper fix".

Also, it isn't really a vulnerability in the typical sense of the word. There isn't a direct security vulnerability with an immediate threat to the user. It doesn't auto-download any malware, the user's wallet/seed/keys are not at risk etc... unless the user manually downloads the malicious client and executes it.


Quote
(An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message).
How would you sign the message without the private key? You'd need the Electrum server code to have access to that to be able to sign the message... Shocked Shocked Shocked
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: my electrum wallet (NEW VERSION) has been hacked
December 30, 2018, 02:19:03 PM
#36
Quote from: BitcoinGirl.Club on December 30, 2018, 01:23:27 PM
Quote from: jackg on December 30, 2018, 07:24:49 AM

Quote from: Lucius on December 30, 2018, 08:39:00 AM


This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.

My suggested 30 days is probably a pessimistic one, 14 or something is potentially fine to have enough people to have tested it. I make the time longer so I don't have to fight my antivirus too...

That being said, as long as there's no major vulnerability. It's safe to use an old version, or would be in other cases, if you're trigger happy then it's not based on the current vulnerability. I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility. (An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message).
BitcoinGirl.Club
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Re: my electrum wallet (NEW VERSION) has been hacked
December 30, 2018, 01:23:27 PM
#35
Quote from: jackg on December 30, 2018, 07:24:49 AM

Quote from: Lucius on December 30, 2018, 08:39:00 AM


This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.
Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: my electrum wallet (NEW VERSION) has been hacked
December 30, 2018, 08:39:00 AM
#34
Quote from: veleten on December 30, 2018, 06:41:01 AM
checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on  Huh
Electrum updated the wallet but they made it version 3.3.2 compared to 3.2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ?

1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
more than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money Sad


You will only see that message if you try to send transaction and if you are connected to bad server which is used by hacker. I send few transaction with Ledger Nano S+Electrum and there is no any pop message about updating.

Electrum did not release a new version, they only change way how that message is display - so there is no direct clickable link in message, and now users can only copy/paste bad link. Last version of Electrum is from 2018-12-21 and number of version is 3.3.2.

https://download.electrum.org/
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: my electrum wallet (NEW VERSION) has been hacked
December 30, 2018, 07:24:49 AM
#33
@veleten, I think it depends on the server you're connected to? Or maybe it's a firewall thing or something. I think electrum works by sending the error message from the server and thus a link can be sent too.

There are a few trusted peers among the network which I normally connect to, a few forum members here host a node also.

Also, those are version numbers, it's likely 3.3.0 and 3.3.1 are non stable releases and used as milestones in the production process. They are probably on GitHub but I wouldn't recommend using them as the word unstable should carry some power.
veleten
legendary
Activity: 2016
Merit: 1107
Re: my electrum wallet (NEW VERSION) has been hacked
December 30, 2018, 06:41:01 AM
#32
Quote from: BitcoinGirl.Club on December 29, 2018, 05:05:15 PM
Quote from: gentlemand on December 27, 2018, 09:11:20 AM
Quote from: bitcoinfuck on December 27, 2018, 08:03:14 AM
looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
I feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her.

I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too.

Good luck everyone. Please keep your coins safe.


checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on  Huh
Electrum updated the wallet but they made it version 3.3.2 compared to 3.2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ?

1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
more than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money Sad

BitcoinGirl.Club
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Re: my electrum wallet (NEW VERSION) has been hacked
December 29, 2018, 05:05:15 PM
#31
Quote from: gentlemand on December 27, 2018, 09:11:20 AM
Quote from: bitcoinfuck on December 27, 2018, 08:03:14 AM
looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
I feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her.

I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too.

Good luck everyone. Please keep your coins safe.
bL4nkcode
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Re: my electrum wallet (NEW VERSION) has been hacked
December 28, 2018, 09:59:58 PM
#30
There's an update of electrum wallet of a fixed 3.3.2 and now it's from their official twitter and should be downloaded only from its official source https://electrum.org/#download
ranman09
full member
Activity: 756
Merit: 112
Re: my electrum wallet (NEW VERSION) has been hacked
December 28, 2018, 08:20:36 PM
#29
Quote from: jackg on December 27, 2018, 05:53:11 PM
Quote from: ranman09 on December 27, 2018, 05:18:27 PM
Quote from: gentlemand on December 27, 2018, 12:48:54 PM
It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.

Don’t update software as soon as it’s released. I have a 30 day cooling off period for example.
The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum.

That's a great suggestion. But I hope that becomes one of the general knowledge for software updates.
bL4nkcode
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Re: my electrum wallet (NEW VERSION) has been hacked
December 28, 2018, 02:25:36 AM
#28
Quote from: ?? on ??
Quote from: bL4nkcode on December 27, 2018, 10:17:28 AM
Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.
It might try and send it to a different address with a hardware wallet still and people would have to pay attention to the receiving address located on the hardware screen, which could still lead to a loss of funds since so many don't pay attention to that.
But that's not the case here.

And everyone who has hardware wallet should and make it a practice to double check the address for confirmation that shows in the screen before sending.

Quote from: veleten on December 28, 2018, 12:28:47 AM
yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse
Well, yeah every time there's an update I always go to the official website and download the software. But regarding to notification, I never received any or pop up in my computer that there's an update etc. even before this hack happens. It only notifies me when I sent and received funds.
stomachgrowls
hero member
Activity: 3010
Merit: 794
Re: my electrum wallet (NEW VERSION) has been hacked
December 28, 2018, 12:38:09 AM
#27
Quote from: veleten on December 28, 2018, 12:28:47 AM
Quote from: gentlemand on December 27, 2018, 12:48:54 PM
Quote from: veleten on December 27, 2018, 12:41:26 PM
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.

yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse
You cant say such thing because even im on the situation i would be most likely to believe since most of us do know
the reputation of Electrum so if its on wallet message then high chance it would really get attention.You would only
realize that you loss money if such news pop-out or people already starting to lose money.
veleten
legendary
Activity: 2016
Merit: 1107
Re: my electrum wallet (NEW VERSION) has been hacked
December 28, 2018, 12:28:47 AM
#26
Quote from: gentlemand on December 27, 2018, 12:48:54 PM
Quote from: veleten on December 27, 2018, 12:41:26 PM
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.

yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 05:53:11 PM
#25
Quote from: ranman09 on December 27, 2018, 05:18:27 PM
Quote from: gentlemand on December 27, 2018, 12:48:54 PM
It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.

Don’t update software as soon as it’s released. I have a 30 day cooling off period for example.
The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum.
ranman09
full member
Activity: 756
Merit: 112
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 05:18:27 PM
#24
Quote from: gentlemand on December 27, 2018, 12:48:54 PM
It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.
gentlemand
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 12:48:54 PM
#23
Quote from: veleten on December 27, 2018, 12:41:26 PM
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.
veleten
legendary
Activity: 2016
Merit: 1107
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 12:41:26 PM
#22
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam
I got countless fishing messages from fake blockchain, coinbase and other wallets to develop immunity to this sort of scam
unfortunately, too many users learn the hard way and lose all of their money, at least all you lost was 0.04 btc which is painful but not the end of the world
gentlemand
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 10:51:57 AM
#21
Quote from: killerjoegreece on December 27, 2018, 09:48:02 AM
The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.

This has absolutely nothing to do with Bitcoin's code. The moment they started to introduce 'consumer protection measures' into the code itself is the moment it's abandoned by the people who develop it.
bL4nkcode
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Re: my electrum wallet (NEW VERSION) has been hacked
December 27, 2018, 10:17:28 AM
#20
Quote from: killerjoegreece on December 27, 2018, 09:48:02 AM
Quote from: bittraffic on December 27, 2018, 09:32:19 AM

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.
Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: