Pages:
Author

Topic: my electrum wallet (NEW VERSION) has been hacked - page 2. (Read 979 times)

legendary
Activity: 1680
Merit: 1010
Professional Native Greek Translator (2000+ done)

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.
hero member
Activity: 3038
Merit: 617

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.
legendary
Activity: 2590
Merit: 3014
Welt Am Draht
looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.
full member
Activity: 634
Merit: 106
Europe Belongs To Christians
hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money Sad

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided
More info here: https://github.com/spesmilo/electrum/issues/4968

It's not fixed yet,:

Quote
Hours after we were sent the screenshot, we silently made mitigations in 5248613 and 5dc240d; and released 3.3.2. This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there...

We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.

So latest version of Electrum is still 3.3.2 https://electrum.org/#download and this attack is still possible, only change is how it is display to users now. I must admit that this is something that what was never supposed to happen, cheap trick for for naive users. Download Electrum only from official site, and even then check and verify files.



Do not download any update for Electrum, even if you get warning from legit Electrum wallet, it is expolit that hacker use to get your seed/private keys!
legendary
Activity: 3808
Merit: 1723
Shouldn't this exploit be made into a sticky since it seems like a severe security concern?

Wonder if it only stole from those who used electrum as an online wallet instead of electrum offline (cold storage). Would cold storage save you in this case?

Its possible the fake software could display the correct destination BTC you entered, get you to sign the transaction offline BUT if you don't pay attention on the offline computer, there might be a entirely different destination BTC entered there that gets signed and later broadcasted online and funds get stolen.
newbie
Activity: 10
Merit: 10
Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?
It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided

More info here: https://github.com/spesmilo/electrum/issues/4968

Yep, although i am usually good about catching things like this i foolishly fell for it this time. And i downloaded and opened the 3.4.1 file. Looked just like electrum and so i sent payment and my wallet got drained.

now i am just worried if there was something else attached to the file but i don't think so as of now because it opened just like regular electrum did with one single file in the drive/folder(on mac). i think it was just an exploited client that routed all payments sent to them. like i said before i may end up wiping my drive just in case
legendary
Activity: 2758
Merit: 6830
Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?
It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided

More info here: https://github.com/spesmilo/electrum/issues/4968
newbie
Activity: 10
Merit: 10
Yea i am not sure but also cannot download electrum from the site right now either.

My original electrum that i got the pop up on has been on here since 3.2.3 was released. i haven't updated or downloaded any new ones before tonight so i don't understand where the popup came from as it was original software
jr. member
Activity: 66
Merit: 2
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message  WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.

Exactly happened to me last hour. the popup message said that my electrum needs to be updated, and if not i cant send out funds so i followed the displayed link on that popup notification and its https://github.com/electrum-project/electrum/releases/tag/3.4.1 , so yeah.  Cry Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

by the way, i reformat my pc and i go here to download new electrum ORIGINAL AND VERIFIED . https[Suspicious link removed] but seems cant access the site. 'This site can’t be reached' what's happening?
newbie
Activity: 10
Merit: 10
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message  WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.
jr. member
Activity: 49
Merit: 23
Hey I am new to all this myself but maybe next time you should verify what you download?

https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/
jr. member
Activity: 66
Merit: 2
i just woked up very happy this evening after isleep a few hour only, i dont know this was going to happen. cant stop crying now Sad Sad , it takes me 15 days for those funds to be earned. i cant believe this. i downloaded that wallet from https://electrum.org/ Sad , anyways i need to accept this. by the way i am Jack Henry from texas, im 68 years old. Thankyou for the answers. have a nice day to all  Cry
legendary
Activity: 3682
Merit: 1580
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
jr. member
Activity: 66
Merit: 2
This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum

sir but i swear, i do really received an notification on my old electrum original that it needs to be updated.. then i do follow the link given from there.. oh no Sad ... sir does electrum company can help me with this>?  do they own this https://github.com/electrum-project or not?
jr. member
Activity: 66
Merit: 2
wait whaaat? but i did receive a notification from my old electrum that it needs to be updated and i follow the lnik given from there https://github.com/electrum-project/electrum/releases/tag/3.4.1 , also this is the official github of electrum right? https://github.com/electrum-project/electrum/releases/tag/3.4.1
legendary
Activity: 2758
Merit: 6830
This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum
jr. member
Activity: 66
Merit: 2
anyeone? please help me Sad, i am willing to pay ones my funds will get back to me
jr. member
Activity: 66
Merit: 2
hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money Sad
Pages:
Jump to: