my electrum wallet (NEW VERSION) has been hacked - page 2.

killerjoegreece

legendary

Activity: 1666

Merit: 1007

Professional Native Greek Translator (2000+ done)

Quote from: bittraffic on December 27, 2018, 10:32:19 AM

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now, it can be subjected to suspicions.

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.

bittraffic

hero member

Activity: 2870

Merit: 612

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now, it can be subjected to suspicions.

gentlemand

legendary

Activity: 2590

Merit: 3008

Welt Am Draht

Quote from: bitcoinfuck on December 27, 2018, 09:03:14 AM

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

bitcoinfuck

full member

Activity: 634

Merit: 106

Europe Belongs To Christians

Quote from: SuperInvestor on December 26, 2018, 11:17:55 PM

hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money Sad

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: TryNinja on December 27, 2018, 03:01:15 AM

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided

More info here: https://github.com/spesmilo/electrum/issues/4968

It's not fixed yet,:

Quote

Hours after we were sent the screenshot, we silently made mitigations in 5248613 and 5dc240d; and released 3.3.2. This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there...

We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.

So latest version of Electrum is still 3.3.2 https://electrum.org/#download and this attack is still possible, only change is how it is display to users now. I must admit that this is something that what was never supposed to happen, cheap trick for for naive users. Download Electrum only from official site, and even then check and verify files.

Do not download any update for Electrum, even if you get warning from legit Electrum wallet, it is expolit that hacker use to get your seed/private keys!

adaseb

legendary

Activity: 3738

Merit: 1708

Shouldn't this exploit be made into a sticky since it seems like a severe security concern?

Wonder if it only stole from those who used electrum as an online wallet instead of electrum offline (cold storage). Would cold storage save you in this case?

Its possible the fake software could display the correct destination BTC you entered, get you to sign the transaction offline BUT if you don't pay attention on the offline computer, there might be a entirely different destination BTC entered there that gets signed and later broadcasted online and funds get stolen.

Heydude1

newbie

Activity: 10

Merit: 10

Quote from: TryNinja on December 27, 2018, 03:01:15 AM

Quote from: SuperInvestor on December 27, 2018, 01:44:50 AM

Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided

More info here: https://github.com/spesmilo/electrum/issues/4968

Yep, although i am usually good about catching things like this i foolishly fell for it this time. And i downloaded and opened the 3.4.1 file. Looked just like electrum and so i sent payment and my wallet got drained.

now i am just worried if there was something else attached to the file but i don't think so as of now because it opened just like regular electrum did with one single file in the drive/folder(on mac). i think it was just an exploited client that routed all payments sent to them. like i said before i may end up wiping my drive just in case

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: SuperInvestor on December 27, 2018, 01:44:50 AM

Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. Undecided

More info here: https://github.com/spesmilo/electrum/issues/4968

Heydude1

newbie

Activity: 10

Merit: 10

Yea i am not sure but also cannot download electrum from the site right now either.

My original electrum that i got the pop up on has been on here since 3.2.3 was released. i haven't updated or downloaded any new ones before tonight so i don't understand where the popup came from as it was original software

SuperInvestor

jr. member

Activity: 66

Merit: 2

Quote from: Heydude1 on December 27, 2018, 01:04:45 AM

Quote from: Abdussamad on December 26, 2018, 11:32:17 PM

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.

Exactly happened to me last hour. the popup message said that my electrum needs to be updated, and if not i cant send out funds so i followed the displayed link on that popup notification and its https://github.com/electrum-project/electrum/releases/tag/3.4.1 , so yeah. Cry

Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

by the way, i reformat my pc and i go here to download new electrum ORIGINAL AND VERIFIED . https[Suspicious link removed] but seems cant access the site. 'This site can’t be reached' what's happening?

Heydude1

newbie

Activity: 10

Merit: 10

Quote from: Abdussamad on December 26, 2018, 11:32:17 PM

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.

rabbitfairferry

jr. member

Activity: 49

Merit: 23

Hey I am new to all this myself but maybe next time you should verify what you download?

https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/

SuperInvestor

jr. member

Activity: 66

Merit: 2

i just woked up very happy this evening after isleep a few hour only, i dont know this was going to happen. cant stop crying now Sad

, it takes me 15 days for those funds to be earned. i cant believe this. i downloaded that wallet from https://electrum.org/ Sad

, anyways i need to accept this. by the way i am Jack Henry from texas, im 68 years old. Thankyou for the answers. have a nice day to all Cry

Abdussamad

legendary

Activity: 3612

Merit: 1564

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

SuperInvestor

jr. member

Activity: 66

Merit: 2

Quote from: TryNinja on December 26, 2018, 11:24:16 PM

This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum

sir but i swear, i do really received an notification on my old electrum original that it needs to be updated.. then i do follow the link given from there.. oh no Sad

... sir does electrum company can help me with this>? do they own this https://github.com/electrum-project or not?

SuperInvestor

jr. member

Activity: 66

Merit: 2

wait whaaat? but i did receive a notification from my old electrum that it needs to be updated and i follow the lnik given from there https://github.com/electrum-project/electrum/releases/tag/3.4.1 , also this is the official github of electrum right? https://github.com/electrum-project/electrum/releases/tag/3.4.1

TryNinja

legendary

Activity: 2758

Merit: 6830

This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum

SuperInvestor

jr. member

Activity: 66

Merit: 2

anyeone? please help me Sad

, i am willing to pay ones my funds will get back to me

SuperInvestor

jr. member

Activity: 66

Merit: 2

hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money Sad

Topic: my electrum wallet (NEW VERSION) has been hacked - page 2. (Read 947 times)