Topic: PSA: Electrum has a critical security vulnerability - page 2. (Read 322 times)
Can someone tell me if an imported private keys on electrum is affected too with this vulnerability or only to those wallet that is generated using electrum?
I've updated electrum 3.0.3 for 2-3 weeks and just seen the critical news an hour ago that makes me like panic to update electrum 3.0.4. Even don't dare to open my own wallet now 
and consider to send all of my funds out of electrum.
Yes, it's a big mistake since the vulnerability has been reported on Github since November 2017 but electrum devs didn't pay attention to it or maybe they just missed it? However, I've never heard someone lost bitcoin due to electrum wallet security breach.
and consider to send all of my funds out of electrum.Yes, it's a big mistake since the vulnerability has been reported on Github since November 2017 but electrum devs didn't pay attention to it or maybe they just missed it? However, I've never heard someone lost bitcoin due to electrum wallet security breach.
Tavis Ormandy, security researcher at Google, pointed out a critical vulnerability to the Electrum team earlier today. They immediately pushed a security update. It's advisable to shut down immediately if you are running Electrum.
It's a bit disappointing to see that the vulnerability was already an open issue from last year. I guess they didn't realize how severe it was.
Mr.Theymos also informed about this issue in the headlines of our forum.Quote from: Theymos
A vulnerability was found in the Electrum wallet software which potentially allows random websites to steal your wallet via JavaScript. The bug presumably also affects altcoin derivatives of Electrum such as Electron Cash. If you don't use Electrum or a derivative, then you are not affected and you can ignore this.
Action steps:
1. If you are running Electrum, shut it down right this second.
2. Upgrade to 3.0.4 (making sure to verify the PGP signature).
You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions.
Action steps:
1. If you are running Electrum, shut it down right this second.
2. Upgrade to 3.0.4 (making sure to verify the PGP signature).
You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions.
It's a bit disappointing to see that the vulnerability was already an open issue from last year. I guess they didn't realize how severe it was.
So people who are using electrum immediately upgrade to 3.0.4 version to keep secured from those thieves who are stealing everyone's bitcoin already.But electrum is considered as one of the secured wallet for bitcoin but it faces the security issues will decrease the trust about the wallet among users.
So if people who are having large amount of investments it is necessary to buy a hardware wallet to keep safe all our coins for future.
Tavis Ormandy, security researcher at Google, pointed out a critical vulnerability to the Electrum team earlier today. They immediately pushed a security update. It's advisable to shut down immediately if you are running Electrum.
It's a bit disappointing to see that the vulnerability was already an open issue from last year. I guess they didn't realize how severe it was.
Quote from: Theymos
A vulnerability was found in the Electrum wallet software which potentially allows random websites to steal your wallet via JavaScript. The bug presumably also affects altcoin derivatives of Electrum such as Electron Cash. If you don't use Electrum or a derivative, then you are not affected and you can ignore this.
Action steps:
1. If you are running Electrum, shut it down right this second.
2. Upgrade to 3.0.4 (making sure to verify the PGP signature).
You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions.
Action steps:
1. If you are running Electrum, shut it down right this second.
2. Upgrade to 3.0.4 (making sure to verify the PGP signature).
You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions.
It's a bit disappointing to see that the vulnerability was already an open issue from last year. I guess they didn't realize how severe it was.
Jump to: