Author

Topic: The attack on Electrum servers seems to be over (Read 259 times)

legendary
Activity: 3472
Merit: 10611
With Electrum server nature which allow anyone to connect (exception for blacklist known IP used for DDoS/malicious acitivty), it's over for now.

Attacker will find another way as long they have money and will to do it.

Out of fun these days i decided to run my own Electrum server, since i have a full bitcoin node synced and all... And i got one called "Electrum Personal Server", Lo and behold, it made the Electrum wallet work like Bitcoin Core or better. So if the public servers go down i could always use mine now. Next i could try running Electrumx or the other one, not sure which is better, but if i do, i would run it only over tor as a hidden service...

it probably is better if you run ElectrumX since it is the most used and because of that it has least amount of bugs. but you shouldn't ignore the alternatives either. the only thing to consider when running an alternative is to check if it is actually an "alternative implementation" or is it the same thing translated into another programming language or if it is a simple wrapper around the main one with additional features.
legendary
Activity: 2030
Merit: 1573
CLEAN non GPL infringing code made in Rust lang
With Electrum server nature which allow anyone to connect (exception for blacklist known IP used for DDoS/malicious acitivty), it's over for now.

Attacker will find another way as long they have money and will to do it.

Out of fun these days i decided to run my own Electrum server, since i have a full bitcoin node synced and all... And i got one called "Electrum Personal Server", Lo and behold, it made the Electrum wallet work like Bitcoin Core or better. So if the public servers go down i could always use mine now. Next i could try running Electrumx or the other one, not sure which is better, but if i do, i would run it only over tor as a hidden service...
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
what is to be gained from such an attack!!??

Many people are still on older versions.

And this is a big problem, because versions older than 3.3 would only connect to the bad servers and will also show the scammy update message.
This is what they gain from the attack: still real chances to catch uninformed users update to their clone of Electrum.
legendary
Activity: 2702
Merit: 4002
I assume they are attacking the Electrum's servers so their malicious ones can be the only ones working. The user will try servers/close and reopen Electrum until one synchronizes (the bad one), which will give him the “please update” fake message.
[/quote]
Many people are still on older versions.
If this is true and there is a profit from these attacks do not expect to disappear soon.
There will be tours that will continue from time to time until profits reach zero.

Also, do not rule out attacks because of trying to distorting electurm wallet reputation for another new rising wallets.
legendary
Activity: 3710
Merit: 1586
They probably moved on to targeting altcoin clients.
legendary
Activity: 2758
Merit: 6830

- I have a question, what is to be gained from such an attack!!??

+ Thanks in advance.
Quoting my post in another thread:

I assume they are attacking the Electrum's servers so their malicious ones can be the only ones working. The user will try servers/close and reopen Electrum until one synchronizes (the bad one), which will give him the “please update” fake message. Obviously this only works in old versions, but the servers are the same, so we all can feel the attack.

This just increases the chances of a uninformed user getting phished.
jr. member
Activity: 35
Merit: 2

- I have a question, what is to be gained from such an attack!!??

+ Thanks in advance.
sr. member
Activity: 770
Merit: 268
my electrum is running smoothly since yesterday even though i've used automatic selection. but that's not a guarantee that the same attack or problems happen in the future unless there's an official fix to prevent such thing from happening. so far, afaik electrum node runner has mitigated this problem with blocking the ip addresses that were used to attack their server as hcp mentioned so that's probably the reason why it seems the attack was stopped.
HCP
legendary
Activity: 2086
Merit: 4363
I wouldn't be confident enough to say it is "over"... I suspect that IP list of the DDoS botnet that got released (and was constantly being updated) might have mitigated the attack to the point that the network is more or less running "OK".

No doubt it is quite expensive trying to spool up more and more devices as they are constantly being rendered useless. Tongue

I'd be more prone to say that this "round" is over...



legendary
Activity: 2730
Merit: 7065
At the moment there is no official announcement from Electrum on their Twitter or Reddit pages. The official site offers no information that the attack is over either.
https://twitter.com/ElectrumWallet
https://www.reddit.com/r/Electrum/
full member
Activity: 340
Merit: 164
I have no problems anymore, everything running smooth again and synchronizing fast and without problems.

Is the attack over?
Jump to: