Thanks so much for the warning, Coding Enthusiast.
Just to clarify, we're safe as long as we don't follow the link and download the software, correct? Is there any danger if you use a watching-only/offline signing setup?
Topic: There has been an increased number of "fake" electrums out there, be careful. - page 3. (Read 1943 times)
December 27, 2018, 02:35:05 PM
December 27, 2018, 12:16:10 PM
Another reason for Full-Validation,
Was only a matter of time before the the servers became a point of attack.
Was only a matter of time before the the servers became a point of attack.
This has nothing to do with being an SPV client. It is about the implementation (software) having a flaw that was exploited and it can happen to any software whether it is a full node or an SPV one.
The weakness was in a "feature" in Electrum where the server you connect to can send you a well formatted message (containing a link like the posted screenshot for example).
It may not be completely similar but Bitcoin-Core's alert system comes to mind which was a point of weakness that could be exploited in a similar fashion. That is removed now.
December 27, 2018, 11:52:22 AM
Looks like the exploit over and all the funds stolen from three servers transferred to the explorer's main wallet which shows about 243.5 BTC
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
may be more incoming may appear.. but i am suspecting this is their bank address..
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
may be more incoming may appear.. but i am suspecting this is their bank address..
December 27, 2018, 10:52:51 AM
The hacker have hacked 200 btc in one wallet and 243 btc in another wallet and some small btc in lot of wallets so nearby 500+ btc is stolen through this virus, and still electrum are not able to stop this hacking attack.
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj - 243 btc
https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5 - 200 btc - this has been transferred to above wallet.
So far this is the detail, more dont know
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj - 243 btc
https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5 - 200 btc - this has been transferred to above wallet.
So far this is the detail, more dont know
December 27, 2018, 10:21:32 AM
This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.
Previous issue was fairly harmless compared to this. To users get hacked before version 3.0.5 he need to have wallet which is password unprotected and to have this wallet open on a particular web page which can then use this vulnerability to stole users funds.
This new issue is far more dangerous because hackers use original Electrum wallet to trick users to upgrade to fake wallet. For now this issue is not fixed, and the attack is still being performed. So far 15(new data say up to 250) BTC is stolen, only good thing is this happens in time of holidays when many are away from their devices and BTC.
https://bitcointalksearch.org/topic/my-electrum-wallet-new-version-has-been-hacked-5089945
December 27, 2018, 10:09:58 AM
I posted the warning in my local board, I hope everyone can do the same with his own language I bet we will see a lot of thread about losing Bitcoin with Electrum soon. Please, everyone, have a chance to alert others please do so.
December 27, 2018, 10:04:31 AM
Another reason for Full-Validation,
Was only a matter of time before the the servers became a point of attack.
Was only a matter of time before the the servers became a point of attack.
December 27, 2018, 09:55:34 AM
The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.
This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.Another clear sign why the Core client is so dominant. It's by far the most secure client out there and people rightfully trust it with everything they have. The only thing is that average joes don't like running a full node client.
Not sure if and when, but if this continues people might lose confidence in Electrum and ditch it for good. It's a shame since it's one of the better SPV wallets available, but you can't endlessly make headlines like this....
December 27, 2018, 09:19:52 AM
Threads like this bother me, luckily I'm not a fan of downloading an update of electrum as in an urgent manner, also I get nothing any notification when I opened the software.
And I do always make a practice to see the tweet of electrum official twitter account first before doing something though it might not be a good suggestion but it will help somehow. And I hope victims will not be much for this incident.
And I do always make a practice to see the tweet of electrum official twitter account first before doing something though it might not be a good suggestion but it will help somehow. And I hope victims will not be much for this incident.
December 27, 2018, 09:18:49 AM
good catch ! Thank you for sharing 
Edit: was going to report the github repository but it has been closed already.
Edit: was going to report the github repository but it has been closed already.
December 27, 2018, 09:05:51 AM
When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.
maybe UI is doing http post request of your seed ? did you do wireshark ? or can you share the software with me i can try to run it and find which domains its connecting too
December 27, 2018, 09:02:22 AM
is android version in safe?
December 27, 2018, 03:40:23 AM
When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.
December 27, 2018, 02:33:55 AM
that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.
https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.https://github.com/spesmilo/electrum/issues/4968
Unfortunately, there is still nothing you can do to recover your coins.
i am not worried about that. I use a hardware wallet normally and only use electrum from time to time for small quick transactions.
I am however worried what was all attached the bogus client i downloaded. I have wiped anything electrum related but feel like i should be wiping my whole drive just in case.
December 27, 2018, 02:27:50 AM
that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.
https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.https://github.com/spesmilo/electrum/issues/4968
Unfortunately, there is still nothing you can do to recover your coins.
December 27, 2018, 02:27:41 AM
Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?
If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.
i know that, i have since wiped all the electrum files i could find since i downloaded the malicious file. I am at the point i will most likely reformat my hard drive in the morning as i am unsure at this point if any other malware was attached to it aside from the malicious client
December 27, 2018, 02:20:54 AM
Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.
https://github.com/spesmilo/electrum/issues/4968
December 27, 2018, 02:18:49 AM
Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?
If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.
There is not even a single chance the pop up came from the official Electrum. That's a fact.
The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.
December 27, 2018, 02:16:19 AM
Hey! , Thanks for this GentleMen!, but it's too late already 
https://bitcointalksearch.org/topic/my-electrum-wallet-new-version-has-been-hacked-5089945
https://bitcointalksearch.org/topic/my-electrum-wallet-new-version-has-been-hacked-5089945 December 27, 2018, 02:15:34 AM
Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. Edit: thought that this was the first post from the user and literally missed the OP. Sorry.
Jump to: