Pages:
Author

Topic: There has been an increased number of "fake" electrums out there, be careful. - page 3. (Read 2000 times)

legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
Thanks so much for the warning, Coding Enthusiast.

Just to clarify, we're safe as long as we don't follow the link and download the software, correct? Is there any danger if you use a watching-only/offline signing setup?
legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
Another reason for Full-Validation, 
Was only a matter of time before the the servers became a point of attack.

This has nothing to do with being an SPV client. It is about the implementation (software) having a flaw that was exploited and it can happen to any software whether it is a full node or an SPV one.
The weakness was in a "feature" in Electrum where the server you connect to can send you a well formatted message (containing a link like the posted screenshot for example).

It may not be completely similar but Bitcoin-Core's alert system comes to mind which was a point of weakness that could be exploited in a similar fashion. That is removed now.
sr. member
Activity: 387
Merit: 251
Your Campaign Manager!
Looks like the exploit over and all the funds stolen from three servers transferred to the explorer's main wallet which shows about 243.5 BTC  
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj

may be more incoming may appear.. but i am suspecting this is their bank address..  
sr. member
Activity: 882
Merit: 297
The hacker have hacked 200 btc in one wallet and 243 btc in another wallet and some small btc in lot of wallets so nearby 500+ btc is stolen through this virus, and still electrum are not able to stop this hacking attack.

https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj - 243 btc

https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5 - 200 btc - this has been transferred to above wallet.

So far this is the detail, more dont know
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Previous issue was fairly harmless compared to this. To users get hacked before version 3.0.5 he need to have wallet which is password unprotected and to have this wallet open on a particular web page which can then use this vulnerability to stole users funds.

This new issue is far more dangerous because hackers use original Electrum wallet to trick users to upgrade to fake wallet. For now this issue is not fixed, and the attack is still being performed. So far 15(new data say up to 250) BTC is stolen, only good thing is this happens in time of holidays when many are away from their devices and BTC.

https://bitcointalksearch.org/topic/my-electrum-wallet-new-version-has-been-hacked-5089945
sr. member
Activity: 840
Merit: 266
I posted the warning in my local board, I hope everyone can do the same with his own language I bet we will see a lot of thread about losing Bitcoin with Electrum soon. Please, everyone, have a chance to alert others please do so.
hero member
Activity: 1220
Merit: 612
OGRaccoon
Another reason for Full-Validation, 
Was only a matter of time before the the servers became a point of attack.

legendary
Activity: 1526
Merit: 1179
The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.
This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Another clear sign why the Core client is so dominant. It's by far the most secure client out there and people rightfully trust it with everything they have. The only thing is that average joes don't like running a full node client.

Not sure if and when, but if this continues people might lose confidence in Electrum and ditch it for good. It's a shame since it's one of the better SPV wallets available, but you can't endlessly make headlines like this....
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Threads like this bother me, luckily I'm not a fan of downloading an update of electrum as in an urgent manner, also I get nothing any notification when I opened the software.

And I do always make a practice to see the tweet of electrum official twitter account first before doing something though it might not be a good suggestion but it will help somehow. And I hope victims will not be much for this incident.
legendary
Activity: 1484
Merit: 1491
I forgot more than you will ever know.
good catch ! Thank you for sharing Smiley

Edit: was going to report the github repository but it has been closed already.
full member
Activity: 634
Merit: 106
Europe Belongs To Christians
When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.


maybe UI is doing http post request of your seed ?  did you do wireshark ? or can you share the software with me i can try to run it and find which domains its connecting too
copper member
Activity: 236
Merit: 17
is android version in safe? Smiley
newbie
Activity: 10
Merit: 10
When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.
newbie
Activity: 10
Merit: 10
that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.


i am not worried about that. I use a hardware wallet normally and only use electrum from time to time for small quick transactions.

I am however worried what was all attached the bogus client i downloaded. I have wiped anything electrum related but feel like i should be wiping my whole drive just in case.
legendary
Activity: 2758
Merit: 6830
that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.
newbie
Activity: 10
Merit: 10
Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.


i know that, i have since wiped all the electrum files i could find since i downloaded the malicious file. I am at the point i will most likely reformat my hard drive in the morning as i am unsure at this point if any other malware was attached to it aside from the malicious client
newbie
Activity: 10
Merit: 10
Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.

There is not even a single chance the pop up came from the official Electrum. That's a fact.

The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.
jr. member
Activity: 66
Merit: 2
legendary
Activity: 2758
Merit: 6830
Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

Edit: thought that this was the first post from the user and literally missed the OP. Sorry.
Pages:
Jump to: