Pages:
Author

Topic: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade (Read 921 times)

brand new
Activity: 0
Merit: 0
brand new
Activity: 0
Merit: 0
2 useful applications for cryptocurrencies monitoring and trading!

Mammon
You can find out the percentage of cryptocurrency rise or fall, price refresh rate according to your settings: daily or each hour.
Mammon allows to calculate the total sum of your earnings per each cryptocurrency or all of them together. This platform differs from the others, as here you can set a target price for cryptocurrencies you want and get the notification if any of them reaches the threshold.
You can download Mammon at the official site.



Delta
If your chosen cryptocurrency exchange does not have a mobile trading application (like Bittrex or Poloniex), Ztrader allows Windows and Mac users to connect via the API and execute transactions.
Delta is a great application for serious cryptocurrency trading. It creates a pie chart of a cryptocurrency portfolio and provides the calculation of such parameters as realized and unrealized profits, as well as reports on tax returns. You pay taxes, right? Of course yes. To use all the features of Delta you need a subscription. The service is provided by a great app for Windows and Mac.
You can download Delta at the official site.

Read more:
https://telegra.ph/2-useful-applications-for-cryptocurrencies-monitoring-and-trading-11-14
brand new
Activity: 0
Merit: 0
 Huh
1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue.

1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work.

If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer".  There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless.  

The official download for Service Pack 1 is here.  If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps, or the following (easier) steps:

  • Download [Suspicious link removed]usoffline.net/]WSUS Offline Update[/url]
  • Extract wherever you like and run UpgateGenerator.exe
  • Select Windows 7 and press "Start"
  • Wait for what feels like an eternity
  • Once that's finished, exit UpgateGenerator.exe then navigate to the /client folder and run UpdateInstaller.exe
  • Tick the box for .NET Framework and again press "Start"
  • Wait for ages again until it eventually reboots and then reboots again

You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update.

I have a similar issue but I'm on windows 8.1. It also says: "Error Loading Python DLL".

Do you know how to fix it?
HCP
legendary
Activity: 2086
Merit: 4361
Possibly an old unconfirmed transaction that was stored within the wallet file (was it an outgoing transaction?) but the inputs got "double spent" in another transaction and the transaction can no longer be validated properly.

If you know what the seed is for that 2nd wallet... try and create a new version of the wallet ("File -> New/Restore -> NEWWALLETNAME -> Standard Wallet -> I already have a seed") and see if it syncs up...
sr. member
Activity: 1330
Merit: 258
Hello,

On my old PC installed old version Electrum.
When I open my first wallet with 0 balance, it's ok (synced).
When I open my second wallet with balance, I see strange transaction "unknown" amount "+0." and wallet can't sync..

Who can explain this?

Thanks.
legendary
Activity: 3374
Merit: 3095
BTC price road to $80k
Hello ThomasV,
Please Help Us. We were somehow hacked and lost a large amount of LTC.

I don't know what to do. Is there anyway you can help us?

I haven't updated my wallet since February 13th, 2018.
Is there a way to seek help from the creators or developers of Electrum Wallet?

Here is the transaction:
https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/
I suggest you to make a github account instead and go to this link https://github.com/pooler/electrum-ltc/issues
and post your new issue there.
Hope that programmer and developer could help you about your issue.
HCP
legendary
Activity: 2086
Merit: 4361
Just FYI, ThomasV probably won't be able to help you... he is not the developer behind Electrum-LTC... he is the Developer for Electrum which is exclusively BTC.

I suggest that you try and seek help from the Electrum-LTC community: https://electrum-ltc.org/#community
newbie
Activity: 14
Merit: 2
Hello ThomasV,
Please Help Us. We were somehow hacked and lost a large amount of LTC.

I don't know what to do. Is there anyway you can help us?

I haven't updated my wallet since February 13th, 2018.
Is there a way to seek help from the creators or developers of Electrum Wallet?

Here is the transaction:
https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/
jr. member
Activity: 34
Merit: 2
Helping the blockchain world build secure++ stuff!
Yes, there's almost a new critical patch every few weeks or so now.

Has the Electron team reached out for a professional security audit yet? It would really boost user's confidence in using it since so many different crypto wallets rely on it now.

Stuff like this is too trivial to justify:

https://github.com/spesmilo/electrum/issues/3374

Code:
 class RequestHandler(SimpleJSONRPCRequestHandler): 
 
     def do_OPTIONS(self):
         self.send_response(200)
         self.end_headers()
 
     def end_headers(self):
         self.send_header("Access-Control-Allow-Headers", 
                          "Origin, X-Requested-With, Content-Type, Accept")
         self.send_header("Access-Control-Allow-Origin", "*")
         SimpleJSONRPCRequestHandler.end_headers(self)

Allowing * is almost always a no-no.
HCP
legendary
Activity: 2086
Merit: 4361
Because Electrum is an HD (Hierarchical Deterministic) wallet... it generates a new address every time one is "used"... each address has it's own private key... so multiple address = multiple private keys.

To know which private key you need to use, you have to identify which address(es) your bitcoins were on at the time of the fork. (ps. You haven't specified which fork you're talking about).

Once you know which address(es) your BTC were on at the time of the fork... you can get the private key by going to the "Addresses" tab (you may need to select "View -> Show Addresses")... then right click on the address(es) you need the private key for and select "Private Key" from the menu.

NOTE: don't forget to change the filter from "Receiving" to "Change" to see your "Change Addresses" which might contain some of your BTC.

newbie
Activity: 2
Merit: 0
I'm not new, just new to Electrum. Why are there 26 lines of Private Keys for my wallet?

Which one is the one I should use to access the fork? I'm very confused!

Please help!

P
HCP
legendary
Activity: 2086
Merit: 4361
That button is to show YOUR receiving address on the Ledger... NOT the "recipients" address. The ledger will automatically show the recipients address when you attempt to send the transaction.

Currently, there is no facility for showing your receiving address on the Ledger from within Electrum. But you can double check by simpy taking the xpub and putting into https://iancoleman.io/bip39/ as the BIP32 root key... click "BIP32" tab and set custom derivation path and use: m/0

it will show all the addresses for your wallet.

NOTE: putting your xpub into the iancoleman website is NOT a security risk... no-one can generate your private keys or steal your bitcoins using just an xpub.
newbie
Activity: 2
Merit: 0
Tell and whether there is in electrum purse a function to show the recipients address on ledger purse display? Such function is in expansion chrome for official ledger.

http://i103.fastpic.ru/big/2018/0207/77/fb1476df55ba239d7c2b8d51886b1177.jpeg
hero member
Activity: 1005
Merit: 502
Sovryn - Brings DeFi to Bitcoin
1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue.

1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work.

If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer".  There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless.  

The official download for Service Pack 1 is here.  If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps, or the following (easier) steps:

  • Download WSUS Offline Update
  • Extract wherever you like and run UpgateGenerator.exe
  • Select Windows 7 and press "Start"
  • Wait for what feels like an eternity
  • Once that's finished, exit UpgateGenerator.exe then navigate to the /client folder and run UpdateInstaller.exe
  • Tick the box for .NET Framework and again press "Start"
  • Wait for ages again until it eventually reboots and then reboots again

You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update.

I have a similar issue but I'm on windows 8.1. It also says: "Error Loading Python DLL".

Do you know how to fix it?

If anyone else still has such issues, I found a solution to fix it: https://bitcointalksearch.org/topic/error-loading-python-dll-solved-2833220
hero member
Activity: 1005
Merit: 502
Sovryn - Brings DeFi to Bitcoin
1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue.

1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work.

If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer".  There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless.  

The official download for Service Pack 1 is here.  If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps, or the following (easier) steps:

  • Download WSUS Offline Update
  • Extract wherever you like and run UpgateGenerator.exe
  • Select Windows 7 and press "Start"
  • Wait for what feels like an eternity
  • Once that's finished, exit UpgateGenerator.exe then navigate to the /client folder and run UpdateInstaller.exe
  • Tick the box for .NET Framework and again press "Start"
  • Wait for ages again until it eventually reboots and then reboots again

You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update.

I have a similar issue but I'm on windows 8.1. It also says: "Error Loading Python DLL".

Do you know how to fix it?
newbie
Activity: 2
Merit: 0
What should users do?
---------------------

All users should upgrade their Electrum software, and stop using old
versions.

Users who did not protect their wallet with a password should create a
new wallet, and move their funds to that wallet. Even if it never
received any funds, a wallet without password should not be used
anymore, because its seed might have been compromised.

In addition, users should review their settings, and delete all
contacts from their contacts list, because the Bitcoin addresses of
their contacts might have been modified.



Hi,

I'm having problems to uninstall my 3.0.3 version of Electrum in Ubuntu, so would installing the newer version upgrade the wallet software? Or would I have both versions in my computer at the same time?
Thanks.
legendary
Activity: 3934
Merit: 3190
Leave no FUD unchallenged
1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue.

1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work.

If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer".  There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless.  

The official download for Service Pack 1 is here.  If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps, or the following (easier) steps:

  • Download WSUS Offline Update
  • Extract wherever you like and run UpgateGenerator.exe
  • Select Windows 7 and press "Start"
  • Wait for what feels like an eternity
  • Once that's finished, exit UpgateGenerator.exe then navigate to the /client folder and run UpdateInstaller.exe
  • Tick the box for .NET Framework and again press "Start"
  • Wait for ages again until it eventually reboots and then reboots again

You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update.
legendary
Activity: 1896
Merit: 1353
...

Sorry for your loss, but this is nonsense. We fixed the vulnerability on the day we learned about it.
If your wallet was protected with a password, there is no way this vulnerability could be related to the theft.
You have to look for another cause for that theft.
legendary
Activity: 3472
Merit: 10611
I did have a very long password that had to be entered before funds could be transferred.

if you had a password for your wallet there was no way of stealing your coins through this bug, specially if you didn't open your wallet. read @ThomasV comments above first for more details.
besides when you have your (hot) wallet on your desktop computer there are at least a dozen ways they can be stolen.

IF YOU HAVE BEEN A VICTIM OF ELECTRUM PLEASE SHARE YOUR STORY TO HELP US BUILD A CASE AND GET MORE PEOPLE INVOLVED TO FIND OUT WHAT REALLY HAPPENED.

MIT License which almost all open source projects (bitcoin wallets you see out there) are using:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
newbie
Activity: 23
Merit: 0
Electrum Wallets Were Vulnerable And Nothing Was Done For Two Years. My Bitcoins were either stolen from my Electrum Wallet or Electrum just made Billions by claiming they were hacked. STAY AWAY FROM ELECTRUM!!!

Electrum is claiming to have been hacked and my coins were stored in Electrum.

I opened my Electrum wallet today, January 18, 2007 and found out that on January 2, 2018 all my bitcoins (7.88014412 btc worth $110,682.86 USD) were sent to the following bitcoin address:

1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf

Apparently, Electrum knew about the vulnerability in their software for over two years. They are only claiming they knew about the security issue as of November 24, 2017 and did nothing about it until January 7, 2018 which just happens to be 5 days after my coins were stolen.

Electrum never warned wallet owners of the severity of the security vulnerability and after learning about the problem, they were negligent by not releasing a patch, immediately, to fix the problem. If nothing else, they should have at least informed wallet owners to move their coins out until the problem was fixed.

Read more about Electrum's carelessness about security within their software here: https://motherboard.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

I did not have 2FA enabled but I did have a very long password that had to be entered before funds could be transferred. I also have Norton AV installed and no viruses have been found.

Is there any way you can help me get my money back? or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to, or recommend someone who knows how I can get my money back?

http://bitcoinwhoswho.com/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf
https://blockchain.info/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf


IF YOU HAVE BEEN A VICTIM OF ELECTRUM PLEASE SHARE YOUR STORY TO HELP US BUILD A CASE AND GET MORE PEOPLE INVOLVED TO FIND OUT WHAT REALLY HAPPENED.
Pages:
Jump to: