Warning 200 bitcoins stolen from electrum users via malicious update

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: bbc.reporter on December 28, 2018, 10:36:30 PM

I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

Regardless of this incident, that's always been a possibility. It's one of the reasons Electrum has poor privacy. It's similar to the US government running loads of Tor exit nodes. The more malicious nodes that exist, the more likely you are to connect to them.

There's only one other way to use Electrum. If you don't want to randomly connect to servers, you have to run your own full node and then run an Electrum server on top of it.

Pursuer

legendary

Activity: 1638

Merit: 1163

Where is my ring of blades...

Quote from: gabbie2010 on December 29, 2018, 12:16:21 AM

Quote from: bbc.reporter on December 28, 2018, 10:36:30 PM

@pooya87. I know. However I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

That is one of my fear while connecting to their server I am always curious that maybe some hacking is undergoing behind the scene all these issues of hacking had become rampant these days be it blockchain, MEW and of recent electrum and the most annoying thing is that electrum has no control of the stolen btc which is irreversible.

you should always have that fear as long as your coins are on an online computer instead of being in a cold storage stored offline. and it is not just about electrum but about any other wallet that you may be using which is online. your computer can be infected easily and your coins can be lost.

in this case however the servers can only see your addresses because that is what you send them and nothing more. and this case here was only a feature that was being exploited by the scammer to mislead people into going to his malicious links and fooled them into downloading a fake wallet. so all you had to do was to not follow that link blindly!

Altero

full member

Activity: 784

Merit: 123

Quote from: gabbie2010 on December 29, 2018, 12:16:21 AM

Quote from: bbc.reporter on December 28, 2018, 10:36:30 PM

@pooya87. I know. However I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

That is one of my fear while connecting to their server I am always curious that maybe some hacking is undergoing behind the scene all these issues of hacking had become rampant these days be it blockchain, MEW and of recent electrum and the most annoying thing is that electrum has no control of the stolen btc which is irreversible.

Hackers could made it easily if the security of electrum isn't that strong. It is bad if they don't look into the best solution and pay even a half of the money loss by their users.
This could made awareness to all of us and might affect the entire market. Online is prone to hacking as those hackers will do their best to crackdown keys and every single mistake we made is a big opportunity for them. That is why we should be careful especially in visiting unknown links.

gabbie2010

sr. member

Activity: 2842

Merit: 326

20BET - Premium Casino & Sportsbook

Quote from: bbc.reporter on December 28, 2018, 10:36:30 PM

@pooya87. I know. However I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

That is one of my fear while connecting to their server I am always curious that maybe some hacking is undergoing behind the scene all these issues of hacking had become rampant these days be it blockchain, MEW and of recent electrum and the most annoying thing is that electrum has no control of the stolen btc which is irreversible.

Initscri

hero member

Activity: 1582

Merit: 759

Quote from: Artemis3 on December 28, 2018, 11:06:09 PM

Quote from: bbc.reporter on December 28, 2018, 08:08:53 PM

Would it be an acceptable temporary solution to connect only to the servers run by the Electrum development team until the malicious servers are identified and blocked? Does Electrum have official servers online?

From what I understand, all you have to do is ignore that stupid message to download a "newer" Electrum. Electrum should not be showing server MOTDs anyway, that is a design flaw imo. And if you are connected to a malicious server sending such messages, change it in Network settings.

In Linux we usually don't go to web pages to download software, but use packages from official repositories (which in turn most distros has them crypto signed etc). And also, the phishers are lazy and don't always provide linux binaries of their trojan versions...

If you feel unsafe using the Electrum light wallet, the "right" thing to do is download Bitcoin core wallet, use the option prune=550 to save space, and the other tips to save bandwidth.

The IP logging thing can easily be circumvented by using TOR.

Yeah unfortunately there were plenty of users who weren't as familiar w/ Bitcoin and/or weren't as technically savvy, to which this exploit would have affected them more.

This will clearly have to be fixed in the future, I suspect by removing the ability to send messages or making it more clear that the messages received aren't official Electrum messages.

Artemis3

legendary

Activity: 2030

Merit: 1573

CLEAN non GPL infringing code made in Rust lang

Quote from: bbc.reporter on December 28, 2018, 08:08:53 PM

Would it be an acceptable temporary solution to connect only to the servers run by the Electrum development team until the malicious servers are identified and blocked? Does Electrum have official servers online?

From what I understand, all you have to do is ignore that stupid message to download a "newer" Electrum. Electrum should not be showing server MOTDs anyway, that is a design flaw imo. And if you are connected to a malicious server sending such messages, change it in Network settings.

In Linux we usually don't go to web pages to download software, but use packages from official repositories (which in turn most distros has them crypto signed etc). And also, the phishers are lazy and don't always provide linux binaries of their trojan versions...

If you feel unsafe using the Electrum light wallet, the "right" thing to do is download Bitcoin core wallet, use the option prune=550 to save space, and the other tips to save bandwidth.

The IP logging thing can easily be circumvented by using TOR.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: bbc.reporter on December 28, 2018, 10:36:30 PM

@pooya87. I know. However I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

well then logging IP addresses and being malicious is not new, it has always been the case! and it is not only your IP addresses but also all the addresses that you own and they can link them together that way. and since that is by design, it can not be changed.
note that it is a privacy issue not security that you are bringing up here.

if you want more privacy i'm afraid running a full verification node is the only choice you have.

bbc.reporter

legendary

Activity: 3192

Merit: 1509

@pooya87. I know. However I do not feel safe connecting to a random Electrum server while there are malicious servers around that might log my IP address.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: bbc.reporter on December 28, 2018, 08:08:53 PM

Would it be an acceptable temporary solution to connect only to the servers run by the Electrum development team until the malicious servers are identified and blocked? Does Electrum have official servers online?

it doesn't matter what server you connect to. the malicious servers aren't stealing your coins, they CAN NOT do that. all they do is that they send you a message which your wallet shows and that "message" contains a link to the fake Electrum wallet.
so long as you don't click that link and don't install the fake one you are fine.

0t3p0t

sr. member

Activity: 1736

Merit: 357

Peace be with you!

Quote from: cokroalif on December 27, 2018, 11:03:21 PM

I don't know why more people get to know BTC more and more thieves. it doesn't match the idea of satosi nakamoto, some of my friends were phishing just opened a site that was sent in email. really thieves target us, there is nothing safe in this world, even a private key or password can be known by thieves, maybe we should be more careful to secure our assets

Yeah so we need to double check whatever we are doing online most especially with our Bitcoin funds. This only means that Bitcoin is still great as a lot of lawless elements such as hackers are interested to have some of everybody's funds. The only thing we can do is to be careful as it is not always safe if we are talking about money and wealth. This is also a lesson learned to not only for the victims but all of us who has hard earned Bitcoins on our wallets.

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: bbc.reporter on December 28, 2018, 08:08:53 PM

Would it be an acceptable temporary solution to connect only to the servers run by the Electrum development team until the malicious servers are identified and blocked? Does Electrum have official servers online?

Connecting to secure and trusted Electrum would be a temporary solution for the security problem. I believe there are some identified attackers servers that have a similar sub-domain(.bitcoinplug.website domains.*.imaginarycoin.info domains.*.23734430190.pro domains.*.cryptoplayer.fun domains.*.krypto-familar.fun) as referenced in the official electrum GitHub repository.

I don't know if there is an official server for Electrum, but you can manually choose the server and avoid that sub-domain.

bbc.reporter

legendary

Activity: 3192

Merit: 1509

Would it be an acceptable temporary solution to connect only to the servers run by the Electrum development team until the malicious servers are identified and blocked? Does Electrum have official servers online?

Initscri

hero member

Activity: 1582

Merit: 759

Quote from: Oniko on December 28, 2018, 03:53:10 AM

I'm shocked. The market is in decline, and hackers continue to steal. I think that there is still no cryptocurrency wallet that gives reliability in use.

As long as crypto has value and is above $0, there will always be intent to steal. It's always going to be extremely profitable whether BTC is worth $1 or $1000+

Kemarit

legendary

Activity: 3080

Merit: 1353

Quote from: Oniko on December 28, 2018, 03:53:10 AM

I'm shocked. The market is in decline, and hackers continue to steal. I think that there is still no cryptocurrency wallet that gives reliability in use.

What do you expect? They're thieves, criminals and they don't care if we are in a bear or bullish trend. As long as they can stole from someone they will do it in a heart beat.

Yeah, I also saw the post from Theymos earlier, but it's a scary thing though. We all know that Electrum by is one of the most secured wallet out there, but it didn't deter hackers to see some loopholes and exploit it. I'm sure that Electrum devs will release a new version or a patch, so for now if you have bitcoins stored in your Electrum I would suggest to just wait from the official announcement before doing anything.

Oniko

member

Activity: 322

Merit: 11

I'm shocked. The market is in decline, and hackers continue to steal. I think that there is still no cryptocurrency wallet that gives reliability in use.

VitKoyn

full member

Activity: 490

Merit: 106

If you are a user of electrum wallet you should always check the source of the update, if it is not a link from their website you shouldn't click or copy and paste it on your browser. But in the other side, it is really disappointing because developers they let this vulnerabilities exist without giving their users an immediate warning on what is happening. And of course there will be some victims of this because they trust electrum software to be safe. And not only electrum but also other altcoin wallets that are forks of electrum have this vulnerabilities so if you use one of those then you might also see this phishing links.

ethereumhunter

hero member

Activity: 2912

Merit: 541

Leading Crypto Sports Betting & Casino Platform

Quote from: cokroalif on December 27, 2018, 11:03:21 PM

I don't know why more people get to know BTC more and more thieves. it doesn't match the idea of satosi nakamoto, some of my friends were phishing just opened a site that was sent in email. really thieves target us, there is nothing safe in this world, even a private key or password can be known by thieves, maybe we should be more careful to secure our assets

Because the thieves know much things about bitcoin and they want to have bitcoin, but they do the wrong way. We need always to be careful when we want to visit the link which we don't know because the hi-jacking now become dangerous and it could get the information from many ways. Our account will be our responsibilities to protect and never to tell other people for what we did, or we might be the next target for the strange people who want our money.

Fortunately, I don't use Electrum for a long time ago but I will check my Electrum wallet, and I hope it will be fine and nothing happens inside the wallet.

Juggy777

hero member

Activity: 2646

Merit: 686

Quote from: elisabetheva on December 27, 2018, 09:27:14 PM

I think that strongly agree with your opinion that "we are all targets of hackers" just how we should be more careful not to be affected.
But clearly the information you provide will add to our knowledge more carefully, thank you

I always believed Electrum wallet to be safe and easy to operate, and I'm surprised that hackers were able to target it. I believe a majority of these users who were targeted use the wallet on their computers/laptops, and thus became easy targets. I have been using electrum wallet app, and I did not see it asking for any update, also this is a very big lesson for all never to self update the wallet, always use the original website.

Andruha1993

jr. member

Activity: 1008

Merit: 1

I also use ELECTRUM and have never encountered scammers there. Yes, it is very sad that the fraudsters attack, but all have said many times that you must always be careful and check the accuracy of the information.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Kakmakr on December 28, 2018, 01:16:39 AM

I hope this incident will be a wake-up call for them to react a lot quicker when something like this happens. Angry

Yeah, I also think they should give a warning after they found out. But the user should be more cautious too tbh. The attack includes downloading from unconfirmed sources, they should at least have suspicion when there is a pop-up showing to download. Well, let's hope this won't happen again.

Topic: Warning 200 bitcoins stolen from electrum users via malicious update (Read 651 times)