Pages:
Author

Topic: Warning: There is an ongoing phishing attack against Electrum users - page 2. (Read 716 times)

HCP
legendary
Activity: 2086
Merit: 4363
One important question. Does the transaction go trough despite the error msg?
Like is the functionality unaffected?
To answer this question... As I understand it... No, the transaction does not go through. All the "bad" servers do is throw back the fake error message and encourage the user to download malware. (NOTE: I believe the github repository that it linked to has already been removed)

So, as Abdussamad mentioned, simply ignore the error and connect to a different server. If you do that, there is no danger to your wallet or coins from this "attack".
legendary
Activity: 3710
Merit: 1586
So what would be the wisest course of action?
Just wait untill the issue gets fixed and not use the wallet in the meantime?

One important question. Does the transaction go trough despite the error msg?
Like is the functionality unaffected?

Thanks for info.

The only thing you need to do is that in the event you get an error message when spending bitcoins try switching servers. Don't download any software that the error message tells you to.
member
Activity: 120
Merit: 10
So what would be the wisest course of action?
Just wait untill the issue gets fixed and not use the wallet in the meantime?

One important question. Does the transaction go trough despite the error msg?
Like is the functionality unaffected?

Thanks for info.
newbie
Activity: 231
Merit: 0

yes, it is from the original website >  http://nl.tinypic.com/r/2njwpc8/9


image of download history



i would say check your own folder structure see if it is the same as my image
legendary
Activity: 3710
Merit: 1586
look at your browser history and confirm the url you downloaded electrum from ?
newbie
Activity: 231
Merit: 0
hello there

some day's ago someone stole my BTC from electrum wallet after I upgraded from 3.3.1  > to 3.3.2

all my BTC are gone 0.05xxx    but I have decided after cleaning my computer to reinstall the new and latest wallet
now when I installed this I tough let's see the file structure in that wallet it apart from mine wallet.dat folder this is what I saw  http://i66.tinypic.com/2n0pkq8.jpg

i don't think this is correct look at the date stamp of the actual wallet exe file create day: 11-11-2000 !!???

so, in short, i downloaded from the original website what I always do then installed it then I went to the folder and this is what i saw

please need help an advice
legendary
Activity: 3710
Merit: 1586
You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.

You should complain in that issue: https://github.com/spesmilo/electrum/issues/4968

I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...?

3.2.4 contains a backported version of the phishing attack mitigation for users who can't upgrade to python 3.6. Everyone else should stick to 3.3.2.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more

Electrum is show this message in combination with bad servers, and even if Electrum can not influence on such servers, yet there is a great deal of responsibility on them. Such a thing should be foreseen and prevented, but instead of that we have hundreds of stolen BTC and confusion that continues to last...

You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.

I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...?

Do we have a list of servers that are safe for sure? Would help because then you could connect manually to those when you get the pop up.

Nothing is 100% sure, but I found a list with Electrum servers which could help. However, owner of this site can also be tricked to list some bad server, it is just for informational purposes.

https://1209k.com/bitcoin-eye/ele.php
legendary
Activity: 3710
Merit: 1586
I'm not sure if it's technically possible that Electrum use this exploit in a way to show warning message to users, but before any transaction is initiated?

Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more

Second the message is by the server you are connected to and the electrum company doesn't control those servers. If it did then they could simply replace the messages with numerical error codes and then the client could display a limited set of meaningful error messages depending on the error code instead of arbitrary messages from the server. This is the proper fix they talked about.

In the meantime the electron cash approach might work where they attempt to parse the message from the server and then replace it with a legit error message. Another suggestion was to hide the message from the server under a read more button so that those who actually cared could read it while your regular users won't bother and therefore won't be phished.
newbie
Activity: 21
Merit: 4
Do we have a list of servers that are safe for sure? Would help because then you could connect manually to those when you get the pop up.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
There is currently no way to prevent the appearance of this message through legitimate Electrum wallet so every warning is welcome. But the very fact that vulnerability still exists makes this wallet very risky for any inexperienced user. We can talk about how is important to always check files before installation, or to never download wallets from untrusted source - people simply do not pay attention to such things.

I'm not sure if it's technically possible that Electrum use this exploit in a way to show warning message to users, but before any transaction is initiated?
sr. member
Activity: 910
Merit: 351
people aren't upgrading their Electrum just because this bug existed in older versions. there are still people using Electrum 2.x.x versions out there too! so as long as the attack is ongoing some sort of warning on their Twitter page from time to time is a good idea. they may need to stick it on top though.

They'll probably need to pin it forever, because it seems these 'bad' servers will continue to exist as long as people still use Electrum. Anyway, this should increase security awareness. For god’s sake, I never understand why people just download and never verify a file from the internet.
legendary
Activity: 3472
Merit: 10611
I'm not sure why Electrum gives a warning again since that attack is actually never stopped. Electrum just changed, or as they say mitigates the attack in a way how users see that notification pop message.

people aren't upgrading their Electrum just because this bug existed in older versions. there are still people using Electrum 2.x.x versions out there too! so as long as the attack is ongoing some sort of warning on their Twitter page from time to time is a good idea. they may need to stick it on top though.
HCP
legendary
Activity: 2086
Merit: 4363
It seems that the error only shows on the latest version of electrum? I tried the other version but I don't see any error yet.

It looks like only the 3.3.2 version is infected with this attack.
It has nothing to do with the version of the Electrum client that you have installed/are using... it all depends on which Electrum server you get connected to.

Also, I believe that the message only shows when you attempt to broadcast a transaction.

The message is generated and sent by rogue Electrum servers that have been setup and launched by the attackers. They modified the (open source) code, so that regardless of your client and/or how your transaction is setup, the server will automatically return the fake "error" message to your client encouraging you to "upgrade". Then the attackers launched hundreds of servers (using different domains) to increase the odds that a client would get automatically connected to one of their servers.

So, if you automatically (or manually) connect to a "good" server, you will never see this message... and if you're connected to a "bad" server, but don't try and broadcast a transaction, you will not see this message either.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
It seems that the error only shows on the latest version of electrum? I tried the other version but I don't see any error yet.

It looks like only the 3.3.2 version is infected with this attack.

I'm sure that they will release a new version of electrum this coming week and I hope they can inform all Electrum users about this issue before someone installs a fake Electrum wallet.

I already check the link from the image above it looks like someone already reported it.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I'm not sure why Electrum gives a warning again since that attack is actually never stopped. Electrum just changed, or as they say mitigates the attack in a way how users see that notification pop message.

So there is no direct link to fake wallet download (click link), but message is looks like this :



Some users obviously still fall into this trap and download fake wallets, probably because of that Electrum reacted again by tweet that warning.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Saw this tweet of electrum hours ago. Please be aware, and be careful.

"Warning: there is an ongoing phishing attack against Electrum users, where rogue servers ask users to install bitcoin-stealing malware. We released version 3.3.2, which mitigates the attack. See https://electrum.org/#download"

Source: https://twitter.com/ElectrumWallet/status/1083334662427164672
Pages:
Jump to: