In recent days, hackers or hacker groups have stolen more than 200 bitcoins worth about $750,000 by attacking the infrastructure of electrum Bitcoin wallets. The attacker is targeting Electrum.
If someone's Electrum wallet is connected to one of these servers and tries to send a BTC transaction, they will see an official message telling them to update their Electrum wallet, as well as a scam URL.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Electrum upgrade tips, with a total value of approximately $11.6 million.
Query did not trigger pending orders
Digital Wallet Electrum was hacked, losing 250 bitcoins.
The latest version of UBTC Electrum Light Wallet v3.2.8 is available.
However, after electrum officials said in early 19th that some security mechanisms should be put in place to prevent this "update phishing", many users of Electrum are still in the old version.
The main drawback of Bech32 addresses is that not all encrypted wallets and services support them. First, hardware encryption wallets Ledger Nano S, TREZOR and Digital Bitbox, desktop encryption wallets Electrum and Amory, mobile encryption wallets Edge, GreenAddress (for iOS and Android devices) add support for such addresses, including Samourai, Wallet, Walletabi, GreenBits and Electrum (for Android devices)
This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). In a frenzy, malicious ElectrumX servers account for as many as 71% of the total, and the show doesn't fully count, and hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
Bitcoin desktop wallet client Electrum has released a 4.0 beta version, adding several important updates, including support for the Lightning network, nearly a year after the previous version of Electrum, 3.3.8 (last July). In the 4.0 beta version, Electrum mainly added features such as PSBT (partially signed Bitcoin transactions), Lightning Network, watchtowers (暸 watchtowers) and Submarineswaps (subliminal switching). (Github)
and Android system. Installing Electrum requires you to write down a 12-word seed to help you recover your wallet on multiple devices. If you forget your private key, this seed can also make Electrum look more human. In addition, Electrum has a "cold storage" mode where you don't have to pay Bitcoin to view your balance.
IRC Channel: s electrum-ltc (web chat) on Free-node
electrum not showing pending
The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extensions. This leads to an attack on Electrum, and Trezor is affected.
In a recent announcement on Twitter, Electrum advised users to disable the automatic connection option and manually select a server, while the company is developing a more powerful Electrum.
Electrum-GRS Developer: Kefkius - Tyler from the United States.
Qtum Electrum Tutorial Qtum Electrum Light Wallet.
According to slow fog zone news, Electrum fake upgrade tips of the phishing attack has stolen at least 200 BTC, this attack by upgrading Electrum alone can not be avoided, the need for the entire ecological service to make corresponding changes (because Electrum this client is not a full node, and then on the transaction broadcast and the corresponding service side of the message communication, attackers can also deploy malicious server). Slow fog zones remind users that phishing attacks like Electrum require long-term vigilance. The slow fog zone has previously issued an alert for selectrum phishing updates, and hackers who attacked Electrum wallets used Electrum's software to unusually construct malicious software update prompts to induce users to update and download malware usage.
Once everything is set up, you can use Electrum. Have Fun.
Click to get the Electrum Personal Server source code and the Electrum Wallet source code.
B: Electrum server can customize messages to appear in the user's electrum light wallet software, giving hackers a chance to broadcast phishing messages.
If someone's Electrum wallet connects to one of these servers and tries to send a BTC transaction, they see an official message telling them to update their Electrum wallet, as well as a scam URL.
Electrum LTC Wallet is a desktop-based cryptocurrencies wallet that supports Litecoin. Here are some aspects of wallets: Like its predecessor, Electrum- Bitcoin Wallet, open source wallets can be found on GitHub, where anyone can view or upgrade codes.