Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on Electrum servers, which presents some security and privacy trade-offs. If you use electrum personal servers, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.
In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum personal server.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 184.108.40.206. If you are running an earlier version, update your software.
Electrum personal server
(Malware, Attack) Electrum DDoS botnet reaches 152,000 infected hosts.
The Healthy Security Lab is concerned that Nearly 250 bitcoins have been stolen in a recent hacking attack on an Electrum wallet. This attack, confirmed by Electrum, involves creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is an ongoing phishing attack on Electrum users and advised users to download wallet apps from the official website" and that The Healthy Security Lab advised users not to install an unknown source of Electrum wallets to avoid being tricked.
Electrum - Lightweight Bitcoin client.
As of press time, phishing attacks that forged Electrum upgrade notifications have stolen at least 1,450 BTC (the number stolen is officially counted by a user, anti-malware companies Malwarebytes and Electrum), with a total value of approximately $11.6 million. It is worth mentioning that Electrum versions lower than 3.3.4 are vulnerable to such phishing attacks. Users who use Electrum wallets should update to the latest version Electrum 3.3.8 through the official website (electrum.org). At present, v4.0.0 has not been officially released. Version, please do not use the link in the prompt message to update, so as to avoid loss of assets
Researchers at the popular Bitcoin wallet app Electrum have uncovered a malicious shanzhai act aimed at stealing seed keys. The suspicious shanzhai wallet, called Electrum Pro, appeared online in March and has been labeled malware since.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
Electrum personal server.
If someone's Electrum wallet connects to one of these servers and tries to send a BTC transaction, they see an official message telling them to update their Electrum wallet, as well as a scam URL.
Send the coin to another wallet for long-term bitcoin storage. There should be a full node behind the wallet, such as the Electrum node pointing to your own Electrum server.
According to Bleeping Computer, the BTC wallet app Electrom accused a phishing product called Electrum Pro of stealing a user's seed key on May 9 on GitHub and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from BTC URLs managed by Eletrum Pro.