Hardware wallets are responsible for generating private keys (firmware is officially signed to prevent fake wallets from generating private keys known to hackers), saving private keys (offline environments to prevent Trojans from stealing private keys), signing transactions, displaying transaction contents for users to check and confirm (prevent Trojans from hijacking replacement collection addresses)
Bitcoin Future： electrum stuck on generating addresses
A botnet with more than 140,000 machines has launched a DoS attack on the server of Bitcoin wallet Electrum in an attempt to direct users to software versions designed to steal Bitcoin. Electrum users have been advised to take extra care when using the platform until the issue is resolved. Security researchers familiar with the matter say that if a user installs a fake version of Electrum, all funds contained in the old version will be lost immediately. (TNW)
In addition, small partners who have used Electrum wallets should be aware that with Thecret phrase generated by Electrum, we can recover bitcoin keys on any browser using the Bitcoin Wallet web tool. And Electrum is so secure that there is no evidence that the distributed attack prevention system designed by Dark Wallet will be due to Electrum.
It targets two antivirus products: Smadav and USB Disk Security, both mobile device security products.
Bitcoin desktop wallet client Electrum has released a 4.0 beta version, adding several important updates, including support for the Lightning network, nearly a year after the previous version of Electrum, 3.3.8 (last July). In the 4.0 beta version, Electrum mainly added features such as PSBT (partially signed Bitcoin transactions), Lightning Network, watchtowers (暸 watchtowers) and Submarineswaps (subliminal switching). (Github.
Google researcher Tavis Ormandy discovered the Bitcoin wallet Electrum.
"Electrum DDoS botnet infects more than 152,000 hosts" - Jett.
In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack. This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials said they would adopt some security mechanisms to prevent this kind of "update fishing", such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the older version (less than 3.3.4), and the older version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. Finally, identify electrum's official web address.
Originally published as Jonald Fyookball (Electron Cash developer)
The problem was not fixed. So he had to contact Electrum to highlight the urgency of the issue, and Electrum released Emergency Response Version 3.0.4 a few hours later.
According to slow fog zone news, Electrum fake upgrade tips of the phishing attack has stolen at least 200 BTC, this attack by upgrading Electrum alone can not be avoided, the need for the entire ecological service to make corresponding changes (because Electrum this client is not a full node, and then on the transaction broadcast and the corresponding service side of the message communication, attackers can also deploy malicious server). Slow fog zones remind users that phishing attacks like Electrum require long-term vigilance. The slow fog zone has previously issued an alert for selectrum phishing updates, and hackers who attacked Electrum wallets used Electrum's software to unusually construct malicious software update prompts to induce users to update and download malware usage.
Electrum - Lightweight Bitcoin client.
Bitcoin Wallet Electrum confirms a phishing attack against its users, reminding them not to download Electrum Wallet software from any channel other than the official website. Earlier media reports said Electrum users had maliciously stolen millions of dollars worth of cryptocurrencies. Hackers create Electrum wallet software with malicious code, induce users to download, and trick users into providing login information such as passwords to commit theft.
We will continue to monitor and track further movements of funds after a recent user submitted a coin-losing incident claiming that the download used an Electrum wallet had been phishing attack, losing more than 700 bitcoins, and that the stolen address had been added to the Devi AML system. It is reported that malicious website (electrumsecure) fake E) fake Electrum website to carry out phishing attacks, guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Devi Security Labs is here to remind users not to install unknown sources of Electrum wallets, to avoid asset losses.
Dynamic . . . Electrum wallets have been hit by massive DoS attacks that have cost millions of dollars.