Electrum: hacked sending money from electrum

If I don’t get my money back I’ll be getting the U.S. government involved you guys should have stopped this it’s a problem with your app

I just happen to be browsing here and saw your post, I'm just an electrum user like you.

I'm sorry but you have been the victim of a phishing attack. This has been an ongoing problem for about a month now. The message that popped up was spoofed (faked) and when you clicked the link you were redirected to the criminals website where they sent you a hacked version of electrum designed to steal your coins as soon as you entered your password (if you used one).

In the future never ever click a link that you weren't specifically expecting (email attachment that looks legit, but you weren't expecting it: ask the person who sent it to you first). Anytime you are asked to update software ALWAYS download directly from the makers official website and type the address directly into the URL bar including the HTTPS://

At this point there isn't much you can do other than try to calm down. If you have other crypto or should you buy more, I strongly advise you purchase a hardware wallet (trezor, ledger, etc..)

Sorry about your loss, it's a difficult learning experience. You can check out information about it here: https://www.reddit.com/r/Bitcoin/comments/anycg2/electrum_targeted_phishing_malware_warning/ or here: https://bitcointalk.org/index.php?topic=5095856.0

@jon0190 the update you have been downloading was bitcoin-stealing malware
could you post the url where you downloaded it from?

Yeah I gather all that now, as you said “it’s been going on a while now”, the creators or people running electrum should’ve stopped this by now. If I don’t get my money back I’ll be contacting everyone possible in our government for help because this is bullshit! It’s not a phishing email it’s a problem with their product, that they are probably behind since it hasn’t been stopped not being disrespectful towards you

I don’t have it anymore I copied and pasted the link and I’ve already started cleaning my computer as someone else said I need to do

It was a github link that popped up when I tried to send,

How about disabling deposits to old vulnerable accounts so that people who don’t spend all day online know that there’s a problem? Pieces of shit!

electrum is not a bank, there are no "accounts"
we are doing whatever is in our power to stop this attack

Nobody said it’s a bank I thought it was a secure bitcoin wallet but it obviously isn’t. How about a big warning on the app about this? You have done nothing and I am going to start contacting our government so they can deal with you lazy pieces of shit

Going to be lots of fun for you guys coming

How hard would it be to put a message on your app warning people of this since your app doesn’t auto update security features? Huh bitch? I bet a lot less longer than it’s taking me to reboot my computer. You guys are useless pieces of shit that everyone would be better off without

You guys can track my account all you want, I’m not lying I’ll help when my computer gets done rebooting

How about a big warning on the app about this?

It is not possible to put a warning or display any kind of announcement in existing versions. The whole point of bitcoin is decentralisation. No one has the power to do this. We don't want the power to be able to do this.

There has been a warning on the website however for more than a month (since the attack started).

And "honest" servers started using the same exploit the attacker's servers are using, to warn users that they are vulnerable, but these messages can only be sent when the user broadcasts a transaction (that is how the exploit works). We have also fixed the exploit in a new version of the client, but you were using an old one.

@jon0190,
Electrum is a "lite" Bitcoin wallet, which does not download full blockchain and keep it locally, but relies on a servers with full blockchain. Such servers may be set up and operated by anyone, including me and you, and they would be automatically used in Electrum.
When you send money, if the transaction can't be performed, server may respond with text error message with the reason of that.

During last month, some malicious servers appear, which do not accept money transactions and only return bogus error message. This error message states that your client is outdated and you should download a new, updated one. This "updated" client is not an official Electrum client but one provided by a hacker (by this server operator), designed to stole your money and probably to perform further malicious activity on your computer (e.g. stole your browser passwords and other private data). It's uploaded to the website unrelated to Electrum official website or github page, but it is designed to look very close to original one, to fool you to download the file and install it.
Unfortunately, you've installed such client, and now you lost your money. There's no way to return your money. Electrum developers have nothing to do with this malicious "updated" versions. Official Electrum page https://electrum.org/ have the following text on top:

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

Just to be clear, once again: you've installed a virus instead of original Electrum client, uninstall it or better, reinstall the whole operating system because nobody has investigated if the virus perform other actions other than money stealing. And you can't return your money since it Bitcoin, a system built without any party which should be trusted, like banks. You can only monitor further transactions from the address where your money go, and try to determine the person behind that.

It’s okay you can deal with our government

@jon0190 I'm not an Electrum developer, I'm just trying to clarify where you went wrong. I saw this phishing message and almost fell for it too. You've downloaded a virus pretending to be an update for Electrum, that's why you've lost your money. There's nothing me or Electrum developers can do. You're probably thinking of Electrum as a kind of service/organization/"product", but it's not. If you're in a jurisdiction which is strong in cyber security, you should go to police office, provide them information with URLs where you've downloaded the file etc.

I know where I went wrong, so does Thomas and he will be dealing with our government he should’ve stopped this from happening hackers took over his app and he doesn’t think it’s a problem it’s not phishing

@jon0190 no, you're wrong. The software is fine, I use it every day and my coins are safe. The problem is that you've manually installed virus on your computer which looks like legitimate client, from a third-party website which malicious person is running.
You won't help yourself or your money denying that you did not install a virus yourself.

he should’ve stopped this from happening hackers took over his app and he doesn’t think it’s a problem it’s not phishing

You clearly have no idea what you are talking about.

In any case, let me just refer you to the licence of Electrum:

https://github.com/spesmilo/electrum/blob/9beabc03112a420ec0b1a069dd77ab291ab094f3/LICENCE#L14-L20

Are you retarded? I know I installed a virus it happened because of a vulnerability in the software, if you have zero IQ don’t try and talk to me, your a idiot

You guys are in a complete different world

I’m not a drug addict go fuck yourselves

That is civil litigation bullshit Incase of a civil lawsuit. That’s not what we’re talking about idiot I’m not going to sue Thomas I’m going to try and have him put under investigation for not stopping this vulnerability

you guys are the idiots of our world. We would have been better off if your parents were never born because they were obviously idiots too

chill out, bitcoin is experimental technology. there are no guarantees. Also, it's not Electrum that stole your funds, it's the malware YOU INSTALLED YOURSELF.

The Electrum team did more than it should have done to limit this attack, but nothing can be done to protect one against its own actions.

So I am thinking to sue you for false publicity, because Electrum did not steal you. Another backdoored app did, which you installed yourself. After reading your comments I can understand how easy it was for you to buy the scam.

I hope this is the last comment in this issue, let's not feed the trolls out of respect for everyone else.

Electrum did shit to stop it and any decent court will see that. Go fuck yourself your the troll

Again their app is allowing this to happen it isn’t a phishing email

Stupid fuckin crackhead

Electrum did shit to stop it and any decent court will see that

Just off the top of my head:

1. The ElectrumX server code has been modified to
2. filter other servers from being advertised to clients that are returning too many unknown peers

3. there is a blacklist of servers at electrum.org/blacklist.json, which is downloaded by honest servers, and the blacklisted servers will not get advertised to clients. we are keeping this blacklist updated (as the attackers keep launching new servers)

4. We have manually configured and set up several new servers ourselves, to increase the ratio of honest/evil servers.

(1) and (2) greatly decrease the chances of a client connecting to an evil server.

1. The ElectrumX server code has been modified such that
2. the honest servers started doing the "good attack", warning old clients that they are vulnerable and need to upgrade (when they broadcast a transaction, which is the only time a warning is possible)

Almost all server operators have been notified that they should upgrade if possible, to take advantage of (1) and (3).

1. The phishing vulnerability has been patched in the client (in new versions).

2. There has been a warning for more than a month on:

3. electrum.org
4. top of reddit.org/r/bitcoin
5. #bitcoin IRC on freenode

describing the vulnerability and telling people to upgrade their client from electrum.org, so that they would no longer be affected.

1. We are constantly identifying evil servers, and checking what URLs they are sending their victims to. There are two categories: GitHub repositories, and domain names. As soon as we detect the first, we are notifying GitHub to take down the malicious repo, and they do take it down fairly soon. When detecting the latter, we send reports to the domain registrar, and depending on their cooperation, take down those domain.

2. "update announcements" have been added to the client, so that from now on there is a built-in mechanism where the developers can notify the client as soon as it starts up that they are running an old version and should update. These announcements are signed, so they cannot be spoofed.

So yeah, we "did shit".

What purpose do I have to go to your website when your service runs through a app? If you were decent people the vulnerability would be addressed on your app like any other decent people. That’s the whole thing you guys aren’t decent person you’re the trash of our world I’m done with this

..the vulnerability would be addressed.. - well, in this case you are the vulnerability. Are you pro choice?

Is this a regional thing? I've been using Electrum regularly during the past months and I've never seen the phishing message pop up.

@Calius you won't see it if you use the latest version

@Calius it’s only an issue in versions older than 3.3.3. So anything like 3.2.2 is vulnerable