Electrum: stolen bitcoin from Electrum

Hi Milos19, the same thing happened to me. I opened my wallet last night, tried to send bitcoin and was prompted with an update box. I checked Electrum.net and saw that it said:

"Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org"

So when I saw the prompt asking me to update to 4.0.0 (within my wallet) I did so, then sent bitcoin to my originally intended address, I even took screen dumps. It showed my wallet transferring 0.04 to an address, but it didn't go to that address, it went to a different address along with my entire bitcoin 'savings'.
This issue is HUGE, and the fact that the wallet doesn't tell you beforehand is terrible.
This will lose thousands of people thousands of $ / £ and to be honest, it seems like Electrum are not too bothered as this has been a known issue for MONTHS and MONTHS. But how are we supposed to know when we log in to our wallets after HODL'ing for a year.

This is nothing less than a complete lack of 'duty of care' (beyond reasonable doubt) by Electrum and people will be losing their entire wallet savings as I type this.

Many wont know that they have sent it to a scammer, because it mimics your account and even makes it look like you are doing everything correct.

I know of someone who lost £40,000, within the last 24 hours, there is nothing that can be done, its gone forever.

This is nothing less than a complete lack of 'duty of care' (beyond reasonable doubt) by Electrum and people will be losing their entire wallet savings as I type this.

Over the months, since we have learned about the issue (https://github.com/spesmilo/electrum/issues/4968), we have done many things to mitigate it, as best as possible. A lot of time was spent on this.

1. The ElectrumX server code was modified to
2. filter other servers from being advertised to clients that are returning too many unknown peers

3. there was a blacklist of servers at electrum.org/blacklist.json, which is downloaded by honest servers, and the blacklisted servers will not get advertised to clients. we were keeping this blacklist updated (as the attackers keep launching new servers)
   (this blacklist has since been retired in favour of mitigation number 2 below)

4. The ElectrumX server code was modified to exploit a DOS vulnerability in clients. All updated honest servers are now actively trying to crash old clients (their network thread), see https://github.com/kyuupichan/electrumx/pull/760
   Clients by default connect to 10 servers. One of these servers is chosen as the "main server". It is the main server that can e.g. try to "phish" a client with these messages. If any one out of these 10 connected servers is an updated honest server, the client's network thread will crash and the whole application becomes unusable. This vulnerability exists in Electrum <3.3.0 hence the phrasing on the current warning on top of electrum.org and the pinned issue in this repository: https://github.com/spesmilo/electrum/issues/5195

This mitigation when it was first deployed turned out to be extremely effective. Unfortunately around 2 weeks later, the attacker(s) started a massive DDOS against all honest servers (as a countermeasure so that they cannot keep crashing the old clients). This DDOS is still ongoing.

1. We have manually configured and set up several new servers ourselves, to increase the ratio of honest/evil servers.

(1), (2), and (3) greatly decrease the chances of a client connecting to an evil server.

1. Before deploying (2), the ElectrumX server code had been modified such that
2. exploiting the same "arbitrary message" vulnerability that the phishers use, the honest servers started doing the "good attack", warning old clients that they are vulnerable and need to upgrade (when they broadcast a transaction, which is the only time a warning is possible)

Almost all server operators have been notified that they should upgrade if possible, to take advantage of (1) and (4); and later (2). We contacted operators over IRC, many personal emails, and GitHub.

1. The phishing vulnerability has been patched in the client (in new versions).

2. There has been a warning since the issue was identified:

3. on electrum.org
4. in #electrum IRC on freenode
5. top of reddit.org/r/electrum

There was also a warning for several months:

• in #bitcoin IRC on freenode
• top of reddit.org/r/bitcoin
• on bitcointalk.org

describing the vulnerability and telling people to upgrade their client from electrum.org, so that they would no longer be affected.

1. We are constantly identifying evil servers, and checking what URLs they are sending their victims to. There are two categories: GitHub repositories, and domain names. As soon as we detect the first, we are notifying GitHub to take down the malicious repo, and they do take it down fairly soon. When detecting the latter, we send reports to the domain registrar, and depending on their cooperation, take down those domain. In case of domains, we also report them to Google Safe Browsing.

2. "update announcements" have been added to the client, so that from now on there is a built-in mechanism where the developers can notify the client as soon as it starts up that they are running an old version and should update. These announcements are signed, so they cannot be spoofed.

I appreciate your comment, although too many have been hurt.
Electronic wallets needed to warn people, but they didn't, the scamming coders won, the hard working people lost.
I am deleting "the safest offline wallet" from my PC as its too dangerous.
Sorry, but many lost their retirement funds today, their kids university money, their house deposits.
I could ask 10 people who own BTC what GitHub is, possibly 1 would know.
Crypto is for the stupid and the hackers, not the general person.
I'm out, I lost everything.

No one is denying steps have been taken. Nonetheless people continue to lose £1000’s, daily.
The vast majority (plumbers, builders, joiners) go to their wallet and send, they don’t think to read reddit, gatehub, blacklists orr revisit electrum.nethttp://electrum.net because the trust was there and the software was on their HDD.
There should have been a warning* on all individual wallets telling people to ‘click here’

The guy who stole from me and my friend seems to be raking in 5+ btc per day on average and he is just 1 person of many.

Personally i’ll take the hit, a learning curve, but many electrum users are crying themselves to sleep just now.

The fees paid made you all more than enough profit to write the code*

On 24 Jun 2019, at 20:12, ghost43 <[email protected]notifications@github.com> wrote:

This is nothing less than a complete lack of 'duty of care' (beyond reasonable doubt) by Electrum and people will be losing their entire wallet savings as I type this.

Over the months, since we have learned about the issue (#4968https://github.com/spesmilo/electrum/issues/4968), we have done many things to mitigate it, as best as possible. A lot of time was spent on this.

1. The ElectrumX server code was modified to

2. filter other servers from being advertised to clients that are returning too many unknown peers

3. there was a blacklist of servers at electrum.org/blacklist.jsonhttp://electrum.org/blacklist.json, which is downloaded by honest servers, and the blacklisted servers will not get advertised to clients. we were keeping this blacklist updated (as the attackers keep launching new servers)
   (this blacklist has since been retired in favour of mitigation number 2 below)

4. The ElectrumX server code was modified to exploit a DDOS vulnerability in clients. All updated honest servers are now actively trying to crash old clients (their network thread), see kyuupichan/electrumx#760https://github.com/kyuupichan/electrumx/pull/760
   Clients by default connect to 10 servers. One of these servers is chosen as the "main server". It is the main server that can e.g. try to "phish" a client with these messages. If any one out of these 10 connected servers is an updated honest server, the client's network thread will crash and the whole application becomes unusable. This vulnerability exists in Electrum <3.3.0 hence the phrasing on the current warning on top of electrum.orghttp://electrum.org and the pinned issue in this repository: #5195https://github.com/spesmilo/electrum/issues/5195

This mitigation when it was first deployed turned out to be extremely effective. Unfortunately around 2 weeks later, the attacker(s) started a massive DDOS against all honest servers (as a countermeasure so that they cannot keep crashing the old clients). This DDOS is still ongoing.

1. We have manually configured and set up several new servers ourselves, to increase the ratio of honest/evil servers.

(1), (2), and (3) greatly decrease the chances of a client connecting to an evil server.

1. Before deploying (2), the ElectrumX server code had been modified such that

2. exploiting the same "arbitrary message" vulnerability that the phishers use, the honest servers started doing the "good attack", warning old clients that they are vulnerable and need to upgrade (when they broadcast a transaction, which is the only time a warning is possible)

Almost all server operators have been notified that they should upgrade if possible, to take advantage of (1) and (4); and later (2). We contacted operators over IRC, many personal emails, and GitHub.

1. The phishing vulnerability has been patched in the client (in new versions).

2. There has been a warning since the issue was identified:

3. on electrum.orghttp://electrum.org

4. in #electrum IRC on freenode
5. top of reddit.org/r/electrumhttp://reddit.org/r/electrum

There was also a warning for several months:

• in #bitcoin IRC on freenode
• top of reddit.org/r/bitcoinhttp://reddit.org/r/bitcoin

describing the vulnerability and telling people to upgrade their client from electrum.orghttp://electrum.org, so that they would no longer be affected.

1. We are constantly identifying evil servers, and checking what URLs they are sending their victims to. There are two categories: GitHub repositories, and domain names. As soon as we detect the first, we are notifying GitHub to take down the malicious repo, and they do take it down fairly soon. When detecting the latter, we send reports to the domain registrar, and depending on their cooperation, take down those domain.

2. "update announcements" have been added to the client, so that from now on there is a built-in mechanism where the developers can notify the client as soon as it starts up that they are running an old version and should update. These announcements are signed, so they cannot be spoofed.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/spesmilo/electrum/issues/5452?email_source=notifications&email_token=AMOCGFHB3MOEDFENQGW5GL3P4EMA5A5CNFSM4H3AYEL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYN5RNA#issuecomment-505141428, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AMOCGFCWAIEGO5ZPVSQFZR3P4EMA5ANCNFSM4H3AYELQ.

Github*
Or*

Sent from my iPhone

On 24 Jun 2019, at 21:10, Marc <[email protected]fletcher890@hotmail.com> wrote:

No one is denying steps have been taken. Nonetheless people continue to lose £1000’s, daily.
The vast majority (plumbers, builders, joiners) go to their wallet and send, they don’t think to read reddit, gatehub, blacklists orr revisit electrum.nethttp://electrum.net because the trust was there and the software was on their HDD.
There should have been a warning* on all individual wallets telling people to ‘click here’

The guy who stole from me and my friend seems to be raking in 5+ btc per day on average and he is just 1 person of many.

Personally i’ll take the hit, a learning curve, but many electrum users are crying themselves to sleep just now.

The fees paid made you all more than enough profit to write the code*

On 24 Jun 2019, at 20:12, ghost43 <[email protected]notifications@github.com> wrote:

This is nothing less than a complete lack of 'duty of care' (beyond reasonable doubt) by Electrum and people will be losing their entire wallet savings as I type this.

Over the months, since we have learned about the issue (#4968https://github.com/spesmilo/electrum/issues/4968), we have done many things to mitigate it, as best as possible. A lot of time was spent on this.

1. The ElectrumX server code was modified to

2. filter other servers from being advertised to clients that are returning too many unknown peers

3. there was a blacklist of servers at electrum.org/blacklist.jsonhttp://electrum.org/blacklist.json, which is downloaded by honest servers, and the blacklisted servers will not get advertised to clients. we were keeping this blacklist updated (as the attackers keep launching new servers)
   (this blacklist has since been retired in favour of mitigation number 2 below)

4. The ElectrumX server code was modified to exploit a DDOS vulnerability in clients. All updated honest servers are now actively trying to crash old clients (their network thread), see kyuupichan/electrumx#760https://github.com/kyuupichan/electrumx/pull/760
   Clients by default connect to 10 servers. One of these servers is chosen as the "main server". It is the main server that can e.g. try to "phish" a client with these messages. If any one out of these 10 connected servers is an updated honest server, the client's network thread will crash and the whole application becomes unusable. This vulnerability exists in Electrum <3.3.0 hence the phrasing on the current warning on top of electrum.orghttp://electrum.org and the pinned issue in this repository: #5195https://github.com/spesmilo/electrum/issues/5195

This mitigation when it was first deployed turned out to be extremely effective. Unfortunately around 2 weeks later, the attacker(s) started a massive DDOS against all honest servers (as a countermeasure so that they cannot keep crashing the old clients). This DDOS is still ongoing.

1. We have manually configured and set up several new servers ourselves, to increase the ratio of honest/evil servers.

(1), (2), and (3) greatly decrease the chances of a client connecting to an evil server.

1. Before deploying (2), the ElectrumX server code had been modified such that

2. exploiting the same "arbitrary message" vulnerability that the phishers use, the honest servers started doing the "good attack", warning old clients that they are vulnerable and need to upgrade (when they broadcast a transaction, which is the only time a warning is possible)

Almost all server operators have been notified that they should upgrade if possible, to take advantage of (1) and (4); and later (2). We contacted operators over IRC, many personal emails, and GitHub.

1. The phishing vulnerability has been patched in the client (in new versions).

2. There has been a warning since the issue was identified:

3. on electrum.orghttp://electrum.org

4. in #electrum IRC on freenode
5. top of reddit.org/r/electrumhttp://reddit.org/r/electrum

There was also a warning for several months:

• in #bitcoin IRC on freenode
• top of reddit.org/r/bitcoinhttp://reddit.org/r/bitcoin

describing the vulnerability and telling people to upgrade their client from electrum.orghttp://electrum.org, so that they would no longer be affected.

1. We are constantly identifying evil servers, and checking what URLs they are sending their victims to. There are two categories: GitHub repositories, and domain names. As soon as we detect the first, we are notifying GitHub to take down the malicious repo, and they do take it down fairly soon. When detecting the latter, we send reports to the domain registrar, and depending on their cooperation, take down those domain.

2. "update announcements" have been added to the client, so that from now on there is a built-in mechanism where the developers can notify the client as soon as it starts up that they are running an old version and should update. These announcements are signed, so they cannot be spoofed.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/spesmilo/electrum/issues/5452?email_source=notifications&email_token=AMOCGFHB3MOEDFENQGW5GL3P4EMA5A5CNFSM4H3AYEL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYN5RNA#issuecomment-505141428, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AMOCGFCWAIEGO5ZPVSQFZR3P4EMA5ANCNFSM4H3AYELQ.

There should have been a warning* on all individual wallets telling people to ‘click here’

It is not possible to implement this however.

unfortunately, we pay for blind trust and inattention. I wanted to ask if my computer is still at risk. Other bank accounts, other electronic wallets, etc., or downloading a raffle has only resulted in the electrum wallet being pocketed and the rest of the computer safe. Thank you

There is no Electrum 4.0.0

The same happened to me. Lost about 1000€, because of this issue.

The same happened to me. Lost about 0.350467 BTC , because of this issue.

this is the phishing website: electrumtek.com/

Is there anything I can do now? Lost ~0.55 BTC
How to remove this malware?

Unfortunately not, its gone.
Insult to injury is watching the price continue to rise.

I have clean installed windows on my computer, too risky not to.

On 26 Jun 2019, at 09:03, diablom <[email protected]notifications@github.com> wrote:

Is there anything I can do now? Lost ~0.55 BTC
How to remove this malware?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/spesmilo/electrum/issues/5452?email_source=notifications&email_token=AMOCGFCJGQXPNEU3BPO4GUTP4MPGXA5CNFSM4H3AYEL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYSWIIA#issuecomment-505766944, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AMOCGFD64G2LY2ESIESXTB3P4MPGXANCNFSM4H3AYELQ.

What about e-police. As all exchanges require ID confirmation, hacker might be not so smart and just cash out the money. Or is not that Electrum's fault they left a hole in their system? Maybe they have insurance or something, like binance had?

We did not leave a hole in our system; the vulnerability was patched as soon as it was discovered. However, we cannot trigger automated software upgrades on users' computers; applying security upgrades is the responsibility of users. Please understand that if we had the power to trigger software upgrades automatically, we would also have the power to steal bitcoins from our users. That is not what we want; we are a software provider, not a bank.

Any person who has lost bitcoins because of phishing or malware should report it to the police (and please inform us about it)

I also lost near $100. I ve reported to the FBI expecting that helps, at least by finding the criminals.

They stole me 0.2 btc. With the current trend of btc going up, it makes me even worse. I waited for almost 2 years before the trend turns and now everything is gone. Unfortunately, I don't know where to report this thing. I think this doesn't matter to the police.

There should be an API where you could report on stolen bitcoin.
Merchants and exchange could use this api to discard transactions originating from stolen funds.
This is however, not something electrum should develop.

all btc was stolen from my electrum wallet. But what about other electronic wallets? Can they steal BTCs from other wallets, or BTCs against this virus, which I downloaded into the electrum wallet in a safe? Today I noticed that all of the Bittrex foreign exchange was gone. Is it possible for them to steal these, too? I have already sent a question to Bittrex but so far no answer. Thank you

Электрум, и люди будут терять все свои сбережения в кошельке, когда я наберу это.

За прошедшие месяцы, с тех пор как мы узнали об этой проблеме ( # 4968 ), мы сделали много вещей, чтобы как можно лучше смягчить ее. Много времени было потрачено на это.

1. Код сервера ElectrumX был изменен на

• слишком много неизвестных пиров
• черный список серверов по адресу electrum.org/blacklist.json, который загружен честными серверами, и серверы, занятые в черном списке, не будут рекламироваться клиентами. мы постоянно обновляем этот черный список (так как
  этот список был удален в пользу смягчения № 2 ниже)

1. Код сервера ElectrumX был изменен для использования уязвимостями DOS в клиентах. Все обновленные честные серверы сейчас активно пытаются сбить старые клиенты (их сетевой поток), см. Kyuupichan / electrumx # 760
   Клиенты по умолчанию подключаются к 10 сервм. Один из этих серверов выбран в качестве «основного сервера». Это может быть попытка «фишировать» клиента с помощью этих сообщений. Если эти 10 подключенных серверов являются обновленным честным сервером, сетевой поток клиента потерял крах, и все приложение станет непригодным для использования.Эта уязвимость существует в Electrum <3.3.0, и проблема в этом хранилище: # 5195

Это смягчение, когда оно было впервые открыто. К сожалению, примерно через 2 недели начались массовые DDOS против всех честных серверов (чтобы они не могли продолжать сбрасывать старых клиентов). Эта DDOS все еще продолжается.

1. Мы вручную настроили несколько новых серверов, чтобы увеличить соотношение честных и злых серверов.

(1), (2) и (3) значительно уменьшенные шансы клиента подключиться к злому серверу.

1. Перед развертыванием (2) код сервера ElectrumX был изменен так, что

• Использование уязвимостей «без ответа», которые используют фишеры, честные серверы начали «хорошую атаку», предупреждая старых клиентов о том, что они уязвимы и нуждаются в обновлении (когда они передают транзакцию, которая является единственным предупреждением, когда возможно)

Чтобы воспользоваться преимуществами (1) и (4); и позже (2). Мы связались с IRC, много личных писем и GitHub.

1. Уязвимость фишинга была исправлена ​​в клиенте (в новых версиях).
2. Появилось предупреждение:

• на electrum.org
• в # Electrum IRC на freenode
• начало сайта reddit.org/r/electrum

Также было предупреждение на несколько месяцев:

• в # биткойн IRC на freenode
• начало сайта reddit.org/r/bitcoin
• на bitcointalk.org

описание уязвимости и указание людям обновить свой клиент с electrum.org.

1. Мы постоянно отправляем своих жертв. Есть две категории: репозитории GitHub и доменные имена. GitHub о том, что он закрывает вредоносное репо, и они довольно быстро его удаляют. Домен находится в зависимости от сотрудничества. Мы также сообщаем о них в безопасном браузере Google.
2. «Обновления уведомлений» были добавлены к клиенту, так что теперь у них есть встроенный механизм, где разработчики могут уведомлять клиента. Эти объявления не могут быть подделаны.

I installed ELECTRUM today and transferred it from the EXMO BTC exchange to my wallet 16ugJSDpxBmJCj2WdyzMZpjWK8aDAy7K33, the funds were confirmed at 18: 32 and at the same second were sent to another wallet, although I did not do it. And the blockchain showed that there were three transactions. I have a password in my wallet without it, you can not send funds. Maybe it's a program error?

This is the start of a new plethora of people updating their ‘theft techniques’ for sake of words - personally I now think Coinbase is the safest way to buy and store crypto, they even have a card now where you can buy stuff with your crypto like a credit / debit card.

If I ever buy crypto again (I lost all mine to a internet thief, basically exactly like you all explain) I think I’ll swerve offline wallets, they are, at this moment in time, the least safest way to store your crypto (IMO)

On 4 Jan 2020, at 21:50, andrey1903S notifications@github.com wrote:



Электрум, и люди будут терять все свои сбережения в кошельке, когда я наберу это.

За прошедшие месяцы, с тех пор как мы узнали об этой проблеме ( # 4968https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspesmilo%2Felectrum%2Fissues%2F4968&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518447353&sdata=zJuDSwJ%2FyTttUD88J1HeqAQr7pZ%2FTzDxjtJozeEGrFs%3D&reserved=0 ), мы сделали много вещей, чтобы как можно лучше смягчить ее. Много времени было потрачено на это.

1. Код сервера ElectrumX был изменен на

2. слишком много неизвестных пиров

3. черный список серверов по адресу electrum.org/blacklist.json, который загружен честными серверами, и серверы, занятые в черном списке, не будут рекламироваться клиентами. мы постоянно обновляем этот черный список (так как
   этот список был удален в пользу смягчения № 2 ниже)

4. Код сервера ElectrumX был изменен для использования уязвимостями DOS в клиентах. Все обновленные честные серверы сейчас активно пытаются сбитьhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkyuupichan%2Felectrumx%2Fpull%2F760&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518457364&sdata=dnD57BVxq1s%2FzzKhBsBzzF%2FiHH25%2BJnPiLQJ6On65kQ%3D&reserved=0 старые клиенты (их сетевой поток), см. Kyuupichan / electrumx # 760https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkyuupichan%2Felectrumx%2Fpull%2F760&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518467369&sdata=O8n8VjZoI4PBxHl3grPcTc19XkLjBj9aCQpxKl8cnfg%3D&reserved=0
   Клиенты по умолчанию подключаются к 10 сервм. Один из этих серверов выбран в качестве «основного сервера». Это может быть попытка «фишировать» клиента с помощью этих сообщений. Если эти 10 подключенных серверов являются обновленным честным сервером, сетевой поток клиента потерял крах, и все приложение станет непригодным для использования.Эта уязвимость существует в Electrum <3.3.0, и проблема в этом хранилище: # 5195https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspesmilo%2Felectrum%2Fissues%2F5195&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518477380&sdata=rsuesffImuIzyY4iWRa7jeASULgQLQWS7tKqBb%2FcYvo%3D&reserved=0

Это смягчение, когда оно было впервые открыто. К сожалению, примерно через 2 недели начались массовые DDOS против всех честных серверов (чтобы они не могли продолжать сбрасывать старых клиентов). Эта DDOS все еще продолжается.

1. Мы вручную настроили несколько новых серверов, чтобы увеличить соотношение честных и злых серверов.

(1), (2) и (3) значительно уменьшенные шансы клиента подключиться к злому серверу.

1. Перед развертыванием (2) код сервера ElectrumX был изменен так, что

2. Использование уязвимостей «без ответа», которые используют фишеры, честные серверы начали «хорошую атаку», предупреждая старых клиентов о том, что они уязвимы и нуждаются в обновлении (когда они передают транзакцию, которая является единственным предупреждением, когда возможно)

Чтобы воспользоваться преимуществами (1) и (4); и позже (2). Мы связались с IRC, много личных писем и GitHub.

1. Уязвимость фишинга была исправлена ​​в клиенте (в новых версиях).

2. Появилось предупреждение:

3. на electrum.org

4. в # Electrum IRC на freenode
5. начало сайта reddit.org/r/electrum

Также было предупреждение на несколько месяцев:

• в # биткойн IRC на freenode
• начало сайта reddit.org/r/bitcoin
• на bitcointalk.org

описание уязвимости и указание людям обновить свой клиент с electrum.org.

1. Мы постоянно отправляем своих жертв. Есть две категории: репозитории GitHub и доменные имена. GitHub о том, что он закрывает вредоносное репо, и они довольно быстро его удаляют. Домен находится в зависимости от сотрудничества. Мы также сообщаем о них в безопасном браузере Google.
2. «Обновления уведомлений» были добавлены к клиенту, так что теперь у них есть встроенный механизм, где разработчики могут уведомлять клиента. Эти объявления не могут быть подделаны.

I installed ELECTRUM today and transferred it from the EXMO BTC exchange to my wallet 16ugJSDpxBmJCj2WdyzMZpjWK8aDAy7K33, the funds were confirmed at 18: 32 and at the same second were sent to another wallet, although I did not do it. And the blockchain showed that there were three transactions. I have a password in my wallet without it, you can not send funds. Maybe it's a program error?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fspesmilo%2Felectrum%2Fissues%2F5452%3Femail_source%3Dnotifications%26email_token%3DAMOCGFGJDAPN2PGV325IV2DQ4EADVA5CNFSM4H3AYEL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDBCDI%23issuecomment-570822925&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518487385&sdata=ig84XVfOjwpUcYZjKEWsqYdVuojmBKX3txibp1Bf5Q4%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAMOCGFDOR7CCQ72LEM3ODUDQ4EADVANCNFSM4H3AYELQ&data=02%7C01%7C%7C9bf2fff96c78480f0fee08d791602a5e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637137714518497396&sdata=vX3kq8stpiqwkHpaMGydnqJbkZ4J%2BlQ52aBMcDW%2FOao%3D&reserved=0.

With great delay, I learned about the theft of 16 bitcoins (!!!) from the cold wallet of Electrum 3.3.4, which belonged to my friend, It happened on June 23, 2019, 19:52 UTC, about a month after turning off the computer and last unlocking of the wallet. Circumstances look mystical, because to uncomment a clean comparative system was unlikely due to a rare inclusion. Started collecting information on the forum: https://bitcointalk.org/index.php?topic=5218910.20
There is some likelihood that such a problem could be avoided by having an additional password for decrypting private keys, and not common to the entire wallet. This is more than a nightmare loss, doubly offensive from the fact that the criminal appropriated the coins. Perhaps they went directly to the stock exchange ...

Now, even spam, scams and phishing attacks spawns here.