UltraChief 1,472 #1 Posted December 27, 2018 This has just been posted on bitcointalk. Many of you are using Electrum to store your bitcoin or derivatives of Electrum like electron cash for BCH and so on. People are receiving a fake message about a vulnerability and linking you to a malware telling you its an update for that fake vulnerability. According to theymos, bitcointalk admin as posted here - https://bitcointalk.org/index.php?topic=5090097.0 Quote This message is false, sent to you by a hacker. If you click the link in the message and install the software, then your BTC will be stolen. If you ignore the message, then you should be OK. Version 3.3.2, released a week ago, makes the messages less readable/convincing, though you could still receive such messages. Please be careful of these fake alarms to scare you into installing malware and stealing your bitcoins. Read more : Github - https://github.com/spesmilo/electrum/issues/4968 Bitcointalk - https://bitcointalk.org/index.php?topic=5089963.0 4 1 bigbrankx, AK51, ew3gil and 2 others reacted to this Share this post Link to post Share on other sites
UltraChief 1,472 #2 Posted December 27, 2018 3 minutes ago, ew3gil said: It is essential to have these updates, we are full of false news. With the help of everyone maybe we can limit the damage. It our job to make the community aware of any known attacks and keep everyone vigilant against such hackers. Although we can get late at times prevention is always better than cure. Especially since there is no cure - bitcoin lost being non-reversible. 1 ew3gil reacted to this Share this post Link to post Share on other sites
AK51 33 #3 Posted December 27, 2018 Cyber attacks are Rising rising day by day especially this has increasing dramatically, hackers in and Targets ,focusing on bitcoin alt coins. We need This updates from time to time to protect from fraudsters, Thanks for sharing this valuable post Ultra💐 1 ew3gil reacted to this Share this post Link to post Share on other sites
UltraChief 1,472 #4 Posted December 27, 2018 I think it would be better if you wait for the dust to get settled and not install any update on Electrum at all during this period or use it much. It would be the wise choice to wait it out and keep an eye on bitcointalk about how this issue gets resolved and if any official release is made which totally patches this message out. 2 ew3gil and AK51 reacted to this Share this post Link to post Share on other sites
Kate 281 #5 Posted January 1, 2019 Thanks for the warning and a slight correction its Phish not phise I am pretty sure. Sad to see desperate people trying to get Bitcoin when the market is really bad the nerve of those people ! 1 UltraChief reacted to this Share this post Link to post Share on other sites
UltraChief 1,472 #6 Posted January 1, 2019 11 minutes ago, Kate said: Thanks for the warning and a slight correction its Phish not phise I am pretty sure. Corrected it. Till now a proper fix has not been released by the developer team but they are working on it. Please check the bitcointalk thread for the list of servers which tend to give this message more often. A workaround would be to connect to a known server for now till a proper fix is launched. Share this post Link to post Share on other sites
UnknownGuy 10 #7 Posted January 1, 2019 wtf? what is this? Share this post Link to post Share on other sites
UltraChief 1,472 #8 Posted January 1, 2019 11 minutes ago, UnknownGuy said: wtf? what is this? Please do not enter you login details there. It is a fake site to phish users. There is already a topic on this in the forum. Share this post Link to post Share on other sites
UnknownGuy 10 #9 Posted January 1, 2019 1 minute ago, UltraChief said: Please do not enter you login details there. It is a fake site to phish users. There is already a topic on this in the forum. Fucking hacker !! what if my balance was gone? fuck! Share this post Link to post Share on other sites
sourc3code 206 #10 Posted January 2, 2019 Electrum has always been the target of literally 99% of the wallet attacks and scams out there, I just don't understand why it's such a popular wallet TBH. Feature-wise, I don't see anything other than RBF(Replace-by-fee) that Electrum has, which most other wallets don't. I think there are much better software wallets with more useful features such as multi-asset storage which would be a better choice for most. Then again, all software/light-wallet cannot be trusted for any sizable about of cryptocurrency. Should it ruin your finances in any way if your stored cryptocurrency were to be stolen, then that's a clear sign you need to be using a hardware wallet. A hardware wallet is a separate device that requires you to double check the withdraw address prior to sending (in most cases), and most importantly comes with a way to physically confirm any outgoing transaction prior to sending (usually a button on the device). This physical confirmation makes it impossible for hackers to steal your funds without your knowledge, as you would have to manually allow such a transaction to occur before it occurred. This in conjunction with a screen on the device to double check the address you're sending to and you won't have to worry about falling prey to phishing attempts like this ever again. Electrum actually has integration with the Trezor hardware-wallet, which using this combination gives you the safety of the hardware wallet in conjunction with the familiarity and functionality of the Electrum interface. Should you be using Electrum, I highly recommend doing so with a Trezor to prevent phishing attacks such as this. Below are my two favorite/recommended multi-currency wallets for software and hardware: Alternate Crypto Wallets ----------------------------------------Software Wallet.....Exodus - https://www.exodus.io/ Hardware Wallet....Trezor - https://trezor.io/ (RECOMMENDED) 1 1 evanserr and ew3gil reacted to this Share this post Link to post Share on other sites
UltraChief 1,472 #11 Posted January 2, 2019 1 hour ago, ew3gil said: I agree with Sourc3 Code, given the many attacks on our wallet I was thinking too a hardware wallet, I'm looking around and accept advice. A hardware wallet will be the safest that one can afford over any other solution that you can acquire at the current state. However there will be conditions where human error can induce a loss of funds so one must remain vigilant while using any wallet. 2 sourc3code and ew3gil reacted to this Share this post Link to post Share on other sites
sourc3code 206 #12 Posted January 4, 2019 On 02/01/2019 at 05:15, UltraChief said: A hardware wallet will be the safest that one can afford over any other solution that you can acquire at the current state. However there will be conditions where human error can induce a loss of funds so one must remain vigilant while using any wallet. Agreed - Nothing can protect you if you aren't vigilant at all times. Even with a hardware wallet, you have to make sure to actually do the double check on the screen. Failure to do so can have you in the same place as with an infected software wallet, losing coins. I do recommend a hardware wallet though for anyone who is trying to store cryptocurrency safely. There are a few other alternatives such as using 2fa with certain wallets, but the best case scenario right now for storing is using an air-gapped device (one not connected to the internet at all times) which sole purpose is for storing coins, hence a hard wallet. Share this post Link to post Share on other sites
UltraChief 1,472 #13 Posted February 8, 2019 UPDATE: The developers have released version 3.3.3 as a fix to this phishing attempt. Make sure you update your version from the official electrum site and always use the checksum to verify that it is the original .exe file. Share this post Link to post Share on other sites
williamsh 353 #14 Posted February 20, 2019 Thank you for this warning! hackers are so sneaky nowadays and make their "fake" websites look just like the real thing. It's sad that we live in times like this Share this post Link to post Share on other sites
UltraChief 1,472 #15 Posted March 17, 2019 Update: As per the words of Electrum developers, any version above 3.3 will not allow connection to any public server (which was the root cause of this phishing attack). Read more about it here : https://bitcointalk.org/index.php?topic=5120865.0 Share this post Link to post Share on other sites
Kate 281 #16 Posted March 17, 2019 1 hour ago, UltraChief said: Update: As per the words of Electrum developers, any version above 3.3 will not allow connection to any public server (which was the root cause of this phishing attack). Read more about it here : https://bitcointalk.org/index.php?topic=5120865.0 This is a good idea for them to force the users to update to avoid being phished. Share this post Link to post Share on other sites
DreamStage 144 #17 Posted June 3, 2019 There are way more news now from them specially during May. Check them all out here at their Twitter Official account: https://twitter.com/ElectrumWallet Right now latest version is currently at 3.6.6 so even more security breachs should be resolved. Share this post Link to post Share on other sites
Eminx3 127 #18 Posted June 21, 2019 On 27/12/2018 at 06:33, UltraChief said: I think it would be better if you wait for the dust to get settled and not install any update on Electrum at all during this period or use it much. It would be the wise choice to wait it out and keep an eye on bitcointalk about how this issue gets resolved and if any official release is made which totally patches this message out. i think that is very good advice, usually when there are attacks going on on any platform i think its best to just leave it alone until everything is known and clear ... as you said, let the dust clear so not to be caught in the haze ... be safe everyone Share this post Link to post Share on other sites
DreamStage 144 #19 Posted June 22, 2019 6 hours ago, Eminx3 said: i think that is very good advice, usually when there are attacks going on on any platform i think its best to just leave it alone until everything is known and clear ... as you said, let the dust clear so not to be caught in the haze ... be safe everyone And just do as when you run from accused exchanges or before you noticed something suspicious: Run away with your money, leave while you can, in this case move the balance from your Electrum or any other currency wallets to another / exchange them. Till the time drops to 0 and you will not be able to do anything since funds become lost. Share this post Link to post Share on other sites
sino203 0 #20 Posted June 22, 2019 This is a script built by scammers over the years. They always send false messages to all users and try to hijack the user's private key. Please confirm all relevant information before clicking the link. Share this post Link to post Share on other sites