Jump to content
UltraChief

[PSA]Electrum users beware, False message being sent to phish users

Recommended Posts

This has just been posted on bitcointalk.

Many of you are using Electrum to store your bitcoin or derivatives of Electrum like electron cash for BCH and so on. People are receiving a fake message about a vulnerability and linking you to a malware telling you its an update for that fake vulnerability.

According to theymos, bitcointalk admin as posted here - https://bitcointalk.org/index.php?topic=5090097.0

Quote

This message is false, sent to you by a hacker. If you click the link in the message and install the software, then your BTC will be stolen. If you ignore the message, then you should be OK. Version 3.3.2, released a week ago, makes the messages less readable/convincing, though you could still receive such messages.

Please be careful of these fake alarms to scare you into installing malware and stealing your bitcoins.

Read more :

Github - https://github.com/spesmilo/electrum/issues/4968

Bitcointalk - https://bitcointalk.org/index.php?topic=5089963.0

Share this post


Link to post
Share on other sites
3 minutes ago, ew3gil said:

It is essential to have these updates, we are full of false news. With the help of everyone maybe we can limit the damage.

It our job to make the community aware of any known attacks and keep everyone vigilant against such hackers. Although we can get late at times prevention is always better than cure. Especially since there is no cure - bitcoin lost being non-reversible.

Share this post


Link to post
Share on other sites

Cyber attacks are Rising rising day by day especially this has increasing dramatically, hackers in and Targets ,focusing on bitcoin alt coins. We need This updates from time to time to protect from fraudsters, Thanks for sharing this valuable post Ultra💐

Share this post


Link to post
Share on other sites

I think it would be better if you wait for the dust to get settled and not install any update on Electrum at all during this period or use it much. It would be the wise choice to wait it out and keep an eye on bitcointalk about how this issue gets resolved and if any official release is made which totally patches this message out.

Share this post


Link to post
Share on other sites
11 minutes ago, Kate said:

Thanks for the warning and a slight correction its Phish not phise I am pretty sure. 

Corrected it.

Till now a proper fix has not been released by the developer team but they are working on it. Please check the bitcointalk thread for the list of servers which tend to give this message more often. A workaround would be to connect to a known server for now till a proper fix is launched.

Share this post


Link to post
Share on other sites
1 minute ago, UltraChief said:

Please do not enter you login details there. It is a fake site to phish users. There is already a topic on this in the forum.

Fucking hacker !! what if my balance was gone? fuck! 

Share this post


Link to post
Share on other sites

Electrum has always been the target of literally 99% of the wallet attacks and scams out there, I just don't understand why it's such a popular wallet TBH. Feature-wise, I don't see anything other than RBF(Replace-by-fee) that Electrum has, which most other wallets don't. I think there are much better software wallets with more useful features such as multi-asset storage which would be a better choice for most. Then again, all software/light-wallet cannot be trusted for any sizable about of cryptocurrency. Should it ruin your finances in any way if your stored cryptocurrency were to be stolen, then that's a clear sign you need to be using a hardware wallet. A hardware wallet is a separate device that requires you to double check the withdraw address prior to sending (in most cases), and most importantly comes with a way to physically confirm any outgoing transaction prior to sending (usually a button on the device). This physical confirmation makes it impossible for hackers to steal your funds without your knowledge, as you would have to manually allow such a transaction to occur before it occurred. This in conjunction with a screen on the device to double check the address you're sending to and you won't have to worry about falling prey to phishing attempts like this ever again.

Electrum actually has integration with the Trezor hardware-wallet, which using this combination gives you the safety of the hardware wallet in conjunction with the familiarity and functionality of the Electrum interface. Should you be using Electrum, I highly recommend doing so with a Trezor to prevent phishing attacks such as this. Below are my two favorite/recommended multi-currency wallets for software and hardware:
 

Alternate Crypto Wallets
----------------------------------------
Software Wallet.....Exodus - https://www.exodus.io/

Hardware Wallet....Trezor - https://trezor.io/ (RECOMMENDED)

Share this post


Link to post
Share on other sites
1 hour ago, ew3gil said:

I agree with Sourc3 Code, given the many attacks on our wallet I was thinking too a hardware wallet, I'm looking around and accept advice.

A hardware wallet will be the safest that one can afford over any other solution that you can acquire at the current state. However there will be conditions where human error can induce a loss of funds so one must remain vigilant while using any wallet.

Share this post


Link to post
Share on other sites
On 02/01/2019 at 05:15, UltraChief said:

A hardware wallet will be the safest that one can afford over any other solution that you can acquire at the current state. However there will be conditions where human error can induce a loss of funds so one must remain vigilant while using any wallet.

Agreed - Nothing can protect you if you aren't vigilant at all times. Even with a hardware wallet, you have to make sure to actually do the double check on the screen. Failure to do so can have you in the same place as with an infected software wallet, losing coins. I do recommend a hardware wallet though for anyone who is trying to store cryptocurrency safely. There are a few other alternatives such as using 2fa with certain wallets, but the best case scenario right now for storing is using an air-gapped device (one not connected to the internet at all times) which sole purpose is for storing coins, hence a hard wallet.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×