electrum check transaction, Electrum security and offline transaction

2022-04-21

Electrum is a well-known light wallet for Bitcoin that adds new features such as server authentication using SSL to prevent MITM attacks. So unlike other Bitcoin light wallets, Electrum cannot communicate directly with different versions of Bitcoin full nodes, and each startup connects to electrumserver to communicate, and electrum.

Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.

Qtum Electrum Light Wallet adds the ability to send transaction information via email and fixes some stability vulnerabilities in the plug-in.

Stage, the check block is sent to the corresponding slice via broadcast, the corresponding slice receives the check block, and the final status block is generated through the transaction block and the check block.

As a service provider, Electrum charges a transaction fee to send Bitcoin. Default fee: 0.2 mBTC fixed rate. (In some cases, the rate can be as low as 0.1 mBTC)

However, after electrum officials said in early 19th that some security mechanisms should be put in place to prevent this "update phishing", many users of Electrum are still in the old version.

Check balance and transaction status

Check balance and transaction status

Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to The Devi Security Lab. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the client carrying the backdoor. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.

This "update prompt" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as much as 71% of the total, and the show did not fully count that hundreds of bitcoins had been stolen in this phishing attack over the past year or so.

Electrum third party.

Electrum third party.

According to information posted on social media on December 27th, Electrum's wallet was hacked and nearly 250 bitcoins ($937,000) were maliciously stolen, coinelegraph reported. Electrum later confirmed that the attack included creating a fake version of the wallet and tricking users into providing password information. Reddit user u/ normal_rc that hackers set up a large number of malicious servers. Electrum responded on Twitter today that "this is a persistent phishing attack against Electrum users" and implored users to check the effectiveness of the resources they log on to.

Electrum DASH "PrivateSend" is on TestNet.

From August to September, the Bitcoin wallet Electrum was phished twice by hackers. According to statistics from various parties, the phishing attacks forged Electrum upgrade notifications have stolen at least 1,450 BTC worth $11.6 million.

Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.

At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.

Attackers exploit Electrum's software exceptions to construct malicious software update prompts, induce users to update download malware usage, and alert users to carefully check information, identify official websites and software versions, and sign checks if using electrum prompt updates.

(nonce, receiving_address, value, dataitem0, dataitem1... Dataitemn, v,r,s?nonce is the number of transactions that the address has sent, encoded in binary format (e.g., 0 -'', 7 'x07', 1000 -'x03'xd8'). (v,r,s) is a newly generated Electrum-style transaction signature without the private key corresponding to the sending address, and the range of v is 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The public key and address can be extracted directly from an Electrum-style signature (65 bytes). The conditions under which the transaction is legal.

The fact that not many people know is that Esplora is bundled with a based and optimized Electrum server. This Electrum server is derived from Electrs and is now maintained separately by the Blockstream engineering team. Over the past two years, Esplora has become one of the fastest and most scalable Electrum server solutions available for Bitcoin due to continuous updates and performance optimization. Esplora is also the only Electrum server that supports liquid networks.

Electrum posted a message about the incident on Twitter today, claiming that "there are currently phishing attacks against Electrum users" and imploring users to check the validity of their login information.

electrum check transaction

electrum check transaction

According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.