Earlier this month, Electrum detected a DoS attack on its network, allegedly launched by a malicious botnet with more than 140,000 machines, designed to provide Electrum to users.
Hackers have launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used a botnet of more than 140,000 computers to attack Electrum's nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. (Babit News)
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.
Wallet Qtum Electrum
Supports stealing BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore, Exodus.
Slow fog alert: Bitcoin wallet Electrum "updates phishing" currency theft continues.
The world-renowned Bitcoin wallet Electrum "update phishing" currency theft continues.
Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on electrum servers, which presents some security and privacy trade-offs. If you use an Electrum personal server, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.
As of press time, phishing attacks that forged Electrum upgrade notifications have stolen at least 1,450 BTC (the number stolen is officially counted by a user, anti-malware companies Malwarebytes and Electrum), with a total value of approximately $11.6 million. It is worth mentioning that Electrum versions lower than 3.3.4 are vulnerable to such phishing attacks. Users who use Electrum wallets should update to the latest version Electrum 3.3.8 through the official website (electrum.org). At present, v4.0.0 has not been officially released. Version, please do not use the link in the prompt message to update, so as to avoid loss of assets
Dash Electrum 18.104.22.168 was released, renamed Dash-Electrum, adding the option to use Tor Proxy at startup, according to Dash Coin. DASH is now trading at $159, down 3.26 percent.
Complete qtum-electrum-new compatibility with legacy data formats.
This "update prompt" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as much as 71% of the total, and the show did not fully count that hundreds of bitcoins had been stolen in this phishing attack over the past year or so.
Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
The Electrum development team also warned them that they had nothing to do with a project called Electrum Dark: they used our name without our permission. Be careful with the altcoin version of Electrum, as they are sometimes used as vectors to install malware against your real Bitcoin wallet.
CreateSmartContract and TriggerSmartContract are similar in detection. Use GetBlockByNum to retrieve block information for packaged transactions. Travel Block or use GetTransactionInfoById for specific transaction information. Check the root transaction results. If Transaction.Result.code is FAILED, the transaction is rejected. There is no transfer. Otherwise, check the type in Transaction.raw for contract type information, SuchSmartContract or TriggerSmartContract. Check the parameter in Transaction.raw to get contract details based on type.
Optimized transaction input check function
Electrum - Lightweight Bitcoin client.
Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.
Electrum is a popular software wallet that works by connecting to a dedicated server. These servers receive a hash of the Bitcoin address in the wallet and reply with transaction information. Electrum wallets are fast and have few resources, but by default, it connects to these servers and can easily monitor users. In addition to Electrum, some other software uses public Electrum servers. By 2019, it is a faster and better alternative to BIP37.