atium and electrum, Who are the men of red and gold? And what is the final metal?

2020-11-23

In a forum post on Bitcointalk, website administrator Theymos explained: "If at any time in the past you've logged in to Electrum without a wallet password and opened a web page, your wallet might have been stolen." Particularly paranoid people may want to send all bitcoins (BTCs) from their old Electrum wallets to the newly generated Electrum wallet. "

This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). In a frenzy, malicious ElectrumX servers account for as many as 71% of the total, and the show doesn't fully count, and hundreds of bitcoins have been stolen in this phishing attack over the past year or so.

Electrum is a popular software wallet that works by connecting to a dedicated server. These servers receive a hash of the Bitcoin address in the wallet and reply with transaction information. Electrum wallets are fast and have few resources, but by default, it connects to these servers and can easily monitor users. In addition to Electrum, some other software uses public Electrum servers. By 2019, it is a faster and better alternative to BIP37.

atium and electrum

atium and electrum

Blockchain.info, Electrum Wallet.

B: Electrum server can customize messages to appear in the user's electrum light wallet software, giving hackers a chance to broadcast phishing messages.

Bitcoin Wallet providers like Trezor and Electrum.

Electrum Cash.

Electrum Cash.

Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.

11 Bitcoin wallet Electrum was hacked and at least 1450 BTCs were stolen.

In August-September, Bitcoin wallet Electrum was hacked twice, and according to multiple sources, at least 1,450 BTCs worth $11.6 million were stolen from phishing attacks that faked Electrum upgrade tips.

Public Electrum server

Public Electrum server

Dynamic . . . Electrum wallet attacked nearly 250 bitcoins were stolen.

The Electrum team has also been developing other features. Electrum Wallet users can view the full release notes here.

Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.

Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, which supports the Lightning Network.

Trojan.BeamWinHTTP loader, which also involves downloading previously detected Electrum DoSMiner.

$dir - "$homedir/.electrum/wallets"

According to Bleeping Computer, the BTC wallet app Electrom accused a phishing product called Electrum Pro of stealing a user's seed key on May 9 on GitHub and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from BTC URLs managed by Eletrum Pro.

Electrum wallets were attacked by phishing and about 245 BTCs were stolen.

Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.

Attackers reportedly created their own Electrum servers, which hosted the attacked version of Electrum in order to implement the attack. When the user will be vulnerable.