Wallet, Coldlar, Electrum, Huobi.
Turn on Electrum.
Bob and Alice generate their own private and public keys using asymmetrmetric algorithms (public keys can be dededed through private keys)
Users of Bitcoin wallet Electrum are currently facing phishing attacks, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Electrum upgrade tips, with a total value of approximately $11.6 million. It is worth mentioning that electrums below version 3.3.4 are vulnerable to such phishing attacks, and users of Electrum wallets are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the links in the prompts to avoid asset losses.
In the crypto economy, the loss of personal private keys is not uncommon, but have you ever heard of the loss of private keys in businesses?
private keys electrum update not enoughg
This is a third-party "asymmetrical encryption" (i.e., the blockchain public and private keys, public keys , addresses, private keys , permissions) for the sharing of private information technology.
According to BlockBeats, Google has removed 49 extensions from the store that masquerade as legitimate cryptocurrency wallet extensions such as Ledger, MyEtherWallet, Trezor, Electrum, but contain malicious code that steals the encrypted wallet's private keys, monem notes, and other original secrets.
According to Johnwick.io, we will continue to monitor and track further movement of funds after a recent user submitted a coin-losing incident claiming that the download used electrum wallets had been phishing attacks, losing more than 700 bitcoins, and that the stolen address had been added to the Devi AML system. It is reported that malicious website (electrumsecure) fake Electrum website phishing attacks, to guide users to download the wallet, in order to steal the user's private key and other sensitive data. De-dimensional Security Labs hereby reminds users not to install electrum wallets from unknown sources at will to avoid asset losses. Electrum Official Website: electrum.orgElectrum Phishing Website: electrumsecure.
Stop after removing the malicious library. Because the vulnerability has not been fixed, Electrum warns that similar attacks may occur again.
In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client, forcing an "update prompt" to pop up when a user transfers money, inducing users to update and download malware to carry out currency theft attacks.
Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
Users of Bitcoin wallet Electrum are currently facing phishing attacks, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. As of 13:00, at least 1450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade tips. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
According to the Dimensionality Reduction Security Lab, users of Bitcoin wallet Electrum are currently facing phishing attacks. The hacker broadcasts a message to the Electrum client through a malicious server, prompting the user to update to v4.0.0. If the user installs this "backdoor client" as prompted, the private key will be stolen and all digital assets will be stolen
This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
Here we see that for hardened child keys, it is not possible to derive the child public key directly from the parent public key, because unlike normal child private keys, hardened child private keys are calculated directly by the parent private key.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 126.96.36.199. If you are running an earlier version, update your software.
Electrum 0.18.8 is available for details at github.
However, after electrum officials said in early 19th that some security mechanisms should be put in place to prevent this "update phishing", many users of Electrum are still in the old version.