In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack.
eclair: v0.3.1 and above versions of the client correctly resolved the security risk, if the user uses bitcoin core as the backend, then the previous version of the eclair client will have a security risk. The electrum user, on the other hand, only checks the script, not the quantity. (CVE-2019-13000)
Wallet, Coldlar, Electrum, Huobi.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 188.8.131.52. If you are running an earlier version, update your software.
In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum personal server.
Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on electrum servers, which presents some security and privacy trade-offs. If you use an Electrum personal server, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.
By default, electrum wallets are randomly connected to a set of Electrum servers. From a privacy perspective, this is not a good thing because it discloses your wallet address and balance to unknown third parties. And unfortunately, many public Electrum servers are run by individuals or groups of blockchain analytics companies or worse. Therefore, if you are using an Electrum wallet, it is generally recommended that you run your own Electrum server and then connect the wallet to that server.
The GitHub client will also provide an improved notification experience to help developers quickly process requests for teamwork. On May 23, GitHub launched GitHub Sponsors, a tool that allows users to donate money to open source projects they use every day. Starting today, the team will also receive funding from GitHub Sponsors. Previously, GitHub Sponsors was open only to individual developers.
Users of Bitcoin wallet Electrum are currently facing phishing attacks, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. As of 13:00, at least 1450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade tips. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
This isn't the first time Thatectrum has appeared in a fake version, with hackers developing a fake encrypted wallet, Electrum, in December, resulting in the theft of nearly 250 bitcoins worth about $1 million. In January, GitHub discovered a fake Electrum wallet called "Electrvm" designed to steal users' money. In February, users of encrypted wallets Electrum and MyEtherWallet reported that they were facing phishing attacks.
Bitcoin Wallet Electrum now supports Lightning Online Payments According to Coindesk July 11th, Bitcoin Wallet Electrum now supports Lightning Web Payments. It has previously been reported that Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, adding support for the Bitcoin Lightning Network.
Hackers have lost more than 200 bitcoins ($750,000) to users since December 21 by attacking the Electrum Bitcoin wallet infrastructure. It is reported that in this attack, the wallet's mobile program will urge users to download malicious wallet updates from the unauthorized GitHub repository, until early December 27 hackers appear to have temporarily stopped the attack, but the administrator of electrum wallet expected a new attack soon, because although the administrator has taken steps to reduce the availability of attackers, but the core vulnerability has not been updated patches to fix. (zdnet)
Chain News, lightweight Bitcoin Wallet Electrum announced that the next version will support Lightning network payment, implemented using Python, Electrum as a Lightning network node, wallet users do not need to run lightning network nodes to make payments, electrum lightning network nodes have been merged into the Electrum master branch.
High transparency: Open client platform source code for increased security, code available from GitHub, and XEM transactions that are not dependent on other payment systems.
In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client, forcing an "update prompt" to pop up during a user's currency transfer operation, inducing users to update and download malware to carry out a currency theft attack. Although electrum officials said in early 2019 that some security mechanisms would be put in place to prevent this "update phishing", many users of Electrum are still in the old version (less than 3.3.4) and the old version is still under threat. However, we do not rule out a similar threat to the new version.
A new repo qtum-electrum-new has been built to add qtum-related features to the latest code for Bitcoin electrum.
Electrum LTC Wallet is a desktop-based cryptocurrencies wallet that supports Litecoin. Here are some aspects of wallets: Like its predecessor, Electrum- Bitcoin Wallet, open source wallets can be found on GitHub, where anyone can view or upgrade codes.
electrum client github
It is not surprising that Bitcoin and Ethereum source code go-ethereum from the Bitcoin community and the Ethereum community are the leading blockchain code base on GitHub. Third place was won by bitcoinjs-lib, with the other two in the top five being Electrum and cpp-ethereum, also from the Ethereum community.
Chorus One - Grandpa light client in Tendermint (GitHub)
This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
With regard to the Artemis code implementation for the Beacon Chain Java client, PegaSys gives some specific steps on Github.
Bitcoin's latest client, Bitcoin Core 0.17.0, is getting closer to its official release, the 17th-generation client version of Bitcoin in 10 years, github reported. According to Bitcoin Core maintainer Wladimir van der Laan, this version of the client could be released as early as September 8. At present, the completion of the 0.17.0 version client on github has reached 92%
SubstrateAPI Client (GitHub) under WEB3SCAN-Python