The technology has been around for a long time. Connecting hardware to a full node is also one of the main goals of the Electrum Personal Server pioneered by developer Chris Belcher. "Hopefully, this software will be part of a plan to put all-node wallets in the hands of as many people as possible," he said in a project announcement last year.
Electrum and MyEtherWalle users face phishing attacks.
Bitcoin Wallet providers like Trezor and Electrum.
According to Reddit user u/normal_rc, electrum's wallet was hacked and nearly 250 bitcoins (243.6 BTCs, nearly $1 million) were maliciously stolen, according to coinelegraph. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
Public Electrum server
The slow fog area said that the phishing attack that allegedly forged the upgrade prompt had stolen at least 200 BTCs, and that the attack could not have been avoided by upgrading Electrum alone, requiring the entire ecological service to make corresponding changes (because the Electrum client is not a full node, and then has a message on the transaction broadcast and the corresponding service side, the attacker can also deploy a malicious server). Slow fog zones remind users that phishing attacks like Electrum require long-term vigilance. The slow fog zone has previously issued an alert for selectrum phishing updates, and hackers who attacked Electrum wallets used Electrum's software to unusually construct malicious software update prompts to induce users to update and download malware usage. (Slow Fog Zone)
In addition, Electrum Wallet generates recovery seeds for backup and does not require any personal information after registration, which is also layered certainty.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Dev Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Thelectrum upgrade tips, with a total value of about $11.6 million. It is worth mentioning that less than version 3.3.4 of Electrum is vulnerable to such phishing attacks, users using electrum wallets are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, please do not use the link in the prompt message to update to avoid loss of assets.
electrum-verge.xyz not connecting
Another upgrade under study is the release of a new version of the Electrum-LTC desktop wallet. Electrum-LTC is an SPV wallet that can be used in Windows, Linux, and OS X operating systems.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 184.108.40.206. If you are running an earlier version, update your software.
Lightweight Bitcoin Wallet Electrum announced that the next version will support Lightning network payments, implemented with Python, an electrum network node where wallet users do not need to run Lightning network nodes themselves to make payments, and electrum's Lightning network nodes have now been merged into the Electrum master branch.
This update prompt is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and according to incomplete statistics, hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on electrum servers, which presents some security and privacy trade-offs. If you use an Electrum personal server, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.
However, after electrum officials said in early 19th that some security mechanisms should be put in place to prevent this "update phishing", many users of Electrum are still in the old version.
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.