At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
Planet Daily News Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-sign wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have a "message flaw" that allows an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing for the user, and if you follow the prompt to download the so-called new version of Electrum, you may get a trick. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
Electrum personal server
A clone site masquerading as an Electrum SV wallet has emerged. The cloning site has nothing to do with electrum SV and is designed to steal tokens and create chaos in the BSV community.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Dev Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Thelectrum upgrade tips, with a total value of about $11.6 million. It is worth mentioning that less than version 3.3.4 of Electrum is vulnerable to such phishing attacks, users using electrum wallets are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, please do not use the link in the prompt message to update to avoid loss of assets.
send payment with electrum
Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.
Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more. This captured currency theft attack is not stealing the private key (electrum's private key is generally stored with two-factor encryption), but replaces the transfer destination address when the user initiates the transfer. Here we remind users that when transferring money, special attention needs to be paid to whether the destination address has been replaced, which is a very popular method of currency theft recently. It is also recommended that users use hardware wallets such as Ledger, and if you pair it with Electrum, although the private key does not have any security issues, you should also be alert to the replacement of the destination address.
Basic integration with the electrum server (experimental feature, turned off by default)
Attackers reportedly created their own Electrum servers, which hosted the attacked version of Electrum in order to implement the attack. When the user will be vulnerable.
Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 18.104.22.168. If you are running an earlier version, update your software.
One problem with Bitpay's new infrastructure is that the vast majority of Bitcoin-based wallets do not use the BIP70 payment protocol. Bitpay also detailed that it would soon need to pay for a payment agreement, leaving users with only five wallets to choose from when using Bitpay's service. Wallet customers who support BIP70 are Bitpay Wallet, Copay, Mycelium, Electrum, and Bitcoin Core Wallet.
Get alert: Wallet Electrum was upgraded by the DoS attack, with users allegedly losing millions of dollars.
In Voegtlein's speech, Thomas Voegtlein announced that Electrum would be added.
Qtum Electrum is a Qtum desktop light wallet modified from the well-known Bitcoin wallet Electrum. Compared to the current Qtum Core full-node wallet, Qtum Electrum takes up less disk space and takes less time to synchronize chunks, supports multi-signature and hardware wallets, supports cold wallet mode, supports the import of mnomes into mobile wallets, and uses SPV authentication to ensure security.
Click to get the Electrum Personal Server source code and the Electrum Wallet source code.
The new version of the wallet will also include undersea switching, which allows BTC to pass from the Bitcoin blockchain to the payment channel network LN. For this novelty, Electrum is based on Boltz technology. Electrum will charge a commission for this service.
Electrum Litecoin wallet.
Bitcoin Wallet Electrum will support the Lightning network in the next release, and its Lightning nodes have been merged into electrum's main branch, according to Cointegraph. Electrum also confirmed that the wallet will be written in-house development Python.
A clone site masquerading as an Electrum SV wallet has emerged. The cloning site has nothing to do with electrum SV and is designed to steal tokens and create chaos in the BSV community. Most interestingly, although the clone site claims to be a BSV wallet, it is full of links to BCH resources, including the Electron Cash (BCH Wallet) library on GitHub.
At this time, the SPV-based Electrum wallet became the new favorite of Bitcoin players. Especially for small partners who are new to Bitcoin, editors recommend using electrum wallets.
Digital Currency Wallet developer Electrum has released an emergency patch saying it found vulnerabilities to steal users' digital currency.
To use mnomets to transfer addresses from electrum wallets to web wallets, you need to set Electrum to be compatible with Qtum phone mnomets in the initial installation (and then use phone wallet mnomets to restore phone wallets on Electrum). This setting is screenshot of the Electrum configuration.
UBTC Electrum supports transfer-to-contract UI interface (test chain)
You may have noticed an important difference between the MyMonero type and the Electrum seed type. MyMonero creates a viewing private key by hashing a random integer, while the Electrum type hash pays the private key. This means that the seeds of 13 and 25 words are not compatible - it is not possible to create an Electrum type account that matches the MyMonero type account (and vice versa) because viewing key pairs is always different.