Electrum and MyEtherWalle users face phishing attacks.
For each dataset, the platform provides information content and services such as file download, metadata, associated information, data items, data preview, visual analysis, API details, data error correction, etc. (see figure below)
electrum download error
In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client, forcing an "update prompt" to pop up when a user transfers money, inducing the user to update and download the malware, which in turn commits a currency theft attack. Although electrum officials said in early 2019 that some security mechanisms would be in place to prevent this "update phishing", many users of Electrum are still in the old version (less than 3.3.4) and the old version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address.
However, in practice, using the webpack.js debugging directly in the download source code may result in error-reporting Cannot find 'json-parse-better-errors' or Cannot find module 'webpack/libShortener', and simply run npm install webpack webpack-cli-save-dev to resolve the error without affecting the debug source code.
It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Users are reminded not to install electrum wallets from unknown sources at will to avoid asset losses.
The fact that not many people know is that Esplora is bundled with a based and optimized Electrum server. This Electrum server is derived from Electrs and is now maintained separately by the Blockstream engineering team. Over the past two years, Esplora has become one of the fastest and most scalable Electrum server solutions available for Bitcoin due to continuous updates and performance optimization. Esplora is also the only Electrum server that supports liquid networks.
The slow fog area said that the phishing attack that allegedly forged the upgrade prompt had stolen at least 200 BTCs, and that the attack could not have been avoided by upgrading Electrum alone, requiring the entire ecological service to make corresponding changes (because the Electrum client is not a full node, and then has a message on the transaction broadcast and the corresponding service side, the attacker can also deploy a malicious server). Slow fog zones remind users that phishing attacks like Electrum require long-term vigilance. The slow fog zone has previously issued an alert for selectrum phishing updates, and hackers who attacked Electrum wallets used Electrum's software to unusually construct malicious software update prompts to induce users to update and download malware usage. (Slow Fog Zone)
Slow fog area issued a warning that attackers use Electrum's software exception to construct malicious software update prompts, induce users to update download malware use, remind users if using Electrum prompt updates please note carefully check information, identify official websites and software versions and make signature checks. (Slow Fog Zone)
Planet Daily News Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-sign wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have a "message flaw" that allows an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing for the user, and if you follow the prompt to download the so-called new version of Electrum, you may get a trick. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
Electrum - famous light wallet.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.
The problem was not fixed. So he had to contact Electrum to highlight the urgency of the issue, and Electrum released Emergency Response Version 3.0.4 a few hours later.
Warning: Some malicious servers are launching phishing attacks against light wallet users. When asked to announce transaction information, a malicious server replies to the user with an error message and induces them to download a counterfeit light wallet. Remember not to download a light wallet electrum.org web site other than your website.
Electrum-LTC is Electrum's community maintenance port, Litecoin's Bitcoin wallet. It is not the official product of Electrum Technologies GmbH, and it is not supported.
Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more. This captured currency theft attack is not stealing the private key (electrum's private key is generally stored with two-factor encryption), but replaces the transfer destination address when the user initiates the transfer. Here we remind users that when transferring money, special attention needs to be paid to whether the destination address has been replaced, which is a very popular method of currency theft recently. It is also recommended that users use hardware wallets such as Ledger, and if you pair it with Electrum, although the private key does not have any security issues, you should also be alert to the replacement of the destination address.
It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data.
As mentioned earlier, because electrum light wallets are different from Bitcoin light wallets such as MultiBit or Breadwallet, they cannot communicate directly with bitcoin full nodes and can only communicate with electrum.