Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, which supports the Lightning Network.
This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
By comparing the electrum-wallet with the official website downloaded by the electrum software, it was found that the software added code to steal a user's wallet and key and sent it back to sites such as Robert Paulson.me, pinnacle-consulting.pw, bestoftechforums.org, which is still alive, proving that the attack is still ongoing.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.
As a thought experiment, imagine that a base metal is as rare as gold, but has the following characteristics: monotonous, not a good conductor, nor particularly strong... There is also a special, magical feature: it can be transmitted over a communication channel. But what is its value?
electrum as a conductor
The Healthy Security Lab is concerned that Nearly 250 bitcoins have been stolen in a recent hacking attack on an Electrum wallet. This attack, confirmed by Electrum, involves creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that it was an ongoing phishing attack on Electrum users and advised them to download wallets from the official website.
Electrum - Lightweight Bitcoin client.
In a recent announcement on Twitter, Electrum advised users to disable the automatic connection option and manually select a server, while the company is developing a more powerful Electrum.
Digital wallet developer Electrum has released an emergency patch saying it found a vulnerability that could lead any website hosting Electrum to steal a user's digital currency, exposing passwords to the JOHNSONRPC interface and ingelling hackers full control of the wallet. Earlier, Electrum released the first patch, but it didn't seem to solve the problem, and they released a second update urgently Sunday night local time.
In contrast, another wallet, Stratis Electrum, is a simplified trading client.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
No scripts: Electrum prevents any scripts from downloading. As a result, infected servers cannot send you arbitrary code and steal funds.
Electrum uses the guide Qtum Electrum.
Electrum-LTC is a simple but powerful Litecoin wallet. Like its predecessor, the Electrum-Bitcoin wallet, the open source wallet is available on GitHub and anyone can view or upgrade the code.
According to Bleeping Computer, the Bitcoin wallet app Electrom was on GitHub on May 9th, accusing a phishing product called Electrum Pro of stealing a user's seed key and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from Bitcoin URLs managed by Eletrum Pro.
Blockchain.info, Electrum Wallet.
Electrum is a well-known light wallet for Bitcoin that adds new features such as server authentication using SSL to prevent MITM attacks. So unlike other Bitcoin light wallets, Electrum cannot communicate directly with different versions of Bitcoin full nodes, and each startup connects to electrumserver to communicate, and electrum.
Electrum can be used for some cold wallets and is more flexible than hardware wallets such as Trezor.
Years later, this rare combination of laughter and music has made Lerner a popular conductor of comedy. In addition, as a BBC announcer and presenter, he has gained a considerable reputation.
Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.
Lesson 1: Third-party Electrum servers can link your two transactions together. This can be avoided by running your own Electrum server, supported by your own full node.