can you update electrum during transaction, on electrum

2021-07-18

According to Reddit user u/normal_rc, electrum's wallet was hacked and nearly 250 bitcoins (243.6 BTCs, nearly $1 million) were maliciously stolen, according to coinelegraph. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.

Google researcher Tavis Ormandy discovered the Bitcoin wallet Electrum.

This update prompt is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and according to incomplete statistics, hundreds of bitcoins have been stolen in this phishing attack over the past year or so.

In Voegtlein's speech, Thomas Voegtlein announced that Electrum would be added.

Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.

In December 2018, Slow Fog first discovered and alerted an attacker to a messaging flaw using the Electrum wallet client, forcing an "update prompt" to pop up during a user's currency transfer operation, inducing users to update and download malware to carry out a currency theft attack, according to Slow Fog. Although electrum officials said in early 2019 that some security mechanisms would be in place to prevent this "update phishing", many users of Electrum are still in the old version (less than 3.3.4) and the old version is still under threat. However, we do not rule out a similar threat to the new version.

Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to The Devi Security Lab. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the client carrying the backdoor. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.

During the settlement phase, the service provider obtains an update transaction from the bridge contract, signs it, and broadcasts it to the Bitcoin network as a settlement transaction. Algorithm 2 lists the bridging contracts.

Lightning support in Electrum has been around for a long time. Thomas Voegtlin, the founder of Electrum, first told CoinDesk last summer that Lightning would take it to the next version.

Multi-signal: Electrum accepts multi-signature trades. Multiple wallets are required to sign the transaction before it can be approved.

Transaction structure at the time of transaction update

Transaction structure at the time of transaction update

According to GitHub, Bitcoin Desktop Wallet client Electrum has released a 4.0 beta version, adding several important updates that support lightning networks. Electrum primarily adds features such as PSBT (partially signed Bitcoin transactions), Lightning Network, watchtowers (暸 watchtowers), and Submarine Swaps (subliminal switching).

If you have LN functionality, you can connect directly from NiceHash wallet or from another Bitcoin wallet, such as Electrum, Blue Wallet, BLW, and Eclair applications.

As of press time, phishing attacks that forged Electrum upgrade notifications have stolen at least 1,450 BTC (the number stolen is officially counted by a user, anti-malware companies Malwarebytes and Electrum), with a total value of approximately $11.6 million. It is worth mentioning that Electrum versions lower than 3.3.4 are vulnerable to such phishing attacks. Users who use Electrum wallets should update to the latest version Electrum 3.3.8 through the official website (electrum.org). At present, v4.0.0 has not been officially released. Version, please do not use the link in the prompt message to update, so as to avoid loss of assets

On August 8, Electrum, a BTC wallet service provider, posted on Twitter that its servers were facing an ongoing DoS attack.

can you update electrum during transaction

can you update electrum during transaction

According to the dimensionality reduction security laboratory (johnwick.io), hackers launched a denial of service (DoS) attack on the well-known wallet Electrum server. The hackers used a botnet of more than 140,000 computers to attack Electrum nodes and deployed malicious nodes at the same time . When users connect to these malicious nodes and use the old version of Electrum to send transactions

Bitcoin wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python.

Do you have the following distress during the transaction

Do you have the following distress during the transaction

Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.

He later updated his post, adding: "If you don't have a wallet password, the theft is trivial." If your wallet password is set well, it seems that an attacker can only get address/transaction information from your wallet and change your Electrum settings, which, in my opinion, have a good chance of being further exploited by hackers. So, if you set your wallet password, you can reduce your panic to a certain extent, but you should still take it seriously. "

Popular wallet developer Electrum has released an emergency patch for a key vulnerability in its Bitcoin wallet. The vulnerability allows any website hosting electrum wallets to potentially steal a user's cryptocurrency. A vulnerability means that the password is exposed to the JSONRPC interface, implying that the hacker has full control over the wallet. The first patch failed to fix the problem, forcing Electrum to release a second update on Sunday night.

Update Move transaction script

Update Move transaction script

At home with the isolation of the outbreak, I have been trying to find a way to update my ideas, in the encryption tribe update the daily strategy is also small results, during the outbreak said free feedback to everyone, will certainly do; I hope I can help you.

Although at the end of the 18th slow fog alerted the Electrum wallet client's message defects, forcing an "update prompt" to pop up when the user's currency transfer operation, inducing the user to update the download malware, and then carry out currency theft attacks.

Backward compatibility is allowed. If you update the protocol with a new field, the old transaction should not become undesteable.

The channel configuration update transaction allows you to update the configuration of the channel.

This "update prompt" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as much as 71% of the total, and the show did not fully count that hundreds of bitcoins had been stolen in this phishing attack over the past year or so.

January 19 (Xinhua) -- Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni), according to the Slow Fog Security team. Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.

A botnet with more than 140,000 machines has launched a DoS attack on the server of Bitcoin wallet Electrum in an attempt to direct users to software versions designed to steal bitcoins, Theextweb reported. Electrum users have been advised to take extra care when using the platform until the issue is resolved. Security researchers familiar with the matter say that if a user installs a fake version of Electrum, all funds contained in the old version will be lost immediately.