More than 140,000 machines were called into forming a "botnet" to attack Electrum's servers, The Next Web reported. Moreover, the attacker apparently deliberately directed the user to use a malicious server posing as an Electrum server, and could immediately steal their bitcoins as soon as the user synchronized their wallet with such servers.
This is how the squid proxy server is used as a gateway to connect to the server.
Electrum Wallet does not download external scripts. Even if your server is hacked, you won't lose money.
A: There are too few nodes for electrum server, and there are only 210 site statistics, making the hacker's malicous server highly likely to occupy all nodes linked by the user.
Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.
Run your own Electrum server.
Hackers have launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used a botnet of more than 140,000 computers to attack Electrum's nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. (Babit News)
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Dev Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Thelectrum upgrade tips, with a total value of about $11.6 million. It is worth mentioning that less than version 3.3.4 of Electrum is vulnerable to such phishing attacks, users using electrum wallets are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, please do not use the link in the prompt message to update to avoid loss of assets.
which electrum server should i connect to
As soon as I logged into my wallet, I was asked to provide a two-factor authentication code, which I found a little strange, and usually Electrum only needs it when sending transactions.
One of the most anticipated changes to Cryptocurrencies Core 0.18.0 will be the ability to connect users to their hardware wallets (Ledger, Trezor, Digital BitBox, KeepKey, and Coldcard) via the Hardware Wallet Interaction (HWI) tool. This combines one of the most secure ways to store private keys and interact with cryptocurrencies. Hardware wallets are considered secure because the user's private key never leaves the device. Keys are never exposed to the Internet or the computers they are connected to, protecting the hardware wallet from remote hackers. Although you can already use the Electrum personal server to connect the hardware wallet to the Electrum wallet connected to the entire node, HWI will be the first local, hardware-to-node choice for the Bitcoin Core project. Currently, HWI scripts are still only on the command line and require manual procedures to connect hardware wallets.
Electrum Personal Servers (EPS) do not perform as well as ElectrumX or Electrs, but are easier to set up and connect to Bitcoin nodes, making them a good choice for those interested in installing private Electrum servers. Compared to fully indexed ElectrumX or Esplora instances, it is less hardware-demanding and therefore can run on normal devices.
A botnet with more than 140,000 machines has launched a DoS attack on the server of Bitcoin wallet Electrum in an attempt to direct users to software versions designed to steal bitcoins, Theextweb reported. Electrum users have been advised to take extra care when using the platform until the issue is resolved. Security researchers familiar with the matter say that if a user installs a fake version of Electrum, all funds contained in the old version will be lost immediately.
You can see that the user can manually specify to connect to their own electrumserver. But most users don't understand the principle and don't build their own electrum server.
According to the Dimensionality Reduction Security Lab, users of Bitcoin wallet Electrum are currently facing phishing attacks. The hacker broadcasts a message to the Electrum client through the malicious server, prompting the user to update to v4.0.0. If the user installs this "backdoor client" as prompted, the private key will be stolen, and all digital assets