Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 3.0.5.1. If you are running an earlier version, update your software.
B: Electrum server can customize messages to appear in the user's electrum light wallet software, giving hackers a chance to broadcast phishing messages.
Original title: Slow Fog: Analysis of Pseudo Electrum Harpoon Fishing Attacks
Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.
Electrum Bitcoin Wallet.
and open the web page, then your wallet may have been compromised. Particularly paranoid people may want to send all BTCs from their old Electrum wallets to the newly generated Electrum wallet.
When we can ensure the most important functions of the financial network through computer science instead of traditional accountants, regulators, investigators, police and lawyers, we choose an automated, global and safer system instead of a manual, local and inconsistent security system. When cryptocurrencies run correctly on the public chain, they can replace a large army of computer bureaucrats. Computers on these blockchains allow us to put the most important components of online protocols on a more secure and reliable basis, making it possible for interactions that we were afraid to do on a global network before. (Source)
Electrum third party.
Hackers have launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used a botnet of more than 140,000 computers to attack Electrum's nodes and simultaneously deployed malicious nodes. When the user connects to these malicious nodes and sends transactions using the older version of Electrum.
In this demo, Electrum developer Chris Belcher shows how to set up and use electrum personal servers.
Known as "digital gold", Bitcoin has been rising in price since its incursion, rising tens of millions of times in just a few years. At the time of bitcoin's birth, the power of calculation is not very difficult, home computers can dig into Bitcoin, but with the improvement of the network computing power, home computers can no longer meet.
In addition, Ivgi provides a plug-in that simplifies the process of setting up BWT with the Electrum client, and can also be used with other wallets that support the Electrum server protocol, such as Edge, Blue Wallet, Eclair Mobile, and Phoenix.
The problem was not fixed. So he had to contact Electrum to highlight the urgency of the issue, and Electrum released Emergency Response Version 3.0.4 a few hours later.
This isn't the first time Thatectrum has appeared in a fake version, with hackers developing a fake encrypted wallet, Electrum, in December, resulting in the theft of nearly 250 bitcoins worth about $1 million. In January, GitHub discovered a fake Electrum wallet called "Electrvm" designed to steal users' money. In February, users of encrypted wallets Electrum and MyEtherWallet reported that they were facing phishing attacks. (Stationer's House)
Electrum Personal Servers (EPS) do not perform as well as ElectrumX or Electrs, but are easier to set up and connect to Bitcoin nodes, making them a good choice for those interested in installing private Electrum servers. Compared to fully indexed ElectrumX or Esplora instances, it is less hardware-demanding and therefore can run on normal devices.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.
According to Johnwick.io, we will continue to monitor and track the further flow of funds after a recent user submitted a coin-losing incident claiming that the download used an Electrum wallet had been phishing and that more than 700 bitcoins had been lost, and that the stolen address had been added to the Devi AML system. It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Devi Security Labs is here to remind users not to install unknown sources of Electrum wallets, to avoid asset losses. Electrum Official Website: electrum.org Electrum Phishing Website: electrumsecure.