In addition, small partners who have used Electrum wallets should be aware that with Thecret phrase generated by Electrum, we can recover bitcoin keys on any browser using the Bitcoin Wallet web tool. And Electrum is so secure that there is no evidence that the distributed attack prevention system designed by Dark Wallet will be due to Electrum.
As of press time, phishing attacks that forged Electrum upgrade notifications have stolen at least 1,450 BTC (the number stolen is officially counted by a user, anti-malware companies Malwarebytes and Electrum), with a total value of approximately $11.6 million. It is worth mentioning that Electrum versions lower than 3.3.4 are vulnerable to such phishing attacks. Users who use Electrum wallets should update to the latest version Electrum 3.3.8 through the official website (electrum.org). At present, v4.0.0 has not been officially released. Version, please do not use the link in the prompt message to update, so as to avoid loss of assets
You can use Security Seeds to recover your wallet on any Electrum client, even on the Electrum Wallet online web program.
Wallet software typically requires users to set a password through which the private key can be exported. If the user forgets the password, they can recover the wallet again with the private key and reset the password. Therefore, the permissions of the private key are greater than the password, which can only be used to view the private key, which can be used to change the password.
Electrum uses the guide Qtum Electrum.
DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
Electrum client. A veteran security research expert told Hard Fork that if a user installs the problem version of Electrum.
With your login and password, you still need a second authentication factor to recover your new device from iCloud Backup.
Keystore is a json-format string (the newcomer understands that it's a bunch of characters you don't understand), it's tied to a password, and if you want to recover your wallet with keystore, you must import keystore files while entering your password.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.
According to Bleeping Computer, the Bitcoin wallet app Electrom was on GitHub on May 9th, accusing a phishing product called Electrum Pro of stealing a user's seed key and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from Bitcoin URLs managed by Eletrum Pro.
After the dump of encrypted metadata is complete, transfer the file to the Elcomsoft Distributed Password Recovery Tool to recover the original clear text password. Note that password cracking can take a lot of time, even with powerful hardware.
The author can recover his protected routine neural network from the blockchain, as long as he knows his password.
A new repo qtum-electrum-new has been built to add qtum-related features to the latest code for Bitcoin electrum.
The problem was not fixed. So he had to contact Electrum to highlight the urgency of the issue, and Electrum released Emergency Response Version 3.0.4 a few hours later.
In many cases, the computer used by the customer is not their own, the password may not be the initial value postgres, so how to recover the password?
The Healthy Security Lab is concerned that Nearly 250 bitcoins have been stolen in a recent hacking attack on an Electrum wallet. This attack, confirmed by Electrum, involves creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is an ongoing phishing attack on Electrum users and advised users to download wallet apps from the official website" and that The Healthy Security Lab advised users not to install an unknown source of Electrum wallets to avoid being tricked.
think about how to recover.
Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.