Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
Abstract: On December 27, commentators reported on social media that a malicious group hacking the cryptocurrency wallet Electrum had stolen nearly 250 bitcoins (about $937,000). The attack was later confirmed by Electrum, which created a fake version of the wallet to trick users into providing password information. "Hackers set up a bunch of malicious servers," Reddit user u/normal_r.
DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
According to Bleeping Computer, the BTC wallet app Electrom accused a phishing product called Electrum Pro of stealing a user's seed key on May 9 on GitHub and registering a domain name called electrum without Electrum's permission. The Electrum team noted that there was a piece of code indicating that the counterfeit product might have taken the user's seed key and uploaded it to the electrum. Affected users should transfer funds from BTC URLs managed by Eletrum Pro.
read_pool: Read thread pool, all read-only KV requests, including non-transactions of transactions, such as raw get, txn kv get.
On December 27, Reddit user u/normal_rc reported that Electrum's wallet had been hacked and that nearly 250 bitcoins (243.6 BTCs, nearly $1 million) had been maliciously stolen, coinelegraph reported. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
Electrum DASH "PrivateSend" is on TestNet.Tags: electrum 3.0.4
Vitalik: Sidechain VS Plasma VS Singer, blockchain expansion scheme vs. comparison.Tags: greenaddress vs electrum
$dir - "$homedir/.electrum/wallets"
If you haven't set up Electrum Wallet to be compatible with your phone wallet, you can use the private key to recover the Electrum wallet on your web wallet. Select Wallet - "Private Key" - "Export" on the Electrum wallet and you will export the file qtum-electrum-private-keys.csv or copy only one private key. Select Recover from WIF on your web wallet, paste the private key, and select Confirm. Check that the wallet address is correct. You may need to use Dump as a Key File to save the key file.
Original title: Slow Fog: Analysis of Pseudo Electrum Harpoon Fishing AttacksTags: electrum 4.0 scam
In a recent announcement on Twitter, Electrum advised users to disable the automatic connection option and manually select a server, while the company is developing a more powerful Electrum.