Title: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: ThomasV on January 10, 2018, 12:50:46 PM A vulnerability has been found in Electrum, and patched in version 3.0.5.
Please update your software if you are running an earlier version. Below is a copy of the satement we put on our website. The original can be found here: https://github.com/spesmilo/electrum-docs/blob/master/cve.rst Thanks to Theymos for displaying a notice on this website. JSONRPC vulnerability in Electrum 2.6 to 3.0.4 ============================================== On January 6th, a vulnerability was disclosed in the Electrum wallet software, that allows malicious websites to execute wallet commands through JSONRPC executed in a web browser. The bug affects versions 2.6 to 3.0.4 of Electrum, on all platforms. It also affects clones of Electrum such as Electron Cash. Can funds be stolen? -------------------- Wallets that are not password protected are at risk of theft, if they are opened with a version of Electrum older than 3.0.5 while a web browser is active. In addition, the vulnerability allows an attacker to modify user settings, the list of contacts in a wallet, and the "payto" and "amount" fields of the user interface while Electrum is running. Although there is no known occurrence of Bitcoin theft occurring because of this vulnerability, the risk increases substantially now that the vulnerability has been made public. Can wallet data be leaked? -------------------------- Yes, an attacker can obtain private data, such as: Bitcoin addresses, transaction labels, address labels, wallet contacts and master public keys. Can a password-protected wallet be bruteforced? ----------------------------------------------- Not realistically. The vulnerability does not allow an attacker to access encrypted seed or private keys, which would be needed in order to perform an efficient brute force attack. Without the encrypted seed, an attacker must try passwords using the JSONRPC interface, while the user is visiting a malicious page. This is several orders of magnitude slower than an attack with the encrypted seed, and restricted in time. Even a weak password will protect against that. What should users do? --------------------- All users should upgrade their Electrum software, and stop using old versions. Users who did not protect their wallet with a password should create a new wallet, and move their funds to that wallet. Even if it never received any funds, a wallet without password should not be used anymore, because its seed might have been compromised. In addition, users should review their settings, and delete all contacts from their contacts list, because the Bitcoin addresses of their contacts might have been modified. How to upgrade Electrum ----------------------- Stop running any version of Electrum older than 3.0.5, and install Electrum the most recent version. On desktop, make sure you download Electrum from https://electrum.org and no other website. On Android, the most recent version is available in Google Play. If Electrum 3.0.5 (or any later version) cannot be installed or does not work on your computer, stop using Electrum on that computer, and access your funds from a device that can run Electrum 3.0.5. If you really need to use an older version of Electrum, for example in order to access wallet seed, make sure that your computer is offline, and that no web browser is running on the computer at the same time. Should all users move their funds to a new address? --------------------------------------------------- We do not recommend moving funds from password protected wallets. For wallets that were not password protected, moving funds is an extreme precaution, that might not be necessary; indeed, if a wallet was compromised, it is very likely that the attacker would have stolen the funds immediately. When was the issue reported and fixed? -------------------------------------- The absence of password protection in the JSONRPC interface was reported on November 25th, 2017 by user jsmad: https://github.com/spesmilo/electrum/issues/3374 jsmad's report was about the Electrum daemon, a piece of software that runs on web servers and is used by merchants in order to receive Bitcoin payments. In that context, connections to the daemon from the outside world must be explicitly authorized, by setting 'rpchost' and 'rpcport' in the Electrum configuration. On January 6th, 2018, Tavis Ormandy demonstrated that the JSONRPC interface could be exploited against the Electrum GUI, and that the attack could be carried out by a web browser running locally, visiting a webpage with specially crafted JavaScript. We released a new version (3.0.4) in the hours following Tavis' post, with a patch written by mithrandi (Debian packager), that addressed the attack demonstrated by Tavis. In addition, the Github issue remained open, because mithrandi's patch was not adding password protection to the JSONRPC interface. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: MrCrank on January 11, 2018, 02:52:44 AM If my wallet protected with password.. I want to move funds to my new wallet.
How make it safety? (close all web browsers) Also I'm interesting about this bug in version before 2.6? Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: bittalker202 on January 11, 2018, 07:37:55 AM i use andriod version and update from googleplay ...
in andriod version cannt set password for wallet..! 1-should i send my fund to the new android wallet? 2-at all which platform is the safest way to store?android linux macos or windows? Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: rimma on January 11, 2018, 08:59:49 AM My windows defender for windows 10 doesn't let me download electrum portable 3.0.5 from electrum.org. It sais that electrum is malicious file and delets it while downloading. What should I do?
Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: MrCrank on January 11, 2018, 02:41:28 PM My windows defender for windows 10 doesn't let me download electrum portable 3.0.5 from electrum.org. It sais that electrum is malicious file and delets it while downloading. What should I do? Strange. I don't try download new wallet. I wait review about this new version. Anyone try it? Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: pesetacoin33 on January 11, 2018, 06:19:04 PM A vulnerability has been found in Electrum, and patched in version 3.0.5. Please update your software if you are running an earlier version. Below is a copy of the satement we put on our website. The original can be found here: https://github.com/spesmilo/electrum-docs/blob/master/cve.rst Thanks to Theymos for displaying a notice on this website. JSONRPC vulnerability in Electrum 2.6 to 3.0.4 ============================================== On January 6th, a vulnerability was disclosed in the Electrum wallet software, that allows malicious websites to execute wallet commands through JSONRPC executed in a web browser. The bug affects versions 2.6 to 3.0.4 of Electrum, on all platforms. It also affects clones of Electrum such as Electron Cash. Can funds be stolen? -------------------- Wallets that are not password protected are at risk of theft, if they are opened with a version of Electrum older than 3.0.5 while a web browser is active. In addition, the vulnerability allows an attacker to modify user settings, the list of contacts in a wallet, and the "payto" and "amount" fields of the user interface while Electrum is running. Although there is no known occurrence of Bitcoin theft occurring because of this vulnerability, the risk increases substantially now that the vulnerability has been made public. Can wallet data be leaked? -------------------------- Yes, an attacker can obtain private data, such as: Bitcoin addresses, transaction labels, address labels, wallet contacts and master public keys. Can a password-protected wallet be bruteforced? ----------------------------------------------- Not realistically. The vulnerability does not allow an attacker to access encrypted seed or private keys, which would be needed in order to perform an efficient brute force attack. Without the encrypted seed, an attacker must try passwords using the JSONRPC interface, while the user is visiting a malicious page. This is several orders of magnitude slower than an attack with the encrypted seed, and restricted in time. Even a weak password will protect against that. What should users do? --------------------- All users should upgrade their Electrum software, and stop using old versions. Users who did not protect their wallet with a password should create a new wallet, and move their funds to that wallet. Even if it never received any funds, a wallet without password should not be used anymore, because its seed might have been compromised. In addition, users should review their settings, and delete all contacts from their contacts list, because the Bitcoin addresses of their contacts might have been modified. How to upgrade Electrum ----------------------- Stop running any version of Electrum older than 3.0.5, and install Electrum the most recent version. On desktop, make sure you download Electrum from https://electrum.org and no other website. On Android, the most recent version is available in Google Play. If Electrum 3.0.5 (or any later version) cannot be installed or does not work on your computer, stop using Electrum on that computer, and access your funds from a device that can run Electrum 3.0.5. If you really need to use an older version of Electrum, for example in order to access wallet seed, make sure that your computer is offline, and that no web browser is running on the computer at the same time. Should all users move their funds to a new address? --------------------------------------------------- We do not recommend moving funds from password protected wallets. For wallets that were not password protected, moving funds is an extreme precaution, that might not be necessary; indeed, if a wallet was compromised, it is very likely that the attacker would have stolen the funds immediately. When was the issue reported and fixed? -------------------------------------- The absence of password protection in the JSONRPC interface was reported on November 25th, 2017 by user jsmad: https://github.com/spesmilo/electrum/issues/3374 jsmad's report was about the Electrum daemon, a piece of software that runs on web servers and is used by merchants in order to receive Bitcoin payments. In that context, connections to the daemon from the outside world must be explicitly authorized, by setting 'rpchost' and 'rpcport' in the Electrum configuration. On January 6th, 2018, Tavis Ormandy demonstrated that the JSONRPC interface could be exploited against the Electrum GUI, and that the attack could be carried out by a web browser running locally, visiting a webpage with specially crafted JavaScript. We released a new version (3.0.4) in the hours following Tavis' post, with a patch written by mithrandi (Debian packager), that addressed the attack demonstrated by Tavis. In addition, the Github issue remained open, because mithrandi's patch was not adding password protection to the JSONRPC interface. 1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. Then I said that I have to download the pyqt5 program and its packages, but it's very complicated. It seems to me that version 3.0.5 is too complicated to install. What solutions can I have? 2) Version 2.9.3 I protected it with a password from the beginning. Should I update even if I put a password? Thanks you so much Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: pooya87 on January 12, 2018, 04:37:48 AM 1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. Then I said that I have to download the pyqt5 program and its packages, but it's very complicated. It seems to me that version 3.0.5 is too complicated to install. What solutions can I have? 2) Version 2.9.3 I protected it with a password from the beginning. Should I update even if I put a password? Thanks you so much 1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work. 2) read OP Quote If Electrum 3.0.5 (or any later version) cannot be installed or does not work on your computer, stop using Electrum on that computer, and access your funds from a device that can run Electrum 3.0.5. If you really need to use an older version of Electrum, for example in order to access wallet seed, make sure that your computer is offline, and that no web browser is running on the computer at the same time. you can always switch to Linux. the simplest way is to download a popular distribution like Ubuntu, burn it on a DVD (if you don't want to install and have dual boot with windows), boot from DVD, download latest Electrum version and verify its signature enter your seed make your transaction and when you are done shut it down and everything will go away. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: hatshepsut93 on January 13, 2018, 10:38:20 PM Are there any estimations for how many users were critically vulnerable to this potential attack, i.e. had unencrypted seeds in their wallet files? I've tried to do some research, but failed to determine if Electrum was always asking for password during new wallet creation process, or this feature was added with some version? Also, is password optional during creation?
Some users and media have misunderstood this vulnerability and started claiming that "Electrum is completely broken and anyone can steal your coins when you run it", which is simply not true, so it's better to clear this misunderstanding. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: taeewo on January 13, 2018, 10:40:13 PM I have never ever bothered to download any of the wallet, ny coins was in cryptopia.... I hope its safe there....
Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: ThomasV on January 14, 2018, 09:48:36 AM Are there any estimations for how many users were critically vulnerable to this potential attack, i.e. had unencrypted seeds in their wallet files? I've tried to do some research, but failed to determine if Electrum was always asking for password during new wallet creation process, or this feature was added with some version? Also, is password optional during creation? Some users and media have misunderstood this vulnerability and started claiming that "Electrum is completely broken and anyone can steal your coins when you run it", which is simply not true, so it's better to clear this misunderstanding. The password feature has always been there, but it has always been optional, because some systems require automated payments. We are closely monitoring how fast users are updating their wallet software. Media reports were useful in spreading awareness, but it is true that they also created misunderstanding. At this point, there is no evidence that bitcoins have been stolen because of this vulnerability. Two users have reported bitcoin theft and attributed it to the vulnerability, but these cases are more likely to have been caused by malware downloaded from fake electrum websites, or by keyloggers, because these wallets were protected with strong passwords. We received one suspicious report by a user who sent bitcoins from an exchange to a wrong address. This user was trying fund his Electrum wallet, and he used an address that was in the "send" tab of his wallet, instead of the "receive" tab. This user did not answer our questions regarding whether the presence of an address in the "send" tab was resulting from his own actions, or could have been put there by a malicious website. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: kgbinc on January 19, 2018, 02:42:05 AM Electrum Wallets Were Vulnerable And Nothing Was Done For Two Years. My Bitcoins were either stolen from my Electrum Wallet or Electrum just made Billions by claiming they were hacked. STAY AWAY FROM ELECTRUM!!!
Electrum is claiming to have been hacked and my coins were stored in Electrum. I opened my Electrum wallet today, January 18, 2007 and found out that on January 2, 2018 all my bitcoins (7.88014412 btc worth $110,682.86 USD) were sent to the following bitcoin address: 1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf Apparently, Electrum knew about the vulnerability in their software for over two years. They are only claiming they knew about the security issue as of November 24, 2017 and did nothing about it until January 7, 2018 which just happens to be 5 days after my coins were stolen. Electrum never warned wallet owners of the severity of the security vulnerability and after learning about the problem, they were negligent by not releasing a patch, immediately, to fix the problem. If nothing else, they should have at least informed wallet owners to move their coins out until the problem was fixed. Read more about Electrum's carelessness about security within their software here: https://motherboard.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc I did not have 2FA enabled but I did have a very long password that had to be entered before funds could be transferred. I also have Norton AV installed and no viruses have been found. Is there any way you can help me get my money back? or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to, or recommend someone who knows how I can get my money back? http://bitcoinwhoswho.com/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf https://blockchain.info/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf IF YOU HAVE BEEN A VICTIM OF ELECTRUM PLEASE SHARE YOUR STORY TO HELP US BUILD A CASE AND GET MORE PEOPLE INVOLVED TO FIND OUT WHAT REALLY HAPPENED. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: pooya87 on January 19, 2018, 05:43:39 AM I did have a very long password that had to be entered before funds could be transferred. if you had a password for your wallet there was no way of stealing your coins through this bug, specially if you didn't open your wallet. read @ThomasV comments above first for more details. besides when you have your (hot) wallet on your desktop computer there are at least a dozen ways they can be stolen. IF YOU HAVE BEEN A VICTIM OF ELECTRUM PLEASE SHARE YOUR STORY TO HELP US BUILD A CASE AND GET MORE PEOPLE INVOLVED TO FIND OUT WHAT REALLY HAPPENED. MIT License which almost all open source projects (bitcoin wallets you see out there) are using: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: ThomasV on January 19, 2018, 10:50:46 AM ... Sorry for your loss, but this is nonsense. We fixed the vulnerability on the day we learned about it. If your wallet was protected with a password, there is no way this vulnerability could be related to the theft. You have to look for another cause for that theft. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: DooMAD on January 19, 2018, 06:05:29 PM 1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. 1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work. If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer". There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless. The official download for Service Pack 1 is here (https://www.microsoft.com/en-us/download/details.aspx?id=5842). If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps (https://forums.techguy.org/threads/steps-for-installing-updating-windows-7-sp1.1176121/), or the following (easier) steps:
You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: ranta on January 22, 2018, 03:21:28 AM What should users do?
--------------------- All users should upgrade their Electrum software, and stop using old versions. Users who did not protect their wallet with a password should create a new wallet, and move their funds to that wallet. Even if it never received any funds, a wallet without password should not be used anymore, because its seed might have been compromised. In addition, users should review their settings, and delete all contacts from their contacts list, because the Bitcoin addresses of their contacts might have been modified. Hi, I'm having problems to uninstall my 3.0.3 version of Electrum in Ubuntu, so would installing the newer version upgrade the wallet software? Or would I have both versions in my computer at the same time? Thanks. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: Francis Freeman on January 27, 2018, 04:34:59 PM 1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. 1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work. If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer". There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless. The official download for Service Pack 1 is here (https://www.microsoft.com/en-us/download/details.aspx?id=5842). If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps (https://forums.techguy.org/threads/steps-for-installing-updating-windows-7-sp1.1176121/), or the following (easier) steps:
You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update. I have a similar issue but I'm on windows 8.1. It also says: "Error Loading Python DLL". Do you know how to fix it? Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: Francis Freeman on January 28, 2018, 11:16:16 AM 1) I have windows view. When running version 3.0.5 of electrum, it gives me errors: in api-ms-win-crt-runtime-I1-1-0.dll and in python_dll. I downloaded these dll, but the errors continue. 1) that is the problem with older versions of windows (like windows 7). you need to install the latest updates. install KB2999226 and it should work. If anyone is missing Windows 7 Service Pack 1, which is a prerequisite for KB2999226, you may be having some issues with installing that particular update, presented with the message "This update is not applicable to your computer". There may also be issues obtaining SP1 directly through Windows Update because it's horribly broken and useless. The official download for Service Pack 1 is here (https://www.microsoft.com/en-us/download/details.aspx?id=5842). If you're still having issues, because it's not always as straight forward as running the update, you can either try these steps (https://forums.techguy.org/threads/steps-for-installing-updating-windows-7-sp1.1176121/), or the following (easier) steps:
You should now have a message saying Service Pack 1 is installed and you can proceed to installing the KB2999226 update. I have a similar issue but I'm on windows 8.1. It also says: "Error Loading Python DLL". Do you know how to fix it? If anyone else still has such issues, I found a solution to fix it: https://bitcointalk.org/index.php?topic=2833220.0 (https://bitcointalk.org/index.php?topic=2833220.0) Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: belui on February 07, 2018, 05:53:54 PM Tell and whether there is in electrum purse a function to show the recipients address on ledger purse display? Such function is in expansion chrome for official ledger.
http://i103.fastpic.ru/big/2018/0207/77/fb1476df55ba239d7c2b8d51886b1177.jpeg Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: HCP on February 08, 2018, 04:28:51 AM That button is to show YOUR receiving address on the Ledger... NOT the "recipients" address. The ledger will automatically show the recipients address when you attempt to send the transaction.
Currently, there is no facility for showing your receiving address on the Ledger from within Electrum. But you can double check by simpy taking the xpub and putting into https://iancoleman.io/bip39/ as the BIP32 root key... click "BIP32" tab and set custom derivation path and use: m/0 it will show all the addresses for your wallet. NOTE: putting your xpub into the iancoleman website is NOT a security risk... no-one can generate your private keys or steal your bitcoins using just an xpub. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: mozartman on February 16, 2018, 03:37:32 AM I'm not new, just new to Electrum. Why are there 26 lines of Private Keys for my wallet?
Which one is the one I should use to access the fork? I'm very confused! Please help! P Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: HCP on February 16, 2018, 05:21:17 AM Because Electrum is an HD (Hierarchical Deterministic) wallet... it generates a new address every time one is "used"... each address has it's own private key... so multiple address = multiple private keys.
To know which private key you need to use, you have to identify which address(es) your bitcoins were on at the time of the fork. (ps. You haven't specified which fork you're talking about). Once you know which address(es) your BTC were on at the time of the fork... you can get the private key by going to the "Addresses" tab (you may need to select "View -> Show Addresses")... then right click on the address(es) you need the private key for and select "Private Key" from the menu. NOTE: don't forget to change the filter from "Receiving" to "Change" to see your "Change Addresses" which might contain some of your BTC. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: blockaudit on April 02, 2018, 03:37:25 AM Yes, there's almost a new critical patch every few weeks or so now.
Has the Electron team reached out for a professional security audit yet? It would really boost user's confidence in using it since so many different crypto wallets rely on it now. Stuff like this is too trivial to justify: https://github.com/spesmilo/electrum/issues/3374 Code: class RequestHandler(SimpleJSONRPCRequestHandler): Allowing * is almost always a no-no. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: danbel79 on April 17, 2018, 05:52:27 PM Hello ThomasV,
Please Help Us. We were somehow hacked and lost a large amount of LTC. I don't know what to do. Is there anyway you can help us? I haven't updated my wallet since February 13th, 2018. Is there a way to seek help from the creators or developers of Electrum Wallet? Here is the transaction: https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/ Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: HCP on April 17, 2018, 09:51:58 PM Just FYI, ThomasV probably won't be able to help you... he is not the developer behind Electrum-LTC... he is the Developer for Electrum which is exclusively BTC.
I suggest that you try and seek help from the Electrum-LTC community: https://electrum-ltc.org/#community Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: BitMaxz on April 17, 2018, 10:22:42 PM Hello ThomasV, I suggest you to make a github account instead and go to this link https://github.com/pooler/electrum-ltc/issuesPlease Help Us. We were somehow hacked and lost a large amount of LTC. I don't know what to do. Is there anyway you can help us? I haven't updated my wallet since February 13th, 2018. Is there a way to seek help from the creators or developers of Electrum Wallet? Here is the transaction: https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/ and post your new issue there. Hope that programmer and developer could help you about your issue. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: MrCrank on August 04, 2018, 08:17:43 AM Hello,
On my old PC installed old version Electrum. When I open my first wallet with 0 balance, it's ok (synced). When I open my second wallet with balance, I see strange transaction "unknown" amount "+0." and wallet can't sync.. Who can explain this? Thanks. Title: Re: Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade Post by: HCP on August 05, 2018, 05:42:29 AM Possibly an old unconfirmed transaction that was stored within the wallet file (was it an outgoing transaction?) but the inputs got "double spent" in another transaction and the transaction can no longer be validated properly.
If you know what the seed is for that 2nd wallet... try and create a new version of the wallet ("File -> New/Restore -> NEWWALLETNAME -> Standard Wallet -> I already have a seed") and see if it syncs up... |